diff options
author | Mark Murray <markm@FreeBSD.org> | 2003-01-28 22:58:14 +0000 |
---|---|---|
committer | Mark Murray <markm@FreeBSD.org> | 2003-01-28 22:58:14 +0000 |
commit | ab643b4d66501e8d5358a7a45a0da24a03191dbd (patch) | |
tree | b81a83b72c76fb8541cf06d3e99d92f1c0fc0888 /secure/lib/libcrypto/man | |
parent | 143008a1fe08646d374848b68df50dca57546fad (diff) | |
download | src-ab643b4d66501e8d5358a7a45a0da24a03191dbd.tar.gz src-ab643b4d66501e8d5358a7a45a0da24a03191dbd.zip |
Notes
Diffstat (limited to 'secure/lib/libcrypto/man')
237 files changed, 6415 insertions, 24648 deletions
diff --git a/secure/lib/libcrypto/man/SSL_get_ciphers.3 b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 index 3e8477b4adae..8efcba9189c5 100644 --- a/secure/lib/libcrypto/man/SSL_get_ciphers.3 +++ b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:39 2002 +.\" Mon Jan 13 19:26:45 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,41 +137,40 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "SSL_get_ciphers 3" -.TH SSL_get_ciphers 3 "0.9.6e" "2000-11-12" "OpenSSL" +.IX Title "ASN1_OBJECT_new 3" +.TH ASN1_OBJECT_new 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -SSL_get_ciphers, SSL_get_cipher_list \- get list of available SSL_CIPHERs +ASN1_OBJECT_new, ASN1_OBJECT_free, \- object allocation functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve .Vb 2 -\& STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *ssl); -\& const char *SSL_get_cipher_list(SSL *ssl, int priority); +\& ASN1_OBJECT *ASN1_OBJECT_new(void); +\& void ASN1_OBJECT_free(ASN1_OBJECT *a); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_ciphers()\fR returns the stack of available SSL_CIPHERs for \fBssl\fR, -sorted by preference. If \fBssl\fR is \s-1NULL\s0 or no ciphers are available, \s-1NULL\s0 -is returned. +The \s-1ASN1_OBJECT\s0 allocation routines, allocate and free an +\&\s-1ASN1_OBJECT\s0 structure, which represents an \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0. +.PP +\&\fIASN1_OBJECT_new()\fR allocates and initializes a \s-1ASN1_OBJECT\s0 structure. .PP -\&\fISSL_get_cipher_list()\fR returns a pointer to the name of the \s-1SSL_CIPHER\s0 -listed for \fBssl\fR with \fBpriority\fR. If \fBssl\fR is \s-1NULL\s0, no ciphers are -available, or there are less ciphers than \fBpriority\fR available, \s-1NULL\s0 -is returned. +\&\fIASN1_OBJECT_free()\fR frees up the \fB\s-1ASN1_OBJECT\s0\fR structure \fBa\fR. .SH "NOTES" .IX Header "NOTES" -The details of the ciphers obtained by \fISSL_get_ciphers()\fR can be obtained using -the SSL_CIPHER_get_name(3) family of functions. -.PP -Call \fISSL_get_cipher_list()\fR with \fBpriority\fR starting from 0 to obtain the -sorted list of available ciphers, until \s-1NULL\s0 is returned. +Although \fIASN1_OBJECT_new()\fR allocates a new \s-1ASN1_OBJECT\s0 structure it +is almost never used in applications. The \s-1ASN1\s0 object utility functions +such as \fIOBJ_nid2obj()\fR are used instead. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -See \s-1DESCRIPTION\s0 +If the allocation fails, \fIASN1_OBJECT_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by ERR_get_error(3). +Otherwise it returns a pointer to the newly allocated structure. +.PP +\&\fIASN1_OBJECT_free()\fR returns no value. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_CTX_set_cipher_list(3), -SSL_CIPHER_get_name(3) +ERR_get_error(3), d2i_ASN1_OBJECT(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIASN1_OBJECT_new()\fR and \fIASN1_OBJECT_free()\fR are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3 b/secure/lib/libcrypto/man/ASN1_STRING_length.3 index 402a89d5e0aa..f824b277f5e9 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3 +++ b/secure/lib/libcrypto/man/ASN1_STRING_length.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:24 2002 +.\" Mon Jan 13 19:26:46 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,77 +137,85 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "SSL_CTX_set_default_passwd_cb 3" -.TH SSL_CTX_set_default_passwd_cb 3 "0.9.6e" "2002-01-26" "OpenSSL" +.IX Title "ASN1_STRING_length 3" +.TH ASN1_STRING_length 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata \- set passwd callback for encrypted \s-1PEM\s0 file handling +ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length, +ASN1_STRING_length_set, ASN1_STRING_type, ASN1_STRING_data \- +\&\s-1ASN1_STRING\s0 utility functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" +.Vb 2 +\& int ASN1_STRING_length(ASN1_STRING *x); +\& unsigned char * ASN1_STRING_data(ASN1_STRING *x); +.Ve .Vb 1 -\& #include <openssl/ssl.h> +\& ASN1_STRING * ASN1_STRING_dup(ASN1_STRING *a); .Ve -.Vb 2 -\& void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); -\& void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); +.Vb 1 +\& int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b); +.Ve +.Vb 1 +\& int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); +.Ve +.Vb 1 +\& int ASN1_STRING_type(ASN1_STRING *x); .Ve .Vb 1 -\& int pem_passwd_cb(char *buf, int size, int rwflag, void *userdata); +\& int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_default_passwd_cb()\fR sets the default password callback called -when loading/storing a \s-1PEM\s0 certificate with encryption. +These functions allow an \fB\s-1ASN1_STRING\s0\fR structure to be manipulated. .PP -\&\fISSL_CTX_set_default_passwd_cb_userdata()\fR sets a pointer to \fBuserdata\fR which -will be provided to the password callback on invocation. +\&\fIASN1_STRING_length()\fR returns the length of the content of \fBx\fR. .PP -The \fIpem_passwd_cb()\fR, which must be provided by the application, hands back the -password to be used during decryption. On invocation a pointer to \fBuserdata\fR -is provided. The pem_passwd_cb must write the password into the provided buffer -\&\fBbuf\fR which is of size \fBsize\fR. The actual length of the password must -be returned to the calling function. \fBrwflag\fR indicates whether the -callback is used for reading/decryption (rwflag=0) or writing/encryption -(rwflag=1). +\&\fIASN1_STRING_data()\fR returns an internal pointer to the data of \fBx\fR. +Since this is an internal pointer it should \fBnot\fR be freed or +modified in any way. +.PP +\&\fIASN1_STRING_dup()\fR returns a copy of the structure \fBa\fR. +.PP +\&\fIASN1_STRING_cmp()\fR compares \fBa\fR and \fBb\fR returning 0 if the two +are identical. The string types and content are compared. +.PP +\&\fIASN1_STRING_set()\fR sets the data of string \fBstr\fR to the buffer +\&\fBdata\fR or length \fBlen\fR. The supplied data is copied. If \fBlen\fR +is \-1 then the length is determined by strlen(data). +.PP +\&\fIASN1_STRING_type()\fR returns the type of \fBx\fR, using standard constants +such as \fBV_ASN1_OCTET_STRING\fR. +.PP +\&\fIASN1_STRING_to_UTF8()\fR converts the string \fBin\fR to \s-1UTF8\s0 format, the +converted data is allocated in a buffer in \fB*out\fR. The length of +\&\fBout\fR is returned or a negative error code. The buffer \fB*out\fR +should be free using \fIOPENSSL_free()\fR. .SH "NOTES" .IX Header "NOTES" -When loading or storing private keys, a password might be supplied to -protect the private key. The way this password can be supplied may depend -on the application. If only one private key is handled, it can be practical -to have \fIpem_passwd_cb()\fR handle the password dialog interactively. If several -keys have to be handled, it can be practical to ask for the password once, -then keep it in memory and use it several times. In the last case, the -password could be stored into the \fBuserdata\fR storage and the -\&\fIpem_passwd_cb()\fR only returns the password already stored. +Almost all \s-1ASN1\s0 types in OpenSSL are represented as an \fB\s-1ASN1_STRING\s0\fR +structure. Other types such as \fB\s-1ASN1_OCTET_STRING\s0\fR are simply typedefed +to \fB\s-1ASN1_STRING\s0\fR and the functions call the \fB\s-1ASN1_STRING\s0\fR equivalents. +\&\fB\s-1ASN1_STRING\s0\fR is also used for some \fB\s-1CHOICE\s0\fR types which consist +entirely of primitive string types such as \fBDirectoryString\fR and +\&\fBTime\fR. +.PP +These functions should \fBnot\fR be used to examine or modify \fB\s-1ASN1_INTEGER\s0\fR +or \fB\s-1ASN1_ENUMERATED\s0\fR types: the relevant \fB\s-1INTEGER\s0\fR or \fB\s-1ENUMERATED\s0\fR +utility functions should be used instead. .PP -When asking for the password interactively, \fIpem_passwd_cb()\fR can use -\&\fBrwflag\fR to check, whether an item shall be encrypted (rwflag=1). -In this case the password dialog may ask for the same password twice -for comparison in order to catch typos, that would make decryption -impossible. +In general it cannot be assumed that the data returned by \fIASN1_STRING_data()\fR +is null terminated or does not contain embedded nulls. The actual format +of the data will depend on the actual string type itself: for example +for and IA5String the data will be \s-1ASCII\s0, for a BMPString two bytes per +character in big endian format, UTF8String will be in \s-1UTF8\s0 format. .PP -Other items in \s-1PEM\s0 formatting (certificates) can also be encrypted, it is -however not usual, as certificate information is considered public. +Similar care should be take to ensure the data is in the correct format +when calling \fIASN1_STRING_set()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_default_passwd_cb()\fR and \fISSL_CTX_set_default_passwd_cb_userdata()\fR -do not provide diagnostic information. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -The following example returns the password provided as \fBuserdata\fR to the -calling function. The password is considered to be a '\e0' terminated -string. If the password does not fit into the buffer, the password is -truncated. -.PP -.Vb 6 -\& int pem_passwd_cb(char *buf, int size, int rwflag, void *password) -\& { -\& strncpy(buf, (char *)(password), size); -\& buf[size - 1] = '\e0'; -\& return(strlen(buf)); -\& } -.Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -SSL_CTX_use_certificate(3) +ERR_get_error(3) +.SH "HISTORY" +.IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/SSL_get_default_timeout.3 b/secure/lib/libcrypto/man/ASN1_STRING_new.3 index 38525e778356..6942784c4479 100644 --- a/secure/lib/libcrypto/man/SSL_get_default_timeout.3 +++ b/secure/lib/libcrypto/man/ASN1_STRING_new.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:41 2002 +.\" Mon Jan 13 19:26:47 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,40 +137,41 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "SSL_get_default_timeout 3" -.TH SSL_get_default_timeout 3 "0.9.6e" "2002-01-26" "OpenSSL" +.IX Title "ASN1_STRING_new 3" +.TH ASN1_STRING_new 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -SSL_get_default_timeout \- get default session timeout value +ASN1_STRING_new, ASN1_STRING_type_new, ASN1_STRING_free \- +\&\s-1ASN1_STRING\s0 allocation functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 1 -\& long SSL_get_default_timeout(SSL *ssl); +.Vb 3 +\& ASN1_STRING * ASN1_STRING_new(void); +\& ASN1_STRING * ASN1_STRING_type_new(int type); +\& void ASN1_STRING_free(ASN1_STRING *a); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_default_timeout()\fR returns the default timeout value assigned to -\&\s-1SSL_SESSION\s0 objects negotiated for the protocol valid for \fBssl\fR. +\&\fIASN1_STRING_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure. Its type +is undefined. +.PP +\&\fIASN1_STRING_type_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure of +type \fBtype\fR. +.PP +\&\fIASN1_STRING_free()\fR frees up \fBa\fR. .SH "NOTES" .IX Header "NOTES" -Whenever a new session is negotiated, it is assigned a timeout value, -after which it will not be accepted for session reuse. If the timeout -value was not explicitly set using -SSL_CTX_set_timeout(3), the hardcoded default -timeout for the protocol will be used. -.PP -\&\fISSL_get_default_timeout()\fR return this hardcoded value, which is 300 seconds -for all currently supported protocols (SSLv2, SSLv3, and TLSv1). +Other string types call the \fB\s-1ASN1_STRING\s0\fR functions. For example +\&\fIASN1_OCTET_STRING_new()\fR calls ASN1_STRING_type(V_ASN1_OCTET_STRING). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -See description. +\&\fIASN1_STRING_new()\fR and \fIASN1_STRING_type_new()\fR return a valid +\&\s-1ASN1_STRING\s0 structure or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fIASN1_STRING_free()\fR does not return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -SSL_CTX_set_session_cache_mode(3), -SSL_SESSION_get_time(3), -SSL_CTX_flush_sessions(3), -SSL_get_default_timeout(3) +ERR_get_error(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 new file mode 100644 index 000000000000..d18ebecebb1f --- /dev/null +++ b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 @@ -0,0 +1,230 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:26:48 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "ASN1_STRING_print_ex 3" +.TH ASN1_STRING_print_ex 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp \- \s-1ASN1_STRING\s0 output routines. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/asn1.h> +.Ve +.Vb 3 +\& int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags); +\& int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags); +\& int ASN1_STRING_print(BIO *out, ASN1_STRING *str); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions output an \fB\s-1ASN1_STRING\s0\fR structure. \fB\s-1ASN1_STRING\s0\fR is used to +represent all the \s-1ASN1\s0 string types. +.PP +\&\fIASN1_STRING_print_ex()\fR outputs \fBstr\fR to \fBout\fR, the format is determined by +the options \fBflags\fR. \fIASN1_STRING_print_ex_fp()\fR is identical except it outputs +to \fBfp\fR instead. +.PP +\&\fIASN1_STRING_print()\fR prints \fBstr\fR to \fBout\fR but using a different format to +\&\fIASN1_STRING_print_ex()\fR. It replaces unprintable characters (other than \s-1CR\s0, \s-1LF\s0) +with '.'. +.SH "NOTES" +.IX Header "NOTES" +\&\fIASN1_STRING_print()\fR is a legacy function which should be avoided in new applications. +.PP +Although there are a large number of options frequently \fB\s-1ASN1_STRFLAGS_RFC2253\s0\fR is +suitable, or on \s-1UTF8\s0 terminals \fB\s-1ASN1_STRFLAGS_RFC2253\s0 & ~ASN1_STRFLAGS_ESC_MSB\fR. +.PP +The complete set of supported options for \fBflags\fR is listed below. +.PP +Various characters can be escaped. If \fB\s-1ASN1_STRFLGS_ESC_2253\s0\fR is set the characters +determined by \s-1RFC2253\s0 are escaped. If \fB\s-1ASN1_STRFLGS_ESC_CTRL\s0\fR is set control +characters are escaped. If \fB\s-1ASN1_STRFLGS_ESC_MSB\s0\fR is set characters with the +\&\s-1MSB\s0 set are escaped: this option should \fBnot\fR be used if the terminal correctly +interprets \s-1UTF8\s0 sequences. +.PP +Escaping takes several forms. +.PP +If the character being escaped is a 16 bit character then the form \*(L"\eWXXXX\*(R" is used +using exactly four characters for the hex representation. If it is 32 bits then +\&\*(L"\eUXXXXXXXX\*(R" is used using eight characters of its hex representation. These forms +will only be used if \s-1UTF8\s0 conversion is not set (see below). +.PP +Printable characters are normally escaped using the backslash '\e' character. If +\&\fB\s-1ASN1_STRFLGS_ESC_QUOTE\s0\fR is set then the whole string is instead surrounded by +double quote characters: this is arguably more readable than the backslash +notation. Other characters use the \*(L"\eXX\*(R" using exactly two characters of the hex +representation. +.PP +If \fB\s-1ASN1_STRFLGS_UTF8_CONVERT\s0\fR is set then characters are converted to \s-1UTF8\s0 +format first. If the terminal supports the display of \s-1UTF8\s0 sequences then this +option will correctly display multi byte characters. +.PP +If \fB\s-1ASN1_STRFLGS_IGNORE_TYPE\s0\fR is set then the string type is not interpreted at +all: everything is assumed to be one byte per character. This is primarily for +debugging purposes and can result in confusing output in multi character strings. +.PP +If \fB\s-1ASN1_STRFLGS_SHOW_TYPE\s0\fR is set then the string type itself is printed out +before its value (for example \*(L"\s-1BMPSTRING\s0\*(R"), this actually uses \fIASN1_tag2str()\fR. +.PP +The content of a string instead of being interpreted can be \*(L"dumped\*(R": this just +outputs the value of the string using the form #XXXX using hex format for each +octet. +.PP +If \fB\s-1ASN1_STRFLGS_DUMP_ALL\s0\fR is set then any type is dumped. +.PP +Normally non character string types (such as \s-1OCTET\s0 \s-1STRING\s0) are assumed to be +one byte per character, if \fB\s-1ASN1_STRFLAGS_DUMP_UNKNOWN\s0\fR is set then they will +be dumped instead. +.PP +When a type is dumped normally just the content octets are printed, if +\&\fB\s-1ASN1_STRFLGS_DUMP_DER\s0\fR is set then the complete encoding is dumped +instead (including tag and length octets). +.PP +\&\fB\s-1ASN1_STRFLGS_RFC2253\s0\fR includes all the flags required by \s-1RFC2253\s0. It is +equivalent to: + \s-1ASN1_STRFLGS_ESC_2253\s0 | \s-1ASN1_STRFLGS_ESC_CTRL\s0 | \s-1ASN1_STRFLGS_ESC_MSB\s0 | + \s-1ASN1_STRFLGS_UTF8_CONVERT\s0 | \s-1ASN1_STRFLGS_DUMP_UNKNOWN\s0 \s-1ASN1_STRFLGS_DUMP_DER\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +X509_NAME_print_ex(3), +ASN1_tag2str(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/BIO_ctrl.3 b/secure/lib/libcrypto/man/BIO_ctrl.3 index c7262a0ee760..8f4965e9d349 100644 --- a/secure/lib/libcrypto/man/BIO_ctrl.3 +++ b/secure/lib/libcrypto/man/BIO_ctrl.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:01 2002 +.\" Mon Jan 13 19:26:49 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_ctrl 3" -.TH BIO_ctrl 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_ctrl 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset, diff --git a/secure/lib/libcrypto/man/BIO_f_base64.3 b/secure/lib/libcrypto/man/BIO_f_base64.3 index b525daa63614..21f513ce3574 100644 --- a/secure/lib/libcrypto/man/BIO_f_base64.3 +++ b/secure/lib/libcrypto/man/BIO_f_base64.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:01 2002 +.\" Mon Jan 13 19:26:50 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_f_base64 3" -.TH BIO_f_base64 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_f_base64 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_f_base64 \- base64 \s-1BIO\s0 filter diff --git a/secure/lib/libcrypto/man/BIO_f_buffer.3 b/secure/lib/libcrypto/man/BIO_f_buffer.3 index 5cb75b3847c7..004c9e0c5b70 100644 --- a/secure/lib/libcrypto/man/BIO_f_buffer.3 +++ b/secure/lib/libcrypto/man/BIO_f_buffer.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:02 2002 +.\" Mon Jan 13 19:26:52 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_f_buffer 3" -.TH BIO_f_buffer 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_f_buffer 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_f_buffer \- buffering \s-1BIO\s0 diff --git a/secure/lib/libcrypto/man/BIO_f_cipher.3 b/secure/lib/libcrypto/man/BIO_f_cipher.3 index a069642539f2..dc6631b18ad9 100644 --- a/secure/lib/libcrypto/man/BIO_f_cipher.3 +++ b/secure/lib/libcrypto/man/BIO_f_cipher.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:03 2002 +.\" Mon Jan 13 19:26:53 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_f_cipher 3" -.TH BIO_f_cipher 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_f_cipher 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx \- cipher \s-1BIO\s0 filter diff --git a/secure/lib/libcrypto/man/BIO_f_md.3 b/secure/lib/libcrypto/man/BIO_f_md.3 index 3b9e097387fe..e18bf11fb9cb 100644 --- a/secure/lib/libcrypto/man/BIO_f_md.3 +++ b/secure/lib/libcrypto/man/BIO_f_md.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:03 2002 +.\" Mon Jan 13 19:26:54 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_f_md 3" -.TH BIO_f_md 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_f_md 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx \- message digest \s-1BIO\s0 filter @@ -168,7 +168,7 @@ Any data written or read through a digest \s-1BIO\s0 using \fIBIO_read()\fR and digest calculation and returns the digest value. \fIBIO_puts()\fR is not supported. .PP -\&\fIBIO_reset()\fR reinitializes a digest \s-1BIO\s0. +\&\fIBIO_reset()\fR reinitialises a digest \s-1BIO\s0. .PP \&\fIBIO_set_md()\fR sets the message digest of \s-1BIO\s0 \fBb\fR to \fBmd\fR: this must be called to initialize a digest \s-1BIO\s0 before any data is diff --git a/secure/lib/libcrypto/man/BIO_f_null.3 b/secure/lib/libcrypto/man/BIO_f_null.3 index f1d9b02ed619..09f121c0f8cb 100644 --- a/secure/lib/libcrypto/man/BIO_f_null.3 +++ b/secure/lib/libcrypto/man/BIO_f_null.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:04 2002 +.\" Mon Jan 13 19:26:55 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_f_null 3" -.TH BIO_f_null 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_f_null 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_f_null \- null filter diff --git a/secure/lib/libcrypto/man/BIO_f_ssl.3 b/secure/lib/libcrypto/man/BIO_f_ssl.3 index 1e8d72a3ace7..6e8899a83f59 100644 --- a/secure/lib/libcrypto/man/BIO_f_ssl.3 +++ b/secure/lib/libcrypto/man/BIO_f_ssl.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:05 2002 +.\" Mon Jan 13 19:26:56 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_f_ssl 3" -.TH BIO_f_ssl 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_f_ssl 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, BIO_set_ssl_renegotiate_bytes, diff --git a/secure/lib/libcrypto/man/BIO_find_type.3 b/secure/lib/libcrypto/man/BIO_find_type.3 index e11997d53516..e310bf87996a 100644 --- a/secure/lib/libcrypto/man/BIO_find_type.3 +++ b/secure/lib/libcrypto/man/BIO_find_type.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:05 2002 +.\" Mon Jan 13 19:26:57 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_find_type 3" -.TH BIO_find_type 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_find_type 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_find_type, BIO_next \- \s-1BIO\s0 chain traversal diff --git a/secure/lib/libcrypto/man/BIO_new.3 b/secure/lib/libcrypto/man/BIO_new.3 index ca5f4f8ade5a..138c367a6fa3 100644 --- a/secure/lib/libcrypto/man/BIO_new.3 +++ b/secure/lib/libcrypto/man/BIO_new.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:06 2002 +.\" Mon Jan 13 19:26:58 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_new 3" -.TH BIO_new 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_new 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_new, BIO_set, BIO_free, BIO_vfree, BIO_free_all \- \s-1BIO\s0 allocation and freeing functions diff --git a/secure/lib/libcrypto/man/BIO_new_bio_pair.3 b/secure/lib/libcrypto/man/BIO_new_bio_pair.3 deleted file mode 100644 index d867de638f74..000000000000 --- a/secure/lib/libcrypto/man/BIO_new_bio_pair.3 +++ /dev/null @@ -1,232 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:06 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "BIO_new_bio_pair 3" -.TH BIO_new_bio_pair 3 "0.9.6e" "2000-11-12" "OpenSSL" -.UC -.SH "NAME" -BIO_new_bio_pair \- create a new \s-1BIO\s0 pair -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/bio.h> -.Ve -.Vb 1 -\& int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fIBIO_new_bio_pair()\fR creates a buffering \s-1BIO\s0 pair. It has two endpoints between -data can be buffered. Its typical use is to connect one endpoint as underlying -input/output \s-1BIO\s0 to an \s-1SSL\s0 and access the other one controlled by the program -instead of accessing the network connection directly. -.PP -The two new BIOs \fBbio1\fR and \fBbio2\fR are symmetric with respect to their -functionality. The size of their buffers is determined by \fBwritebuf1\fR and -\&\fBwritebuf2\fR. If the size give is 0, the default size is used. -.PP -\&\fIBIO_new_bio_pair()\fR does not check whether \fBbio1\fR or \fBbio2\fR do point to -some other \s-1BIO\s0, the values are overwritten, \fIBIO_free()\fR is not called. -.PP -The two BIOs, even though forming a \s-1BIO\s0 pair and must be \fIBIO_free()\fR'ed -separately. This can be of importance, as some SSL-functions like \fISSL_set_bio()\fR -or \fISSL_free()\fR call \fIBIO_free()\fR implicitly, so that the peer-BIO is left -untouched and must also be \fIBIO_free()\fR'ed. -.SH "EXAMPLE" -.IX Header "EXAMPLE" -The \s-1BIO\s0 pair can be used to have full control over the network access of an -application. The application can call \fIselect()\fR on the socket as required -without having to go through the SSL-interface. -.PP -.Vb 6 -\& BIO *internal_bio, *network_bio; -\& ... -\& BIO_new_bio_pair(internal_bio, 0, network_bio, 0); -\& SSL_set_bio(ssl, internal_bio); -\& SSL_operations(); -\& ... -.Ve -.Vb 9 -\& application | TLS-engine -\& | | -\& +----------> SSL_operations() -\& | /\e || -\& | || \e/ -\& | BIO-pair (internal_bio) -\& +----------< BIO-pair (network_bio) -\& | | -\& socket | -.Ve -.Vb 4 -\& ... -\& SSL_free(ssl); /* implicitly frees internal_bio */ -\& BIO_free(network_bio); -\& ... -.Ve -As the \s-1BIO\s0 pair will only buffer the data and never directly access the -connection, it behaves non-blocking and will return as soon as the write -buffer is full or the read buffer is drained. Then the application has to -flush the write buffer and/or fill the read buffer. -.PP -Use the \fIBIO_ctrl_pending()\fR, to find out whether data is buffered in the \s-1BIO\s0 -and must be transfered to the network. Use \fIBIO_ctrl_get_read_request()\fR to -find out, how many bytes must be written into the buffer before the -\&\fISSL_operation()\fR can successfully be continued. -.SH "IMPORTANT" -.IX Header "IMPORTANT" -As the data is buffered, \fISSL_operation()\fR may return with a \s-1ERROR_SSL_WANT_READ\s0 -condition, but there is still data in the write buffer. An application must -not rely on the error value of \fISSL_operation()\fR but must assure that the -write buffer is always flushed first. Otherwise a deadlock may occur as -the peer might be waiting for the data before being able to continue. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.Ip "1" 4 -.IX Item "1" -The \s-1BIO\s0 pair was created successfully. The new BIOs are available in -\&\fBbio1\fR and \fBbio2\fR. -.Ip "0" 4 -The operation failed. The \s-1NULL\s0 pointer is stored into the locations for -\&\fBbio1\fR and \fBbio2\fR. Check the error stack for more information. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -SSL_set_bio(3), ssl(3), bio(3), -BIO_ctrl_pending(3), -BIO_ctrl_get_read_request(3) diff --git a/secure/lib/libcrypto/man/BIO_push.3 b/secure/lib/libcrypto/man/BIO_push.3 index ec94074271ba..2baa42df1ef6 100644 --- a/secure/lib/libcrypto/man/BIO_push.3 +++ b/secure/lib/libcrypto/man/BIO_push.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:07 2002 +.\" Mon Jan 13 19:26:59 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_push 3" -.TH BIO_push 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_push 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_push, BIO_pop \- add and remove BIOs from a chain. diff --git a/secure/lib/libcrypto/man/BIO_read.3 b/secure/lib/libcrypto/man/BIO_read.3 index b844303a5115..3cc3d7bcc9f5 100644 --- a/secure/lib/libcrypto/man/BIO_read.3 +++ b/secure/lib/libcrypto/man/BIO_read.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:08 2002 +.\" Mon Jan 13 19:27:01 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_read 3" -.TH BIO_read 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_read 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_read, BIO_write, BIO_gets, BIO_puts \- \s-1BIO\s0 I/O functions diff --git a/secure/lib/libcrypto/man/BIO_s_accept.3 b/secure/lib/libcrypto/man/BIO_s_accept.3 index 3073f38f14a7..83cb87df230e 100644 --- a/secure/lib/libcrypto/man/BIO_s_accept.3 +++ b/secure/lib/libcrypto/man/BIO_s_accept.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:08 2002 +.\" Mon Jan 13 19:27:02 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,10 +138,10 @@ .\" ====================================================================== .\" .IX Title "BIO_s_accept 3" -.TH BIO_s_accept 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_s_accept 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -BIO_s_accept, BIO_set_nbio, BIO_set_accept_port, BIO_get_accept_port, +BIO_s_accept, BIO_set_accept_port, BIO_get_accept_port, BIO_set_nbio_accept, BIO_set_accept_bios, BIO_set_bind_mode, BIO_get_bind_mode, BIO_do_accept \- accept \s-1BIO\s0 .SH "SYNOPSIS" @@ -150,22 +150,22 @@ BIO_get_bind_mode, BIO_do_accept \- accept \s-1BIO\s0 \& #include <openssl/bio.h> .Ve .Vb 1 -\& BIO_METHOD * BIO_s_accept(void); +\& BIO_METHOD *BIO_s_accept(void); .Ve .Vb 2 -\& #define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name) -\& #define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0) +\& long BIO_set_accept_port(BIO *b, char *name); +\& char *BIO_get_accept_port(BIO *b); .Ve .Vb 1 \& BIO *BIO_new_accept(char *host_port); .Ve .Vb 2 -\& #define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?"a":NULL) -\& #define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio) +\& long BIO_set_nbio_accept(BIO *b, int n); +\& long BIO_set_accept_bios(BIO *b, char *bio); .Ve .Vb 2 -\& #define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL) -\& #define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL) +\& long BIO_set_bind_mode(BIO *b, long mode); +\& long BIO_get_bind_mode(BIO *b, long dummy); .Ve .Vb 3 \& #define BIO_BIND_NORMAL 0 @@ -173,14 +173,14 @@ BIO_get_bind_mode, BIO_do_accept \- accept \s-1BIO\s0 \& #define BIO_BIND_REUSEADDR 2 .Ve .Vb 1 -\& #define BIO_do_accept(b) BIO_do_handshake(b) +\& int BIO_do_accept(BIO *b); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fIBIO_s_accept()\fR returns the accept \s-1BIO\s0 method. This is a wrapper round the platform's \s-1TCP/IP\s0 socket accept routines. .PP -Using accept BIOs \s-1TCP/IP\s0 connections can be accepted and data +Using accept BIOs, \s-1TCP/IP\s0 connections can be accepted and data transferred using only \s-1BIO\s0 routines. In this way any platform specific operations are hidden by the \s-1BIO\s0 abstraction. .PP @@ -238,7 +238,7 @@ using \s-1BIO_BIND_REUSEADDR\s0. called, after the accept \s-1BIO\s0 has been setup, it will attempt to create the accept socket and bind an address to it. Second and subsequent calls to \fIBIO_do_accept()\fR will await an incoming -connection. +connection, or request a retry in non blocking mode. .SH "NOTES" .IX Header "NOTES" When an accept \s-1BIO\s0 is at the end of a chain it will await an @@ -275,6 +275,17 @@ perform I/O using the accept \s-1BIO\s0 itself. This is often undesirable however because the accept \s-1BIO\s0 will still accept additional incoming connections. This can be resolved by using \fIBIO_pop()\fR (see above) and freeing up the accept \s-1BIO\s0 after the initial connection. +.PP +If the underlying accept socket is non-blocking and \fIBIO_do_accept()\fR is +called to await an incoming connection it is possible for +\&\fIBIO_should_io_special()\fR with the reason \s-1BIO_RR_ACCEPT\s0. If this happens +then it is an indication that an accept attempt would block: the application +should take appropriate action to wait until the underlying socket has +accepted a connection and retry the call. +.PP +\&\fIBIO_set_accept_port()\fR, \fIBIO_get_accept_port()\fR, \fIBIO_set_nbio_accept()\fR, +\&\fIBIO_set_accept_bios()\fR, \fIBIO_set_bind_mode()\fR, \fIBIO_get_bind_mode()\fR and +\&\fIBIO_do_accept()\fR are macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/BIO_s_bio.3 b/secure/lib/libcrypto/man/BIO_s_bio.3 index 6c76cd973348..49214db8f2b0 100644 --- a/secure/lib/libcrypto/man/BIO_s_bio.3 +++ b/secure/lib/libcrypto/man/BIO_s_bio.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:09 2002 +.\" Mon Jan 13 19:27:03 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_s_bio 3" -.TH BIO_s_bio 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_s_bio 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr, @@ -223,7 +223,9 @@ If the size is not initialized a default value is used. This is currently \&\fIBIO_new_bio_pair()\fR combines the calls to \fIBIO_new()\fR, \fIBIO_make_bio_pair()\fR and \&\fIBIO_set_write_buf_size()\fR to create a connected pair of BIOs \fBbio1\fR, \fBbio2\fR with write buffer sizes \fBwritebuf1\fR and \fBwritebuf2\fR. If either size is -zero then the default size is used. +zero then the default size is used. \fIBIO_new_bio_pair()\fR does not check whether +\&\fBbio1\fR or \fBbio2\fR do point to some other \s-1BIO\s0, the values are overwritten, +\&\fIBIO_free()\fR is not called. .PP \&\fIBIO_get_write_guarantee()\fR and \fIBIO_ctrl_get_write_guarantee()\fR return the maximum length of data that can be currently written to the \s-1BIO\s0. Writes larger than this @@ -263,9 +265,60 @@ buffer. \fIBIO_read()\fR will initially fail and \fIBIO_should_read()\fR will be the application then waits for data to be available on the underlying transport before flushing the write buffer it will never succeed because the request was never sent! +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_new_bio_pair()\fR returns 1 on success, with the new BIOs available in +\&\fBbio1\fR and \fBbio2\fR, or 0 on failure, with \s-1NULL\s0 pointers stored into the +locations for \fBbio1\fR and \fBbio2\fR. Check the error stack for more information. +.PP +[\s-1XXXXX:\s0 More return values need to be added here] .SH "EXAMPLE" .IX Header "EXAMPLE" -\&\s-1TBA\s0 +The \s-1BIO\s0 pair can be used to have full control over the network access of an +application. The application can call \fIselect()\fR on the socket as required +without having to go through the SSL-interface. +.PP +.Vb 6 +\& BIO *internal_bio, *network_bio; +\& ... +\& BIO_new_bio_pair(internal_bio, 0, network_bio, 0); +\& SSL_set_bio(ssl, internal_bio, internal_bio); +\& SSL_operations(); +\& ... +.Ve +.Vb 9 +\& application | TLS-engine +\& | | +\& +----------> SSL_operations() +\& | /\e || +\& | || \e/ +\& | BIO-pair (internal_bio) +\& +----------< BIO-pair (network_bio) +\& | | +\& socket | +.Ve +.Vb 4 +\& ... +\& SSL_free(ssl); /* implicitly frees internal_bio */ +\& BIO_free(network_bio); +\& ... +.Ve +As the \s-1BIO\s0 pair will only buffer the data and never directly access the +connection, it behaves non-blocking and will return as soon as the write +buffer is full or the read buffer is drained. Then the application has to +flush the write buffer and/or fill the read buffer. +.PP +Use the \fIBIO_ctrl_pending()\fR, to find out whether data is buffered in the \s-1BIO\s0 +and must be transfered to the network. Use \fIBIO_ctrl_get_read_request()\fR to +find out, how many bytes must be written into the buffer before the +\&\fISSL_operation()\fR can successfully be continued. +.SH "WARNING" +.IX Header "WARNING" +As the data is buffered, \fISSL_operation()\fR may return with a \s-1ERROR_SSL_WANT_READ\s0 +condition, but there is still data in the write buffer. An application must +not rely on the error value of \fISSL_operation()\fR but must assure that the +write buffer is always flushed first. Otherwise a deadlock may occur as +the peer might be waiting for the data before being able to continue. .SH "SEE ALSO" .IX Header "SEE ALSO" SSL_set_bio(3), ssl(3), bio(3), diff --git a/secure/lib/libcrypto/man/BIO_s_connect.3 b/secure/lib/libcrypto/man/BIO_s_connect.3 index fcb6a33a6553..e4aae154d0c8 100644 --- a/secure/lib/libcrypto/man/BIO_s_connect.3 +++ b/secure/lib/libcrypto/man/BIO_s_connect.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:09 2002 +.\" Mon Jan 13 19:27:04 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_s_connect 3" -.TH BIO_s_connect 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_s_connect 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_s_connect, BIO_set_conn_hostname, BIO_set_conn_port, @@ -153,28 +153,31 @@ BIO_set_nbio, BIO_do_connect \- connect \s-1BIO\s0 .Vb 1 \& BIO_METHOD * BIO_s_connect(void); .Ve +.Vb 1 +\& BIO *BIO_new_connect(char *name); +.Ve .Vb 8 -\& #define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name) -\& #define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port) -\& #define BIO_set_conn_ip(b,ip) BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip) -\& #define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port) -\& #define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0) -\& #define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1) -\& #define BIO_get_conn_ip(b,ip) BIO_ptr_ctrl(b,BIO_C_SET_CONNECT,2) -\& #define BIO_get_conn_int_port(b,port) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,port) +\& long BIO_set_conn_hostname(BIO *b, char *name); +\& long BIO_set_conn_port(BIO *b, char *port); +\& long BIO_set_conn_ip(BIO *b, char *ip); +\& long BIO_set_conn_int_port(BIO *b, char *port); +\& char *BIO_get_conn_hostname(BIO *b); +\& char *BIO_get_conn_port(BIO *b); +\& char *BIO_get_conn_ip(BIO *b, dummy); +\& long BIO_get_conn_int_port(BIO *b, int port); .Ve .Vb 1 -\& #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) +\& long BIO_set_nbio(BIO *b, long n); .Ve .Vb 1 -\& #define BIO_do_connect(b) BIO_do_handshake(b) +\& int BIO_do_connect(BIO *b); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fIBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. This is a wrapper round the platform's \s-1TCP/IP\s0 socket connection routines. .PP -Using connect BIOs \s-1TCP/IP\s0 connections can be made and data +Using connect BIOs, \s-1TCP/IP\s0 connections can be made and data transferred using only \s-1BIO\s0 routines. In this way any platform specific operations are hidden by the \s-1BIO\s0 abstraction. .PP @@ -197,7 +200,7 @@ to the same host again. it also returns the socket . If \fBc\fR is not \s-1NULL\s0 it should be of type (int *). .PP -\&\fIBIO_set_conn_hostname()\fR uses the string \fBname\fR to set the hostname +\&\fIBIO_set_conn_hostname()\fR uses the string \fBname\fR to set the hostname. The hostname can be an \s-1IP\s0 address. The hostname can also include the port in the form hostname:port . It is also acceptable to use the form \*(L"hostname/any/other/path\*(R" or \*(L"hostname:port/any/other/path\*(R". @@ -230,6 +233,9 @@ is set. Blocking I/O is the default. The call to \fIBIO_set_nbio()\fR should be made before the connection is established because non blocking I/O is set during the connect process. .PP +\&\fIBIO_new_connect()\fR combines \fIBIO_new()\fR and \fIBIO_set_conn_hostname()\fR into +a single call: that is it creates a new connect \s-1BIO\s0 with \fBname\fR. +.PP \&\fIBIO_do_connect()\fR attempts to connect the supplied \s-1BIO\s0. It returns 1 if the connection was established successfully. A zero or negative value is returned if the connection could not be established, the @@ -264,6 +270,11 @@ connection process with the reason \s-1BIO_RR_CONNECT\s0. If this is returned then this is an indication that a connection attempt would block, the application should then take appropriate action to wait until the underlying socket has connected and retry the call. +.PP +\&\fIBIO_set_conn_hostname()\fR, \fIBIO_set_conn_port()\fR, \fIBIO_set_conn_ip()\fR, +\&\fIBIO_set_conn_int_port()\fR, \fIBIO_get_conn_hostname()\fR, \fIBIO_get_conn_port()\fR, +\&\fIBIO_get_conn_ip()\fR, \fIBIO_get_conn_int_port()\fR, \fIBIO_set_nbio()\fR and +\&\fIBIO_do_connect()\fR are macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fIBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. diff --git a/secure/lib/libcrypto/man/BIO_s_fd.3 b/secure/lib/libcrypto/man/BIO_s_fd.3 index cade91f35e6f..861cf452e32d 100644 --- a/secure/lib/libcrypto/man/BIO_s_fd.3 +++ b/secure/lib/libcrypto/man/BIO_s_fd.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:10 2002 +.\" Mon Jan 13 19:27:05 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_s_fd 3" -.TH BIO_s_fd 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_s_fd 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd \- file descriptor \s-1BIO\s0 diff --git a/secure/lib/libcrypto/man/BIO_s_file.3 b/secure/lib/libcrypto/man/BIO_s_file.3 index 6be9436f8e92..cb50f1004804 100644 --- a/secure/lib/libcrypto/man/BIO_s_file.3 +++ b/secure/lib/libcrypto/man/BIO_s_file.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:11 2002 +.\" Mon Jan 13 19:27:06 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_s_file 3" -.TH BIO_s_file 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_s_file 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_s_file, BIO_new_file, BIO_new_fp, BIO_set_fp, BIO_get_fp, diff --git a/secure/lib/libcrypto/man/BIO_s_mem.3 b/secure/lib/libcrypto/man/BIO_s_mem.3 index d3b422e3259f..9b013a32df02 100644 --- a/secure/lib/libcrypto/man/BIO_s_mem.3 +++ b/secure/lib/libcrypto/man/BIO_s_mem.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:11 2002 +.\" Mon Jan 13 19:27:08 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_s_mem 3" -.TH BIO_s_mem 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_s_mem 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_buf, diff --git a/secure/lib/libcrypto/man/BIO_s_null.3 b/secure/lib/libcrypto/man/BIO_s_null.3 index 0bf1015b581a..b302476884c0 100644 --- a/secure/lib/libcrypto/man/BIO_s_null.3 +++ b/secure/lib/libcrypto/man/BIO_s_null.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:12 2002 +.\" Mon Jan 13 19:27:09 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_s_null 3" -.TH BIO_s_null 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_s_null 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_s_null \- null data sink diff --git a/secure/lib/libcrypto/man/BIO_s_socket.3 b/secure/lib/libcrypto/man/BIO_s_socket.3 index e5fa8d4d225e..53fa4aed9b64 100644 --- a/secure/lib/libcrypto/man/BIO_s_socket.3 +++ b/secure/lib/libcrypto/man/BIO_s_socket.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:13 2002 +.\" Mon Jan 13 19:27:10 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_s_socket 3" -.TH BIO_s_socket 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_s_socket 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_s_socket, BIO_new_socket \- socket \s-1BIO\s0 @@ -148,11 +148,11 @@ BIO_s_socket, BIO_new_socket \- socket \s-1BIO\s0 \& #include <openssl/bio.h> .Ve .Vb 1 -\& BIO_METHOD * BIO_s_socket(void); +\& BIO_METHOD *BIO_s_socket(void); .Ve .Vb 2 -\& #define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd) -\& #define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c) +\& long BIO_set_fd(BIO *b, int fd, long close_flag); +\& long BIO_get_fd(BIO *b, int *c); .Ve .Vb 1 \& BIO *BIO_new_socket(int sock, int close_flag); @@ -169,10 +169,10 @@ If the close flag is set then the socket is shut down and closed when the \s-1BIO\s0 is freed. .PP \&\fIBIO_set_fd()\fR sets the socket of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close -flag to \fBc\fR. +flag to \fBclose_flag\fR. .PP \&\fIBIO_get_fd()\fR places the socket in \fBc\fR if it is not \s-1NULL\s0, it also -returns the socket . If \fBc\fR is not \s-1NULL\s0 it should be of type (int *). +returns the socket. If \fBc\fR is not \s-1NULL\s0 it should be of type (int *). .PP \&\fIBIO_new_socket()\fR returns a socket \s-1BIO\s0 using \fBsock\fR and \fBclose_flag\fR. .SH "NOTES" @@ -184,6 +184,8 @@ The reason for having separate file descriptor and socket BIOs is that on some platforms sockets are not file descriptors and use distinct I/O routines, Windows is one such platform. Any code mixing the two will not work on all platforms. +.PP +\&\fIBIO_set_fd()\fR and \fIBIO_get_fd()\fR are macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fIBIO_s_socket()\fR returns the socket \s-1BIO\s0 method. diff --git a/secure/lib/libcrypto/man/BIO_set_callback.3 b/secure/lib/libcrypto/man/BIO_set_callback.3 index a2a5996ee507..b8e5ee474ca5 100644 --- a/secure/lib/libcrypto/man/BIO_set_callback.3 +++ b/secure/lib/libcrypto/man/BIO_set_callback.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:13 2002 +.\" Mon Jan 13 19:27:11 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_set_callback 3" -.TH BIO_set_callback 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_set_callback 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg, diff --git a/secure/lib/libcrypto/man/BIO_should_retry.3 b/secure/lib/libcrypto/man/BIO_should_retry.3 index 38fc119833ee..ba214dfca210 100644 --- a/secure/lib/libcrypto/man/BIO_should_retry.3 +++ b/secure/lib/libcrypto/man/BIO_should_retry.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:14 2002 +.\" Mon Jan 13 19:27:12 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_should_retry 3" -.TH BIO_should_retry 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_should_retry 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_should_retry, BIO_should_read, BIO_should_write, diff --git a/secure/lib/libcrypto/man/BN_CTX_new.3 b/secure/lib/libcrypto/man/BN_CTX_new.3 index b4dff76dd749..f4a443503402 100644 --- a/secure/lib/libcrypto/man/BN_CTX_new.3 +++ b/secure/lib/libcrypto/man/BN_CTX_new.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:14 2002 +.\" Mon Jan 13 19:27:13 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_CTX_new 3" -.TH BN_CTX_new 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH BN_CTX_new 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_CTX_new, BN_CTX_init, BN_CTX_free \- allocate and free \s-1BN_CTX\s0 structures @@ -181,7 +181,7 @@ ERR_get_error(3). \&\fIBN_CTX_init()\fR and \fIBN_CTX_free()\fR have no return values. .SH "SEE ALSO" .IX Header "SEE ALSO" -bn(3), err(3), BN_add(3), +bn(3), ERR_get_error(3), BN_add(3), BN_CTX_start(3) .SH "HISTORY" .IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/BN_CTX_start.3 b/secure/lib/libcrypto/man/BN_CTX_start.3 index 1629abffc938..f0d7ad292142 100644 --- a/secure/lib/libcrypto/man/BN_CTX_start.3 +++ b/secure/lib/libcrypto/man/BN_CTX_start.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:15 2002 +.\" Mon Jan 13 19:27:14 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_CTX_start 3" -.TH BN_CTX_start 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BN_CTX_start 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_CTX_start, BN_CTX_get, BN_CTX_end \- use temporary \s-1BIGNUM\s0 variables diff --git a/secure/lib/libcrypto/man/BN_add.3 b/secure/lib/libcrypto/man/BN_add.3 index 7b4b69406e0e..9b58ec0420f3 100644 --- a/secure/lib/libcrypto/man/BN_add.3 +++ b/secure/lib/libcrypto/man/BN_add.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:16 2002 +.\" Mon Jan 13 19:27:15 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,11 +138,12 @@ .\" ====================================================================== .\" .IX Title "BN_add 3" -.TH BN_add 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH BN_add 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -BN_add, BN_sub, BN_mul, BN_div, BN_sqr, BN_mod, BN_mod_mul, BN_exp, -BN_mod_exp, BN_gcd \- arithmetic operations on BIGNUMs +BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add, +BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd \- +arithmetic operations on BIGNUMs .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -157,21 +158,35 @@ BN_mod_exp, BN_gcd \- arithmetic operations on BIGNUMs .Vb 1 \& int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); .Ve +.Vb 1 +\& int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); +.Ve .Vb 2 \& int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d, \& BN_CTX *ctx); .Ve .Vb 1 -\& int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); +\& int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); .Ve .Vb 1 -\& int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +\& int BN_nnmod(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +.Ve +.Vb 2 +\& int BN_mod_add(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, +\& BN_CTX *ctx); +.Ve +.Vb 2 +\& int BN_mod_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, +\& BN_CTX *ctx); .Ve .Vb 2 -\& int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, +\& int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, \& BN_CTX *ctx); .Ve .Vb 1 +\& int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +.Ve +.Vb 1 \& int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx); .Ve .Vb 2 @@ -183,45 +198,59 @@ BN_mod_exp, BN_gcd \- arithmetic operations on BIGNUMs .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBN_add()\fR adds \fBa\fR and \fBb\fR and places the result in \fBr\fR (\f(CW\*(C`r=a+b\*(C'\fR). -\&\fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR or \fBb\fR. +\&\fIBN_add()\fR adds \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a+b\*(C'\fR). +\&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. .PP -\&\fIBN_sub()\fR subtracts \fBb\fR from \fBa\fR and places the result in \fBr\fR (\f(CW\*(C`r=a\-b\*(C'\fR). +\&\fIBN_sub()\fR subtracts \fIb\fR from \fIa\fR and places the result in \fIr\fR (\f(CW\*(C`r=a\-b\*(C'\fR). .PP -\&\fIBN_mul()\fR multiplies \fBa\fR and \fBb\fR and places the result in \fBr\fR (\f(CW\*(C`r=a*b\*(C'\fR). -\&\fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR or \fBb\fR. +\&\fIBN_mul()\fR multiplies \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a*b\*(C'\fR). +\&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. For multiplication by powers of 2, use BN_lshift(3). .PP -\&\fIBN_div()\fR divides \fBa\fR by \fBd\fR and places the result in \fBdv\fR and the -remainder in \fBrem\fR (\f(CW\*(C`dv=a/d, rem=a%d\*(C'\fR). Either of \fBdv\fR and \fBrem\fR may -be \s-1NULL\s0, in which case the respective value is not returned. +\&\fIBN_sqr()\fR takes the square of \fIa\fR and places the result in \fIr\fR +(\f(CW\*(C`r=a^2\*(C'\fR). \fIr\fR and \fIa\fR may be the same \fB\s-1BIGNUM\s0\fR. +This function is faster than BN_mul(r,a,a). +.PP +\&\fIBN_div()\fR divides \fIa\fR by \fId\fR and places the result in \fIdv\fR and the +remainder in \fIrem\fR (\f(CW\*(C`dv=a/d, rem=a%d\*(C'\fR). Either of \fIdv\fR and \fIrem\fR may +be \fB\s-1NULL\s0\fR, in which case the respective value is not returned. +The result is rounded towards zero; thus if \fIa\fR is negative, the +remainder will be zero or negative. For division by powers of 2, use \fIBN_rshift\fR\|(3). .PP -\&\fIBN_sqr()\fR takes the square of \fBa\fR and places the result in \fBr\fR -(\f(CW\*(C`r=a^2\*(C'\fR). \fBr\fR and \fBa\fR may be the same \fB\s-1BIGNUM\s0\fR. -This function is faster than BN_mul(r,a,a). +\&\fIBN_mod()\fR corresponds to \fIBN_div()\fR with \fIdv\fR set to \fB\s-1NULL\s0\fR. +.PP +\&\fIBN_nnmod()\fR reduces \fIa\fR modulo \fIm\fR and places the non-negative +remainder in \fIr\fR. +.PP +\&\fIBN_mod_add()\fR adds \fIa\fR to \fIb\fR modulo \fIm\fR and places the non-negative +result in \fIr\fR. +.PP +\&\fIBN_mod_sub()\fR subtracts \fIb\fR from \fIa\fR modulo \fIm\fR and places the +non-negative result in \fIr\fR. .PP -\&\fIBN_mod()\fR find the remainder of \fBa\fR divided by \fBm\fR and places it in -\&\fBrem\fR (\f(CW\*(C`rem=a%m\*(C'\fR). +\&\fIBN_mod_mul()\fR multiplies \fIa\fR by \fIb\fR and finds the non-negative +remainder respective to modulus \fIm\fR (\f(CW\*(C`r=(a*b) mod m\*(C'\fR). \fIr\fR may be +the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. For more efficient algorithms for +repeated computations using the same modulus, see +BN_mod_mul_montgomery(3) and +BN_mod_mul_reciprocal(3). .PP -\&\fIBN_mod_mul()\fR multiplies \fBa\fR by \fBb\fR and finds the remainder when -divided by \fBm\fR (\f(CW\*(C`r=(a*b)%m\*(C'\fR). \fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR -or \fBb\fR. For a more efficient algorithm, see -BN_mod_mul_montgomery(3); for repeated -computations using the same modulus, see BN_mod_mul_reciprocal(3). +\&\fIBN_mod_sqr()\fR takes the square of \fIa\fR modulo \fBm\fR and places the +result in \fIr\fR. .PP -\&\fIBN_exp()\fR raises \fBa\fR to the \fBp\fR\-th power and places the result in \fBr\fR +\&\fIBN_exp()\fR raises \fIa\fR to the \fIp\fR\-th power and places the result in \fIr\fR (\f(CW\*(C`r=a^p\*(C'\fR). This function is faster than repeated applications of \&\fIBN_mul()\fR. .PP -\&\fIBN_mod_exp()\fR computes \fBa\fR to the \fBp\fR\-th power modulo \fBm\fR (\f(CW\*(C`r=a^p % +\&\fIBN_mod_exp()\fR computes \fIa\fR to the \fIp\fR\-th power modulo \fIm\fR (\f(CW\*(C`r=a^p % m\*(C'\fR). This function uses less time and space than \fIBN_exp()\fR. .PP -\&\fIBN_gcd()\fR computes the greatest common divisor of \fBa\fR and \fBb\fR and -places the result in \fBr\fR. \fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR or -\&\fBb\fR. +\&\fIBN_gcd()\fR computes the greatest common divisor of \fIa\fR and \fIb\fR and +places the result in \fIr\fR. \fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or +\&\fIb\fR. .PP -For all functions, \fBctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for +For all functions, \fIctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for temporary variables; see BN_CTX_new(3). .PP Unless noted otherwise, the result \fB\s-1BIGNUM\s0\fR must be different from @@ -233,11 +262,13 @@ value should always be checked (e.g., \f(CW\*(C`if (!BN_add(r,a,b)) goto err;\*( The error codes can be obtained by ERR_get_error(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -bn(3), err(3), BN_CTX_new(3), +bn(3), ERR_get_error(3), BN_CTX_new(3), BN_add_word(3), BN_set_bit(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIBN_add()\fR, \fIBN_sub()\fR, \fIBN_div()\fR, \fIBN_sqr()\fR, \fIBN_mod()\fR, \fIBN_mod_mul()\fR, +\&\fIBN_add()\fR, \fIBN_sub()\fR, \fIBN_sqr()\fR, \fIBN_div()\fR, \fIBN_mod()\fR, \fIBN_mod_mul()\fR, \&\fIBN_mod_exp()\fR and \fIBN_gcd()\fR are available in all versions of SSLeay and -OpenSSL. The \fBctx\fR argument to \fIBN_mul()\fR was added in SSLeay +OpenSSL. The \fIctx\fR argument to \fIBN_mul()\fR was added in SSLeay 0.9.1b. \fIBN_exp()\fR appeared in SSLeay 0.9.0. +\&\fIBN_nnmod()\fR, \fIBN_mod_add()\fR, \fIBN_mod_sub()\fR, and \fIBN_mod_sqr()\fR were added in +OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/BN_add_word.3 b/secure/lib/libcrypto/man/BN_add_word.3 index d83119455724..4a95bb391a75 100644 --- a/secure/lib/libcrypto/man/BN_add_word.3 +++ b/secure/lib/libcrypto/man/BN_add_word.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:16 2002 +.\" Mon Jan 13 19:27:17 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_add_word 3" -.TH BN_add_word 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH BN_add_word 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_add_word, BN_sub_word, BN_mul_word, BN_div_word, BN_mod_word \- arithmetic @@ -188,7 +188,7 @@ on error. The error codes can be obtained by ERR_get_error(3). \&\fIBN_mod_word()\fR and \fIBN_div_word()\fR return \fBa\fR%\fBw\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -bn(3), err(3), BN_add(3) +bn(3), ERR_get_error(3), BN_add(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIBN_add_word()\fR and \fIBN_mod_word()\fR are available in all versions of diff --git a/secure/lib/libcrypto/man/BN_bn2bin.3 b/secure/lib/libcrypto/man/BN_bn2bin.3 index 6a810496c839..0dcb8eee286c 100644 --- a/secure/lib/libcrypto/man/BN_bn2bin.3 +++ b/secure/lib/libcrypto/man/BN_bn2bin.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:17 2002 +.\" Mon Jan 13 19:27:18 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_bn2bin 3" -.TH BN_bn2bin 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH BN_bn2bin 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_bn2bin, BN_bin2bn, BN_bn2hex, BN_bn2dec, BN_hex2bn, BN_dec2bn, @@ -221,7 +221,7 @@ returns the \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error. The error codes can be obtained by ERR_get_error(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -bn(3), err(3), BN_zero(3), +bn(3), ERR_get_error(3), BN_zero(3), ASN1_INTEGER_to_BN(3), BN_num_bytes(3) .SH "HISTORY" diff --git a/secure/lib/libcrypto/man/BN_cmp.3 b/secure/lib/libcrypto/man/BN_cmp.3 index cb21425f23a1..0c6fa7347152 100644 --- a/secure/lib/libcrypto/man/BN_cmp.3 +++ b/secure/lib/libcrypto/man/BN_cmp.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:18 2002 +.\" Mon Jan 13 19:27:19 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_cmp 3" -.TH BN_cmp 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH BN_cmp 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd \- \s-1BIGNUM\s0 comparison and test functions diff --git a/secure/lib/libcrypto/man/BN_copy.3 b/secure/lib/libcrypto/man/BN_copy.3 index 12770756a9ad..c4a875edd6c1 100644 --- a/secure/lib/libcrypto/man/BN_copy.3 +++ b/secure/lib/libcrypto/man/BN_copy.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:18 2002 +.\" Mon Jan 13 19:27:20 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_copy 3" -.TH BN_copy 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH BN_copy 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_copy, BN_dup \- copy BIGNUMs @@ -164,7 +164,7 @@ the new \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error. The error codes can be ob by ERR_get_error(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -bn(3), err(3) +bn(3), ERR_get_error(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIBN_copy()\fR and \fIBN_dup()\fR are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/BN_generate_prime.3 b/secure/lib/libcrypto/man/BN_generate_prime.3 index 383ccf82501d..22fb350a47a3 100644 --- a/secure/lib/libcrypto/man/BN_generate_prime.3 +++ b/secure/lib/libcrypto/man/BN_generate_prime.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:19 2002 +.\" Mon Jan 13 19:27:21 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_generate_prime 3" -.TH BN_generate_prime 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH BN_generate_prime 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_generate_prime, BN_is_prime, BN_is_prime_fasttest \- generate primes and test for primality @@ -220,7 +220,7 @@ prime with an error probability of less than 0.25^\fBchecks\fR, and The error codes can be obtained by ERR_get_error(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -bn(3), err(3), rand(3) +bn(3), ERR_get_error(3), rand(3) .SH "HISTORY" .IX Header "HISTORY" The \fBcb_arg\fR arguments to \fIBN_generate_prime()\fR and to \fIBN_is_prime()\fR diff --git a/secure/lib/libcrypto/man/BN_mod_inverse.3 b/secure/lib/libcrypto/man/BN_mod_inverse.3 index d5249c65cdb2..5e737b26d38d 100644 --- a/secure/lib/libcrypto/man/BN_mod_inverse.3 +++ b/secure/lib/libcrypto/man/BN_mod_inverse.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:19 2002 +.\" Mon Jan 13 19:27:22 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_mod_inverse 3" -.TH BN_mod_inverse 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH BN_mod_inverse 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_mod_inverse \- compute inverse modulo n @@ -165,7 +165,7 @@ variables. \fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR or \fBn\fR. \&\s-1NULL\s0 on error. The error codes can be obtained by ERR_get_error(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -bn(3), err(3), BN_add(3) +bn(3), ERR_get_error(3), BN_add(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIBN_mod_inverse()\fR is available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 index 28702cecfab5..1e6a1fa94dfe 100644 --- a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 +++ b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:20 2002 +.\" Mon Jan 13 19:27:23 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_mod_mul_montgomery 3" -.TH BN_mod_mul_montgomery 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BN_mod_mul_montgomery 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_mod_mul_montgomery, BN_MONT_CTX_new, BN_MONT_CTX_init, @@ -180,22 +180,23 @@ using the same modulus. \&\fIBN_MONT_CTX_new()\fR allocates and initializes a \fB\s-1BN_MONT_CTX\s0\fR structure. \&\fIBN_MONT_CTX_init()\fR initializes an existing uninitialized \fB\s-1BN_MONT_CTX\s0\fR. .PP -\&\fIBN_MONT_CTX_set()\fR sets up the \fBmont\fR structure from the modulus \fBm\fR +\&\fIBN_MONT_CTX_set()\fR sets up the \fImont\fR structure from the modulus \fIm\fR by precomputing its inverse and a value R. .PP -\&\fIBN_MONT_CTX_copy()\fR copies the \fB\s-1BN_MONT_CTX\s0\fR \fBfrom\fR to \fBto\fR. +\&\fIBN_MONT_CTX_copy()\fR copies the \fB\s-1BN_MONT_CTX\s0\fR \fIfrom\fR to \fIto\fR. .PP \&\fIBN_MONT_CTX_free()\fR frees the components of the \fB\s-1BN_MONT_CTX\s0\fR, and, if it was created by \fIBN_MONT_CTX_new()\fR, also the structure itself. .PP -\&\fIBN_mod_mul_montgomery()\fR computes Mont(\fBa\fR,\fBb\fR):=\fBa\fR*\fBb\fR*R^\-1 and places -the result in \fBr\fR. +\&\fIBN_mod_mul_montgomery()\fR computes Mont(\fIa\fR,\fIb\fR):=\fIa\fR*\fIb\fR*R^\-1 and places +the result in \fIr\fR. .PP -\&\fIBN_from_montgomery()\fR performs the Montgomery reduction \fBr\fR = \fBa\fR*R^\-1. +\&\fIBN_from_montgomery()\fR performs the Montgomery reduction \fIr\fR = \fIa\fR*R^\-1. .PP -\&\fIBN_to_montgomery()\fR computes Mont(\fBa\fR,R^2), i.e. \fBa\fR*R. +\&\fIBN_to_montgomery()\fR computes Mont(\fIa\fR,R^2), i.e. \fIa\fR*R. +Note that \fIa\fR must be non-negative and smaller than the modulus. .PP -For all functions, \fBctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for +For all functions, \fIctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for temporary variables. .PP The \fB\s-1BN_MONT_CTX\s0\fR structure is defined as follows: @@ -222,9 +223,13 @@ on error. .PP For the other functions, 1 is returned for success, 0 on error. The error codes can be obtained by ERR_get_error(3). +.SH "WARNING" +.IX Header "WARNING" +The inputs must be reduced modulo \fBm\fR, otherwise the result will be +outside the expected range. .SH "SEE ALSO" .IX Header "SEE ALSO" -bn(3), err(3), BN_add(3), +bn(3), ERR_get_error(3), BN_add(3), BN_CTX_new(3) .SH "HISTORY" .IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 index db868999002a..de08e8113771 100644 --- a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 +++ b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:21 2002 +.\" Mon Jan 13 19:27:25 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_mod_mul_reciprocal 3" -.TH BN_mod_mul_reciprocal 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BN_mod_mul_reciprocal 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_mod_mul_reciprocal, BN_div_recp, BN_RECP_CTX_new, BN_RECP_CTX_init, @@ -211,7 +211,7 @@ For the other functions, 1 is returned for success, 0 on error. The error codes can be obtained by ERR_get_error(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -bn(3), err(3), BN_add(3), +bn(3), ERR_get_error(3), BN_add(3), BN_CTX_new(3) .SH "HISTORY" .IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/BN_new.3 b/secure/lib/libcrypto/man/BN_new.3 index 150ee3f03dc2..711a512ca147 100644 --- a/secure/lib/libcrypto/man/BN_new.3 +++ b/secure/lib/libcrypto/man/BN_new.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:21 2002 +.\" Mon Jan 13 19:27:26 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_new 3" -.TH BN_new 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH BN_new 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_new, BN_init, BN_clear, BN_free, BN_clear_free \- allocate and free BIGNUMs @@ -184,7 +184,7 @@ by ERR_get_error(3). values. .SH "SEE ALSO" .IX Header "SEE ALSO" -bn(3), err(3) +bn(3), ERR_get_error(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIBN_new()\fR, \fIBN_clear()\fR, \fIBN_free()\fR and \fIBN_clear_free()\fR are available in diff --git a/secure/lib/libcrypto/man/BN_num_bytes.3 b/secure/lib/libcrypto/man/BN_num_bytes.3 index 866e1e9b116c..30517e2316ca 100644 --- a/secure/lib/libcrypto/man/BN_num_bytes.3 +++ b/secure/lib/libcrypto/man/BN_num_bytes.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:22 2002 +.\" Mon Jan 13 19:27:27 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_num_bytes 3" -.TH BN_num_bytes 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH BN_num_bytes 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_num_bits, BN_num_bytes, BN_num_bits_word \- get \s-1BIGNUM\s0 size diff --git a/secure/lib/libcrypto/man/BN_rand.3 b/secure/lib/libcrypto/man/BN_rand.3 index 23e7399d8bdf..717a0aab2c6e 100644 --- a/secure/lib/libcrypto/man/BN_rand.3 +++ b/secure/lib/libcrypto/man/BN_rand.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:22 2002 +.\" Mon Jan 13 19:27:28 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_rand 3" -.TH BN_rand 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH BN_rand 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_rand, BN_pseudo_rand \- generate pseudo-random number @@ -186,7 +186,7 @@ The functions return 1 on success, 0 on error. The error codes can be obtained by ERR_get_error(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -bn(3), err(3), rand(3), +bn(3), ERR_get_error(3), rand(3), RAND_add(3), RAND_bytes(3) .SH "HISTORY" .IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/BN_set_bit.3 b/secure/lib/libcrypto/man/BN_set_bit.3 index 5c5a4e157416..88c276ef6047 100644 --- a/secure/lib/libcrypto/man/BN_set_bit.3 +++ b/secure/lib/libcrypto/man/BN_set_bit.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:23 2002 +.\" Mon Jan 13 19:27:29 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_set_bit 3" -.TH BN_set_bit 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH BN_set_bit 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift, diff --git a/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3 b/secure/lib/libcrypto/man/BN_swap.3 index 874ee38204ef..d431ae903f04 100644 --- a/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3 +++ b/secure/lib/libcrypto/man/BN_swap.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:38 2002 +.\" Mon Jan 13 19:27:30 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,26 +137,24 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "SSL_get_SSL_CTX 3" -.TH SSL_get_SSL_CTX 3 "0.9.6e" "2002-01-26" "OpenSSL" +.IX Title "BN_swap 3" +.TH BN_swap 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -SSL_get_SSL_CTX \- get the \s-1SSL_CTX\s0 from which an \s-1SSL\s0 is created +BN_swap \- exchange BIGNUMs .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 -\& #include <openssl/ssl.h> +\& #include <openssl/bn.h> .Ve .Vb 1 -\& SSL_CTX *SSL_get_SSL_CTX(SSL *ssl); +\& void BN_swap(BIGNUM *a, BIGNUM *b); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_SSL_CTX()\fR returns a pointer to the \s-1SSL_CTX\s0 object, from which -\&\fBssl\fR was created with SSL_new(3). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The pointer to the \s-1SSL_CTX\s0 object is returned. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3), SSL_new(3) +\&\fIBN_swap()\fR exchanges the values of \fIa\fR and \fIb\fR. +.PP +bn(3) +.SH "HISTORY" +.IX Header "HISTORY" +BN_swap was added in OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/BN_zero.3 b/secure/lib/libcrypto/man/BN_zero.3 index 61613e7f9740..80417dbafd42 100644 --- a/secure/lib/libcrypto/man/BN_zero.3 +++ b/secure/lib/libcrypto/man/BN_zero.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:24 2002 +.\" Mon Jan 13 19:27:31 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_zero 3" -.TH BN_zero 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BN_zero 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_zero, BN_one, BN_value_one, BN_set_word, BN_get_word \- \s-1BIGNUM\s0 assignment @@ -153,7 +153,7 @@ operations \& int BN_one(BIGNUM *a); .Ve .Vb 1 -\& BIGNUM *BN_value_one(void); +\& const BIGNUM *BN_value_one(void); .Ve .Vb 2 \& int BN_set_word(BIGNUM *a, unsigned long w); @@ -190,3 +190,6 @@ bn(3), BN_bn2bin(3) \&\fIBN_zero()\fR, \fIBN_one()\fR and \fIBN_set_word()\fR are available in all versions of SSLeay and OpenSSL. \fIBN_value_one()\fR and \fIBN_get_word()\fR were added in SSLeay 0.8. +.PP +\&\fIBN_value_one()\fR was changed to return a true const \s-1BIGNUM\s0 * in OpenSSL +0.9.7. diff --git a/secure/lib/libcrypto/man/CA.pl.1 b/secure/lib/libcrypto/man/CA.pl.1 deleted file mode 100644 index ac3f29c12eb9..000000000000 --- a/secure/lib/libcrypto/man/CA.pl.1 +++ /dev/null @@ -1,298 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:38 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "CA.PL 1" -.TH CA.PL 1 "0.9.6e" "2000-11-12" "OpenSSL" -.UC -.SH "NAME" -\&\s-1CA\s0.pl \- friendlier interface for OpenSSL certificate programs -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fB\s-1CA\s0.pl\fR -[\fB\-?\fR] -[\fB\-h\fR] -[\fB\-help\fR] -[\fB\-newcert\fR] -[\fB\-newreq\fR] -[\fB\-newca\fR] -[\fB\-xsign\fR] -[\fB\-sign\fR] -[\fB\-signreq\fR] -[\fB\-signcert\fR] -[\fB\-verify\fR] -[\fBfiles\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fB\s-1CA\s0.pl\fR script is a perl script that supplies the relevant command line -arguments to the \fBopenssl\fR command for some common certificate operations. -It is intended to simplify the process of certificate creation and management -by the use of some simple options. -.SH "COMMAND OPTIONS" -.IX Header "COMMAND OPTIONS" -.Ip "\fB?\fR, \fB\-h\fR, \fB\-help\fR" 4 -.IX Item "?, -h, -help" -prints a usage message. -.Ip "\fB\-newcert\fR" 4 -.IX Item "-newcert" -creates a new self signed certificate. The private key and certificate are -written to the file \*(L"newreq.pem\*(R". -.Ip "\fB\-newreq\fR" 4 -.IX Item "-newreq" -creates a new certificate request. The private key and request are -written to the file \*(L"newreq.pem\*(R". -.Ip "\fB\-newca\fR" 4 -.IX Item "-newca" -creates a new \s-1CA\s0 hierarchy for use with the \fBca\fR program (or the \fB\-signcert\fR -and \fB\-xsign\fR options). The user is prompted to enter the filename of the \s-1CA\s0 -certificates (which should also contain the private key) or by hitting \s-1ENTER\s0 -details of the \s-1CA\s0 will be prompted for. The relevant files and directories -are created in a directory called \*(L"demoCA\*(R" in the current directory. -.Ip "\fB\-pkcs12\fR" 4 -.IX Item "-pkcs12" -create a PKCS#12 file containing the user certificate, private key and \s-1CA\s0 -certificate. It expects the user certificate and private key to be in the -file \*(L"newcert.pem\*(R" and the \s-1CA\s0 certificate to be in the file demoCA/cacert.pem, -it creates a file \*(L"newcert.p12\*(R". This command can thus be called after the -\&\fB\-sign\fR option. The PKCS#12 file can be imported directly into a browser. -If there is an additional argument on the command line it will be used as the -\&\*(L"friendly name\*(R" for the certificate (which is typically displayed in the browser -list box), otherwise the name \*(L"My Certificate\*(R" is used. -.Ip "\fB\-sign\fR, \fB\-signreq\fR, \fB\-xsign\fR" 4 -.IX Item "-sign, -signreq, -xsign" -calls the \fBca\fR program to sign a certificate request. It expects the request -to be in the file \*(L"newreq.pem\*(R". The new certificate is written to the file -\&\*(L"newcert.pem\*(R" except in the case of the \fB\-xsign\fR option when it is written -to standard output. -.Ip "\fB\-signCA\fR" 4 -.IX Item "-signCA" -this option is the same as the \fB\-signreq\fR option except it uses the configuration -file section \fBv3_ca\fR and so makes the signed request a valid \s-1CA\s0 certificate. This -is useful when creating intermediate \s-1CA\s0 from a root \s-1CA\s0. -.Ip "\fB\-signcert\fR" 4 -.IX Item "-signcert" -this option is the same as \fB\-sign\fR except it expects a self signed certificate -to be present in the file \*(L"newreq.pem\*(R". -.Ip "\fB\-verify\fR" 4 -.IX Item "-verify" -verifies certificates against the \s-1CA\s0 certificate for \*(L"demoCA\*(R". If no certificates -are specified on the command line it tries to verify the file \*(L"newcert.pem\*(R". -.Ip "\fBfiles\fR" 4 -.IX Item "files" -one or more optional certificate file names for use with the \fB\-verify\fR command. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Create a \s-1CA\s0 hierarchy: -.PP -.Vb 1 -\& CA.pl -newca -.Ve -Complete certificate creation example: create a \s-1CA\s0, create a request, sign -the request and finally create a PKCS#12 file containing it. -.PP -.Vb 4 -\& CA.pl -newca -\& CA.pl -newreq -\& CA.pl -signreq -\& CA.pl -pkcs12 "My Test Certificate" -.Ve -.SH "DSA CERTIFICATES" -.IX Header "DSA CERTIFICATES" -Although the \fB\s-1CA\s0.pl\fR creates \s-1RSA\s0 CAs and requests it is still possible to -use it with \s-1DSA\s0 certificates and requests using the req(1) command -directly. The following example shows the steps that would typically be taken. -.PP -Create some \s-1DSA\s0 parameters: -.PP -.Vb 1 -\& openssl dsaparam -out dsap.pem 1024 -.Ve -Create a \s-1DSA\s0 \s-1CA\s0 certificate and private key: -.PP -.Vb 1 -\& openssl req -x509 -newkey dsa:dsap.pem -keyout cacert.pem -out cacert.pem -.Ve -Create the \s-1CA\s0 directories and files: -.PP -.Vb 1 -\& CA.pl -newca -.Ve -enter cacert.pem when prompted for the \s-1CA\s0 file name. -.PP -Create a \s-1DSA\s0 certificate request and private key (a different set of parameters -can optionally be created first): -.PP -.Vb 1 -\& openssl req -out newreq.pem -newkey dsa:dsap.pem -.Ve -Sign the request: -.PP -.Vb 1 -\& CA.pl -signreq -.Ve -.SH "NOTES" -.IX Header "NOTES" -Most of the filenames mentioned can be modified by editing the \fB\s-1CA\s0.pl\fR script. -.PP -If the demoCA directory already exists then the \fB\-newca\fR command will not -overwrite it and will do nothing. This can happen if a previous call using -the \fB\-newca\fR option terminated abnormally. To get the correct behaviour -delete the demoCA directory if it already exists. -.PP -Under some environments it may not be possible to run the \fB\s-1CA\s0.pl\fR script -directly (for example Win32) and the default configuration file location may -be wrong. In this case the command: -.PP -.Vb 1 -\& perl -S CA.pl -.Ve -can be used and the \fB\s-1OPENSSL_CONF\s0\fR environment variable changed to point to -the correct path of the configuration file \*(L"openssl.cnf\*(R". -.PP -The script is intended as a simple front end for the \fBopenssl\fR program for use -by a beginner. Its behaviour isn't always what is wanted. For more control over the -behaviour of the certificate commands call the \fBopenssl\fR command directly. -.SH "ENVIRONMENT VARIABLES" -.IX Header "ENVIRONMENT VARIABLES" -The variable \fB\s-1OPENSSL_CONF\s0\fR if defined allows an alternative configuration -file location to be specified, it should contain the full path to the -configuration file, not just its directory. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -x509(1), ca(1), req(1), pkcs12(1), -config(5) diff --git a/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 b/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 index ef82f2b07aca..c09289446140 100644 --- a/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 +++ b/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:24 2002 +.\" Mon Jan 13 19:27:32 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "CRYPTO_set_ex_data 3" -.TH CRYPTO_set_ex_data 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH CRYPTO_set_ex_data 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" CRYPTO_set_ex_data, CRYPTO_get_ex_data \- internal application specific data functions diff --git a/secure/lib/libcrypto/man/DH_generate_key.3 b/secure/lib/libcrypto/man/DH_generate_key.3 index a98535f097a7..ef19bf19e379 100644 --- a/secure/lib/libcrypto/man/DH_generate_key.3 +++ b/secure/lib/libcrypto/man/DH_generate_key.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:25 2002 +.\" Mon Jan 13 19:27:33 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DH_generate_key 3" -.TH DH_generate_key 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DH_generate_key 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DH_generate_key, DH_compute_key \- perform Diffie-Hellman key exchange @@ -179,7 +179,7 @@ on error. The error codes can be obtained by ERR_get_error(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -dh(3), err(3), rand(3), DH_size(3) +dh(3), ERR_get_error(3), rand(3), DH_size(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIDH_generate_key()\fR and \fIDH_compute_key()\fR are available in all versions diff --git a/secure/lib/libcrypto/man/DH_generate_parameters.3 b/secure/lib/libcrypto/man/DH_generate_parameters.3 index 74b0d8a6f27c..06c93c15eab7 100644 --- a/secure/lib/libcrypto/man/DH_generate_parameters.3 +++ b/secure/lib/libcrypto/man/DH_generate_parameters.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:25 2002 +.\" Mon Jan 13 19:27:34 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DH_generate_parameters 3" -.TH DH_generate_parameters 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DH_generate_parameters 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DH_generate_parameters, DH_check \- generate and check Diffie-Hellman parameters @@ -196,7 +196,8 @@ If \fBgenerator\fR is not 2 or 5, \fBdh->g\fR=\fBgenerator\fR is not a usable generator. .SH "SEE ALSO" .IX Header "SEE ALSO" -dh(3), err(3), rand(3), DH_free(3) +dh(3), ERR_get_error(3), rand(3), +DH_free(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIDH_check()\fR is available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/DH_get_ex_new_index.3 b/secure/lib/libcrypto/man/DH_get_ex_new_index.3 index 2a9409a49cc7..2b741e807508 100644 --- a/secure/lib/libcrypto/man/DH_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/DH_get_ex_new_index.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:26 2002 +.\" Mon Jan 13 19:27:36 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DH_get_ex_new_index 3" -.TH DH_get_ex_new_index 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH DH_get_ex_new_index 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data \- add application specific data to \s-1DH\s0 structures diff --git a/secure/lib/libcrypto/man/DH_new.3 b/secure/lib/libcrypto/man/DH_new.3 index 2a8546e3f2c1..9c21b4ff866d 100644 --- a/secure/lib/libcrypto/man/DH_new.3 +++ b/secure/lib/libcrypto/man/DH_new.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:27 2002 +.\" Mon Jan 13 19:27:37 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DH_new 3" -.TH DH_new 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DH_new 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DH_new, DH_free \- allocate and free \s-1DH\s0 objects @@ -168,7 +168,7 @@ a pointer to the newly allocated structure. \&\fIDH_free()\fR returns no value. .SH "SEE ALSO" .IX Header "SEE ALSO" -dh(3), err(3), +dh(3), ERR_get_error(3), DH_generate_parameters(3), DH_generate_key(3) .SH "HISTORY" diff --git a/secure/lib/libcrypto/man/DH_set_method.3 b/secure/lib/libcrypto/man/DH_set_method.3 index 8a5c1b720a0c..8dc77bb7eee1 100644 --- a/secure/lib/libcrypto/man/DH_set_method.3 +++ b/secure/lib/libcrypto/man/DH_set_method.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:27 2002 +.\" Mon Jan 13 19:27:38 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,51 +138,63 @@ .\" ====================================================================== .\" .IX Title "DH_set_method 3" -.TH DH_set_method 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH DH_set_method 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -DH_set_default_method, DH_get_default_method, DH_set_method, -DH_new_method, DH_OpenSSL \- select \s-1DH\s0 method +DH_set_default_method, DH_get_default_method, +DH_set_method, DH_new_method, DH_OpenSSL \- select \s-1DH\s0 method .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 1 +.Vb 2 \& #include <openssl/dh.h> +\& #include <openssl/engine.h> .Ve .Vb 1 -\& void DH_set_default_method(DH_METHOD *meth); +\& void DH_set_default_method(const DH_METHOD *meth); .Ve .Vb 1 -\& DH_METHOD *DH_get_default_method(void); +\& const DH_METHOD *DH_get_default_method(void); .Ve .Vb 1 -\& DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth); +\& int DH_set_method(DH *dh, const DH_METHOD *meth); .Ve .Vb 1 -\& DH *DH_new_method(DH_METHOD *meth); +\& DH *DH_new_method(ENGINE *engine); .Ve .Vb 1 -\& DH_METHOD *DH_OpenSSL(void); +\& const DH_METHOD *DH_OpenSSL(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" A \fB\s-1DH_METHOD\s0\fR specifies the functions that OpenSSL uses for Diffie-Hellman operations. By modifying the method, alternative implementations -such as hardware accelerators may be used. +such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for +important information about how these \s-1DH\s0 \s-1API\s0 functions are affected by the use +of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. .PP -Initially, the default is to use the OpenSSL internal implementation. -\&\fIDH_OpenSSL()\fR returns a pointer to that method. +Initially, the default \s-1DH_METHOD\s0 is the OpenSSL internal implementation, as +returned by \fIDH_OpenSSL()\fR. .PP -\&\fIDH_set_default_method()\fR makes \fBmeth\fR the default method for all \fB\s-1DH\s0\fR -structures created later. +\&\fIDH_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DH\s0 +structures created later. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has been set +as a default for \s-1DH\s0, so this function is no longer recommended. .PP -\&\fIDH_get_default_method()\fR returns a pointer to the current default -method. +\&\fIDH_get_default_method()\fR returns a pointer to the current default \s-1DH_METHOD\s0. +However, the meaningfulness of this result is dependant on whether the \s-1ENGINE\s0 +\&\s-1API\s0 is being used, so this function is no longer recommended. .PP -\&\fIDH_set_method()\fR selects \fBmeth\fR for all operations using the structure \fBdh\fR. +\&\fIDH_set_method()\fR selects \fBmeth\fR to perform all operations using the key \fBdh\fR. +This will replace the \s-1DH_METHOD\s0 used by the \s-1DH\s0 key and if the previous method +was supplied by an \s-1ENGINE\s0, the handle to that \s-1ENGINE\s0 will be released during the +change. It is possible to have \s-1DH\s0 keys that only work with certain \s-1DH_METHOD\s0 +implementations (eg. from an \s-1ENGINE\s0 module that supports embedded +hardware-protected keys), and in such cases attempting to change the \s-1DH_METHOD\s0 +for the key can have unexpected results. .PP -\&\fIDH_new_method()\fR allocates and initializes a \fB\s-1DH\s0\fR structure so that -\&\fBmethod\fR will be used for the \s-1DH\s0 operations. If \fBmethod\fR is \fB\s-1NULL\s0\fR, -the default method is used. +\&\fIDH_new_method()\fR allocates and initializes a \s-1DH\s0 structure so that \fBengine\fR will +be used for the \s-1DH\s0 operations. If \fBengine\fR is \s-1NULL\s0, the default \s-1ENGINE\s0 for \s-1DH\s0 +operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DH_METHOD\s0 controlled by +\&\fIDH_set_default_method()\fR is used. .SH "THE DH_METHOD STRUCTURE" .IX Header "THE DH_METHOD STRUCTURE" .Vb 4 @@ -229,12 +241,22 @@ the default method is used. .PP \&\fIDH_set_default_method()\fR returns no value. .PP -\&\fIDH_set_method()\fR returns a pointer to the \fB\s-1DH_METHOD\s0\fR previously -associated with \fBdh\fR. +\&\fIDH_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as +the method for \fBdh\fR (including unloading the \s-1ENGINE\s0 handle if the previous +method was supplied by an \s-1ENGINE\s0). .PP -\&\fIDH_new_method()\fR returns \fB\s-1NULL\s0\fR and sets an error code that can be -obtained by ERR_get_error(3) if the allocation fails. Otherwise it +\&\fIDH_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained by +ERR_get_error(3) if the allocation fails. Otherwise it returns a pointer to the newly allocated structure. +.SH "NOTES" +.IX Header "NOTES" +As of version 0.9.7, \s-1DH_METHOD\s0 implementations are grouped together with other +algorithmic APIs (eg. \s-1RSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) in \fB\s-1ENGINE\s0\fR modules. If a +default \s-1ENGINE\s0 is specified for \s-1DH\s0 functionality using an \s-1ENGINE\s0 \s-1API\s0 function, +that will override any \s-1DH\s0 defaults set using the \s-1DH\s0 \s-1API\s0 (ie. +\&\fIDH_set_default_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the recommended way +to control default implementations for use in \s-1DH\s0 and other cryptographic +algorithms. .SH "SEE ALSO" .IX Header "SEE ALSO" dh(3), DH_new(3) @@ -242,3 +264,13 @@ dh(3), DH_new(3) .IX Header "HISTORY" \&\fIDH_set_default_method()\fR, \fIDH_get_default_method()\fR, \fIDH_set_method()\fR, \&\fIDH_new_method()\fR and \fIDH_OpenSSL()\fR were added in OpenSSL 0.9.4. +.PP +\&\fIDH_set_default_openssl_method()\fR and \fIDH_get_default_openssl_method()\fR replaced +\&\fIDH_set_default_method()\fR and \fIDH_get_default_method()\fR respectively, and +\&\fIDH_set_method()\fR and \fIDH_new_method()\fR were altered to use \fB\s-1ENGINE\s0\fRs rather than +\&\fB\s-1DH_METHOD\s0\fRs during development of the engine version of OpenSSL 0.9.6. For +0.9.7, the handling of defaults in the \s-1ENGINE\s0 \s-1API\s0 was restructured so that this +change was reversed, and behaviour of the other functions resembled more closely +the previous behaviour. The behaviour of defaults in the \s-1ENGINE\s0 \s-1API\s0 now +transparently overrides the behaviour of defaults in the \s-1DH\s0 \s-1API\s0 without +requiring changing these function prototypes. diff --git a/secure/lib/libcrypto/man/DH_size.3 b/secure/lib/libcrypto/man/DH_size.3 index 6ad0ac9a8ab3..d33867bba27c 100644 --- a/secure/lib/libcrypto/man/DH_size.3 +++ b/secure/lib/libcrypto/man/DH_size.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:28 2002 +.\" Mon Jan 13 19:27:39 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DH_size 3" -.TH DH_size 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DH_size 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DH_size \- get Diffie-Hellman prime size diff --git a/secure/lib/libcrypto/man/DSA_SIG_new.3 b/secure/lib/libcrypto/man/DSA_SIG_new.3 index 32ca1deccf87..365b1779ab85 100644 --- a/secure/lib/libcrypto/man/DSA_SIG_new.3 +++ b/secure/lib/libcrypto/man/DSA_SIG_new.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:29 2002 +.\" Mon Jan 13 19:27:40 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DSA_SIG_new 3" -.TH DSA_SIG_new 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DSA_SIG_new 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DSA_SIG_new, DSA_SIG_free \- allocate and free \s-1DSA\s0 signature objects @@ -169,7 +169,8 @@ to the newly allocated structure. \&\fIDSA_SIG_free()\fR returns no value. .SH "SEE ALSO" .IX Header "SEE ALSO" -dsa(3), err(3), DSA_do_sign(3) +dsa(3), ERR_get_error(3), +DSA_do_sign(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIDSA_SIG_new()\fR and \fIDSA_SIG_free()\fR were added in OpenSSL 0.9.3. diff --git a/secure/lib/libcrypto/man/DSA_do_sign.3 b/secure/lib/libcrypto/man/DSA_do_sign.3 index a99f6d40c395..3b3e05841cfb 100644 --- a/secure/lib/libcrypto/man/DSA_do_sign.3 +++ b/secure/lib/libcrypto/man/DSA_do_sign.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:29 2002 +.\" Mon Jan 13 19:27:41 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DSA_do_sign 3" -.TH DSA_do_sign 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DSA_do_sign 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DSA_do_sign, DSA_do_verify \- raw \s-1DSA\s0 signature operations @@ -175,7 +175,7 @@ on error. The error codes can be obtained by ERR_get_error(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -dsa(3), err(3), rand(3), +dsa(3), ERR_get_error(3), rand(3), DSA_SIG_new(3), DSA_sign(3) .SH "HISTORY" diff --git a/secure/lib/libcrypto/man/DSA_dup_DH.3 b/secure/lib/libcrypto/man/DSA_dup_DH.3 index 19bbf6e7c8a5..57cb3551a51d 100644 --- a/secure/lib/libcrypto/man/DSA_dup_DH.3 +++ b/secure/lib/libcrypto/man/DSA_dup_DH.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:30 2002 +.\" Mon Jan 13 19:27:42 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DSA_dup_DH 3" -.TH DSA_dup_DH 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DSA_dup_DH 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DSA_dup_DH \- create a \s-1DH\s0 structure out of \s-1DSA\s0 structure @@ -148,7 +148,7 @@ DSA_dup_DH \- create a \s-1DH\s0 structure out of \s-1DSA\s0 structure \& #include <openssl/dsa.h> .Ve .Vb 1 -\& DH * DSA_dup_DH(DSA *r); +\& DH * DSA_dup_DH(const DSA *r); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -164,7 +164,7 @@ error codes can be obtained by ERR_get_error(3). Be careful to avoid small subgroup attacks when using this. .SH "SEE ALSO" .IX Header "SEE ALSO" -dh(3), dsa(3), err(3) +dh(3), dsa(3), ERR_get_error(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIDSA_dup_DH()\fR was added in OpenSSL 0.9.4. diff --git a/secure/lib/libcrypto/man/DSA_generate_key.3 b/secure/lib/libcrypto/man/DSA_generate_key.3 index 75e9490d0fcb..fa93ee5f1a31 100644 --- a/secure/lib/libcrypto/man/DSA_generate_key.3 +++ b/secure/lib/libcrypto/man/DSA_generate_key.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:30 2002 +.\" Mon Jan 13 19:27:43 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DSA_generate_key 3" -.TH DSA_generate_key 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DSA_generate_key 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DSA_generate_key \- generate \s-1DSA\s0 key pair @@ -162,7 +162,8 @@ The \s-1PRNG\s0 must be seeded prior to calling \fIDSA_generate_key()\fR. The error codes can be obtained by ERR_get_error(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -dsa(3), err(3), rand(3), DSA_generate_parameters(3) +dsa(3), ERR_get_error(3), rand(3), +DSA_generate_parameters(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIDSA_generate_key()\fR is available since SSLeay 0.8. diff --git a/secure/lib/libcrypto/man/DSA_generate_parameters.3 b/secure/lib/libcrypto/man/DSA_generate_parameters.3 index b9d4de72b58e..9f9d01c7b928 100644 --- a/secure/lib/libcrypto/man/DSA_generate_parameters.3 +++ b/secure/lib/libcrypto/man/DSA_generate_parameters.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:31 2002 +.\" Mon Jan 13 19:27:44 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DSA_generate_parameters 3" -.TH DSA_generate_parameters 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DSA_generate_parameters 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DSA_generate_parameters \- generate \s-1DSA\s0 parameters @@ -209,7 +209,7 @@ obtained by ERR_get_error(3). Seed lengths > 20 are not supported. .SH "SEE ALSO" .IX Header "SEE ALSO" -dsa(3), err(3), rand(3), +dsa(3), ERR_get_error(3), rand(3), DSA_free(3) .SH "HISTORY" .IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 b/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 index 56383681c2ee..7f507a7c9420 100644 --- a/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:32 2002 +.\" Mon Jan 13 19:27:45 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DSA_get_ex_new_index 3" -.TH DSA_get_ex_new_index 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DSA_get_ex_new_index 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data \- add application specific data to \s-1DSA\s0 structures diff --git a/secure/lib/libcrypto/man/DSA_new.3 b/secure/lib/libcrypto/man/DSA_new.3 index 2810cc8be33e..2d194b7f0c8b 100644 --- a/secure/lib/libcrypto/man/DSA_new.3 +++ b/secure/lib/libcrypto/man/DSA_new.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:32 2002 +.\" Mon Jan 13 19:27:46 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DSA_new 3" -.TH DSA_new 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DSA_new 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DSA_new, DSA_free \- allocate and free \s-1DSA\s0 objects @@ -155,7 +155,8 @@ DSA_new, DSA_free \- allocate and free \s-1DSA\s0 objects .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIDSA_new()\fR allocates and initializes a \fB\s-1DSA\s0\fR structure. +\&\fIDSA_new()\fR allocates and initializes a \fB\s-1DSA\s0\fR structure. It is equivalent to +calling DSA_new_method(\s-1NULL\s0). .PP \&\fIDSA_free()\fR frees the \fB\s-1DSA\s0\fR structure and its components. The values are erased before the memory is returned to the system. @@ -169,7 +170,7 @@ to the newly allocated structure. \&\fIDSA_free()\fR returns no value. .SH "SEE ALSO" .IX Header "SEE ALSO" -dsa(3), err(3), +dsa(3), ERR_get_error(3), DSA_generate_parameters(3), DSA_generate_key(3) .SH "HISTORY" diff --git a/secure/lib/libcrypto/man/DSA_set_method.3 b/secure/lib/libcrypto/man/DSA_set_method.3 index 3114fb239eba..40ba1010d047 100644 --- a/secure/lib/libcrypto/man/DSA_set_method.3 +++ b/secure/lib/libcrypto/man/DSA_set_method.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:33 2002 +.\" Mon Jan 13 19:27:47 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,27 +138,28 @@ .\" ====================================================================== .\" .IX Title "DSA_set_method 3" -.TH DSA_set_method 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH DSA_set_method 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -DSA_set_default_method, DSA_get_default_method, DSA_set_method, -DSA_new_method, DSA_OpenSSL \- select \s-1DSA\s0 method +DSA_set_default_method, DSA_get_default_method, +DSA_set_method, DSA_new_method, DSA_OpenSSL \- select \s-1DSA\s0 method .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 1 +.Vb 2 \& #include <openssl/dsa.h> +\& #include <openssl/engine.h> .Ve .Vb 1 -\& void DSA_set_default_method(DSA_METHOD *meth); +\& void DSA_set_default_method(const DSA_METHOD *meth); .Ve .Vb 1 -\& DSA_METHOD *DSA_get_default_method(void); +\& const DSA_METHOD *DSA_get_default_method(void); .Ve .Vb 1 -\& DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth); +\& int DSA_set_method(DSA *dsa, const DSA_METHOD *meth); .Ve .Vb 1 -\& DSA *DSA_new_method(DSA_METHOD *meth); +\& DSA *DSA_new_method(ENGINE *engine); .Ve .Vb 1 \& DSA_METHOD *DSA_OpenSSL(void); @@ -167,22 +168,35 @@ DSA_new_method, DSA_OpenSSL \- select \s-1DSA\s0 method .IX Header "DESCRIPTION" A \fB\s-1DSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1DSA\s0 operations. By modifying the method, alternative implementations -such as hardware accelerators may be used. +such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for +important information about how these \s-1DSA\s0 \s-1API\s0 functions are affected by the use +of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. .PP -Initially, the default is to use the OpenSSL internal implementation. -\&\fIDSA_OpenSSL()\fR returns a pointer to that method. +Initially, the default \s-1DSA_METHOD\s0 is the OpenSSL internal implementation, +as returned by \fIDSA_OpenSSL()\fR. .PP -\&\fIDSA_set_default_method()\fR makes \fBmeth\fR the default method for all \fB\s-1DSA\s0\fR -structures created later. +\&\fIDSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DSA\s0 +structures created later. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has +been set as a default for \s-1DSA\s0, so this function is no longer recommended. .PP \&\fIDSA_get_default_method()\fR returns a pointer to the current default -method. +\&\s-1DSA_METHOD\s0. However, the meaningfulness of this result is dependant on +whether the \s-1ENGINE\s0 \s-1API\s0 is being used, so this function is no longer +recommended. .PP -\&\fIDSA_set_method()\fR selects \fBmeth\fR for all operations using the structure \fBdsa\fR. +\&\fIDSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key +\&\fBrsa\fR. This will replace the \s-1DSA_METHOD\s0 used by the \s-1DSA\s0 key and if the +previous method was supplied by an \s-1ENGINE\s0, the handle to that \s-1ENGINE\s0 will +be released during the change. It is possible to have \s-1DSA\s0 keys that only +work with certain \s-1DSA_METHOD\s0 implementations (eg. from an \s-1ENGINE\s0 module +that supports embedded hardware-protected keys), and in such cases +attempting to change the \s-1DSA_METHOD\s0 for the key can have unexpected +results. .PP -\&\fIDSA_new_method()\fR allocates and initializes a \fB\s-1DSA\s0\fR structure so that -\&\fBmethod\fR will be used for the \s-1DSA\s0 operations. If \fBmethod\fR is \fB\s-1NULL\s0\fR, -the default method is used. +\&\fIDSA_new_method()\fR allocates and initializes a \s-1DSA\s0 structure so that \fBengine\fR +will be used for the \s-1DSA\s0 operations. If \fBengine\fR is \s-1NULL\s0, the default engine +for \s-1DSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DSA_METHOD\s0 +controlled by \fIDSA_set_default_method()\fR is used. .SH "THE DSA_METHOD STRUCTURE" .IX Header "THE DSA_METHOD STRUCTURE" struct @@ -237,18 +251,27 @@ struct .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIDSA_OpenSSL()\fR and \fIDSA_get_default_method()\fR return pointers to the -respective \fB\s-1DSA_METHOD\s0\fRs. +\&\fIDSA_OpenSSL()\fR and \fIDSA_get_default_method()\fR return pointers to the respective +\&\fB\s-1DSA_METHOD\s0\fRs. .PP \&\fIDSA_set_default_method()\fR returns no value. .PP -\&\fIDSA_set_method()\fR returns a pointer to the \fB\s-1DSA_METHOD\s0\fR previously -associated with \fBdsa\fR. +\&\fIDSA_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as +the method for \fBdsa\fR (including unloading the \s-1ENGINE\s0 handle if the previous +method was supplied by an \s-1ENGINE\s0). .PP -\&\fIDSA_new_method()\fR returns \fB\s-1NULL\s0\fR and sets an error code that can be +\&\fIDSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained by ERR_get_error(3) if the allocation -fails. Otherwise it returns a pointer to the newly allocated -structure. +fails. Otherwise it returns a pointer to the newly allocated structure. +.SH "NOTES" +.IX Header "NOTES" +As of version 0.9.7, \s-1DSA_METHOD\s0 implementations are grouped together with other +algorithmic APIs (eg. \s-1RSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) in \fB\s-1ENGINE\s0\fR modules. If a +default \s-1ENGINE\s0 is specified for \s-1DSA\s0 functionality using an \s-1ENGINE\s0 \s-1API\s0 function, +that will override any \s-1DSA\s0 defaults set using the \s-1DSA\s0 \s-1API\s0 (ie. +\&\fIDSA_set_default_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the recommended way +to control default implementations for use in \s-1DSA\s0 and other cryptographic +algorithms. .SH "SEE ALSO" .IX Header "SEE ALSO" dsa(3), DSA_new(3) @@ -256,3 +279,13 @@ dsa(3), DSA_new(3) .IX Header "HISTORY" \&\fIDSA_set_default_method()\fR, \fIDSA_get_default_method()\fR, \fIDSA_set_method()\fR, \&\fIDSA_new_method()\fR and \fIDSA_OpenSSL()\fR were added in OpenSSL 0.9.4. +.PP +\&\fIDSA_set_default_openssl_method()\fR and \fIDSA_get_default_openssl_method()\fR replaced +\&\fIDSA_set_default_method()\fR and \fIDSA_get_default_method()\fR respectively, and +\&\fIDSA_set_method()\fR and \fIDSA_new_method()\fR were altered to use \fB\s-1ENGINE\s0\fRs rather than +\&\fB\s-1DSA_METHOD\s0\fRs during development of the engine version of OpenSSL 0.9.6. For +0.9.7, the handling of defaults in the \s-1ENGINE\s0 \s-1API\s0 was restructured so that this +change was reversed, and behaviour of the other functions resembled more closely +the previous behaviour. The behaviour of defaults in the \s-1ENGINE\s0 \s-1API\s0 now +transparently overrides the behaviour of defaults in the \s-1DSA\s0 \s-1API\s0 without +requiring changing these function prototypes. diff --git a/secure/lib/libcrypto/man/DSA_sign.3 b/secure/lib/libcrypto/man/DSA_sign.3 index 28c80a837ed0..1f179a46b685 100644 --- a/secure/lib/libcrypto/man/DSA_sign.3 +++ b/secure/lib/libcrypto/man/DSA_sign.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:33 2002 +.\" Mon Jan 13 19:27:49 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DSA_sign 3" -.TH DSA_sign 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DSA_sign 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DSA_sign, DSA_sign_setup, DSA_verify \- \s-1DSA\s0 signatures @@ -194,7 +194,7 @@ ERR_get_error(3). Standard, \s-1DSS\s0), \s-1ANSI\s0 X9.30 .SH "SEE ALSO" .IX Header "SEE ALSO" -dsa(3), err(3), rand(3), +dsa(3), ERR_get_error(3), rand(3), DSA_do_sign(3) .SH "HISTORY" .IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/DSA_size.3 b/secure/lib/libcrypto/man/DSA_size.3 index c3fe807f9dab..4240dc6b694e 100644 --- a/secure/lib/libcrypto/man/DSA_size.3 +++ b/secure/lib/libcrypto/man/DSA_size.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:34 2002 +.\" Mon Jan 13 19:27:50 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DSA_size 3" -.TH DSA_size 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DSA_size 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DSA_size \- get \s-1DSA\s0 signature size @@ -148,7 +148,7 @@ DSA_size \- get \s-1DSA\s0 signature size \& #include <openssl/dsa.h> .Ve .Vb 1 -\& int DSA_size(DSA *dsa); +\& int DSA_size(const DSA *dsa); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" diff --git a/secure/lib/libcrypto/man/ERR_GET_LIB.3 b/secure/lib/libcrypto/man/ERR_GET_LIB.3 index 4646117b8154..31fbee727a2e 100644 --- a/secure/lib/libcrypto/man/ERR_GET_LIB.3 +++ b/secure/lib/libcrypto/man/ERR_GET_LIB.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:35 2002 +.\" Mon Jan 13 19:27:51 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "ERR_GET_LIB 3" -.TH ERR_GET_LIB 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH ERR_GET_LIB 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" \&\s-1ERR_GET_LIB\s0, \s-1ERR_GET_FUNC\s0, \s-1ERR_GET_REASON\s0 \- get library, function and diff --git a/secure/lib/libcrypto/man/ERR_clear_error.3 b/secure/lib/libcrypto/man/ERR_clear_error.3 index dfb3cae82211..4caf13d059d1 100644 --- a/secure/lib/libcrypto/man/ERR_clear_error.3 +++ b/secure/lib/libcrypto/man/ERR_clear_error.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:35 2002 +.\" Mon Jan 13 19:27:52 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "ERR_clear_error 3" -.TH ERR_clear_error 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH ERR_clear_error 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" ERR_clear_error \- clear the error queue diff --git a/secure/lib/libcrypto/man/ERR_error_string.3 b/secure/lib/libcrypto/man/ERR_error_string.3 index aefdba409bbe..1fccfac59527 100644 --- a/secure/lib/libcrypto/man/ERR_error_string.3 +++ b/secure/lib/libcrypto/man/ERR_error_string.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:36 2002 +.\" Mon Jan 13 19:27:53 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "ERR_error_string 3" -.TH ERR_error_string 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH ERR_error_string 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" ERR_error_string, ERR_error_string_n, ERR_lib_error_string, diff --git a/secure/lib/libcrypto/man/ERR_get_error.3 b/secure/lib/libcrypto/man/ERR_get_error.3 index d5775104e892..d92e2cbd511a 100644 --- a/secure/lib/libcrypto/man/ERR_get_error.3 +++ b/secure/lib/libcrypto/man/ERR_get_error.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:36 2002 +.\" Mon Jan 13 19:27:54 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,37 +138,46 @@ .\" ====================================================================== .\" .IX Title "ERR_get_error 3" -.TH ERR_get_error 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH ERR_get_error 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -ERR_get_error, ERR_peek_error, ERR_get_error_line, ERR_peek_error_line, -ERR_get_error_line_data, ERR_peek_error_line_data \- obtain error code and data +ERR_get_error, ERR_peek_error, ERR_peek_last_error, +ERR_get_error_line, ERR_peek_error_line, ERR_peek_last_error_line, +ERR_get_error_line_data, ERR_peek_error_line_data, +ERR_peek_last_error_line_data \- obtain error code and data .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/err.h> .Ve -.Vb 2 +.Vb 3 \& unsigned long ERR_get_error(void); \& unsigned long ERR_peek_error(void); +\& unsigned long ERR_peek_last_error(void); .Ve -.Vb 2 +.Vb 3 \& unsigned long ERR_get_error_line(const char **file, int *line); \& unsigned long ERR_peek_error_line(const char **file, int *line); +\& unsigned long ERR_peek_last_error_line(const char **file, int *line); .Ve -.Vb 4 +.Vb 6 \& unsigned long ERR_get_error_line_data(const char **file, int *line, \& const char **data, int *flags); \& unsigned long ERR_peek_error_line_data(const char **file, int *line, \& const char **data, int *flags); +\& unsigned long ERR_peek_last_error_line_data(const char **file, int *line, +\& const char **data, int *flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIERR_get_error()\fR returns the last error code from the thread's error +\&\fIERR_get_error()\fR returns the earliest error code from the thread's error queue and removes the entry. This function can be called repeatedly until there are no more error codes to return. .PP -\&\fIERR_peek_error()\fR returns the last error code from the thread's +\&\fIERR_peek_error()\fR returns the earliest error code from the thread's +error queue without modifying it. +.PP +\&\fIERR_peek_last_error()\fR returns the latest error code from the thread's error queue without modifying it. .PP See ERR_GET_LIB(3) for obtaining information about @@ -176,12 +185,14 @@ location and reason of the error, and ERR_error_string(3) for human-readable error messages. .PP -\&\fIERR_get_error_line()\fR and \fIERR_peek_error_line()\fR are the same as the -above, but they additionally store the file name and line number where +\&\fIERR_get_error_line()\fR, \fIERR_peek_error_line()\fR and +\&\fIERR_peek_last_error_line()\fR are the same as the above, but they +additionally store the file name and line number where the error occurred in *\fBfile\fR and *\fBline\fR, unless these are \fB\s-1NULL\s0\fR. .PP -\&\fIERR_get_error_line_data()\fR and \fIERR_peek_error_line_data()\fR store -additional data and flags associated with the error code in *\fBdata\fR +\&\fIERR_get_error_line_data()\fR, \fIERR_peek_error_line_data()\fR and +\&\fIERR_get_last_error_line_data()\fR store additional data and flags +associated with the error code in *\fBdata\fR and *\fBflags\fR, unless these are \fB\s-1NULL\s0\fR. *\fBdata\fR contains a string if *\fBflags\fR&\fB\s-1ERR_TXT_STRING\s0\fR. If it has been allocated by \fIOPENSSL_malloc()\fR, *\fBflags\fR&\fB\s-1ERR_TXT_MALLOCED\s0\fR is true. @@ -198,3 +209,5 @@ ERR_GET_LIB(3) \&\fIERR_peek_error_line()\fR are available in all versions of SSLeay and OpenSSL. \fIERR_get_error_line_data()\fR and \fIERR_peek_error_line_data()\fR were added in SSLeay 0.9.0. +\&\fIERR_peek_last_error()\fR, \fIERR_peek_last_error_line()\fR and +\&\fIERR_peek_last_error_line_data()\fR were added in OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 index e2a58cda64b9..2215cf6e8e14 100644 --- a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 +++ b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:37 2002 +.\" Mon Jan 13 19:27:55 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "ERR_load_crypto_strings 3" -.TH ERR_load_crypto_strings 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH ERR_load_crypto_strings 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings \- diff --git a/secure/lib/libcrypto/man/ERR_load_strings.3 b/secure/lib/libcrypto/man/ERR_load_strings.3 index 802da1150d20..c997831ba934 100644 --- a/secure/lib/libcrypto/man/ERR_load_strings.3 +++ b/secure/lib/libcrypto/man/ERR_load_strings.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:38 2002 +.\" Mon Jan 13 19:27:56 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "ERR_load_strings 3" -.TH ERR_load_strings 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH ERR_load_strings 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" ERR_load_strings, \s-1ERR_PACK\s0, ERR_get_next_error_library \- load diff --git a/secure/lib/libcrypto/man/ERR_print_errors.3 b/secure/lib/libcrypto/man/ERR_print_errors.3 index cd6f53af2ad9..2929461b96b5 100644 --- a/secure/lib/libcrypto/man/ERR_print_errors.3 +++ b/secure/lib/libcrypto/man/ERR_print_errors.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:38 2002 +.\" Mon Jan 13 19:27:57 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "ERR_print_errors 3" -.TH ERR_print_errors 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH ERR_print_errors 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" ERR_print_errors, ERR_print_errors_fp \- print error messages diff --git a/secure/lib/libcrypto/man/ERR_put_error.3 b/secure/lib/libcrypto/man/ERR_put_error.3 index 91ebc960d84f..23ebd974edbc 100644 --- a/secure/lib/libcrypto/man/ERR_put_error.3 +++ b/secure/lib/libcrypto/man/ERR_put_error.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:39 2002 +.\" Mon Jan 13 19:27:58 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "ERR_put_error 3" -.TH ERR_put_error 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH ERR_put_error 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" ERR_put_error, ERR_add_error_data \- record an error diff --git a/secure/lib/libcrypto/man/ERR_remove_state.3 b/secure/lib/libcrypto/man/ERR_remove_state.3 index a6a23feca1fd..64bd2aa89cf8 100644 --- a/secure/lib/libcrypto/man/ERR_remove_state.3 +++ b/secure/lib/libcrypto/man/ERR_remove_state.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:39 2002 +.\" Mon Jan 13 19:27:59 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "ERR_remove_state 3" -.TH ERR_remove_state 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH ERR_remove_state 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" ERR_remove_state \- free a thread's error queue diff --git a/secure/lib/libcrypto/man/SSL_set_shutdown.3 b/secure/lib/libcrypto/man/EVP_BytesToKey.3 index 3696d335eea6..46fa6e714fa0 100644 --- a/secure/lib/libcrypto/man/SSL_set_shutdown.3 +++ b/secure/lib/libcrypto/man/EVP_BytesToKey.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:54 2002 +.\" Mon Jan 13 19:28:01 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,64 +137,68 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "SSL_set_shutdown 3" -.TH SSL_set_shutdown 3 "0.9.6e" "2002-01-26" "OpenSSL" +.IX Title "EVP_BytesToKey 3" +.TH EVP_BytesToKey 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -SSL_set_shutdown, SSL_get_shutdown \- manipulate shutdown state of an \s-1SSL\s0 connection -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" .Vb 1 -\& #include <openssl/ssl.h> +\& EVP_BytesToKey - password based encryption routine .Ve +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" .Vb 1 -\& void SSL_set_shutdown(SSL *ssl, int mode); +\& #include <openssl/evp.h> .Ve -.Vb 1 -\& int SSL_get_shutdown(SSL *ssl); +.Vb 4 +\& int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md, +\& const unsigned char *salt, +\& const unsigned char *data, int datal, int count, +\& unsigned char *key,unsigned char *iv); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_set_shutdown()\fR sets the shutdown state of \fBssl\fR to \fBmode\fR. -.PP -\&\fISSL_get_shutdown()\fR returns the shutdown mode of \fBssl\fR. +\&\fIEVP_BytesToKey()\fR derives a key and \s-1IV\s0 from various parameters. \fBtype\fR is +the cipher to derive the key and \s-1IV\s0 for. \fBmd\fR is the message digest to use. +The \fBsalt\fR paramter is used as a salt in the derivation: it should point to +an 8 byte buffer or \s-1NULL\s0 if no salt is used. \fBdata\fR is a buffer containing +\&\fBdatal\fR bytes which is used to derive the keying data. \fBcount\fR is the +iteration count to use. The derived key and \s-1IV\s0 will be written to \fBkey\fR +and \fBiv\fR respectively. .SH "NOTES" .IX Header "NOTES" -The shutdown state of an ssl connection is a bitmask of: -.Ip "0" 4 -No shutdown setting, yet. -.Ip "\s-1SSL_SENT_SHUTDOWN\s0" 4 -.IX Item "SSL_SENT_SHUTDOWN" -A \*(L"close notify\*(R" shutdown alert was sent to the peer, the connection is being -considered closed and the session is closed and correct. -.Ip "\s-1SSL_RECEIVED_SHUTDOWN\s0" 4 -.IX Item "SSL_RECEIVED_SHUTDOWN" -A shutdown alert was received form the peer, either a normal \*(L"close notify\*(R" -or a fatal error. +A typical application of this function is to derive keying material for an +encryption algorithm from a password in the \fBdata\fR parameter. .PP -\&\s-1SSL_SENT_SHUTDOWN\s0 and \s-1SSL_RECEIVED_SHUTDOWN\s0 can be set at the same time. +Increasing the \fBcount\fR parameter slows down the algorithm which makes it +harder for an attacker to peform a brute force attack using a large number +of candidate passwords. .PP -The shutdown state of the connection is used to determine the state of -the ssl session. If the session is still open, when -SSL_clear(3) or SSL_free(3) is called, -it is considered bad and removed according to \s-1RFC2246\s0. -The actual condition for a correctly closed session is \s-1SSL_SENT_SHUTDOWN\s0 -(according to the \s-1TLS\s0 \s-1RFC\s0, it is acceptable to only send the \*(L"close notify\*(R" -alert but to not wait for the peer's answer, when the underlying connection -is closed). -\&\fISSL_set_shutdown()\fR can be used to set this state without sending a -close alert to the peer (see SSL_shutdown(3)). +If the total key and \s-1IV\s0 length is less than the digest length and +\&\fB\s-1MD5\s0\fR is used then the derivation algorithm is compatible with PKCS#5 v1.5 +otherwise a non standard extension is used to derive the extra data. .PP -If a \*(L"close notify\*(R" was received, \s-1SSL_RECEIVED_SHUTDOWN\s0 will be set, -for setting \s-1SSL_SENT_SHUTDOWN\s0 the application must however still call -SSL_shutdown(3) or \fISSL_set_shutdown()\fR itself. +Newer applications should use more standard algorithms such as PKCS#5 +v2.0 for key derivation. +.SH "KEY DERIVATION ALGORITHM" +.IX Header "KEY DERIVATION ALGORITHM" +The key and \s-1IV\s0 is derived by concatenating D_1, D_2, etc until +enough data is available for the key and \s-1IV\s0. D_i is defined as: +.PP +.Vb 1 +\& D_i = HASH^count(D_(i-1) || data || salt) +.Ve +where || denotes concatentaion, D_0 is empty, \s-1HASH\s0 is the digest +algorithm in use, HASH^1(data) is simply HASH(data), HASH^2(data) +is HASH(HASH(data)) and so on. +.PP +The initial bytes are used for the key and the subsequent bytes for +the \s-1IV\s0. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_set_shutdown()\fR does not return diagnostic information. -.PP -\&\fISSL_get_shutdown()\fR returns the current setting. +\&\fIEVP_BytesToKey()\fR returns the size of the derived key in bytes. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_shutdown(3), -SSL_CTX_set_quiet_shutdown(3), -SSL_clear(3), SSL_free(3) +evp(3), rand(3), +EVP_EncryptInit(3), +.SH "HISTORY" +.IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/EVP_DigestInit.3 b/secure/lib/libcrypto/man/EVP_DigestInit.3 index e521c2e85486..ec683f09c4b0 100644 --- a/secure/lib/libcrypto/man/EVP_DigestInit.3 +++ b/secure/lib/libcrypto/man/EVP_DigestInit.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:40 2002 +.\" Mon Jan 13 19:28:02 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,12 +138,13 @@ .\" ====================================================================== .\" .IX Title "EVP_DigestInit 3" -.TH EVP_DigestInit 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH EVP_DigestInit 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal, \s-1EVP_MAX_MD_SIZE\s0, -EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, -EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, +EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate, +EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, \s-1EVP_MAX_MD_SIZE\s0, +EVP_MD_CTX_copy_ex EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, +EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2, EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj \- \&\s-1EVP\s0 digest routines @@ -152,18 +153,34 @@ EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj \- .Vb 1 \& #include <openssl/evp.h> .Ve +.Vb 2 +\& void EVP_MD_CTX_init(EVP_MD_CTX *ctx); +\& EVP_MD_CTX *EVP_MD_CTX_create(void); +.Ve .Vb 4 -\& void EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); -\& void EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); -\& void EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, +\& int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); +\& int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); +\& int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, \& unsigned int *s); .Ve +.Vb 2 +\& int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); +\& void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); +.Ve .Vb 1 -\& #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */ +\& int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); +.Ve +.Vb 3 +\& int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); +\& int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, +\& unsigned int *s); .Ve .Vb 1 \& int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in); .Ve +.Vb 1 +\& #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */ +.Ve .Vb 4 \& #define EVP_MD_type(e) ((e)->type) \& #define EVP_MD_pkey_type(e) ((e)->pkey_type) @@ -177,15 +194,15 @@ EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj \- \& #define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest) .Ve .Vb 9 -\& EVP_MD *EVP_md_null(void); -\& EVP_MD *EVP_md2(void); -\& EVP_MD *EVP_md5(void); -\& EVP_MD *EVP_sha(void); -\& EVP_MD *EVP_sha1(void); -\& EVP_MD *EVP_dss(void); -\& EVP_MD *EVP_dss1(void); -\& EVP_MD *EVP_mdc2(void); -\& EVP_MD *EVP_ripemd160(void); +\& const EVP_MD *EVP_md_null(void); +\& const EVP_MD *EVP_md2(void); +\& const EVP_MD *EVP_md5(void); +\& const EVP_MD *EVP_sha(void); +\& const EVP_MD *EVP_sha1(void); +\& const EVP_MD *EVP_dss(void); +\& const EVP_MD *EVP_dss1(void); +\& const EVP_MD *EVP_mdc2(void); +\& const EVP_MD *EVP_ripemd160(void); .Ve .Vb 3 \& const EVP_MD *EVP_get_digestbyname(const char *name); @@ -196,25 +213,48 @@ EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj \- .IX Header "DESCRIPTION" The \s-1EVP\s0 digest routines are a high level interface to message digests. .PP -\&\fIEVP_DigestInit()\fR initializes a digest context \fBctx\fR to use a digest -\&\fBtype\fR: this will typically be supplied by a function such as -\&\fIEVP_sha1()\fR. +\&\fIEVP_MD_CTX_init()\fR initializes digest contet \fBctx\fR. +.PP +\&\fIEVP_MD_CTX_create()\fR allocates, initializes and returns a digest contet. +.PP +\&\fIEVP_DigestInit_ex()\fR sets up digest context \fBctx\fR to use a digest +\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized before calling this +function. \fBtype\fR will typically be supplied by a functionsuch as \fIEVP_sha1()\fR. +If \fBimpl\fR is \s-1NULL\s0 then the default implementation of digest \fBtype\fR is used. .PP \&\fIEVP_DigestUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the digest context \fBctx\fR. This function can be called several times on the same \fBctx\fR to hash additional data. .PP -\&\fIEVP_DigestFinal()\fR retrieves the digest value from \fBctx\fR and places +\&\fIEVP_DigestFinal_ex()\fR retrieves the digest value from \fBctx\fR and places it in \fBmd\fR. If the \fBs\fR parameter is not \s-1NULL\s0 then the number of bytes of data written (i.e. the length of the digest) will be written to the integer at \fBs\fR, at most \fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes will be written. -After calling \fIEVP_DigestFinal()\fR no additional calls to \fIEVP_DigestUpdate()\fR -can be made, but \fIEVP_DigestInit()\fR can be called to initialize a new +After calling \fIEVP_DigestFinal_ex()\fR no additional calls to \fIEVP_DigestUpdate()\fR +can be made, but \fIEVP_DigestInit_ex()\fR can be called to initialize a new digest operation. .PP -\&\fIEVP_MD_CTX_copy()\fR can be used to copy the message digest state from +\&\fIEVP_MD_CTX_cleanup()\fR cleans up digest context \fBctx\fR, it should be called +after a digest context is no longer needed. +.PP +\&\fIEVP_MD_CTX_destroy()\fR cleans up digest context \fBctx\fR and frees up the +space allocated to it, it should be called only on a context created +using \fIEVP_MD_CTX_create()\fR. +.PP +\&\fIEVP_MD_CTX_copy_ex()\fR can be used to copy the message digest state from \&\fBin\fR to \fBout\fR. This is useful if large amounts of data are to be -hashed which only differ in the last few bytes. +hashed which only differ in the last few bytes. \fBout\fR must be initialized +before calling this function. +.PP +\&\fIEVP_DigestInit()\fR behaves in the same way as \fIEVP_DigestInit_ex()\fR except +the passed context \fBctx\fR does not have to be initialized, and it always +uses the default digest implementation. +.PP +\&\fIEVP_DigestFinal()\fR is similar to \fIEVP_DigestFinal_ex()\fR except the digest +contet \fBctx\fR is automatically cleaned up. +.PP +\&\fIEVP_MD_CTX_copy()\fR is similar to \fIEVP_MD_CTX_copy_ex()\fR except the destination +\&\fBout\fR does not have to be initialized. .PP \&\fIEVP_MD_size()\fR and \fIEVP_MD_CTX_size()\fR return the size of the message digest when passed an \fB\s-1EVP_MD\s0\fR or an \fB\s-1EVP_MD_CTX\s0\fR structure, i.e. the size of the @@ -252,9 +292,10 @@ an \s-1ASN1_OBJECT\s0 structure respectively. The digest table must be initializ using, for example, \fIOpenSSL_add_all_digests()\fR for these functions to work. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_DigestInit()\fR, \fIEVP_DigestUpdate()\fR and \fIEVP_DigestFinal()\fR do not return values. +\&\fIEVP_DigestInit_ex()\fR, \fIEVP_DigestUpdate()\fR and \fIEVP_DigestFinal_ex()\fR return 1 for +success and 0 for failure. .PP -\&\fIEVP_MD_CTX_copy()\fR returns 1 if successful or 0 for failure. +\&\fIEVP_MD_CTX_copy_ex()\fR returns 1 if successful or 0 for failure. .PP \&\fIEVP_MD_type()\fR, \fIEVP_MD_pkey_type()\fR and \fIEVP_MD_type()\fR return the \s-1NID\s0 of the corresponding \s-1OBJECT\s0 \s-1IDENTIFIER\s0 or NID_undef if none exists. @@ -277,6 +318,19 @@ transparent to the digest used and much more flexible. .PP \&\s-1SHA1\s0 is the digest of choice for new applications. The other digest algorithms are still in common use. +.PP +For most applications the \fBimpl\fR parameter to \fIEVP_DigestInit_ex()\fR will be +set to \s-1NULL\s0 to use the default digest implementation. +.PP +The functions \fIEVP_DigestInit()\fR, \fIEVP_DigestFinal()\fR and \fIEVP_MD_CTX_copy()\fR are +obsolete but are retained to maintain compatibility with existing code. New +applications should use \fIEVP_DigestInit_ex()\fR, \fIEVP_DigestFinal_ex()\fR and +\&\fIEVP_MD_CTX_copy_ex()\fR because they can efficiently reuse a digest context +instead of initializing and cleaning it up on each call and allow non default +implementations of digests to be specified. +.PP +In OpenSSL 0.9.7 and later if digest contexts are not cleaned up after use +memory leaks will occur. .SH "EXAMPLE" .IX Header "EXAMPLE" This example digests the data \*(L"Test Message\en\*(R" and \*(L"Hello World\en\*(R", using the @@ -314,11 +368,13 @@ digest name passed on the command line. \& exit(1); \& } .Ve -.Vb 4 -\& EVP_DigestInit(&mdctx, md); +.Vb 6 +\& EVP_MD_CTX_init(&mdctx); +\& EVP_DigestInit_ex(&mdctx, md, NULL); \& EVP_DigestUpdate(&mdctx, mess1, strlen(mess1)); \& EVP_DigestUpdate(&mdctx, mess2, strlen(mess2)); -\& EVP_DigestFinal(&mdctx, md_value, &md_len); +\& EVP_DigestFinal_ex(&mdctx, md_value, &md_len); +\& EVP_MD_CTX_cleanup(&mdctx); .Ve .Vb 4 \& printf("Digest is: "); @@ -328,16 +384,9 @@ digest name passed on the command line. .Ve .SH "BUGS" .IX Header "BUGS" -Several of the functions do not return values: maybe they should. Although the -internal digest operations will never fail some future hardware based operations -might. -.PP The link between digests and signing algorithms results in a situation where \&\fIEVP_sha1()\fR must be used with \s-1RSA\s0 and \fIEVP_dss1()\fR must be used with \s-1DSS\s0 even though they are identical digests. -.PP -The size of an \fB\s-1EVP_MD_CTX\s0\fR structure is determined at compile time: this results -in code that must be recompiled if the size of \fB\s-1EVP_MD_CTX\s0\fR increases. .SH "SEE ALSO" .IX Header "SEE ALSO" evp(3), hmac(3), md2(3), @@ -347,3 +396,11 @@ sha(3), dgst(1) .IX Header "HISTORY" \&\fIEVP_DigestInit()\fR, \fIEVP_DigestUpdate()\fR and \fIEVP_DigestFinal()\fR are available in all versions of SSLeay and OpenSSL. +.PP +\&\fIEVP_MD_CTX_init()\fR, \fIEVP_MD_CTX_create()\fR, \fIEVP_MD_CTX_copy_ex()\fR, +\&\fIEVP_MD_CTX_cleanup()\fR, \fIEVP_MD_CTX_destroy()\fR, \fIEVP_DigestInit_ex()\fR +and \fIEVP_DigestFinal_ex()\fR were added in OpenSSL 0.9.7. +.PP +\&\fIEVP_md_null()\fR, \fIEVP_md2()\fR, \fIEVP_md5()\fR, \fIEVP_sha()\fR, \fIEVP_sha1()\fR, +\&\fIEVP_dss()\fR, \fIEVP_dss1()\fR, \fIEVP_mdc2()\fR and \fIEVP_ripemd160()\fR were +changed to return truely const \s-1EVP_MD\s0 * in OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/EVP_EncryptInit.3 b/secure/lib/libcrypto/man/EVP_EncryptInit.3 index cfab0ccf4c15..fd8d428404d5 100644 --- a/secure/lib/libcrypto/man/EVP_EncryptInit.3 +++ b/secure/lib/libcrypto/man/EVP_EncryptInit.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:41 2002 +.\" Mon Jan 13 19:28:03 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,50 +138,76 @@ .\" ====================================================================== .\" .IX Title "EVP_EncryptInit 3" -.TH EVP_EncryptInit 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH EVP_EncryptInit 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -EVP_EncryptInit, EVP_EncryptUpdate, EVP_EncryptFinal, EVP_DecryptInit, -EVP_DecryptUpdate, EVP_DecryptFinal, EVP_CipherInit, EVP_CipherUpdate, -EVP_CipherFinal, EVP_CIPHER_CTX_set_key_length, EVP_CIPHER_CTX_ctrl, -EVP_CIPHER_CTX_cleanup, EVP_get_cipherbyname, EVP_get_cipherbynid, -EVP_get_cipherbyobj, EVP_CIPHER_nid, EVP_CIPHER_block_size, -EVP_CIPHER_key_length, EVP_CIPHER_iv_length, EVP_CIPHER_flags, -EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher, EVP_CIPHER_CTX_nid, -EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length, EVP_CIPHER_CTX_iv_length, -EVP_CIPHER_CTX_get_app_data, EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, -EVP_CIPHER_CTX_flags, EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, -EVP_CIPHER_asn1_to_param \- \s-1EVP\s0 cipher routines +EVP_CIPHER_CTX_init, EVP_EncryptInit_ex, EVP_EncryptUpdate, +EVP_EncryptFinal_ex, EVP_DecryptInit_ex, EVP_DecryptUpdate, +EVP_DecryptFinal_ex, EVP_CipherInit_ex, EVP_CipherUpdate, +EVP_CipherFinal_ex, EVP_CIPHER_CTX_set_key_length, +EVP_CIPHER_CTX_ctrl, EVP_CIPHER_CTX_cleanup, EVP_EncryptInit, +EVP_EncryptFinal, EVP_DecryptInit, EVP_DecryptFinal, +EVP_CipherInit, EVP_CipherFinal, EVP_get_cipherbyname, +EVP_get_cipherbynid, EVP_get_cipherbyobj, EVP_CIPHER_nid, +EVP_CIPHER_block_size, EVP_CIPHER_key_length, EVP_CIPHER_iv_length, +EVP_CIPHER_flags, EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher, +EVP_CIPHER_CTX_nid, EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length, +EVP_CIPHER_CTX_iv_length, EVP_CIPHER_CTX_get_app_data, +EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, EVP_CIPHER_CTX_flags, +EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param, +EVP_CIPHER_CTX_set_padding \- \s-1EVP\s0 cipher routines .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/evp.h> .Ve +.Vb 1 +\& int EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); +.Ve .Vb 6 -\& int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, -\& unsigned char *key, unsigned char *iv); +\& int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& ENGINE *impl, unsigned char *key, unsigned char *iv); \& int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, \& int *outl, unsigned char *in, int inl); -\& int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, \& int *outl); .Ve .Vb 6 -\& int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, -\& unsigned char *key, unsigned char *iv); +\& int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& ENGINE *impl, unsigned char *key, unsigned char *iv); \& int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, \& int *outl, unsigned char *in, int inl); -\& int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, +\& int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, \& int *outl); .Ve .Vb 6 -\& int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, -\& unsigned char *key, unsigned char *iv, int enc); +\& int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& ENGINE *impl, unsigned char *key, unsigned char *iv, int enc); \& int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, \& int *outl, unsigned char *in, int inl); +\& int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, +\& int *outl); +.Ve +.Vb 4 +\& int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& unsigned char *key, unsigned char *iv); +\& int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int *outl); +.Ve +.Vb 4 +\& int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& unsigned char *key, unsigned char *iv); +\& int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, +\& int *outl); +.Ve +.Vb 4 +\& int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& unsigned char *key, unsigned char *iv, int enc); \& int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, \& int *outl); .Ve -.Vb 3 +.Vb 4 +\& int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding); \& int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); \& int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); \& int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); @@ -221,14 +247,19 @@ EVP_CIPHER_asn1_to_param \- \s-1EVP\s0 cipher routines The \s-1EVP\s0 cipher routines are a high level interface to certain symmetric ciphers. .PP -\&\fIEVP_EncryptInit()\fR initializes a cipher context \fBctx\fR for encryption -with cipher \fBtype\fR. \fBtype\fR is normally supplied by a function such -as \fIEVP_des_cbc()\fR . \fBkey\fR is the symmetric key to use and \fBiv\fR is the -\&\s-1IV\s0 to use (if necessary), the actual number of bytes used for the -key and \s-1IV\s0 depends on the cipher. It is possible to set all parameters -to \s-1NULL\s0 except \fBtype\fR in an initial call and supply the remaining -parameters in subsequent calls, all of which have \fBtype\fR set to \s-1NULL\s0. -This is done when the default cipher parameters are not appropriate. +\&\fIEVP_CIPHER_CTX_init()\fR initializes cipher contex \fBctx\fR. +.PP +\&\fIEVP_EncryptInit_ex()\fR sets up cipher context \fBctx\fR for encryption +with cipher \fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized +before calling this function. \fBtype\fR is normally supplied +by a function such as \fIEVP_des_cbc()\fR. If \fBimpl\fR is \s-1NULL\s0 then the +default implementation is used. \fBkey\fR is the symmetric key to use +and \fBiv\fR is the \s-1IV\s0 to use (if necessary), the actual number of bytes +used for the key and \s-1IV\s0 depends on the cipher. It is possible to set +all parameters to \s-1NULL\s0 except \fBtype\fR in an initial call and supply +the remaining parameters in subsequent calls, all of which have \fBtype\fR +set to \s-1NULL\s0. This is done when the default cipher parameters are not +appropriate. .PP \&\fIEVP_EncryptUpdate()\fR encrypts \fBinl\fR bytes from the buffer \fBin\fR and writes the encrypted version to \fBout\fR. This function can be called @@ -236,32 +267,49 @@ multiple times to encrypt successive blocks of data. The amount of data written depends on the block alignment of the encrypted data: as a result the amount of data written may be anything from zero bytes to (inl + cipher_block_size \- 1) so \fBoutl\fR should contain sufficient -room. The actual number of bytes written is placed in \fBoutl\fR. +room. The actual number of bytes written is placed in \fBoutl\fR. +.PP +If padding is enabled (the default) then \fIEVP_EncryptFinal_ex()\fR encrypts +the \*(L"final\*(R" data, that is any data that remains in a partial block. +It uses standard block padding (aka \s-1PKCS\s0 padding). The encrypted +final data is written to \fBout\fR which should have sufficient space for +one cipher block. The number of bytes written is placed in \fBoutl\fR. After +this function is called the encryption operation is finished and no further +calls to \fIEVP_EncryptUpdate()\fR should be made. .PP -\&\fIEVP_EncryptFinal()\fR encrypts the \*(L"final\*(R" data, that is any data that -remains in a partial block. It uses standard block padding (aka \s-1PKCS\s0 -padding). The encrypted final data is written to \fBout\fR which should -have sufficient space for one cipher block. The number of bytes written -is placed in \fBoutl\fR. After this function is called the encryption operation -is finished and no further calls to \fIEVP_EncryptUpdate()\fR should be made. +If padding is disabled then \fIEVP_EncryptFinal_ex()\fR will not encrypt any more +data and it will return an error if any data remains in a partial block: +that is if the total data length is not a multiple of the block size. .PP -\&\fIEVP_DecryptInit()\fR, \fIEVP_DecryptUpdate()\fR and \fIEVP_DecryptFinal()\fR are the +\&\fIEVP_DecryptInit_ex()\fR, \fIEVP_DecryptUpdate()\fR and \fIEVP_DecryptFinal_ex()\fR are the corresponding decryption operations. \fIEVP_DecryptFinal()\fR will return an -error code if the final block is not correctly formatted. The parameters -and restrictions are identical to the encryption operations except that -the decrypted data buffer \fBout\fR passed to \fIEVP_DecryptUpdate()\fR should -have sufficient room for (\fBinl\fR + cipher_block_size) bytes unless the -cipher block size is 1 in which case \fBinl\fR bytes is sufficient. -.PP -\&\fIEVP_CipherInit()\fR, \fIEVP_CipherUpdate()\fR and \fIEVP_CipherFinal()\fR are functions -that can be used for decryption or encryption. The operation performed -depends on the value of the \fBenc\fR parameter. It should be set to 1 for -encryption, 0 for decryption and \-1 to leave the value unchanged (the -actual value of 'enc' being supplied in a previous call). -.PP -\&\fIEVP_CIPHER_CTX_cleanup()\fR clears all information from a cipher context. -It should be called after all operations using a cipher are complete -so sensitive information does not remain in memory. +error code if padding is enabled and the final block is not correctly +formatted. The parameters and restrictions are identical to the encryption +operations except that if padding is enabled the decrypted data buffer \fBout\fR +passed to \fIEVP_DecryptUpdate()\fR should have sufficient room for +(\fBinl\fR + cipher_block_size) bytes unless the cipher block size is 1 in +which case \fBinl\fR bytes is sufficient. +.PP +\&\fIEVP_CipherInit_ex()\fR, \fIEVP_CipherUpdate()\fR and \fIEVP_CipherFinal_ex()\fR are +functions that can be used for decryption or encryption. The operation +performed depends on the value of the \fBenc\fR parameter. It should be set +to 1 for encryption, 0 for decryption and \-1 to leave the value unchanged +(the actual value of 'enc' being supplied in a previous call). +.PP +\&\fIEVP_CIPHER_CTX_cleanup()\fR clears all information from a cipher context +and free up any allocated memory associate with it. It should be called +after all operations using a cipher are complete so sensitive information +does not remain in memory. +.PP +\&\fIEVP_EncryptInit()\fR, \fIEVP_DecryptInit()\fR and \fIEVP_CipherInit()\fR behave in a +similar way to \fIEVP_EncryptInit_ex()\fR, EVP_DecryptInit_ex and +\&\fIEVP_CipherInit_ex()\fR except the \fBctx\fR paramter does not need to be +initialized and they always use the default cipher implementation. +.PP +\&\fIEVP_EncryptFinal()\fR, \fIEVP_DecryptFinal()\fR and \fIEVP_CipherFinal()\fR behave in a +similar way to \fIEVP_EncryptFinal_ex()\fR, \fIEVP_DecryptFinal_ex()\fR and +\&\fIEVP_CipherFinal_ex()\fR except \fBctx\fR is automatically cleaned up +after the call. .PP \&\fIEVP_get_cipherbyname()\fR, \fIEVP_get_cipherbynid()\fR and \fIEVP_get_cipherbyobj()\fR return an \s-1EVP_CIPHER\s0 structure when passed a cipher name, a \s-1NID\s0 or an @@ -272,6 +320,13 @@ passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR structure. The value is an internal value which may not have a corresponding \s-1OBJECT\s0 \&\s-1IDENTIFIER\s0. .PP +\&\fIEVP_CIPHER_CTX_set_padding()\fR enables or disables padding. By default +encryption operations are padded using standard block padding and the +padding is checked and removed when decrypting. If the \fBpad\fR parameter +is zero then no padding is performed, the total amount of data encrypted +or decrypted must then be a multiple of the block size or an error will +occur. +.PP \&\fIEVP_CIPHER_key_length()\fR and \fIEVP_CIPHER_CTX_key_length()\fR return the key length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR structure. The constant \fB\s-1EVP_MAX_KEY_LENGTH\s0\fR is the maximum key length @@ -331,14 +386,14 @@ and set. Currently only the \s-1RC2\s0 effective key length and the number of ro \&\s-1RC5\s0 can be set. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_EncryptInit()\fR, \fIEVP_EncryptUpdate()\fR and \fIEVP_EncryptFinal()\fR return 1 for success -and 0 for failure. +EVP_CIPHER_CTX_init, \fIEVP_EncryptInit_ex()\fR, \fIEVP_EncryptUpdate()\fR and +\&\fIEVP_EncryptFinal_ex()\fR return 1 for success and 0 for failure. .PP -\&\fIEVP_DecryptInit()\fR and \fIEVP_DecryptUpdate()\fR return 1 for success and 0 for failure. -\&\fIEVP_DecryptFinal()\fR returns 0 if the decrypt failed or 1 for success. +\&\fIEVP_DecryptInit_ex()\fR and \fIEVP_DecryptUpdate()\fR return 1 for success and 0 for failure. +\&\fIEVP_DecryptFinal_ex()\fR returns 0 if the decrypt failed or 1 for success. .PP -\&\fIEVP_CipherInit()\fR and \fIEVP_CipherUpdate()\fR return 1 for success and 0 for failure. -\&\fIEVP_CipherFinal()\fR returns 0 for a decryption failure or 1 for success. +\&\fIEVP_CipherInit_ex()\fR and \fIEVP_CipherUpdate()\fR return 1 for success and 0 for failure. +\&\fIEVP_CipherFinal_ex()\fR returns 0 for a decryption failure or 1 for success. .PP \&\fIEVP_CIPHER_CTX_cleanup()\fR returns 1 for success and 0 for failure. .PP @@ -353,6 +408,8 @@ size. \&\fIEVP_CIPHER_key_length()\fR and \fIEVP_CIPHER_CTX_key_length()\fR return the key length. .PP +\&\fIEVP_CIPHER_CTX_set_padding()\fR always returns 1. +.PP \&\fIEVP_CIPHER_iv_length()\fR and \fIEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0 length or zero if the cipher does not use an \s-1IV\s0. .PP @@ -428,24 +485,25 @@ encrypted then 5 padding bytes of value 5 will be added. .PP When decrypting the final block is checked to see if it has the correct form. .PP -Although the decryption operation can produce an error, it is not a strong -test that the input data or key is correct. A random block has better than -1 in 256 chance of being of the correct format and problems with the -input data earlier on will not produce a final decrypt error. -.PP -The functions \fIEVP_EncryptInit()\fR, \fIEVP_EncryptUpdate()\fR, \fIEVP_EncryptFinal()\fR, -\&\fIEVP_DecryptInit()\fR, \fIEVP_DecryptUpdate()\fR, \fIEVP_CipherInit()\fR and \fIEVP_CipherUpdate()\fR -and \fIEVP_CIPHER_CTX_cleanup()\fR did not return errors in OpenSSL version 0.9.5a or -earlier. Software only versions of encryption algorithms will never return -error codes for these functions, unless there is a programming error (for example -and attempt to set the key before the cipher is set in \fIEVP_EncryptInit()\fR ). +Although the decryption operation can produce an error if padding is enabled, +it is not a strong test that the input data or key is correct. A random block +has better than 1 in 256 chance of being of the correct format and problems with +the input data earlier on will not produce a final decrypt error. +.PP +If padding is disabled then the decryption operation will always succeed if +the total amount of data decrypted is a multiple of the block size. +.PP +The functions \fIEVP_EncryptInit()\fR, \fIEVP_EncryptFinal()\fR, \fIEVP_DecryptInit()\fR, +\&\fIEVP_CipherInit()\fR and \fIEVP_CipherFinal()\fR are obsolete but are retained for +compatibility with existing code. New code should use \fIEVP_EncryptInit_ex()\fR, +\&\fIEVP_EncryptFinal_ex()\fR, \fIEVP_DecryptInit_ex()\fR, \fIEVP_DecryptFinal_ex()\fR, +\&\fIEVP_CipherInit_ex()\fR and \fIEVP_CipherFinal_ex()\fR because they can reuse an +existing context without allocating and freeing it up on each call. .SH "BUGS" .IX Header "BUGS" For \s-1RC5\s0 the number of rounds can currently only be set to 8, 12 or 16. This is a limitation of the current \s-1RC5\s0 code rather than the \s-1EVP\s0 interface. .PP -It should be possible to disable \s-1PKCS\s0 padding: currently it isn't. -.PP \&\s-1EVP_MAX_KEY_LENGTH\s0 and \s-1EVP_MAX_IV_LENGTH\s0 only refer to the internal ciphers with default key lengths. If custom ciphers exceed these values the results are unpredictable. This is because it has become standard practice to define a @@ -459,28 +517,128 @@ Get the number of rounds used in \s-1RC5:\s0 .PP .Vb 2 \& int nrounds; -\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &i); +\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &nrounds); .Ve Get the \s-1RC2\s0 effective key length: .PP .Vb 2 \& int key_bits; -\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i); +\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC2_KEY_BITS, 0, &key_bits); .Ve Set the number of rounds used in \s-1RC5:\s0 .PP .Vb 2 \& int nrounds; -\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, i, NULL); +\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, nrounds, NULL); .Ve -Set the number of rounds used in \s-1RC2:\s0 +Set the effective key length used in \s-1RC2:\s0 .PP .Vb 2 -\& int nrounds; -\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, i, NULL); +\& int key_bits; +\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL); +.Ve +Encrypt a string using blowfish: +.PP +.Vb 14 +\& int do_crypt(char *outfile) +\& { +\& unsigned char outbuf[1024]; +\& int outlen, tmplen; +\& /* Bogus key and IV: we'd normally set these from +\& * another source. +\& */ +\& unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}; +\& unsigned char iv[] = {1,2,3,4,5,6,7,8}; +\& char intext[] = "Some Crypto Text"; +\& EVP_CIPHER_CTX ctx; +\& FILE *out; +\& EVP_CIPHER_CTX_init(&ctx); +\& EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, key, iv); +.Ve +.Vb 25 +\& if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext, strlen(intext))) +\& { +\& /* Error */ +\& return 0; +\& } +\& /* Buffer passed to EVP_EncryptFinal() must be after data just +\& * encrypted to avoid overwriting it. +\& */ +\& if(!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen)) +\& { +\& /* Error */ +\& return 0; +\& } +\& outlen += tmplen; +\& EVP_CIPHER_CTX_cleanup(&ctx); +\& /* Need binary mode for fopen because encrypted data is +\& * binary data. Also cannot use strlen() on it because +\& * it wont be null terminated and may contain embedded +\& * nulls. +\& */ +\& out = fopen(outfile, "wb"); +\& fwrite(outbuf, 1, outlen, out); +\& fclose(out); +\& return 1; +\& } +.Ve +The ciphertext from the above example can be decrypted using the \fBopenssl\fR +utility with the command line: +.PP +.Vb 1 +\& S<openssl bf -in cipher.bin -K 000102030405060708090A0B0C0D0E0F -iv 0102030405060708 -d> +.Ve +General encryption, decryption function example using \s-1FILE\s0 I/O and \s-1RC2\s0 with an +80 bit key: +.PP +.Vb 16 +\& int do_crypt(FILE *in, FILE *out, int do_encrypt) +\& { +\& /* Allow enough space in output buffer for additional block */ +\& inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH]; +\& int inlen, outlen; +\& /* Bogus key and IV: we'd normally set these from +\& * another source. +\& */ +\& unsigned char key[] = "0123456789"; +\& unsigned char iv[] = "12345678"; +\& /* Don't set key or IV because we will modify the parameters */ +\& EVP_CIPHER_CTX_init(&ctx); +\& EVP_CipherInit_ex(&ctx, EVP_rc2(), NULL, NULL, NULL, do_encrypt); +\& EVP_CIPHER_CTX_set_key_length(&ctx, 10); +\& /* We finished modifying parameters so now we can set key and IV */ +\& EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, do_encrypt); +.Ve +.Vb 17 +\& for(;;) +\& { +\& inlen = fread(inbuf, 1, 1024, in); +\& if(inlen <= 0) break; +\& if(!EVP_CipherUpdate(&ctx, outbuf, &outlen, inbuf, inlen)) +\& { +\& /* Error */ +\& return 0; +\& } +\& fwrite(outbuf, 1, outlen, out); +\& } +\& if(!EVP_CipherFinal_ex(&ctx, outbuf, &outlen)) +\& { +\& /* Error */ +\& return 0; +\& } +\& fwrite(outbuf, 1, outlen, out); +.Ve +.Vb 3 +\& EVP_CIPHER_CTX_cleanup(&ctx); +\& return 1; +\& } .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" evp(3) .SH "HISTORY" .IX Header "HISTORY" +\&\fIEVP_CIPHER_CTX_init()\fR, \fIEVP_EncryptInit_ex()\fR, \fIEVP_EncryptFinal_ex()\fR, +\&\fIEVP_DecryptInit_ex()\fR, \fIEVP_DecryptFinal_ex()\fR, \fIEVP_CipherInit_ex()\fR, +\&\fIEVP_CipherFinal_ex()\fR and \fIEVP_CIPHER_CTX_set_padding()\fR appeared in +OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/EVP_OpenInit.3 b/secure/lib/libcrypto/man/EVP_OpenInit.3 index 8b1de4d0ed00..d873c129a382 100644 --- a/secure/lib/libcrypto/man/EVP_OpenInit.3 +++ b/secure/lib/libcrypto/man/EVP_OpenInit.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:41 2002 +.\" Mon Jan 13 19:28:05 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "EVP_OpenInit 3" -.TH EVP_OpenInit 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH EVP_OpenInit 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal \- \s-1EVP\s0 envelope decryption diff --git a/secure/lib/libcrypto/man/SSL_set_verify_result.3 b/secure/lib/libcrypto/man/EVP_PKEY_new.3 index 5b317e914239..742e5e46af65 100644 --- a/secure/lib/libcrypto/man/SSL_set_verify_result.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_new.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:55 2002 +.\" Mon Jan 13 19:28:06 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,37 +137,44 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "SSL_set_verify_result 3" -.TH SSL_set_verify_result 3 "0.9.6e" "2000-11-12" "OpenSSL" +.IX Title "EVP_PKEY_new 3" +.TH EVP_PKEY_new 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -SSL_set_verify_result \- override result of peer certificate verification +EVP_PKEY_new, EVP_PKEY_free \- private key allocation functions. .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 -\& #include <openssl/ssl.h> +\& #include <openssl/evp.h> .Ve -.Vb 1 -\& void SSL_set_verify_result(SSL *ssl, long verify_result); +.Vb 2 +\& EVP_PKEY *EVP_PKEY_new(void); +\& void EVP_PKEY_free(EVP_PKEY *key); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_set_verify_result()\fR sets \fBverify_result\fR of the object \fBssl\fR to be the -result of the verification of the X509 certificate presented by the peer, -if any. +The \fIEVP_PKEY_new()\fR function allocates an empty \fB\s-1EVP_PKEY\s0\fR +structure which is used by OpenSSL to store private keys. +.PP +\&\fIEVP_PKEY_free()\fR frees up the private key \fBkey\fR. .SH "NOTES" .IX Header "NOTES" -\&\fISSL_set_verify_result()\fR overrides the verification result. It only changes -the verification result of the \fBssl\fR object. It does not become part of the -established session, so if the session is to be reused later, the original -value will reappear. +The \fB\s-1EVP_PKEY\s0\fR structure is used by various OpenSSL functions +which require a general private key without reference to any +particular algorithm. .PP -The valid codes for \fBverify_result\fR are documented in verify(1). +The structure returned by \fIEVP_PKEY_new()\fR is empty. To add a +private key to this empty structure the functions described in +EVP_PKEY_set1_RSA(3) should be used. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_set_verify_result()\fR does not provide a return value. +\&\fIEVP_PKEY_new()\fR returns either the newly allocated \fB\s-1EVP_PKEY\s0\fR +structure of \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fIEVP_PKEY_free()\fR does not return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_get_verify_result(3), -SSL_get_peer_certificate(3), -verify(1) +EVP_PKEY_set1_RSA(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/SSL_SESSION_free.3 b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 index a81b4bb50010..3a5a958b6e41 100644 --- a/secure/lib/libcrypto/man/SSL_SESSION_free.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:33 2002 +.\" Mon Jan 13 19:28:07 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,54 +137,81 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "SSL_SESSION_free 3" -.TH SSL_SESSION_free 3 "0.9.6e" "2002-01-26" "OpenSSL" +.IX Title "EVP_PKEY_set1_RSA 3" +.TH EVP_PKEY_set1_RSA 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -SSL_SESSION_free \- free an allocated \s-1SSL_SESSION\s0 structure +EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, +EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, +EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, EVP_PKEY_assign_EC_KEY, +EVP_PKEY_type \- \s-1EVP_PKEY\s0 assignment functions. .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 -\& #include <openssl/ssl.h> +\& #include <openssl/evp.h> +.Ve +.Vb 4 +\& int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,RSA *key); +\& int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,DSA *key); +\& int EVP_PKEY_set1_DH(EVP_PKEY *pkey,DH *key); +\& int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey,EC_KEY *key); +.Ve +.Vb 4 +\& RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); +\& DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); +\& DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey); +\& EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); +.Ve +.Vb 4 +\& int EVP_PKEY_assign_RSA(EVP_PKEY *pkey,RSA *key); +\& int EVP_PKEY_assign_DSA(EVP_PKEY *pkey,DSA *key); +\& int EVP_PKEY_assign_DH(EVP_PKEY *pkey,DH *key); +\& int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey,EC_KEY *key); .Ve .Vb 1 -\& void SSL_SESSION_free(SSL_SESSION *session); +\& int EVP_PKEY_type(int type); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_SESSION_free()\fR decrements the reference count of \fBsession\fR and removes -the \fB\s-1SSL_SESSION\s0\fR structure pointed to by \fBsession\fR and frees up the allocated -memory, if the the reference count has reached 0. +\&\fIEVP_PKEY_set1_RSA()\fR, \fIEVP_PKEY_set1_DSA()\fR, \fIEVP_PKEY_set1_DH()\fR and +\&\fIEVP_PKEY_set1_EC_KEY()\fR set the key referenced by \fBpkey\fR to \fBkey\fR. +.PP +\&\fIEVP_PKEY_get1_RSA()\fR, \fIEVP_PKEY_get1_DSA()\fR, \fIEVP_PKEY_get1_DH()\fR and +\&\fIEVP_PKEY_get1_EC_KEY()\fR return the referenced key in \fBpkey\fR or +\&\fB\s-1NULL\s0\fR if the key is not of the correct type. +.PP +\&\fIEVP_PKEY_assign_RSA()\fR \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR +and \fIEVP_PKEY_assign_EC_KEY()\fR also set the referenced key to \fBkey\fR +however these use the supplied \fBkey\fR internally and so \fBkey\fR +will be freed when the parent \fBpkey\fR is freed. +.PP +\&\fIEVP_PKEY_type()\fR returns the type of key corresponding to the value +\&\fBtype\fR. The type of a key can be obtained with +EVP_PKEY_type(pkey->type). The return value will be \s-1EVP_PKEY_RSA\s0, +\&\s-1EVP_PKEY_DSA\s0, \s-1EVP_PKEY_DH\s0 or \s-1EVP_PKEY_EC\s0 for the corresponding +key types or NID_undef if the key type is unassigned. .SH "NOTES" .IX Header "NOTES" -\&\s-1SSL_SESSION\s0 objects are allocated, when a \s-1TLS/SSL\s0 handshake operation -is successfully completed. Depending on the settings, see -SSL_CTX_set_session_cache_mode(3), -the \s-1SSL_SESSION\s0 objects are internally referenced by the \s-1SSL_CTX\s0 and -linked into its session cache. \s-1SSL\s0 objects may be using the \s-1SSL_SESSION\s0 object; -as a session may be reused, several \s-1SSL\s0 objects may be using one \s-1SSL_SESSION\s0 -object at the same time. It is therefore crucial to keep the reference -count (usage information) correct and not delete a \s-1SSL_SESSION\s0 object -that is still used, as this may lead to program failures due to -dangling pointers. These failures may also appear delayed, e.g. -when an \s-1SSL_SESSION\s0 object was completely freed as the reference count -incorrectly became 0, but it is still referenced in the internal -session cache and the cache list is processed during a -SSL_CTX_flush_sessions(3) operation. +In accordance with the OpenSSL naming convention the key obtained +from or assigned to the \fBpkey\fR using the \fB1\fR functions must be +freed as well as \fBpkey\fR. .PP -\&\fISSL_SESSION_free()\fR must only be called for \s-1SSL_SESSION\s0 objects, for -which the reference count was explicitly incremented (e.g. -by calling \fISSL_get1_session()\fR, see SSL_get_session(3)) -or when the \s-1SSL_SESSION\s0 object was generated outside a \s-1TLS\s0 handshake -operation, e.g. by using d2i_SSL_SESSION(3). -It must not be called on other \s-1SSL_SESSION\s0 objects, as this would cause -incorrect reference counts and therefore program failures. +\&\fIEVP_PKEY_assign_RSA()\fR \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR +\&\fIEVP_PKEY_assign_EC_KEY()\fR are implemented as macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_SESSION_free()\fR does not provide diagnostic information. +\&\fIEVP_PKEY_set1_RSA()\fR, \fIEVP_PKEY_set1_DSA()\fR, \fIEVP_PKEY_set1_DH()\fR and +\&\fIEVP_PKEY_set1_EC_KEY()\fR return 1 for success or 0 for failure. +.PP +\&\fIEVP_PKEY_get1_RSA()\fR, \fIEVP_PKEY_get1_DSA()\fR, \fIEVP_PKEY_get1_DH()\fR and +\&\fIEVP_PKEY_get1_EC_KEY()\fR return the referenced key or \fB\s-1NULL\s0\fR if +an error occurred. +.PP +\&\fIEVP_PKEY_assign_RSA()\fR \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR +and \fIEVP_PKEY_assign_EC_KEY()\fR return 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_get_session(3), -SSL_CTX_set_session_cache_mode(3), -SSL_CTX_flush_sessions(3), - d2i_SSL_SESSION(3) +EVP_PKEY_new(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/EVP_SealInit.3 b/secure/lib/libcrypto/man/EVP_SealInit.3 index 970b98fe496c..f2f0f2159f75 100644 --- a/secure/lib/libcrypto/man/EVP_SealInit.3 +++ b/secure/lib/libcrypto/man/EVP_SealInit.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:42 2002 +.\" Mon Jan 13 19:28:08 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "EVP_SealInit 3" -.TH EVP_SealInit 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH EVP_SealInit 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" EVP_SealInit, EVP_SealUpdate, EVP_SealFinal \- \s-1EVP\s0 envelope encryption @@ -209,3 +209,4 @@ EVP_EncryptInit(3), EVP_OpenInit(3) .SH "HISTORY" .IX Header "HISTORY" +\&\fIEVP_SealFinal()\fR did not return a value before OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/EVP_SignInit.3 b/secure/lib/libcrypto/man/EVP_SignInit.3 index 364417675220..88a56a0b68e2 100644 --- a/secure/lib/libcrypto/man/EVP_SignInit.3 +++ b/secure/lib/libcrypto/man/EVP_SignInit.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:43 2002 +.\" Mon Jan 13 19:28:10 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "EVP_SignInit 3" -.TH EVP_SignInit 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH EVP_SignInit 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" EVP_SignInit, EVP_SignUpdate, EVP_SignFinal \- \s-1EVP\s0 signing functions @@ -148,11 +148,14 @@ EVP_SignInit, EVP_SignUpdate, EVP_SignFinal \- \s-1EVP\s0 signing functions \& #include <openssl/evp.h> .Ve .Vb 3 -\& void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type); -\& void EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); +\& int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); +\& int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); \& int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *sig,unsigned int *s, EVP_PKEY *pkey); .Ve .Vb 1 +\& void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type); +.Ve +.Vb 1 \& int EVP_PKEY_size(EVP_PKEY *pkey); .Ve .SH "DESCRIPTION" @@ -160,9 +163,9 @@ EVP_SignInit, EVP_SignUpdate, EVP_SignFinal \- \s-1EVP\s0 signing functions The \s-1EVP\s0 signature routines are a high level interface to digital signatures. .PP -\&\fIEVP_SignInit()\fR initializes a signing context \fBctx\fR to using digest -\&\fBtype\fR: this will typically be supplied by a function such as -\&\fIEVP_sha1()\fR. +\&\fIEVP_SignInit_ex()\fR sets up signing context \fBctx\fR to use digest +\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized with +\&\fIEVP_MD_CTX_init()\fR before calling this function. .PP \&\fIEVP_SignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the signature context \fBctx\fR. This function can be called several times on the @@ -172,17 +175,17 @@ same \fBctx\fR to include additional data. and places the signature in \fBsig\fR. If the \fBs\fR parameter is not \s-1NULL\s0 then the number of bytes of data written (i.e. the length of the signature) will be written to the integer at \fBs\fR, at most EVP_PKEY_size(pkey) bytes -will be written. After calling \fIEVP_SignFinal()\fR no additional calls to -\&\fIEVP_SignUpdate()\fR can be made, but \fIEVP_SignInit()\fR can be called to initialize -a new signature operation. +will be written. +.PP +\&\fIEVP_SignInit()\fR initializes a signing context \fBctx\fR to use the default +implementation of digest \fBtype\fR. .PP \&\fIEVP_PKEY_size()\fR returns the maximum size of a signature in bytes. The actual signature returned by \fIEVP_SignFinal()\fR may be smaller. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_SignInit()\fR and \fIEVP_SignUpdate()\fR do not return values. -.PP -\&\fIEVP_SignFinal()\fR returns 1 for success and 0 for failure. +\&\fIEVP_SignInit_ex()\fR, \fIEVP_SignUpdate()\fR and \fIEVP_SignFinal()\fR return 1 +for success and 0 for failure. .PP \&\fIEVP_PKEY_size()\fR returns the maximum size of a signature in bytes. .PP @@ -201,11 +204,18 @@ EVP_DigestInit(3). When signing with \s-1DSA\s0 private keys the random number generator must be seeded or the operation will fail. The random number generator does not need to be seeded for \s-1RSA\s0 signatures. +.PP +The call to \fIEVP_SignFinal()\fR internally finalizes a copy of the digest context. +This means that calls to \fIEVP_SignUpdate()\fR and \fIEVP_SignFinal()\fR can be called +later to digest and sign additional data. +.PP +Since only a copy of the digest context is ever finalized the context must +be cleaned up after use by calling \fIEVP_MD_CTX_cleanup()\fR or a memory leak +will occur. .SH "BUGS" .IX Header "BUGS" -Several of the functions do not return values: maybe they should. Although the -internal digest operations will never fail some future hardware based operations -might. +Older versions of this documentation wrongly stated that calls to +\&\fIEVP_SignUpdate()\fR could not be made after calling \fIEVP_SignFinal()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" EVP_VerifyInit(3), @@ -217,3 +227,5 @@ sha(3), dgst(1) .IX Header "HISTORY" \&\fIEVP_SignInit()\fR, \fIEVP_SignUpdate()\fR and \fIEVP_SignFinal()\fR are available in all versions of SSLeay and OpenSSL. +.PP +\&\fIEVP_SignInit_ex()\fR was added in OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/EVP_VerifyInit.3 b/secure/lib/libcrypto/man/EVP_VerifyInit.3 index 06d78c5a60d3..77bef3d1db07 100644 --- a/secure/lib/libcrypto/man/EVP_VerifyInit.3 +++ b/secure/lib/libcrypto/man/EVP_VerifyInit.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:43 2002 +.\" Mon Jan 13 19:28:11 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "EVP_VerifyInit 3" -.TH EVP_VerifyInit 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH EVP_VerifyInit 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal \- \s-1EVP\s0 signature verification functions @@ -148,29 +148,35 @@ EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal \- \s-1EVP\s0 signature verifi \& #include <openssl/evp.h> .Ve .Vb 3 -\& void EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type); -\& void EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); +\& int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); +\& int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); \& int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, unsigned int siglen,EVP_PKEY *pkey); .Ve +.Vb 1 +\& int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1EVP\s0 signature verification routines are a high level interface to digital signatures. .PP -\&\fIEVP_VerifyInit()\fR initializes a verification context \fBctx\fR to using digest -\&\fBtype\fR: this will typically be supplied by a function such as \fIEVP_sha1()\fR. +\&\fIEVP_VerifyInit_ex()\fR sets up verification context \fBctx\fR to use digest +\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized by calling +\&\fIEVP_MD_CTX_init()\fR before calling this function. .PP \&\fIEVP_VerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the verification context \fBctx\fR. This function can be called several times on the same \fBctx\fR to include additional data. .PP \&\fIEVP_VerifyFinal()\fR verifies the data in \fBctx\fR using the public key \fBpkey\fR -and against the \fBsiglen\fR bytes at \fBsigbuf\fR. After calling \fIEVP_VerifyFinal()\fR -no additional calls to \fIEVP_VerifyUpdate()\fR can be made, but \fIEVP_VerifyInit()\fR -can be called to initialize a new verification operation. +and against the \fBsiglen\fR bytes at \fBsigbuf\fR. +.PP +\&\fIEVP_VerifyInit()\fR initializes verification context \fBctx\fR to use the default +implementation of digest \fBtype\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_VerifyInit()\fR and \fIEVP_VerifyUpdate()\fR do not return values. +\&\fIEVP_VerifyInit_ex()\fR and \fIEVP_VerifyUpdate()\fR return 1 for success and 0 for +failure. .PP \&\fIEVP_VerifyFinal()\fR returns 1 for a correct signature, 0 for failure and \-1 if some other error occurred. @@ -186,11 +192,18 @@ Due to the link between message digests and public key algorithms the correct digest algorithm must be used with the correct public key type. A list of algorithms and associated public key algorithms appears in EVP_DigestInit(3). +.PP +The call to \fIEVP_VerifyFinal()\fR internally finalizes a copy of the digest context. +This means that calls to \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR can be called +later to digest and verify additional data. +.PP +Since only a copy of the digest context is ever finalized the context must +be cleaned up after use by calling \fIEVP_MD_CTX_cleanup()\fR or a memory leak +will occur. .SH "BUGS" .IX Header "BUGS" -Several of the functions do not return values: maybe they should. Although the -internal digest operations will never fail some future hardware based operations -might. +Older versions of this documentation wrongly stated that calls to +\&\fIEVP_VerifyUpdate()\fR could not be made after calling \fIEVP_VerifyFinal()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" evp(3), @@ -203,3 +216,5 @@ sha(3), dgst(1) .IX Header "HISTORY" \&\fIEVP_VerifyInit()\fR, \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR are available in all versions of SSLeay and OpenSSL. +.PP +\&\fIEVP_VerifyInit_ex()\fR was added in OpenSSL 0.9.7 diff --git a/secure/lib/libcrypto/man/OBJ_nid2obj.3 b/secure/lib/libcrypto/man/OBJ_nid2obj.3 new file mode 100644 index 000000000000..3b693a2f8f96 --- /dev/null +++ b/secure/lib/libcrypto/man/OBJ_nid2obj.3 @@ -0,0 +1,292 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:12 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "OBJ_nid2obj 3" +.TH OBJ_nid2obj 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +OBJ_nid2obj, OBJ_nid2ln, OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid, +OBJ_cmp, OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup \- \s-1ASN1\s0 object utility +functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 3 +\& ASN1_OBJECT * OBJ_nid2obj(int n); +\& const char * OBJ_nid2ln(int n); +\& const char * OBJ_nid2sn(int n); +.Ve +.Vb 3 +\& int OBJ_obj2nid(const ASN1_OBJECT *o); +\& int OBJ_ln2nid(const char *ln); +\& int OBJ_sn2nid(const char *sn); +.Ve +.Vb 1 +\& int OBJ_txt2nid(const char *s); +.Ve +.Vb 2 +\& ASN1_OBJECT * OBJ_txt2obj(const char *s, int no_name); +\& int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name); +.Ve +.Vb 2 +\& int OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b); +\& ASN1_OBJECT * OBJ_dup(const ASN1_OBJECT *o); +.Ve +.Vb 2 +\& int OBJ_create(const char *oid,const char *sn,const char *ln); +\& void OBJ_cleanup(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1ASN1\s0 object utility functions process \s-1ASN1_OBJECT\s0 structures which are +a representation of the \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0 (\s-1OID\s0) type. +.PP +\&\fIOBJ_nid2obj()\fR, \fIOBJ_nid2ln()\fR and \fIOBJ_nid2sn()\fR convert the \s-1NID\s0 \fBn\fR to +an \s-1ASN1_OBJECT\s0 structure, its long name and its short name respectively, +or \fB\s-1NULL\s0\fR is an error occurred. +.PP +\&\fIOBJ_obj2nid()\fR, \fIOBJ_ln2nid()\fR, \fIOBJ_sn2nid()\fR return the corresponding \s-1NID\s0 +for the object \fBo\fR, the long name <ln> or the short name <sn> respectively +or NID_undef if an error occurred. +.PP +\&\fIOBJ_txt2nid()\fR returns \s-1NID\s0 corresponding to text string <s>. \fBs\fR can be +a long name, a short name or the numerical respresentation of an object. +.PP +\&\fIOBJ_txt2obj()\fR converts the text string \fBs\fR into an \s-1ASN1_OBJECT\s0 structure. +If \fBno_name\fR is 0 then long names and short names will be interpreted +as well as numerical forms. If \fBno_name\fR is 1 only the numerical form +is acceptable. +.PP +\&\fIOBJ_obj2txt()\fR converts the \fB\s-1ASN1_OBJECT\s0\fR \fBa\fR into a textual representation. +The representation is written as a null terminated string to \fBbuf\fR +at most \fBbuf_len\fR bytes are written, truncating the result if necessary. +The total amount of space required is returned. If \fBno_name\fR is 0 then +if the object has a long or short name then that will be used, otherwise +the numerical form will be used. If \fBno_name\fR is 1 then the numerical +form will always be used. +.PP +\&\fIOBJ_cmp()\fR compares \fBa\fR to \fBb\fR. If the two are identical 0 is returned. +.PP +\&\fIOBJ_dup()\fR returns a copy of \fBo\fR. +.PP +\&\fIOBJ_create()\fR adds a new object to the internal table. \fBoid\fR is the +numerical form of the object, \fBsn\fR the short name and \fBln\fR the +long name. A new \s-1NID\s0 is returned for the created object. +.PP +\&\fIOBJ_cleanup()\fR cleans up OpenSSLs internal object table: this should +be called before an application exits if any new objects were added +using \fIOBJ_create()\fR. +.SH "NOTES" +.IX Header "NOTES" +Objects in OpenSSL can have a short name, a long name and a numerical +identifier (\s-1NID\s0) associated with them. A standard set of objects is +represented in an internal table. The appropriate values are defined +in the header file \fBobjects.h\fR. +.PP +For example the \s-1OID\s0 for commonName has the following definitions: +.PP +.Vb 3 +\& #define SN_commonName "CN" +\& #define LN_commonName "commonName" +\& #define NID_commonName 13 +.Ve +New objects can be added by calling \fIOBJ_create()\fR. +.PP +Table objects have certain advantages over other objects: for example +their NIDs can be used in a C language switch statement. They are +also static constant structures which are shared: that is there +is only a single constant structure for each table object. +.PP +Objects which are not in the table have the \s-1NID\s0 value NID_undef. +.PP +Objects do not need to be in the internal tables to be processed, +the functions \fIOBJ_txt2obj()\fR and \fIOBJ_obj2txt()\fR can process the numerical +form of an \s-1OID\s0. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create an object for \fBcommonName\fR: +.PP +.Vb 2 +\& ASN1_OBJECT *o; +\& o = OBJ_nid2obj(NID_commonName); +.Ve +Check if an object is \fBcommonName\fR +.PP +.Vb 2 +\& if (OBJ_obj2nid(obj) == NID_commonName) +\& /* Do something */ +.Ve +Create a new \s-1NID\s0 and initialize an object from it: +.PP +.Vb 3 +\& int new_nid; +\& ASN1_OBJECT *obj; +\& new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier"); +.Ve +.Vb 1 +\& obj = OBJ_nid2obj(new_nid); +.Ve +Create a new object directly: +.PP +.Vb 1 +\& obj = OBJ_txt2obj("1.2.3.4", 1); +.Ve +.SH "BUGS" +.IX Header "BUGS" +\&\fIOBJ_obj2txt()\fR is awkward and messy to use: it doesn't follow the +convention of other OpenSSL functions where the buffer can be set +to \fB\s-1NULL\s0\fR to determine the amount of data that should be written. +Instead \fBbuf\fR must point to a valid buffer and \fBbuf_len\fR should +be set to a positive value. A buffer length of 80 should be more +than enough to handle any \s-1OID\s0 encountered in practice. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOBJ_nid2obj()\fR returns an \fB\s-1ASN1_OBJECT\s0\fR structure or \fB\s-1NULL\s0\fR is an +error occurred. +.PP +\&\fIOBJ_nid2ln()\fR and \fIOBJ_nid2sn()\fR returns a valid string or \fB\s-1NULL\s0\fR +on error. +.PP +\&\fIOBJ_obj2nid()\fR, \fIOBJ_ln2nid()\fR, \fIOBJ_sn2nid()\fR and \fIOBJ_txt2nid()\fR return +a \s-1NID\s0 or \fBNID_undef\fR on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ERR_get_error(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 index 61938c4d645d..ab77dfe906a7 100644 --- a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 +++ b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:44 2002 +.\" Mon Jan 13 19:28:13 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "OPENSSL_VERSION_NUMBER 3" -.TH OPENSSL_VERSION_NUMBER 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH OPENSSL_VERSION_NUMBER 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" \&\s-1OPENSSL_VERSION_NUMBER\s0, SSLeay, SSLeay_version \- get OpenSSL version number @@ -211,6 +211,10 @@ or \*(L"built on: date not available\*(R" otherwise. .IX Item "SSLEAY_PLATFORM" The \*(L"Configure\*(R" target of the library build in the form \*(L"platform: ...\*(R" if available or \*(L"platform: information not available\*(R" otherwise. +.Ip "\s-1SSLEAY_DIR\s0" 4 +.IX Item "SSLEAY_DIR" +The \*(L"\s-1OPENSSLDIR\s0\*(R" setting of the library build in the form \*(L"\s-1OPENSSLDIR:\s0 \*(R"..."\*(L" +if available or \*(R"\s-1OPENSSLDIR:\s0 N/A" otherwise. .PP For an unknown \fBt\fR, the text \*(L"not available\*(R" is returned. .SH "RETURN VALUE" @@ -223,3 +227,4 @@ crypto(3) .IX Header "HISTORY" \&\fISSLeay()\fR and \s-1SSLEAY_VERSION_NUMBER\s0 are available in all versions of SSLeay and OpenSSL. \&\s-1OPENSSL_VERSION_NUMBER\s0 is available in all versions of OpenSSL. +\&\fB\s-1SSLEAY_DIR\s0\fR was added in OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 index 575f328e0fdd..1ae39b413b1b 100644 --- a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 +++ b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:44 2002 +.\" Mon Jan 13 19:28:15 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "OpenSSL_add_all_algorithms 3" -.TH OpenSSL_add_all_algorithms 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH OpenSSL_add_all_algorithms 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests \- diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3 b/secure/lib/libcrypto/man/PKCS12_create.3 index af9c079d3ac2..424a067131f6 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3 +++ b/secure/lib/libcrypto/man/PKCS12_create.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:27 2002 +.\" Mon Jan 13 19:28:16 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,63 +137,56 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "SSL_CTX_set_quiet_shutdown 3" -.TH SSL_CTX_set_quiet_shutdown 3 "0.9.6e" "2002-01-26" "OpenSSL" +.IX Title "PKCS12_create 3" +.TH PKCS12_create 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_get_quiet_shutdown \- manipulate shutdown behaviour +PKCS12_create \- create a PKCS#12 structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 -\& #include <openssl/ssl.h> +\& #include <openssl/pkcs12.h> .Ve .Vb 2 -\& void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); -\& int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx); -.Ve -.Vb 2 -\& void SSL_set_quiet_shutdown(SSL *ssl, int mode); -\& int SSL_get_quiet_shutdown(SSL *ssl); +\& PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca, +\& int nid_key, int nid_cert, int iter, int mac_iter, int keytype); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBctx\fR to be -\&\fBmode\fR. \s-1SSL\s0 objects created from \fBctx\fR inherit the \fBmode\fR valid at the time -SSL_new(3) is called. \fBmode\fR may be 0 or 1. -.PP -\&\fISSL_CTX_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBctx\fR. +\&\fIPKCS12_create()\fR creates a PKCS#12 structure. .PP -\&\fISSL_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBssl\fR to be -\&\fBmode\fR. The setting stays valid until \fBssl\fR is removed with -SSL_free(3) or \fISSL_set_quiet_shutdown()\fR is called again. -It is not changed when SSL_clear(3) is called. -\&\fBmode\fR may be 0 or 1. +\&\fBpass\fR is the passphrase to use. \fBname\fR is the \fBfriendlyName\fR to use for +the supplied certifictate and key. \fBpkey\fR is the private key to include in +the structure and \fBcert\fR its corresponding certificates. \fBca\fR, if not \fB\s-1NULL\s0\fR +is an optional set of certificates to also include in the structure. .PP -\&\fISSL_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBssl\fR. +\&\fBnid_key\fR and \fBnid_cert\fR are the encryption algorithms that should be used +for the key and certificate respectively. \fBiter\fR is the encryption algorithm +iteration count to use and \fBmac_iter\fR is the \s-1MAC\s0 iteration count to use. +\&\fBkeytype\fR is the type of key. .SH "NOTES" .IX Header "NOTES" -Normally when a \s-1SSL\s0 connection is finished, the parties must send out -\&\*(L"close notify\*(R" alert messages using SSL_shutdown(3) -for a clean shutdown. +The parameters \fBnid_key\fR, \fBnid_cert\fR, \fBiter\fR, \fBmac_iter\fR and \fBkeytype\fR +can all be set to zero and sensible defaults will be used. .PP -When setting the \*(L"quiet shutdown\*(R" flag to 1, SSL_shutdown(3) -will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN. -(SSL_shutdown(3) then behaves like -SSL_set_shutdown(3) called with -SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.) -The session is thus considered to be shutdown, but no \*(L"close notify\*(R" alert -is sent to the peer. This behaviour violates the \s-1TLS\s0 standard. +These defaults are: 40 bit \s-1RC2\s0 encryption for certificates, triple \s-1DES\s0 +encryption for private keys, a key iteration count of \s-1PKCS12_DEFAULT_ITER\s0 +(currently 2048) and a \s-1MAC\s0 iteration count of 1. .PP -The default is normal shutdown behaviour as described by the \s-1TLS\s0 standard. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fISSL_CTX_set_quiet_shutdown()\fR and \fISSL_set_quiet_shutdown()\fR do not return -diagnostic information. +The default \s-1MAC\s0 iteration count is 1 in order to retain compatibility with +old software which did not interpret \s-1MAC\s0 iteration counts. If such compatibility +is not required then \fBmac_iter\fR should be set to \s-1PKCS12_DEFAULT_ITER\s0. .PP -\&\fISSL_CTX_get_quiet_shutdown()\fR and SSL_get_quiet_shutdown return the current -setting. +\&\fBkeytype\fR adds a flag to the store private key. This is a non standard extension +that is only currently interpreted by \s-1MSIE\s0. If set to zero the flag is omitted, +if set to \fB\s-1KEY_SIG\s0\fR the key can be used for signing only, if set to \fB\s-1KEY_EX\s0\fR +it can be used for signing and encryption. This option was useful for old +export grade software which could use signing only keys of arbitrary size but +had restrictions on the permissible sizes of keys which could be used for +encryption. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_shutdown(3), -SSL_set_shutdown(3), SSL_new(3), -SSL_clear(3), SSL_free(3) +d2i_PKCS12(3) +.SH "HISTORY" +.IX Header "HISTORY" +PKCS12_create was added in OpenSSL 0.9.3 diff --git a/secure/lib/libcrypto/man/SSL_pending.3 b/secure/lib/libcrypto/man/PKCS12_parse.3 index 41951d4e727b..167bab68ef8e 100644 --- a/secure/lib/libcrypto/man/SSL_pending.3 +++ b/secure/lib/libcrypto/man/PKCS12_parse.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:49 2002 +.\" Mon Jan 13 19:28:17 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,41 +137,46 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "SSL_pending 3" -.TH SSL_pending 3 "0.9.6e" "2001-02-17" "OpenSSL" +.IX Title "PKCS12_parse 3" +.TH PKCS12_parse 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -SSL_pending \- obtain number of readable bytes buffered in an \s-1SSL\s0 object +PKCS12_parse \- parse a PKCS#12 structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 1 -\& int SSL_pending(SSL *ssl); +\& #include <openssl/pkcs12.h> .Ve +int PKCS12_parse(\s-1PKCS12\s0 *p12, const char *pass, \s-1EVP_PKEY\s0 **pkey, X509 **cert, STACK_OF(X509) **ca); .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_pending()\fR returns the number of bytes which are available inside -\&\fBssl\fR for immediate read. +\&\fIPKCS12_parse()\fR parses a \s-1PKCS12\s0 structure. +.PP +\&\fBp12\fR is the \fB\s-1PKCS12\s0\fR structure to parse. \fBpass\fR is the passphrase to use. +If successful the private key will be written to \fB*pkey\fR, the corresponding +certificate to \fB*cert\fR and any additional certificates to \fB*ca\fR. .SH "NOTES" .IX Header "NOTES" -Data are received in blocks from the peer. Therefore data can be buffered -inside \fBssl\fR and are ready for immediate retrieval with -SSL_read(3). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The number of bytes pending is returned. +The parameters \fBpkey\fR and \fBcert\fR cannot be \fB\s-1NULL\s0\fR. \fBca\fR can be <\s-1NULL\s0> +in which case additional certificates will be discarded. \fB*ca\fR can also +be a valid \s-1STACK\s0 in which case additional certificates are appended to +\&\fB*ca\fR. If \fB*ca\fR is \fB\s-1NULL\s0\fR a new \s-1STACK\s0 will be allocated. +.PP +The \fBfriendlyName\fR and \fBlocalKeyID\fR attributes (if present) on each certificate +will be stored in the \fBalias\fR and \fBkeyid\fR attributes of the \fBX509\fR structure. .SH "BUGS" .IX Header "BUGS" -\&\fISSL_pending()\fR takes into account only bytes from the \s-1TLS/SSL\s0 record -that is currently being processed (if any). If the \fB\s-1SSL\s0\fR object's -\&\fIread_ahead\fR flag is set, additional protocol bytes may have been -read containing more \s-1TLS/SSL\s0 records; these are ignored by -\&\fISSL_pending()\fR. +Only a single private key and corresponding certificate is returned by this function. +More complex PKCS#12 files with multiple private keys will only return the first +match. +.PP +Only \fBfriendlyName\fR and \fBlocalKeyID\fR attributes are currently stored in certificates. +Other attributes are discarded. .PP -Up to OpenSSL 0.9.6, \fISSL_pending()\fR does not check if the record type -of pending data is application data. +Attributes currently cannot be store in the private key \fB\s-1EVP_PKEY\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" -SSL_read(3), ssl(3) +d2i_PKCS12(3) +.SH "HISTORY" +.IX Header "HISTORY" +PKCS12_parse was added in OpenSSL 0.9.3 diff --git a/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3 b/secure/lib/libcrypto/man/PKCS7_decrypt.3 index 6185b124902a..bf61e1d6eba4 100644 --- a/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3 +++ b/secure/lib/libcrypto/man/PKCS7_decrypt.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:44 2002 +.\" Mon Jan 13 19:28:18 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,45 +137,47 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "SSL_get_peer_cert_chain 3" -.TH SSL_get_peer_cert_chain 3 "0.9.6e" "2001-05-19" "OpenSSL" +.IX Title "PKCS7_decrypt 3" +.TH PKCS7_decrypt 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -SSL_get_peer_cert_chain \- get the X509 certificate chain of the peer +PKCS7_decrypt \- decrypt content from a PKCS#7 envelopedData structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 1 -\& STACKOF(X509) *SSL_get_peer_cert_chain(SSL *ssl); -.Ve +int PKCS7_decrypt(\s-1PKCS7\s0 *p7, \s-1EVP_PKEY\s0 *pkey, X509 *cert, \s-1BIO\s0 *data, int flags); .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_peer_cert_chain()\fR returns a pointer to STACKOF(X509) certificates -forming the certificate chain of the peer. If called on the client side, -the stack also contains the peer's certificate; if called on the server -side, the peer's certificate must be obtained separately using -SSL_get_peer_certificate(3). -If the peer did not present a certificate, \s-1NULL\s0 is returned. +\&\fIPKCS7_decrypt()\fR extracts and decrypts the content from a PKCS#7 envelopedData +structure. \fBpkey\fR is the private key of the recipient, \fBcert\fR is the +recipients certificate, \fBdata\fR is a \s-1BIO\s0 to write the content to and +\&\fBflags\fR is an optional set of flags. .SH "NOTES" .IX Header "NOTES" -The peer certificate chain is not necessarily available after reusing -a session, in which case a \s-1NULL\s0 pointer is returned. +\&\fIOpenSSL_add_all_algorithms()\fR (or equivalent) should be called before using this +function or errors about unknown algorithms will occur. .PP -The reference count of the STACKOF(X509) object is not incremented. -If the corresponding session is freed, the pointer must not be used -any longer. +Although the recipients certificate is not needed to decrypt the data it is needed +to locate the appropriate (of possible several) recipients in the PKCS#7 structure. +.PP +The following flags can be passed in the \fBflags\fR parameter. +.PP +If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +from the content. If the content is not of type \fBtext/plain\fR then an error is +returned. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The following return values can occur: -.Ip "\s-1NULL\s0" 4 -.IX Item "NULL" -No certificate was presented by the peer or no connection was established -or the certificate chain is no longer available when a session is reused. -.Ip "Pointer to a STACKOF(X509)" 4 -.IX Item "Pointer to a STACKOF(X509)" -The return value points to the certificate chain presented by the peer. +\&\fIPKCS7_decrypt()\fR returns either 1 for success or 0 for failure. +The error can be obtained from \fIERR_get_error\fR\|(3) +.SH "BUGS" +.IX Header "BUGS" +\&\fIPKCS7_decrypt()\fR must be passed the correct recipient key and certificate. It would +be better if it could look up the correct key and certificate from a database. +.PP +The lack of single pass processing and need to hold all data in memory as +mentioned in \fIPKCS7_sign()\fR also applies to \fIPKCS7_verify()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_get_peer_certificate(3) +ERR_get_error(3), PKCS7_encrypt(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIPKCS7_decrypt()\fR was added to OpenSSL 0.9.5 diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get_time.3 b/secure/lib/libcrypto/man/PKCS7_encrypt.3 index ebc0e3860d6c..4661d33df960 100644 --- a/secure/lib/libcrypto/man/SSL_SESSION_get_time.3 +++ b/secure/lib/libcrypto/man/PKCS7_encrypt.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:34 2002 +.\" Mon Jan 13 19:28:19 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,64 +137,59 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "SSL_SESSION_get_time 3" -.TH SSL_SESSION_get_time 3 "0.9.6e" "2002-01-26" "OpenSSL" +.IX Title "PKCS7_encrypt 3" +.TH PKCS7_encrypt 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION_get_timeout \- retrieve and manipulate session time and timeout settings +PKCS7_encrypt \- create a PKCS#7 envelopedData structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 4 -\& long SSL_SESSION_get_time(SSL_SESSION *s); -\& long SSL_SESSION_set_time(SSL_SESSION *s, long tm); -\& long SSL_SESSION_get_timeout(SSL_SESSION *s); -\& long SSL_SESSION_set_timeout(SSL_SESSION *s, long tm); -.Ve -.Vb 4 -\& long SSL_get_time(SSL_SESSION *s); -\& long SSL_set_time(SSL_SESSION *s, long tm); -\& long SSL_get_timeout(SSL_SESSION *s); -\& long SSL_set_timeout(SSL_SESSION *s, long tm); -.Ve +\&\s-1PKCS7\s0 *PKCS7_encrypt(STACK_OF(X509) *certs, \s-1BIO\s0 *in, const \s-1EVP_CIPHER\s0 *cipher, int flags); .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_SESSION_get_time()\fR returns the time at which the session \fBs\fR was -established. The time is given in seconds since the Epoch and therefore -compatible to the time delivered by the \fItime()\fR call. +\&\fIPKCS7_encrypt()\fR creates and returns a PKCS#7 envelopedData structure. \fBcerts\fR +is a list of recipient certificates. \fBin\fR is the content to be encrypted. +\&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +Only \s-1RSA\s0 keys are supported in PKCS#7 and envelopedData so the recipient certificates +supplied to this function must all contain \s-1RSA\s0 public keys, though they do not have to +be signed using the \s-1RSA\s0 algorithm. .PP -\&\fISSL_SESSION_set_time()\fR replaces the creation time of the session \fBs\fR with -the chosen value \fBtm\fR. +\&\fIEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use because +most clients will support it. .PP -\&\fISSL_SESSION_get_timeout()\fR returns the timeout value set for session \fBs\fR -in seconds. +Some old \*(L"export grade\*(R" clients may only support weak encryption using 40 or 64 bit +\&\s-1RC2\s0. These can be used by passing \fIEVP_rc2_40_cbc()\fR and \fIEVP_rc2_64_cbc()\fR respectively. .PP -\&\fISSL_SESSION_set_timeout()\fR sets the timeout value for session \fBs\fR in seconds -to \fBtm\fR. +The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of its +parameters. .PP -The \fISSL_get_time()\fR, \fISSL_set_time()\fR, \fISSL_get_timeout()\fR, and \fISSL_set_timeout()\fR -functions are synonyms for the SSL_SESSION_*() counterparts. -.SH "NOTES" -.IX Header "NOTES" -Sessions are expired by examining the creation time and the timeout value. -Both are set at creation time of the session to the actual time and the -default timeout value at creation, respectively, as set by -SSL_CTX_set_timeout(3). -Using these functions it is possible to extend or shorten the lifetime -of the session. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fISSL_SESSION_get_time()\fR and \fISSL_SESSION_get_timeout()\fR return the currently -valid values. +Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME +envelopedData containing an S/MIME signed message. This can be readily produced +by storing the S/MIME signed message in a memory \s-1BIO\s0 and passing it to +\&\fIPKCS7_encrypt()\fR. +.PP +The following flags can be passed in the \fBflags\fR parameter. .PP -\&\fISSL_SESSION_set_time()\fR and \fISSL_SESSION_set_timeout()\fR return 1 on success. +If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended +to the data. .PP -If any of the function is passed the \s-1NULL\s0 pointer for the session \fBs\fR, -0 is returned. +Normally the supplied content is translated into \s-1MIME\s0 canonical format (as required +by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation occurs. This +option should be used if the supplied data is in binary format otherwise the translation +will corrupt it. If \fB\s-1PKCS7_BINARY\s0\fR is set then \fB\s-1PKCS7_TEXT\s0\fR is ignored. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPKCS7_encrypt()\fR returns either a valid \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred. +The error can be obtained from \fIERR_get_error\fR\|(3). +.SH "BUGS" +.IX Header "BUGS" +The lack of single pass processing and need to hold all data in memory as +mentioned in \fIPKCS7_sign()\fR also applies to \fIPKCS7_verify()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -SSL_CTX_set_timeout(3), -SSL_get_default_timeout(3) +ERR_get_error(3), PKCS7_decrypt(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIPKCS7_decrypt()\fR was added to OpenSSL 0.9.5 diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3 b/secure/lib/libcrypto/man/PKCS7_sign.3 index a197941ce5d1..0ada49f94c87 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3 +++ b/secure/lib/libcrypto/man/PKCS7_sign.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:22 2002 +.\" Mon Jan 13 19:28:20 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,72 +137,79 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "SSL_CTX_set_cert_verify_callback 3" -.TH SSL_CTX_set_cert_verify_callback 3 "0.9.6e" "2002-01-26" "OpenSSL" +.IX Title "PKCS7_sign 3" +.TH PKCS7_sign 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -SSL_CTX_set_cert_verify_callback \- set peer certificate verification procedure +PKCS7_sign \- create a PKCS#7 signedData structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 3 -\& void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(), -\& char *arg); -\& int (*callback)(); -.Ve +\&\s-1PKCS7\s0 *PKCS7_sign(X509 *signcert, \s-1EVP_PKEY\s0 *pkey, STACK_OF(X509) *certs, \s-1BIO\s0 *data, int flags); .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_cert_verify_callback()\fR sets the verification callback function for -\&\fBctx\fR. \s-1SSL\s0 objects, that are created from \fBctx\fR inherit the setting valid at -the time, SSL_new(3) is called. \fBarg\fR is currently ignored. +\&\fIPKCS7_sign()\fR creates and returns a PKCS#7 signedData structure. \fBsigncert\fR +is the certificate to sign with, \fBpkey\fR is the corresponsding private key. +\&\fBcerts\fR is an optional additional set of certificates to include in the +PKCS#7 structure (for example any intermediate CAs in the chain). +.PP +The data to be signed is read from \s-1BIO\s0 \fBdata\fR. +.PP +\&\fBflags\fR is an optional set of flags. .SH "NOTES" .IX Header "NOTES" -Whenever a certificate is verified during a \s-1SSL/TLS\s0 handshake, a verification -function is called. If the application does not explicitly specify a -verification callback function, the built-in verification function is used. -If a verification callback \fBcallback\fR is specified via -\&\fISSL_CTX_set_cert_verify_callback()\fR, the supplied callback function is called -instead. By setting \fBcallback\fR to \s-1NULL\s0, the default behaviour is restored. +Any of the following flags (ored together) can be passed in the \fBflags\fR parameter. +.PP +Many S/MIME clients expect the signed content to include valid \s-1MIME\s0 headers. If +the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended +to the data. .PP -When the verification must be performed, \fBcallback\fR will be called with -the argument callback(X509_STORE_CTX *x509_store_ctx). The arguments \fBarg\fR -that can be specified when setting \fBcallback\fR are currently ignored. +If \fB\s-1PKCS7_NOCERTS\s0\fR is set the signer's certificate will not be included in the +\&\s-1PKCS7\s0 structure, the signer's certificate must still be supplied in the \fBsigncert\fR +parameter though. This can reduce the size of the signature if the signers certificate +can be obtained by other means: for example a previously signed message. .PP -\&\fBcallback\fR should return 1 to indicate verification success and 0 to -indicate verification failure. If \s-1SSL_VERIFY_PEER\s0 is set and \fBcallback\fR -returns 0, the handshake will fail. As the verification procedure may -allow to continue the connection in case of failure (by always returning 1) -the verification result must be set in any case using the \fBerror\fR -member of \fBx509_store_ctx\fR, so that the calling application will be informed -about the detailed result of the verification procedure! +The data being signed is included in the \s-1PKCS7\s0 structure, unless \fB\s-1PKCS7_DETACHED\s0\fR +is set in which case it is omitted. This is used for \s-1PKCS7\s0 detached signatures +which are used in S/MIME plaintext signed messages for example. .PP -Within \fBx509_store_ctx\fR, \fBcallback\fR has access to the \fBverify_callback\fR -function set using SSL_CTX_set_verify(3). -.SH "WARNINGS" -.IX Header "WARNINGS" -Do not mix the verification callback described in this function with the -\&\fBverify_callback\fR function called during the verification process. The -latter is set using the SSL_CTX_set_verify(3) -family of functions. +Normally the supplied content is translated into \s-1MIME\s0 canonical format (as required +by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation occurs. This +option should be used if the supplied data is in binary format otherwise the translation +will corrupt it. .PP -Providing a complete verification procedure including certificate purpose -settings etc is a complex task. The built-in procedure is quite powerful -and in most cases it should be sufficient to modify its behaviour using -the \fBverify_callback\fR function. +The signedData structure includes several PKCS#7 autenticatedAttributes including +the signing time, the PKCS#7 content type and the supported list of ciphers in +an SMIMECapabilities attribute. If \fB\s-1PKCS7_NOATTR\s0\fR is set then no authenticatedAttributes +will be used. If \fB\s-1PKCS7_NOSMIMECAP\s0\fR is set then just the SMIMECapabilities are +omitted. +.PP +If present the SMIMECapabilities attribute indicates support for the following +algorithms: triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bit \s-1RC2\s0, \s-1DES\s0 and 40 bit \s-1RC2\s0. If any +of these algorithms is disabled then it will not be included. .SH "BUGS" .IX Header "BUGS" -It is possible to specify arguments to be passed to the verification callback. -Currently they are however not passed but ignored. +\&\fIPKCS7_sign()\fR is somewhat limited. It does not support multiple signers, some +advanced attributes such as counter signatures are not supported. +.PP +The \s-1SHA1\s0 digest algorithm is currently always used. +.PP +When the signed data is not detached it will be stored in memory within the +\&\fB\s-1PKCS7\s0\fR structure. This effectively limits the size of messages which can be +signed due to memory restraints. There should be a way to sign data without +having to hold it all in memory, this would however require fairly major +revisions of the OpenSSL \s-1ASN1\s0 code. .PP -The \fBcallback\fR function is not specified via a prototype, so that no -type checking takes place. +Clear text signing does not store the content in memory but the way \fIPKCS7_sign()\fR +operates means that two passes of the data must typically be made: one to compute +the signatures and a second to output the data along with the signature. There +should be a way to process the data with only a single pass. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_cert_verify_callback()\fR does not provide diagnostic information. +\&\fIPKCS7_sign()\fR returns either a valid \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred. +The error can be obtained from \fIERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_CTX_set_verify(3), -SSL_get_verify_result(3), -SSL_CTX_load_verify_locations(3) +ERR_get_error(3), PKCS7_verify(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIPKCS7_sign()\fR was added to OpenSSL 0.9.5 diff --git a/secure/lib/libcrypto/man/PKCS7_verify.3 b/secure/lib/libcrypto/man/PKCS7_verify.3 new file mode 100644 index 000000000000..3a9b1b0f3022 --- /dev/null +++ b/secure/lib/libcrypto/man/PKCS7_verify.3 @@ -0,0 +1,245 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:22 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "PKCS7_verify 3" +.TH PKCS7_verify 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +PKCS7_verify \- verify a PKCS#7 signedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +int PKCS7_verify(\s-1PKCS7\s0 *p7, STACK_OF(X509) *certs, X509_STORE *store, \s-1BIO\s0 *indata, \s-1BIO\s0 *out, int flags); +.PP +int PKCS7_get0_signers(\s-1PKCS7\s0 *p7, STACK_OF(X509) *certs, int flags); +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS7_verify()\fR verifies a PKCS#7 signedData structure. \fBp7\fR is the \s-1PKCS7\s0 +structure to verify. \fBcerts\fR is a set of certificates in which to search for +the signer's certificate. \fBstore\fR is a trusted certficate store (used for +chain verification). \fBindata\fR is the signed data if the content is not +present in \fBp7\fR (that is it is detached). The content is written to \fBout\fR +if it is not \s-1NULL\s0. +.PP +\&\fBflags\fR is an optional set of flags, which can be used to modify the verify +operation. +.PP +\&\fIPKCS7_get0_signers()\fR retrieves the signer's certificates from \fBp7\fR, it does +\&\fBnot\fR check their validity or whether any signatures are valid. The \fBcerts\fR +and \fBflags\fR parameters have the same meanings as in \fIPKCS7_verify()\fR. +.SH "VERIFY PROCESS" +.IX Header "VERIFY PROCESS" +Normally the verify process proceeds as follows. +.PP +Initially some sanity checks are performed on \fBp7\fR. The type of \fBp7\fR must +be signedData. There must be at least one signature on the data and if +the content is detached \fBindata\fR cannot be \fB\s-1NULL\s0\fR. +.PP +An attempt is made to locate all the signer's certificates, first looking in +the \fBcerts\fR parameter (if it is not \fB\s-1NULL\s0\fR) and then looking in any certificates +contained in the \fBp7\fR structure itself. If any signer's certificates cannot be +located the operation fails. +.PP +Each signer's certificate is chain verified using the \fBsmimesign\fR purpose and +the supplied trusted certificate store. Any internal certificates in the message +are used as untrusted CAs. If any chain verify fails an error code is returned. +.PP +Finally the signed content is read (and written to \fBout\fR is it is not \s-1NULL\s0) and +the signature's checked. +.PP +If all signature's verify correctly then the function is successful. +.PP +Any of the following flags (ored together) can be passed in the \fBflags\fR parameter +to change the default verify behaviour. Only the flag \fB\s-1PKCS7_NOINTERN\s0\fR is +meaningful to \fIPKCS7_get0_signers()\fR. +.PP +If \fB\s-1PKCS7_NOINTERN\s0\fR is set the certificates in the message itself are not +searched when locating the signer's certificate. This means that all the signers +certificates must be in the \fBcerts\fR parameter. +.PP +If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +from the content. If the content is not of type \fBtext/plain\fR then an error is +returned. +.PP +If \fB\s-1PKCS7_NOVERIFY\s0\fR is set the signer's certificates are not chain verified. +.PP +If \fB\s-1PKCS7_NOCHAIN\s0\fR is set then the certificates contained in the message are +not used as untrusted CAs. This means that the whole verify chain (apart from +the signer's certificate) must be contained in the trusted store. +.PP +If \fB\s-1PKCS7_NOSIGS\s0\fR is set then the signatures on the data are not checked. +.SH "NOTES" +.IX Header "NOTES" +One application of \fB\s-1PKCS7_NOINTERN\s0\fR is to only accept messages signed by +a small number of certificates. The acceptable certificates would be passed +in the \fBcerts\fR parameter. In this case if the signer is not one of the +certificates supplied in \fBcerts\fR then the verify will fail because the +signer cannot be found. +.PP +Care should be taken when modifying the default verify behaviour, for example +setting \fBPKCS7_NOVERIFY|PKCS7_NOSIGS\fR will totally disable all verification +and any signed message will be considered valid. This combination is however +useful if one merely wishes to write the content to \fBout\fR and its validity +is not considered important. +.PP +Chain verification should arguably be performed using the signing time rather +than the current time. However since the signing time is supplied by the +signer it cannot be trusted without additional evidence (such as a trusted +timestamp). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPKCS7_verify()\fR returns 1 for a successful verification and zero or a negative +value if an error occurs. +.PP +\&\fIPKCS7_get0_signers()\fR returns all signers or \fB\s-1NULL\s0\fR if an error occurred. +.PP +The error can be obtained from ERR_get_error(3) +.SH "BUGS" +.IX Header "BUGS" +The trusted certificate store is not searched for the signers certificate, +this is primarily due to the inadequacies of the current \fBX509_STORE\fR +functionality. +.PP +The lack of single pass processing and need to hold all data in memory as +mentioned in \fIPKCS7_sign()\fR also applies to \fIPKCS7_verify()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ERR_get_error(3), PKCS7_sign(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIPKCS7_verify()\fR was added to OpenSSL 0.9.5 diff --git a/secure/lib/libcrypto/man/RAND_add.3 b/secure/lib/libcrypto/man/RAND_add.3 index 15a7d91b4285..7ece2c67f23a 100644 --- a/secure/lib/libcrypto/man/RAND_add.3 +++ b/secure/lib/libcrypto/man/RAND_add.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:45 2002 +.\" Mon Jan 13 19:28:23 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RAND_add 3" -.TH RAND_add 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH RAND_add 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RAND_add, RAND_seed, RAND_status, RAND_event, RAND_screen \- add diff --git a/secure/lib/libcrypto/man/RAND_bytes.3 b/secure/lib/libcrypto/man/RAND_bytes.3 index a3bd3fb942a8..f635985907c8 100644 --- a/secure/lib/libcrypto/man/RAND_bytes.3 +++ b/secure/lib/libcrypto/man/RAND_bytes.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:46 2002 +.\" Mon Jan 13 19:28:24 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RAND_bytes 3" -.TH RAND_bytes 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH RAND_bytes 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RAND_bytes, RAND_pseudo_bytes \- generate random data @@ -174,7 +174,8 @@ functions return \-1 if they are not supported by the current \s-1RAND\s0 method. .SH "SEE ALSO" .IX Header "SEE ALSO" -rand(3), err(3), RAND_add(3) +rand(3), ERR_get_error(3), +RAND_add(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIRAND_bytes()\fR is available in all versions of SSLeay and OpenSSL. It diff --git a/secure/lib/libcrypto/man/RAND_cleanup.3 b/secure/lib/libcrypto/man/RAND_cleanup.3 index 317e9d38e158..e6efbc398430 100644 --- a/secure/lib/libcrypto/man/RAND_cleanup.3 +++ b/secure/lib/libcrypto/man/RAND_cleanup.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:46 2002 +.\" Mon Jan 13 19:28:25 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RAND_cleanup 3" -.TH RAND_cleanup 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH RAND_cleanup 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RAND_cleanup \- erase the \s-1PRNG\s0 state diff --git a/secure/lib/libcrypto/man/RAND_egd.3 b/secure/lib/libcrypto/man/RAND_egd.3 index d5f628484b23..b59d0e531f29 100644 --- a/secure/lib/libcrypto/man/RAND_egd.3 +++ b/secure/lib/libcrypto/man/RAND_egd.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:47 2002 +.\" Mon Jan 13 19:28:26 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RAND_egd 3" -.TH RAND_egd 3 "0.9.6e" "2001-02-17" "OpenSSL" +.TH RAND_egd 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RAND_egd \- query entropy gathering daemon @@ -151,6 +151,9 @@ RAND_egd \- query entropy gathering daemon \& int RAND_egd(const char *path); \& int RAND_egd_bytes(const char *path, int bytes); .Ve +.Vb 1 +\& int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fIRAND_egd()\fR queries the entropy gathering daemon \s-1EGD\s0 on socket \fBpath\fR. @@ -166,6 +169,11 @@ When only one secret key must be generated, it is not necessary to request the full amount 255 bytes from the \s-1EGD\s0 socket. This can be advantageous, since the amount of entropy that can be retrieved from \s-1EGD\s0 over time is limited. +.PP +\&\fIRAND_query_egd_bytes()\fR performs the actual query of the \s-1EGD\s0 daemon on socket +\&\fBpath\fR. If \fBbuf\fR is given, \fBbytes\fR bytes are queried and written into +\&\fBbuf\fR. If \fBbuf\fR is \s-1NULL\s0, \fBbytes\fR bytes are queried and used to seed the +OpenSSL built-in \s-1PRNG\s0 using RAND_add(3). .SH "NOTES" .IX Header "NOTES" On systems without /dev/*random devices providing entropy from the kernel, @@ -185,11 +193,18 @@ available from http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html . \&\s-1PRNGD\s0 does employ an internal \s-1PRNG\s0 itself and can therefore never run out of entropy. +.PP +OpenSSL automatically queries \s-1EGD\s0 when entropy is requested via \fIRAND_bytes()\fR +or the status is checked via \fIRAND_status()\fR for the first time, if the socket +is located at /var/run/egd-pool, /dev/egd-pool or /etc/egd-pool. .SH "RETURN VALUE" .IX Header "RETURN VALUE" \&\fIRAND_egd()\fR and \fIRAND_egd_bytes()\fR return the number of bytes read from the daemon on success, and \-1 if the connection failed or the daemon did not return enough data to fully seed the \s-1PRNG\s0. +.PP +\&\fIRAND_query_egd_bytes()\fR returns the number of bytes read from the daemon on +success, and \-1 if the connection failed. The \s-1PRNG\s0 state is not considered. .SH "SEE ALSO" .IX Header "SEE ALSO" rand(3), RAND_add(3), @@ -199,3 +214,7 @@ RAND_cleanup(3) \&\fIRAND_egd()\fR is available since OpenSSL 0.9.5. .PP \&\fIRAND_egd_bytes()\fR is available since OpenSSL 0.9.6. +.PP +\&\fIRAND_query_egd_bytes()\fR is available since OpenSSL 0.9.7. +.PP +The automatic query of /var/run/egd-pool et al was added in OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/RAND_load_file.3 b/secure/lib/libcrypto/man/RAND_load_file.3 index c61c51247632..6ae20f1c2a16 100644 --- a/secure/lib/libcrypto/man/RAND_load_file.3 +++ b/secure/lib/libcrypto/man/RAND_load_file.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:47 2002 +.\" Mon Jan 13 19:28:28 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RAND_load_file 3" -.TH RAND_load_file 3 "0.9.6e" "2001-05-19" "OpenSSL" +.TH RAND_load_file 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RAND_load_file, RAND_write_file, RAND_file_name \- \s-1PRNG\s0 seed file diff --git a/secure/lib/libcrypto/man/RAND_set_rand_method.3 b/secure/lib/libcrypto/man/RAND_set_rand_method.3 index 3c28fedf2649..d38d589c2f5b 100644 --- a/secure/lib/libcrypto/man/RAND_set_rand_method.3 +++ b/secure/lib/libcrypto/man/RAND_set_rand_method.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:48 2002 +.\" Mon Jan 13 19:28:29 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RAND_set_rand_method 3" -.TH RAND_set_rand_method 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH RAND_set_rand_method 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay \- select \s-1RAND\s0 method @@ -148,24 +148,32 @@ RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay \- select \s-1RAND\s0 me \& #include <openssl/rand.h> .Ve .Vb 1 -\& void RAND_set_rand_method(RAND_METHOD *meth); +\& void RAND_set_rand_method(const RAND_METHOD *meth); .Ve .Vb 1 -\& RAND_METHOD *RAND_get_rand_method(void); +\& const RAND_METHOD *RAND_get_rand_method(void); .Ve .Vb 1 \& RAND_METHOD *RAND_SSLeay(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -A \fB\s-1RAND_METHOD\s0\fR specifies the functions that OpenSSL uses for random -number generation. By modifying the method, alternative -implementations such as hardware RNGs may be used. Initially, the -default is to use the OpenSSL internal implementation. \fIRAND_SSLeay()\fR -returns a pointer to that method. +A \fB\s-1RAND_METHOD\s0\fR specifies the functions that OpenSSL uses for random number +generation. By modifying the method, alternative implementations such as +hardware RNGs may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for important +information about how these \s-1RAND\s0 \s-1API\s0 functions are affected by the use of +\&\fB\s-1ENGINE\s0\fR \s-1API\s0 calls. .PP -\&\fIRAND_set_rand_method()\fR sets the \s-1RAND\s0 method to \fBmeth\fR. -\&\fIRAND_get_rand_method()\fR returns a pointer to the current method. +Initially, the default \s-1RAND_METHOD\s0 is the OpenSSL internal implementation, as +returned by \fIRAND_SSLeay()\fR. +.PP +\&\fIRAND_set_default_method()\fR makes \fBmeth\fR the method for \s-1PRNG\s0 use. \fB\s-1NB\s0\fR: This is +true only whilst no \s-1ENGINE\s0 has been set as a default for \s-1RAND\s0, so this function +is no longer recommended. +.PP +\&\fIRAND_get_default_method()\fR returns a pointer to the current \s-1RAND_METHOD\s0. +However, the meaningfulness of this result is dependant on whether the \s-1ENGINE\s0 +\&\s-1API\s0 is being used, so this function is no longer recommended. .SH "THE RAND_METHOD STRUCTURE" .IX Header "THE RAND_METHOD STRUCTURE" .Vb 9 @@ -187,10 +195,25 @@ Each component may be \s-1NULL\s0 if the function is not implemented. .IX Header "RETURN VALUES" \&\fIRAND_set_rand_method()\fR returns no value. \fIRAND_get_rand_method()\fR and \&\fIRAND_SSLeay()\fR return pointers to the respective methods. +.SH "NOTES" +.IX Header "NOTES" +As of version 0.9.7, \s-1RAND_METHOD\s0 implementations are grouped together with other +algorithmic APIs (eg. \s-1RSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) in \fB\s-1ENGINE\s0\fR modules. If a +default \s-1ENGINE\s0 is specified for \s-1RAND\s0 functionality using an \s-1ENGINE\s0 \s-1API\s0 function, +that will override any \s-1RAND\s0 defaults set using the \s-1RAND\s0 \s-1API\s0 (ie. +\&\fIRAND_set_rand_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the recommended way +to control default implementations for use in \s-1RAND\s0 and other cryptographic +algorithms. .SH "SEE ALSO" .IX Header "SEE ALSO" -rand(3) +rand(3), engine(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIRAND_set_rand_method()\fR, \fIRAND_get_rand_method()\fR and \fIRAND_SSLeay()\fR are available in all versions of OpenSSL. +.PP +In the engine version of version 0.9.6, \fIRAND_set_rand_method()\fR was altered to +take an \s-1ENGINE\s0 pointer as its argument. As of version 0.9.7, that has been +reverted as the \s-1ENGINE\s0 \s-1API\s0 transparently overrides \s-1RAND\s0 defaults if used, +otherwise \s-1RAND\s0 \s-1API\s0 functions work as before. \fIRAND_set_rand_engine()\fR was also +introduced in version 0.9.7. diff --git a/secure/lib/libcrypto/man/RSA_blinding_on.3 b/secure/lib/libcrypto/man/RSA_blinding_on.3 index 1ad4f8b7c183..afe90bd25b7c 100644 --- a/secure/lib/libcrypto/man/RSA_blinding_on.3 +++ b/secure/lib/libcrypto/man/RSA_blinding_on.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:49 2002 +.\" Mon Jan 13 19:28:30 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RSA_blinding_on 3" -.TH RSA_blinding_on 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH RSA_blinding_on 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_blinding_on, RSA_blinding_off \- protect the \s-1RSA\s0 operation from timing attacks diff --git a/secure/lib/libcrypto/man/RSA_check_key.3 b/secure/lib/libcrypto/man/RSA_check_key.3 index f5a5581138e5..9c31ac6e3998 100644 --- a/secure/lib/libcrypto/man/RSA_check_key.3 +++ b/secure/lib/libcrypto/man/RSA_check_key.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:49 2002 +.\" Mon Jan 13 19:28:31 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RSA_check_key 3" -.TH RSA_check_key 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH RSA_check_key 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_check_key \- validate private \s-1RSA\s0 keys @@ -174,9 +174,27 @@ This function does not work on \s-1RSA\s0 public keys that have only the modulus and public exponent elements populated. It performs integrity checks on all the \s-1RSA\s0 key material, so the \s-1RSA\s0 key structure must contain all the private key data too. +.PP +Unlike most other \s-1RSA\s0 functions, this function does \fBnot\fR work +transparently with any underlying \s-1ENGINE\s0 implementation because it uses the +key data in the \s-1RSA\s0 structure directly. An \s-1ENGINE\s0 implementation can +override the way key data is stored and handled, and can even provide +support for \s-1HSM\s0 keys \- in which case the \s-1RSA\s0 structure may contain \fBno\fR +key data at all! If the \s-1ENGINE\s0 in question is only being used for +acceleration or analysis purposes, then in all likelihood the \s-1RSA\s0 key data +is complete and untouched, but this can't be assumed in the general case. +.SH "BUGS" +.IX Header "BUGS" +A method of verifying the \s-1RSA\s0 key using opaque \s-1RSA\s0 \s-1API\s0 functions might need +to be considered. Right now \fIRSA_check_key()\fR simply uses the \s-1RSA\s0 structure +elements directly, bypassing the \s-1RSA_METHOD\s0 table altogether (and +completely violating encapsulation and object-orientation in the process). +The best fix will probably be to introduce a \*(L"\fIcheck_key()\fR\*(R" handler to the +\&\s-1RSA_METHOD\s0 function table so that alternative implementations can also +provide their own verifiers. .SH "SEE ALSO" .IX Header "SEE ALSO" -rsa(3), err(3) +rsa(3), ERR_get_error(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIRSA_check()\fR appeared in OpenSSL 0.9.4. +\&\fIRSA_check_key()\fR appeared in OpenSSL 0.9.4. diff --git a/secure/lib/libcrypto/man/RSA_generate_key.3 b/secure/lib/libcrypto/man/RSA_generate_key.3 index 50e23bc3c4fb..9253cab40456 100644 --- a/secure/lib/libcrypto/man/RSA_generate_key.3 +++ b/secure/lib/libcrypto/man/RSA_generate_key.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:50 2002 +.\" Mon Jan 13 19:28:32 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RSA_generate_key 3" -.TH RSA_generate_key 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH RSA_generate_key 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_generate_key \- generate \s-1RSA\s0 key pair @@ -186,7 +186,8 @@ error codes can be obtained by ERR_get_error(3). \&\fIRSA_generate_key()\fR goes into an infinite loop for illegal input values. .SH "SEE ALSO" .IX Header "SEE ALSO" -err(3), rand(3), rsa(3), RSA_free(3) +ERR_get_error(3), rand(3), rsa(3), +RSA_free(3) .SH "HISTORY" .IX Header "HISTORY" The \fBcb_arg\fR argument was added in SSLeay 0.9.0. diff --git a/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 b/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 index f8fccb71e7ba..ce2be6278e72 100644 --- a/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:50 2002 +.\" Mon Jan 13 19:28:33 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RSA_get_ex_new_index 3" -.TH RSA_get_ex_new_index 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH RSA_get_ex_new_index 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data \- add application specific data to \s-1RSA\s0 structures diff --git a/secure/lib/libcrypto/man/RSA_new.3 b/secure/lib/libcrypto/man/RSA_new.3 index 7869f1af210c..e1e32dc731b6 100644 --- a/secure/lib/libcrypto/man/RSA_new.3 +++ b/secure/lib/libcrypto/man/RSA_new.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:51 2002 +.\" Mon Jan 13 19:28:34 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RSA_new 3" -.TH RSA_new 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH RSA_new 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_new, RSA_free \- allocate and free \s-1RSA\s0 objects @@ -155,7 +155,8 @@ RSA_new, RSA_free \- allocate and free \s-1RSA\s0 objects .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIRSA_new()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure. +\&\fIRSA_new()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure. It is equivalent to +calling RSA_new_method(\s-1NULL\s0). .PP \&\fIRSA_free()\fR frees the \fB\s-1RSA\s0\fR structure and its components. The key is erased before the memory is returned to the system. @@ -168,7 +169,9 @@ a pointer to the newly allocated structure. \&\fIRSA_free()\fR returns no value. .SH "SEE ALSO" .IX Header "SEE ALSO" -err(3), rsa(3), RSA_generate_key(3) +ERR_get_error(3), rsa(3), +RSA_generate_key(3), +RSA_new_method(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIRSA_new()\fR and \fIRSA_free()\fR are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 index fb2dba4b2432..e17331e8dad9 100644 --- a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 +++ b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:52 2002 +.\" Mon Jan 13 19:28:35 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RSA_padding_add_PKCS1_type_1 3" -.TH RSA_padding_add_PKCS1_type_1 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH RSA_padding_add_PKCS1_type_1 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1, diff --git a/secure/lib/libcrypto/man/RSA_print.3 b/secure/lib/libcrypto/man/RSA_print.3 index 9a0494c627ac..da3787a08c51 100644 --- a/secure/lib/libcrypto/man/RSA_print.3 +++ b/secure/lib/libcrypto/man/RSA_print.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:52 2002 +.\" Mon Jan 13 19:28:37 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,12 +138,12 @@ .\" ====================================================================== .\" .IX Title "RSA_print 3" -.TH RSA_print 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH RSA_print 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -RSA_print, RSA_print_fp, DHparams_print, DHparams_print_fp, DSA_print, -DSA_print_fp, DHparams_print, DHparams_print_fp \- print cryptographic -parameters +RSA_print, RSA_print_fp, +DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp, +DHparams_print, DHparams_print_fp \- print cryptographic parameters .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 diff --git a/secure/lib/libcrypto/man/RSA_private_encrypt.3 b/secure/lib/libcrypto/man/RSA_private_encrypt.3 index e7e63f62052d..ba0fd87f5af9 100644 --- a/secure/lib/libcrypto/man/RSA_private_encrypt.3 +++ b/secure/lib/libcrypto/man/RSA_private_encrypt.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:53 2002 +.\" Mon Jan 13 19:28:38 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RSA_private_encrypt 3" -.TH RSA_private_encrypt 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH RSA_private_encrypt 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_private_encrypt, RSA_public_decrypt \- low level signature operations @@ -192,7 +192,8 @@ On error, \-1 is returned; the error codes can be obtained by ERR_get_error(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -err(3), rsa(3), RSA_sign(3), RSA_verify(3) +ERR_get_error(3), rsa(3), +RSA_sign(3), RSA_verify(3) .SH "HISTORY" .IX Header "HISTORY" The \fBpadding\fR argument was added in SSLeay 0.8. \s-1RSA_NO_PADDING\s0 is diff --git a/secure/lib/libcrypto/man/RSA_public_encrypt.3 b/secure/lib/libcrypto/man/RSA_public_encrypt.3 index 407b57899ae9..a516181c70b6 100644 --- a/secure/lib/libcrypto/man/RSA_public_encrypt.3 +++ b/secure/lib/libcrypto/man/RSA_public_encrypt.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:54 2002 +.\" Mon Jan 13 19:28:39 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RSA_public_encrypt 3" -.TH RSA_public_encrypt 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH RSA_public_encrypt 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_public_encrypt, RSA_private_decrypt \- \s-1RSA\s0 public key cryptography @@ -202,10 +202,8 @@ obtained by ERR_get_error(3). \&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0 .SH "SEE ALSO" .IX Header "SEE ALSO" -err(3), rand(3), rsa(3), RSA_size(3) -.SH "NOTES" -.IX Header "NOTES" -The RSA_PKCS1_RSAref(3) method supports only the \s-1RSA_PKCS1_PADDING\s0 mode. +ERR_get_error(3), rand(3), rsa(3), +RSA_size(3) .SH "HISTORY" .IX Header "HISTORY" The \fBpadding\fR argument was added in SSLeay 0.8. \s-1RSA_NO_PADDING\s0 is diff --git a/secure/lib/libcrypto/man/RSA_set_method.3 b/secure/lib/libcrypto/man/RSA_set_method.3 index df5575754efc..ee2ada5f0e74 100644 --- a/secure/lib/libcrypto/man/RSA_set_method.3 +++ b/secure/lib/libcrypto/man/RSA_set_method.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:54 2002 +.\" Mon Jan 13 19:28:40 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,40 +138,37 @@ .\" ====================================================================== .\" .IX Title "RSA_set_method 3" -.TH RSA_set_method 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH RSA_set_method 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_set_default_method, RSA_get_default_method, RSA_set_method, -RSA_get_method, RSA_PKCS1_SSLeay, RSA_PKCS1_RSAref, -RSA_null_method, RSA_flags, RSA_new_method \- select \s-1RSA\s0 method +RSA_get_method, RSA_PKCS1_SSLeay, RSA_null_method, RSA_flags, +RSA_new_method \- select \s-1RSA\s0 method .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/rsa.h> .Ve .Vb 1 -\& void RSA_set_default_method(RSA_METHOD *meth); +\& void RSA_set_default_method(const RSA_METHOD *meth); .Ve .Vb 1 \& RSA_METHOD *RSA_get_default_method(void); .Ve .Vb 1 -\& RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth); +\& int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); .Ve .Vb 1 -\& RSA_METHOD *RSA_get_method(RSA *rsa); +\& RSA_METHOD *RSA_get_method(const RSA *rsa); .Ve .Vb 1 \& RSA_METHOD *RSA_PKCS1_SSLeay(void); .Ve .Vb 1 -\& RSA_METHOD *RSA_PKCS1_RSAref(void); -.Ve -.Vb 1 \& RSA_METHOD *RSA_null_method(void); .Ve .Vb 1 -\& int RSA_flags(RSA *rsa); +\& int RSA_flags(const RSA *rsa); .Ve .Vb 1 \& RSA *RSA_new_method(RSA_METHOD *method); @@ -179,32 +176,45 @@ RSA_null_method, RSA_flags, RSA_new_method \- select \s-1RSA\s0 method .SH "DESCRIPTION" .IX Header "DESCRIPTION" An \fB\s-1RSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1RSA\s0 -operations. By modifying the method, alternative implementations -such as hardware accelerators may be used. -.PP -Initially, the default is to use the OpenSSL internal implementation, -unless OpenSSL was configured with the \f(CW\*(C`rsaref\*(C'\fR or \f(CW\*(C`\-DRSA_NULL\*(C'\fR -options. \fIRSA_PKCS1_SSLeay()\fR returns a pointer to that method. +operations. By modifying the method, alternative implementations such as +hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for +important information about how these \s-1RSA\s0 \s-1API\s0 functions are affected by the +use of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. .PP -\&\fIRSA_PKCS1_RSAref()\fR returns a pointer to a method that uses the RSAref -library. This is the default method in the \f(CW\*(C`rsaref\*(C'\fR configuration; -the function is not available in other configurations. -\&\fIRSA_null_method()\fR returns a pointer to a method that does not support -the \s-1RSA\s0 transformation. It is the default if OpenSSL is compiled with -\&\f(CW\*(C`\-DRSA_NULL\*(C'\fR. These methods may be useful in the \s-1USA\s0 because of a -patent on the \s-1RSA\s0 cryptosystem. +Initially, the default \s-1RSA_METHOD\s0 is the OpenSSL internal implementation, +as returned by \fIRSA_PKCS1_SSLeay()\fR. .PP -\&\fIRSA_set_default_method()\fR makes \fBmeth\fR the default method for all \fB\s-1RSA\s0\fR -structures created later. +\&\fIRSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1RSA\s0 +structures created later. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has +been set as a default for \s-1RSA\s0, so this function is no longer recommended. .PP \&\fIRSA_get_default_method()\fR returns a pointer to the current default -method. +\&\s-1RSA_METHOD\s0. However, the meaningfulness of this result is dependant on +whether the \s-1ENGINE\s0 \s-1API\s0 is being used, so this function is no longer +recommended. .PP -\&\fIRSA_set_method()\fR selects \fBmeth\fR for all operations using the key -\&\fBrsa\fR. +\&\fIRSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key +\&\fBrsa\fR. This will replace the \s-1RSA_METHOD\s0 used by the \s-1RSA\s0 key and if the +previous method was supplied by an \s-1ENGINE\s0, the handle to that \s-1ENGINE\s0 will +be released during the change. It is possible to have \s-1RSA\s0 keys that only +work with certain \s-1RSA_METHOD\s0 implementations (eg. from an \s-1ENGINE\s0 module +that supports embedded hardware-protected keys), and in such cases +attempting to change the \s-1RSA_METHOD\s0 for the key can have unexpected +results. .PP -\&\fIRSA_get_method()\fR returns a pointer to the method currently selected -for \fBrsa\fR. +\&\fIRSA_get_method()\fR returns a pointer to the \s-1RSA_METHOD\s0 being used by \fBrsa\fR. +This method may or may not be supplied by an \s-1ENGINE\s0 implementation, but if +it is, the return value can only be guaranteed to be valid as long as the +\&\s-1RSA\s0 key itself is valid and does not have its implementation changed by +\&\fIRSA_set_method()\fR. +.PP +\&\fIRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current +\&\s-1RSA_METHOD\s0. See the \s-1BUGS\s0 section. +.PP +\&\fIRSA_new_method()\fR allocates and initializes an \s-1RSA\s0 structure so that +\&\fBengine\fR will be used for the \s-1RSA\s0 operations. If \fBengine\fR is \s-1NULL\s0, the +default \s-1ENGINE\s0 for \s-1RSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, +the \s-1RSA_METHOD\s0 controlled by \fIRSA_set_default_method()\fR is used. .PP \&\fIRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current method. .PP @@ -288,18 +298,42 @@ the default method is used. .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRSA_PKCS1_SSLeay()\fR, \fIRSA_PKCS1_RSAref()\fR, \fIRSA_PKCS1_null_method()\fR, -\&\fIRSA_get_default_method()\fR and \fIRSA_get_method()\fR return pointers to the -respective \fB\s-1RSA_METHOD\s0\fRs. +\&\fIRSA_PKCS1_SSLeay()\fR, \fIRSA_PKCS1_null_method()\fR, \fIRSA_get_default_method()\fR +and \fIRSA_get_method()\fR return pointers to the respective RSA_METHODs. .PP \&\fIRSA_set_default_method()\fR returns no value. .PP -\&\fIRSA_set_method()\fR returns a pointer to the \fB\s-1RSA_METHOD\s0\fR previously -associated with \fBrsa\fR. +\&\fIRSA_set_method()\fR returns a pointer to the old \s-1RSA_METHOD\s0 implementation +that was replaced. However, this return value should probably be ignored +because if it was supplied by an \s-1ENGINE\s0, the pointer could be invalidated +at any time if the \s-1ENGINE\s0 is unloaded (in fact it could be unloaded as a +result of the \fIRSA_set_method()\fR function releasing its handle to the +\&\s-1ENGINE\s0). For this reason, the return type may be replaced with a \fBvoid\fR +declaration in a future release. .PP -\&\fIRSA_new_method()\fR returns \fB\s-1NULL\s0\fR and sets an error code that can be -obtained by ERR_get_error(3) if the allocation fails. Otherwise it -returns a pointer to the newly allocated structure. +\&\fIRSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained +by ERR_get_error(3) if the allocation fails. Otherwise +it returns a pointer to the newly allocated structure. +.SH "NOTES" +.IX Header "NOTES" +As of version 0.9.7, \s-1RSA_METHOD\s0 implementations are grouped together with +other algorithmic APIs (eg. \s-1DSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) into \fB\s-1ENGINE\s0\fR +modules. If a default \s-1ENGINE\s0 is specified for \s-1RSA\s0 functionality using an +\&\s-1ENGINE\s0 \s-1API\s0 function, that will override any \s-1RSA\s0 defaults set using the \s-1RSA\s0 +\&\s-1API\s0 (ie. \fIRSA_set_default_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the +recommended way to control default implementations for use in \s-1RSA\s0 and other +cryptographic algorithms. +.SH "BUGS" +.IX Header "BUGS" +The behaviour of \fIRSA_flags()\fR is a mis-feature that is left as-is for now +to avoid creating compatibility problems. \s-1RSA\s0 functionality, such as the +encryption functions, are controlled by the \fBflags\fR value in the \s-1RSA\s0 key +itself, not by the \fBflags\fR value in the \s-1RSA_METHOD\s0 attached to the \s-1RSA\s0 key +(which is what this function returns). If the flags element of an \s-1RSA\s0 key +is changed, the changes will be honoured by \s-1RSA\s0 functionality but will not +be reflected in the return value of the \fIRSA_flags()\fR function \- in effect +\&\fIRSA_flags()\fR behaves more like an \fIRSA_default_flags()\fR function (which does +not currently exist). .SH "SEE ALSO" .IX Header "SEE ALSO" rsa(3), RSA_new(3) @@ -309,3 +343,14 @@ rsa(3), RSA_new(3) \&\fIRSA_get_default_method()\fR, \fIRSA_set_method()\fR and \fIRSA_get_method()\fR as well as the rsa_sign and rsa_verify components of \s-1RSA_METHOD\s0 were added in OpenSSL 0.9.4. +.PP +\&\fIRSA_set_default_openssl_method()\fR and \fIRSA_get_default_openssl_method()\fR +replaced \fIRSA_set_default_method()\fR and \fIRSA_get_default_method()\fR +respectively, and \fIRSA_set_method()\fR and \fIRSA_new_method()\fR were altered to use +\&\fB\s-1ENGINE\s0\fRs rather than \fB\s-1RSA_METHOD\s0\fRs during development of the engine +version of OpenSSL 0.9.6. For 0.9.7, the handling of defaults in the \s-1ENGINE\s0 +\&\s-1API\s0 was restructured so that this change was reversed, and behaviour of the +other functions resembled more closely the previous behaviour. The +behaviour of defaults in the \s-1ENGINE\s0 \s-1API\s0 now transparently overrides the +behaviour of defaults in the \s-1RSA\s0 \s-1API\s0 without requiring changing these +function prototypes. diff --git a/secure/lib/libcrypto/man/RSA_sign.3 b/secure/lib/libcrypto/man/RSA_sign.3 index 7698a4abd044..b4251d7b4376 100644 --- a/secure/lib/libcrypto/man/RSA_sign.3 +++ b/secure/lib/libcrypto/man/RSA_sign.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:55 2002 +.\" Mon Jan 13 19:28:41 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RSA_sign 3" -.TH RSA_sign 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH RSA_sign 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_sign, RSA_verify \- \s-1RSA\s0 signatures @@ -187,8 +187,8 @@ for compatibility with SSLeay 0.4.5 :\-) \&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0 .SH "SEE ALSO" .IX Header "SEE ALSO" -err(3), objects(3), rsa(3), -RSA_private_encrypt(3), +ERR_get_error(3), objects(3), +rsa(3), RSA_private_encrypt(3), RSA_public_decrypt(3) .SH "HISTORY" .IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 index 978dfa9ce6a0..326b0a9936e8 100644 --- a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 +++ b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:55 2002 +.\" Mon Jan 13 19:28:43 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RSA_sign_ASN1_OCTET_STRING 3" -.TH RSA_sign_ASN1_OCTET_STRING 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH RSA_sign_ASN1_OCTET_STRING 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING \- \s-1RSA\s0 signatures @@ -185,8 +185,8 @@ The error codes can be obtained by ERR_get_error(3). These functions serve no recognizable purpose. .SH "SEE ALSO" .IX Header "SEE ALSO" -err(3), objects(3), rand(3), -rsa(3), RSA_sign(3), +ERR_get_error(3), objects(3), +rand(3), rsa(3), RSA_sign(3), RSA_verify(3) .SH "HISTORY" .IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/RSA_size.3 b/secure/lib/libcrypto/man/RSA_size.3 index 4c195b81b242..4c7dbee6d0e5 100644 --- a/secure/lib/libcrypto/man/RSA_size.3 +++ b/secure/lib/libcrypto/man/RSA_size.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:56 2002 +.\" Mon Jan 13 19:28:44 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RSA_size 3" -.TH RSA_size 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH RSA_size 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_size \- get \s-1RSA\s0 modulus size @@ -148,7 +148,7 @@ RSA_size \- get \s-1RSA\s0 modulus size \& #include <openssl/rsa.h> .Ve .Vb 1 -\& int RSA_size(RSA *rsa); +\& int RSA_size(const RSA *rsa); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3 b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 index 0d9466492091..e4827252fb92 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3 +++ b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:29 2002 +.\" Mon Jan 13 19:28:45 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,58 +137,68 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "SSL_CTX_set_timeout 3" -.TH SSL_CTX_set_timeout 3 "0.9.6e" "2002-01-26" "OpenSSL" +.IX Title "SMIME_read_PKCS7 3" +.TH SMIME_read_PKCS7 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -SSL_CTX_set_timeout, SSL_CTX_get_timeout \- manipulate timeout values for session caching +SMIME_read_PKCS7 \- parse S/MIME message. .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 2 -\& long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); -\& long SSL_CTX_get_timeout(SSL_CTX *ctx); -.Ve +\&\s-1PKCS7\s0 *SMIME_read_PKCS7(\s-1BIO\s0 *in, \s-1BIO\s0 **bcont); .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_timeout()\fR sets the timeout for newly created sessions for -\&\fBctx\fR to \fBt\fR. The timeout value \fBt\fR must be given in seconds. +\&\fISMIME_read_PKCS7()\fR parses a message in S/MIME format. +.PP +\&\fBin\fR is a \s-1BIO\s0 to read the message from. +.PP +If cleartext signing is used then the content is saved in +a memory bio which is written to \fB*bcont\fR, otherwise +\&\fB*bcont\fR is set to \fB\s-1NULL\s0\fR. .PP -\&\fISSL_CTX_get_timeout()\fR returns the currently set timeout value for \fBctx\fR. +The parsed PKCS#7 structure is returned or \fB\s-1NULL\s0\fR if an +error occurred. .SH "NOTES" .IX Header "NOTES" -Whenever a new session is created, it is assigned a maximum lifetime. This -lifetime is specified by storing the creation time of the session and the -timeout value valid at this time. If the actual time is later than creation -time plus timeout, the session is not reused. +If \fB*bcont\fR is not \fB\s-1NULL\s0\fR then the message is clear text +signed. \fB*bcont\fR can then be passed to \fIPKCS7_verify()\fR with +the \fB\s-1PKCS7_DETACHED\s0\fR flag set. .PP -Due to this realization, all sessions behave according to the timeout value -valid at the time of the session negotiation. Changes of the timeout value -do not affect already established sessions. +Otherwise the type of the returned structure can be determined +using \fIPKCS7_type()\fR. .PP -The expiration time of a single session can be modified using the -SSL_SESSION_get_time(3) family of functions. +To support future functionality if \fBbcont\fR is not \fB\s-1NULL\s0\fR +\&\fB*bcont\fR should be initialized to \fB\s-1NULL\s0\fR. For example: .PP -Expired sessions are removed from the internal session cache, whenever -SSL_CTX_flush_sessions(3) is called, either -directly by the application or automatically (see -SSL_CTX_set_session_cache_mode(3)) +.Vb 2 +\& BIO *cont = NULL; +\& PKCS7 *p7; +.Ve +.Vb 1 +\& p7 = SMIME_read_PKCS7(in, &cont); +.Ve +.SH "BUGS" +.IX Header "BUGS" +The \s-1MIME\s0 parser used by \fISMIME_read_PKCS7()\fR is somewhat primitive. +While it will handle most S/MIME messages more complex compound +formats may not work. +.PP +The parser assumes that the \s-1PKCS7\s0 structure is always base64 +encoded and will not handle the case where it is in binary format +or uses quoted printable format. .PP -The default value for session timeout is decided on a per protocol -basis, see SSL_get_default_timeout(3). -All currently supported protocols have the same default timeout value -of 300 seconds. +The use of a memory \s-1BIO\s0 to hold the signed content limits the size +of message which can be processed due to memory restraints: a +streaming single pass option should be available. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_timeout()\fR returns the previously set timeout value. -.PP -\&\fISSL_CTX_get_timeout()\fR returns the currently set timeout value. +\&\fISMIME_read_PKCS7()\fR returns a valid \fB\s-1PKCS7\s0\fR structure or \fB\s-1NULL\s0\fR +is an error occurred. The error can be obtained from \fIERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -SSL_CTX_set_session_cache_mode(3), -SSL_SESSION_get_time(3), -SSL_CTX_flush_sessions(3), -SSL_get_default_timeout(3) +ERR_get_error(3), PKCS7_type(3) +SMIME_read_PKCS7(3), PKCS7_sign(3), +PKCS7_verify(3), PKCS7_encrypt(3) +PKCS7_decrypt(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fISMIME_read_PKCS7()\fR was added to OpenSSL 0.9.5 diff --git a/secure/lib/libcrypto/man/SSL_get_verify_result.3 b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 index 86762cabacea..99eafe72b97d 100644 --- a/secure/lib/libcrypto/man/SSL_get_verify_result.3 +++ b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:46 2002 +.\" Mon Jan 13 19:28:46 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,49 +137,53 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "SSL_get_verify_result 3" -.TH SSL_get_verify_result 3 "0.9.6e" "2001-05-19" "OpenSSL" +.IX Title "SMIME_write_PKCS7 3" +.TH SMIME_write_PKCS7 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -SSL_get_verify_result \- get result of peer certificate verification +SMIME_write_PKCS7 \- convert PKCS#7 structure to S/MIME format. .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 1 -\& long SSL_get_verify_result(SSL *ssl); -.Ve +int SMIME_write_PKCS7(\s-1BIO\s0 *out, \s-1PKCS7\s0 *p7, \s-1BIO\s0 *data, int flags); .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_verify_result()\fR returns the result of the verification of the -X509 certificate presented by the peer, if any. +\&\fISMIME_write_PKCS7()\fR adds the appropriate \s-1MIME\s0 headers to a PKCS#7 +structure to produce an S/MIME message. +.PP +\&\fBout\fR is the \s-1BIO\s0 to write the data to. \fBp7\fR is the appropriate +\&\fB\s-1PKCS7\s0\fR structure. If cleartext signing (\fBmultipart/signed\fR) is +being used then the signed data must be supplied in the \fBdata\fR +argument. \fBflags\fR is an optional set of flags. .SH "NOTES" .IX Header "NOTES" -\&\fISSL_get_verify_result()\fR can only return one error code while the verification -of a certificate can fail because of many reasons at the same time. Only -the last verification error that occurred during the processing is available -from \fISSL_get_verify_result()\fR. +The following flags can be passed in the \fBflags\fR parameter. +.PP +If \fB\s-1PKCS7_DETACHED\s0\fR is set then cleartext signing will be used, +this option only makes sense for signedData where \fB\s-1PKCS7_DETACHED\s0\fR +is also set when \fIPKCS7_sign()\fR is also called. .PP -The verification result is part of the established session and is restored -when a session is reused. +If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR +are added to the content, this only makes sense if \fB\s-1PKCS7_DETACHED\s0\fR +is also set. +.PP +If cleartext signing is being used then the data must be read twice: +once to compute the signature in \fIPKCS7_sign()\fR and once to output the +S/MIME message. .SH "BUGS" .IX Header "BUGS" -If no peer certificate was presented, the returned result code is -X509_V_OK. This is because no verification error occurred, it does however -not indicate success. \fISSL_get_verify_result()\fR is only useful in connection -with SSL_get_peer_certificate(3). +\&\fISMIME_write_PKCS7()\fR always base64 encodes PKCS#7 structures, there +should be an option to disable this. +.PP +There should really be a way to produce cleartext signing using only +a single pass of the data. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The following return values can currently occur: -.Ip "X509_V_OK" 4 -.IX Item "X509_V_OK" -The verification succeeded or no peer certificate was presented. -.Ip "Any other value" 4 -.IX Item "Any other value" -Documented in verify(1). +\&\fISMIME_write_PKCS7()\fR returns 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_set_verify_result(3), -SSL_get_peer_certificate(3), -verify(1) +ERR_get_error(3), PKCS7_sign(3), +PKCS7_verify(3), PKCS7_encrypt(3) +PKCS7_decrypt(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fISMIME_write_PKCS7()\fR was added to OpenSSL 0.9.5 diff --git a/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3 b/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3 deleted file mode 100644 index 2f25fb8b3955..000000000000 --- a/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3 +++ /dev/null @@ -1,236 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:12 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_CIPHER_get_name 3" -.TH SSL_CIPHER_get_name 3 "0.9.6e" "2001-05-19" "OpenSSL" -.UC -.SH "NAME" -SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description \- get \s-1SSL_CIPHER\s0 properties -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 4 -\& const char *SSL_CIPHER_get_name(SSL_CIPHER *cipher); -\& int SSL_CIPHER_get_bits(SSL_CIPHER *cipher, int *alg_bits); -\& char *SSL_CIPHER_get_version(SSL_CIPHER *cipher); -\& char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int size); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_CIPHER_get_name()\fR returns a pointer to the name of \fBcipher\fR. If the -argument is the \s-1NULL\s0 pointer, a pointer to the constant value \*(L"\s-1NONE\s0\*(R" is -returned. -.PP -\&\fISSL_CIPHER_get_bits()\fR returns the number of secret bits used for \fBcipher\fR. If -\&\fBalg_bits\fR is not \s-1NULL\s0, it contains the number of bits processed by the -chosen algorithm. If \fBcipher\fR is \s-1NULL\s0, 0 is returned. -.PP -\&\fISSL_CIPHER_get_version()\fR returns the protocol version for \fBcipher\fR, currently -\&\*(L"SSLv2\*(R", \*(L"SSLv3\*(R", or \*(L"TLSv1\*(R". If \fBcipher\fR is \s-1NULL\s0, \*(L"(\s-1NONE\s0)\*(R" is returned. -.PP -\&\fISSL_CIPHER_description()\fR returns a textual description of the cipher used -into the buffer \fBbuf\fR of length \fBlen\fR provided. \fBlen\fR must be at least -128 bytes, otherwise a pointer to the the string \*(L"Buffer too small\*(R" is -returned. If \fBbuf\fR is \s-1NULL\s0, a buffer of 128 bytes is allocated using -\&\fIOPENSSL_malloc()\fR. If the allocation fails, a pointer to the string -\&\*(L"OPENSSL_malloc Error\*(R" is returned. -.SH "NOTES" -.IX Header "NOTES" -The number of bits processed can be different from the secret bits. An -export cipher like e.g. \s-1EXP-RC4\-MD5\s0 has only 40 secret bits. The algorithm -does use the full 128 bits (which would be returned for \fBalg_bits\fR), of -which however 88bits are fixed. The search space is hence only 40 bits. -.PP -The string returned by \fISSL_CIPHER_description()\fR in case of success consists -of cleartext information separated by one or more blanks in the following -sequence: -.Ip "<ciphername>" 4 -.IX Item "<ciphername>" -Textual representation of the cipher name. -.Ip "<protocol version>" 4 -.IX Item "<protocol version>" -Protocol version: \fBSSLv2\fR, \fBSSLv3\fR. The TLSv1 ciphers are flagged with SSLv3. -.Ip "Kx=<key exchange>" 4 -.IX Item "Kx=<key exchange>" -Key exchange method: \fB\s-1RSA\s0\fR (for export ciphers as \fBRSA(512)\fR or -\&\fBRSA(1024)\fR), \fB\s-1DH\s0\fR (for export ciphers as \fBDH(512)\fR or \fBDH(1024)\fR), -\&\fB\s-1DH/RSA\s0\fR, \fB\s-1DH/DSS\s0\fR, \fBFortezza\fR. -.Ip "Au=<authentication>" 4 -.IX Item "Au=<authentication>" -Authentication method: \fB\s-1RSA\s0\fR, \fB\s-1DSS\s0\fR, \fB\s-1DH\s0\fR, \fBNone\fR. None is the -representation of anonymous ciphers. -.Ip "Enc=<symmetric encryption method>" 4 -.IX Item "Enc=<symmetric encryption method>" -Encryption method with number of secret bits: \fBDES(40)\fR, \fBDES(56)\fR, -\&\fB3DES(168)\fR, \fBRC4(40)\fR, \fBRC4(56)\fR, \fBRC4(64)\fR, \fBRC4(128)\fR, -\&\fBRC2(40)\fR, \fBRC2(56)\fR, \fBRC2(128)\fR, \fBIDEA(128)\fR, \fBFortezza\fR, \fBNone\fR. -.Ip "Mac=<message authentication code>" 4 -.IX Item "Mac=<message authentication code>" -Message digest: \fB\s-1MD5\s0\fR, \fB\s-1SHA1\s0\fR. -.Ip "<export flag>" 4 -.IX Item "<export flag>" -If the cipher is flagged exportable with respect to old \s-1US\s0 crypto -regulations, the word "\fBexport\fR" is printed. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Some examples for the output of \fISSL_CIPHER_description()\fR: -.PP -.Vb 4 -\& EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 -\& EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1 -\& RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 -\& EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export -.Ve -.SH "BUGS" -.IX Header "BUGS" -If \fISSL_CIPHER_description()\fR is called with \fBcipher\fR being \s-1NULL\s0, the -library crashes. -.PP -If \fISSL_CIPHER_description()\fR cannot handle a built-in cipher, the according -description of the cipher property is \fBunknown\fR. This case should not -occur. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -See \s-1DESCRIPTION\s0 -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3), SSL_get_current_cipher(3), -SSL_get_ciphers(3), ciphers(1) diff --git a/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3 b/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3 deleted file mode 100644 index df9c0a0bea29..000000000000 --- a/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3 +++ /dev/null @@ -1,197 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:13 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_COMP_add_compression_method 3" -.TH SSL_COMP_add_compression_method 3 "0.9.6e" "2002-01-26" "OpenSSL" -.UC -.SH "NAME" -SSL_COMP_add_compression_method \- handle \s-1SSL/TLS\s0 integrated compression methods -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 1 -\& int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_COMP_add_compression_method()\fR adds the compression method \fBcm\fR with -the identifier \fBid\fR to the list of available compression methods. This -list is globally maintained for all \s-1SSL\s0 operations within this application. -It cannot be set for specific \s-1SSL_CTX\s0 or \s-1SSL\s0 objects. -.SH "NOTES" -.IX Header "NOTES" -The \s-1TLS\s0 standard (or SSLv3) allows the integration of compression methods -into the communication. The \s-1TLS\s0 \s-1RFC\s0 does however not specify compression -methods or their corresponding identifiers, so there is currently no compatible -way to integrate compression with unknown peers. It is therefore currently not -recommended to integrate compression into applications. Applications for -non-public use may agree on certain compression methods. Using different -compression methods with the same identifier will lead to connection failure. -.PP -An OpenSSL client speaking a protocol that allows compression (SSLv3, TLSv1) -will unconditionally send the list of all compression methods enabled with -\&\fISSL_COMP_add_compression_method()\fR to the server during the handshake. -Unlike the mechanisms to set a cipher list, there is no method available to -restrict the list of compression method on a per connection basis. -.PP -An OpenSSL server will match the identifiers listed by a client against -its own compression methods and will unconditionally activate compression -when a matching identifier is found. There is no way to restrict the list -of compression methods supported on a per connection basis. -.PP -The OpenSSL library has the compression methods \fB\f(BICOMP_rle()\fB\fR and (when -especially enabled during compilation) \fB\f(BICOMP_zlib()\fB\fR available. -.SH "WARNINGS" -.IX Header "WARNINGS" -Once the identities of the compression methods for the \s-1TLS\s0 protocol have -been standardized, the compression \s-1API\s0 will most likely be changed. Using -it in the current state is not recommended. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fISSL_COMP_add_compression_method()\fR may return the following values: -.Ip "1" 4 -.IX Item "1" -The operation succeeded. -.Ip "0" 4 -The operation failed. Check the error queue to find out the reason. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3 b/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3 deleted file mode 100644 index 6fe189feeffb..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3 +++ /dev/null @@ -1,174 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:14 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_CTX_add_extra_chain_cert 3" -.TH SSL_CTX_add_extra_chain_cert 3 "0.9.6e" "2002-07-30" "OpenSSL" -.UC -.SH "NAME" -SSL_CTX_add_extra_chain_cert \- add certificate to chain -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 1 -\& long SSL_CTX_add_extra_chain_cert(SSL_CTX ctx, X509 *x509) -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_CTX_add_extra_chain_cert()\fR adds the certificate \fBx509\fR to the certificate -chain presented together with the certificate. Several certificates -can be added one after the other. -.SH "NOTES" -.IX Header "NOTES" -When constructing the certificate chain, the chain will be formed from -these certificates explicitly specified. If no chain is specified, -the library will try to complete the chain from the available \s-1CA\s0 -certificates in the trusted \s-1CA\s0 storage, see -SSL_CTX_load_verify_locations(3). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fISSL_CTX_add_extra_chain_cert()\fR returns 1 on success. Check out the -error stack to find out the reason for failure otherwise. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3), -SSL_CTX_use_certificate(3), -SSL_CTX_set_client_cert_cb(3), -SSL_CTX_load_verify_locations(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_ctrl.3 b/secure/lib/libcrypto/man/SSL_CTX_ctrl.3 deleted file mode 100644 index 58fb3743a2d3..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_ctrl.3 +++ /dev/null @@ -1,171 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:15 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_CTX_ctrl 3" -.TH SSL_CTX_ctrl 3 "0.9.6e" "2002-01-26" "OpenSSL" -.UC -.SH "NAME" -SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl \- internal handling functions for \s-1SSL_CTX\s0 and \s-1SSL\s0 objects -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 2 -\& long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg); -\& long SSL_CTX_callback_ctrl(SSL_CTX *, int cmd, void (*fp)()); -.Ve -.Vb 2 -\& long SSL_ctrl(SSL *ssl, int cmd, long larg, char *parg); -\& long SSL_callback_ctrl(SSL *, int cmd, void (*fp)()); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The SSL_*\fI_ctrl()\fR family of functions is used to manipulate settings of -the \s-1SSL_CTX\s0 and \s-1SSL\s0 objects. Depending on the command \fBcmd\fR the arguments -\&\fBlarg\fR, \fBparg\fR, or \fBfp\fR are evaluated. These functions should never -be called directly. All functionalities needed are made available via -other functions or macros. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The return values of the SSL*\fI_ctrl()\fR functions depend on the command -supplied via the \fBcmd\fR parameter. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3 b/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3 deleted file mode 100644 index 07740f0cc688..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3 +++ /dev/null @@ -1,185 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:15 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_CTX_flush_sessions 3" -.TH SSL_CTX_flush_sessions 3 "0.9.6e" "2001-02-17" "OpenSSL" -.UC -.SH "NAME" -SSL_CTX_flush_sessions, SSL_flush_sessions \- remove expired sessions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 2 -\& void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); -\& void SSL_flush_sessions(SSL_CTX *ctx, long tm); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_CTX_flush_sessions()\fR causes a run through the session cache of -\&\fBctx\fR to remove sessions expired at time \fBtm\fR. -.PP -\&\fISSL_flush_sessions()\fR is a synonym for \fISSL_CTX_flush_sessions()\fR. -.SH "NOTES" -.IX Header "NOTES" -If enabled, the internal session cache will collect all sessions established -up to the specified maximum number (see \fISSL_CTX_sess_set_cache_size()\fR). -As sessions will not be reused ones they are expired, they should be -removed from the cache to save resources. This can either be done - automatically whenever 255 new sessions were established (see -SSL_CTX_set_session_cache_mode(3)) -or manually by calling \fISSL_CTX_flush_sessions()\fR. -.PP -The parameter \fBtm\fR specifies the time which should be used for the -expiration test, in most cases the actual time given by \fItime\fR\|(0) -will be used. -.PP -\&\fISSL_CTX_flush_sessions()\fR will only check sessions stored in the internal -cache. When a session is found and removed, the remove_session_cb is however -called to synchronize with the external cache (see -SSL_CTX_sess_set_get_cb(3)). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3), -SSL_CTX_set_session_cache_mode(3), -SSL_CTX_set_timeout(3), -SSL_CTX_sess_set_get_cb(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_get_ex_new_index.3 b/secure/lib/libcrypto/man/SSL_CTX_get_ex_new_index.3 deleted file mode 100644 index 1d5ee3ca8aa3..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_get_ex_new_index.3 +++ /dev/null @@ -1,193 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:17 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_CTX_get_ex_new_index 3" -.TH SSL_CTX_get_ex_new_index 3 "0.9.6e" "2001-07-19" "OpenSSL" -.UC -.SH "NAME" -SSL_CTX_get_ex_new_index, SSL_CTX_set_ex_data, SSL_CTX_get_ex_data \- internal application specific data functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 4 -\& int SSL_CTX_get_ex_new_index(long argl, void *argp, -\& CRYPTO_EX_new *new_func, -\& CRYPTO_EX_dup *dup_func, -\& CRYPTO_EX_free *free_func); -.Ve -.Vb 1 -\& int SSL_CTX_set_ex_data(SSL_CTX *ctx, int idx, void *arg); -.Ve -.Vb 1 -\& void *SSL_CTX_get_ex_data(SSL_CTX *ctx, int idx); -.Ve -.Vb 6 -\& typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, -\& int idx, long argl, void *argp); -\& typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, -\& int idx, long argl, void *argp); -\& typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, -\& int idx, long argl, void *argp); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -Several OpenSSL structures can have application specific data attached to them. -These functions are used internally by OpenSSL to manipulate application -specific data attached to a specific structure. -.PP -\&\fISSL_CTX_get_ex_new_index()\fR is used to register a new index for application -specific data. -.PP -\&\fISSL_CTX_set_ex_data()\fR is used to store application data at \fBarg\fR for \fBidx\fR -into the \fBctx\fR object. -.PP -\&\fISSL_CTX_get_ex_data()\fR is used to retrieve the information for \fBidx\fR from -\&\fBctx\fR. -.PP -A detailed description for the \fB*\f(BI_get_ex_new_index()\fB\fR functionality -can be found in RSA_get_ex_new_index(3). -The \fB*\f(BI_get_ex_data()\fB\fR and \fB*\f(BI_set_ex_data()\fB\fR functionality is described in -CRYPTO_set_ex_data(3). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3), -RSA_get_ex_new_index(3), -CRYPTO_set_ex_data(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3 b/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3 deleted file mode 100644 index b4ffd9267ad9..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3 +++ /dev/null @@ -1,186 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:17 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_CTX_get_verify_mode 3" -.TH SSL_CTX_get_verify_mode 3 "0.9.6e" "2001-02-17" "OpenSSL" -.UC -.SH "NAME" -SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_verify_depth, SSL_get_verify_callback, SSL_CTX_get_verify_callback \- get currently set verification parameters -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 6 -\& int SSL_CTX_get_verify_mode(SSL_CTX *ctx); -\& int SSL_get_verify_mode(SSL *ssl); -\& int SSL_CTX_get_verify_depth(SSL_CTX *ctx); -\& int SSL_get_verify_depth(SSL *ssl); -\& int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int, X509_STORE_CTX *); -\& int (*SSL_get_verify_callback(SSL *ssl))(int, X509_STORE_CTX *); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_CTX_get_verify_mode()\fR returns the verification mode currently set in -\&\fBctx\fR. -.PP -\&\fISSL_get_verify_mode()\fR returns the verification mode currently set in -\&\fBssl\fR. -.PP -\&\fISSL_CTX_get_verify_depth()\fR returns the verification depth limit currently set -in \fBctx\fR. If no limit has been explicitly set, \-1 is returned and the -default value will be used. -.PP -\&\fISSL_get_verify_depth()\fR returns the verification depth limit currently set -in \fBssl\fR. If no limit has been explicitly set, \-1 is returned and the -default value will be used. -.PP -\&\fISSL_CTX_get_verify_callback()\fR returns a function pointer to the verification -callback currently set in \fBctx\fR. If no callback was explicitly set, the -\&\s-1NULL\s0 pointer is returned and the default callback will be used. -.PP -\&\fISSL_get_verify_callback()\fR returns a function pointer to the verification -callback currently set in \fBssl\fR. If no callback was explicitly set, the -\&\s-1NULL\s0 pointer is returned and the default callback will be used. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -See \s-1DESCRIPTION\s0 -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3), SSL_CTX_set_verify(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3 b/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3 deleted file mode 100644 index 61ccfea84ab5..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3 +++ /dev/null @@ -1,254 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:18 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_CTX_load_verify_locations 3" -.TH SSL_CTX_load_verify_locations 3 "0.9.6e" "2002-01-26" "OpenSSL" -.UC -.SH "NAME" -SSL_CTX_load_verify_locations \- set default locations for trusted \s-1CA\s0 -certificates -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 2 -\& int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, -\& const char *CApath); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_CTX_load_verify_locations()\fR specifies the locations for \fBctx\fR, at -which \s-1CA\s0 certificates for verification purposes are located. The certificates -available via \fBCAfile\fR and \fBCApath\fR are trusted. -.SH "NOTES" -.IX Header "NOTES" -If \fBCAfile\fR is not \s-1NULL\s0, it points to a file of \s-1CA\s0 certificates in \s-1PEM\s0 -format. The file can contain several \s-1CA\s0 certificates identified by -.PP -.Vb 3 -\& -----BEGIN CERTIFICATE----- -\& ... (CA certificate in base64 encoding) ... -\& -----END CERTIFICATE----- -.Ve -sequences. Before, between, and after the certificates text is allowed -which can be used e.g. for descriptions of the certificates. -.PP -The \fBCAfile\fR is processed on execution of the \fISSL_CTX_load_verify_locations()\fR -function. -.PP -If \fBCApath\fR is not \s-1NULL\s0, it points to a directory containing \s-1CA\s0 certificates -in \s-1PEM\s0 format. The files each contain one \s-1CA\s0 certificate. The files are -looked up by the \s-1CA\s0 subject name hash value, which must hence be available. -If more than one \s-1CA\s0 certificate with the same name hash value exist, the -extension must be different (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search -is performed in the ordering of the extension number, regardless of other -properties of the certificates. -Use the \fBc_rehash\fR utility to create the necessary links. -.PP -The certificates in \fBCApath\fR are only looked up when required, e.g. when -building the certificate chain or when actually performing the verification -of a peer certificate. -.PP -When looking up \s-1CA\s0 certificates, the OpenSSL library will first search the -certificates in \fBCAfile\fR, then those in \fBCApath\fR. Certificate matching -is done based on the subject name, the key identifier (if present), and the -serial number as taken from the certificate to be verified. If these data -do not match, the next certificate will be tried. If a first certificate -matching the parameters is found, the verification process will be performed; -no other certificates for the same parameters will be searched in case of -failure. -.PP -In server mode, when requesting a client certificate, the server must send -the list of CAs of which it will accept client certificates. This list -is not influenced by the contents of \fBCAfile\fR or \fBCApath\fR and must -explicitly be set using the -SSL_CTX_set_client_CA_list(3) -family of functions. -.PP -When building its own certificate chain, an OpenSSL client/server will -try to fill in missing certificates from \fBCAfile\fR/\fBCApath\fR, if the -certificate chain was not explicitly specified (see -SSL_CTX_add_extra_chain_cert(3), -SSL_CTX_use_certificate(3). -.SH "WARNINGS" -.IX Header "WARNINGS" -If several \s-1CA\s0 certificates matching the name, key identifier, and serial -number condition are available, only the first one will be examined. This -may lead to unexpected results if the same \s-1CA\s0 certificate is available -with different expiration dates. If a \*(L"certificate expired\*(R" verification -error occurs, no other certificate will be searched. Make sure to not -have expired certificates mixed with valid ones. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Generate a \s-1CA\s0 certificate file with descriptive text from the \s-1CA\s0 certificates -ca1.pem ca2.pem ca3.pem: -.PP -.Vb 5 -\& #!/bin/sh -\& rm CAfile.pem -\& for i in ca1.pem ca2.pem ca3.pem ; do -\& openssl x509 -in $i -text >> CAfile.pem -\& done -.Ve -Prepare the directory /some/where/certs containing several \s-1CA\s0 certificates -for use as \fBCApath\fR: -.PP -.Vb 2 -\& cd /some/where/certs -\& c_rehash . -.Ve -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.Ip "0" 4 -The operation failed because \fBCAfile\fR and \fBCApath\fR are \s-1NULL\s0 or the -processing at one of the locations specified failed. Check the error -stack to find out the reason. -.Ip "1" 4 -.IX Item "1" -The operation succeeded. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3), -SSL_CTX_set_client_CA_list(3), -SSL_get_client_CA_list(3), -SSL_CTX_use_certificate(3), -SSL_CTX_add_extra_chain_cert(3), -SSL_CTX_set_cert_store(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_new.3 b/secure/lib/libcrypto/man/SSL_CTX_new.3 deleted file mode 100644 index 9660af29d49c..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_new.3 +++ /dev/null @@ -1,215 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:18 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_CTX_new 3" -.TH SSL_CTX_new 3 "0.9.6e" "2002-01-26" "OpenSSL" -.UC -.SH "NAME" -SSL_CTX_new \- create a new \s-1SSL_CTX\s0 object as framework for \s-1TLS/SSL\s0 enabled functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 1 -\& SSL_CTX *SSL_CTX_new(SSL_METHOD *method); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_CTX_new()\fR creates a new \fB\s-1SSL_CTX\s0\fR object as framework to establish -\&\s-1TLS/SSL\s0 enabled connections. -.SH "NOTES" -.IX Header "NOTES" -The \s-1SSL_CTX\s0 object uses \fBmethod\fR as connection method. The methods exist -in a generic type (for client and server use), a server only type, and a -client only type. \fBmethod\fR can be of the following types: -.Ip "SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void)" 4 -.IX Item "SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void)" -A \s-1TLS/SSL\s0 connection established with these methods will only understand -the SSLv2 protocol. A client will send out SSLv2 client hello messages -and will also indicate that it only understand SSLv2. A server will only -understand SSLv2 client hello messages. -.Ip "SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)" 4 -.IX Item "SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)" -A \s-1TLS/SSL\s0 connection established with these methods will only understand the -SSLv3 protocol. A client will send out SSLv3 client hello messages -and will indicate that it only understands SSLv3. A server will only understand -SSLv3 client hello messages. This especially means, that it will -not understand SSLv2 client hello messages which are widely used for -compatibility reasons, see SSLv23_*\fI_method()\fR. -.Ip "TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void)" 4 -.IX Item "TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void)" -A \s-1TLS/SSL\s0 connection established with these methods will only understand the -TLSv1 protocol. A client will send out TLSv1 client hello messages -and will indicate that it only understands TLSv1. A server will only understand -TLSv1 client hello messages. This especially means, that it will -not understand SSLv2 client hello messages which are widely used for -compatibility reasons, see SSLv23_*\fI_method()\fR. It will also not understand -SSLv3 client hello messages. -.Ip "SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)" 4 -.IX Item "SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)" -A \s-1TLS/SSL\s0 connection established with these methods will understand the SSLv2, -SSLv3, and TLSv1 protocol. A client will send out SSLv2 client hello messages -and will indicate that it also understands SSLv3 and TLSv1. A server will -understand SSLv2, SSLv3, and TLSv1 client hello messages. This is the best -choice when compatibility is a concern. -.PP -The list of protocols available can later be limited using the SSL_OP_NO_SSLv2, -SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the \fB\f(BISSL_CTX_set_options()\fB\fR or -\&\fB\f(BISSL_set_options()\fB\fR functions. Using these options it is possible to choose -e.g. \fISSLv23_server_method()\fR and be able to negotiate with all possible -clients, but to only allow newer protocols like SSLv3 or TLSv1. -.PP -\&\fISSL_CTX_new()\fR initializes the list of ciphers, the session cache setting, -the callbacks, the keys and certificates, and the options to its default -values. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.Ip "\s-1NULL\s0" 4 -.IX Item "NULL" -The creation of a new \s-1SSL_CTX\s0 object failed. Check the error stack to -find out the reason. -.Ip "Pointer to an \s-1SSL_CTX\s0 object" 4 -.IX Item "Pointer to an SSL_CTX object" -The return value points to an allocated \s-1SSL_CTX\s0 object. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -SSL_CTX_free(3), SSL_accept(3), -ssl(3), SSL_set_connect_state(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_sess_number.3 b/secure/lib/libcrypto/man/SSL_CTX_sess_number.3 deleted file mode 100644 index 65efe321195a..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_sess_number.3 +++ /dev/null @@ -1,212 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:19 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_CTX_sess_number 3" -.TH SSL_CTX_sess_number 3 "0.9.6e" "2001-05-19" "OpenSSL" -.UC -.SH "NAME" -SSL_CTX_sess_number, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_sess_connect_renegotiate, SSL_CTX_sess_accept, SSL_CTX_sess_accept_good, SSL_CTX_sess_accept_renegotiate, SSL_CTX_sess_hits, SSL_CTX_sess_cb_hits, SSL_CTX_sess_misses, SSL_CTX_sess_timeouts, SSL_CTX_sess_cache_full \- obtain session cache statistics -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 12 -\& long SSL_CTX_sess_number(SSL_CTX *ctx); -\& long SSL_CTX_sess_connect(SSL_CTX *ctx); -\& long SSL_CTX_sess_connect_good(SSL_CTX *ctx); -\& long SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx); -\& long SSL_CTX_sess_accept(SSL_CTX *ctx); -\& long SSL_CTX_sess_accept_good(SSL_CTX *ctx); -\& long SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx); -\& long SSL_CTX_sess_hits(SSL_CTX *ctx); -\& long SSL_CTX_sess_cb_hits(SSL_CTX *ctx); -\& long SSL_CTX_sess_misses(SSL_CTX *ctx); -\& long SSL_CTX_sess_timeouts(SSL_CTX *ctx); -\& long SSL_CTX_sess_cache_full(SSL_CTX *ctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_CTX_sess_number()\fR returns the current number of sessions in the internal -session cache. -.PP -\&\fISSL_CTX_sess_connect()\fR returns the number of started \s-1SSL/TLS\s0 handshakes in -client mode. -.PP -\&\fISSL_CTX_sess_connect_good()\fR returns the number of successfully established -\&\s-1SSL/TLS\s0 sessions in client mode. -.PP -\&\fISSL_CTX_sess_connect_renegotiate()\fR returns the number of start renegotiations -in client mode. -.PP -\&\fISSL_CTX_sess_accept()\fR returns the number of started \s-1SSL/TLS\s0 handshakes in -server mode. -.PP -\&\fISSL_CTX_sess_accept_good()\fR returns the number of successfully established -\&\s-1SSL/TLS\s0 sessions in server mode. -.PP -\&\fISSL_CTX_sess_accept_renegotiate()\fR returns the number of start renegotiations -in server mode. -.PP -\&\fISSL_CTX_sess_hits()\fR returns the number of successfully reused sessions. -In client mode a session set with SSL_set_session(3) -successfully reused is counted as a hit. In server mode a session successfully -retrieved from internal or external cache is counted as a hit. -.PP -\&\fISSL_CTX_sess_cb_hits()\fR returns the number of successfully retrieved sessions -from the external session cache in server mode. -.PP -\&\fISSL_CTX_sess_misses()\fR returns the number of sessions proposed by clients -that were not found in the internal session cache in server mode. -.PP -\&\fISSL_CTX_sess_timeouts()\fR returns the number of sessions proposed by clients -and either found in the internal or external session cache in server mode, - but that were invalid due to timeout. These sessions are not included in -the \fISSL_CTX_sess_hits()\fR count. -.PP -\&\fISSL_CTX_sess_cache_full()\fR returns the number of sessions that were removed -because the maximum session cache size was exceeded. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The functions return the values indicated in the \s-1DESCRIPTION\s0 section. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3), SSL_set_session(3), -SSL_CTX_set_session_cache_mode(3) -SSL_CTX_sess_set_cache_size(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3 b/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3 deleted file mode 100644 index e18279144c7b..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3 +++ /dev/null @@ -1,186 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:20 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_CTX_sess_set_cache_size 3" -.TH SSL_CTX_sess_set_cache_size 3 "0.9.6e" "2002-07-30" "OpenSSL" -.UC -.SH "NAME" -SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size \- manipulate session cache size -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 2 -\& long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, long t); -\& long SSL_CTX_sess_get_cache_size(SSL_CTX *ctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_CTX_sess_set_cache_size()\fR sets the size of the internal session cache -of context \fBctx\fR to \fBt\fR. -.PP -\&\fISSL_CTX_sess_get_cache_size()\fR returns the currently valid session cache size. -.SH "NOTES" -.IX Header "NOTES" -The internal session cache size is \s-1SSL_SESSION_CACHE_MAX_SIZE_DEFAULT\s0, -currently 1024*20, so that up to 20000 sessions can be held. This size -can be modified using the \fISSL_CTX_sess_set_cache_size()\fR call. A special -case is the size 0, which is used for unlimited size. -.PP -When the maximum number of sessions is reached, no more new sessions are -added to the cache. New space may be added by calling -SSL_CTX_flush_sessions(3) to remove -expired sessions. -.PP -If the size of the session cache is reduced and more sessions are already -in the session cache, old session will be removed at the next time a -session shall be added. This removal is not synchronized with the -expiration of sessions. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fISSL_CTX_sess_set_cache_size()\fR returns the previously valid size. -.PP -\&\fISSL_CTX_sess_get_cache_size()\fR returns the currently valid size. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3), -SSL_CTX_set_session_cache_mode(3), -SSL_CTX_sess_number(3), -SSL_CTX_flush_sessions(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3 deleted file mode 100644 index c7ecde511649..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3 +++ /dev/null @@ -1,223 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:20 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_CTX_sess_set_get_cb 3" -.TH SSL_CTX_sess_set_get_cb 3 "0.9.6e" "2002-07-30" "OpenSSL" -.UC -.SH "NAME" -SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SSL_CTX_sess_get_new_cb, SSL_CTX_sess_get_remove_cb, SSL_CTX_sess_get_get_cb \- provide callback functions for server side external session caching -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 6 -\& void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, -\& int (*new_session_cb)(SSL *, SSL_SESSION *)); -\& void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, -\& void (*remove_session_cb)(SSL_CTX *ctx, SSL_SESSION *)); -\& void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, -\& SSL_SESSION (*get_session_cb)(SSL *, unsigned char *, int, int *)); -.Ve -.Vb 3 -\& int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess); -\& void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess); -\& SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *data, int len, int *copy); -.Ve -.Vb 4 -\& int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess); -\& void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess); -\& SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data, -\& int len, int *copy); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_CTX_sess_set_new_cb()\fR sets the callback function, which is automatically -called whenever a new session was negotiated. -.PP -\&\fISSL_CTX_sess_set_remove_cb()\fR sets the callback function, which is -automatically called whenever a session is removed by the \s-1SSL\s0 engine, -because it is considered faulty or the session has become obsolete because -of exceeding the timeout value. -.PP -\&\fISSL_CTX_sess_set_get_cb()\fR sets the callback function which is called, -whenever a \s-1SSL/TLS\s0 client proposed to resume a session but the session -could not be found in the internal session cache (see -SSL_CTX_set_session_cache_mode(3)). -(\s-1SSL/TLS\s0 server only.) -.PP -\&\fISSL_CTX_sess_get_new_cb()\fR, \fISSL_CTX_sess_get_remove_cb()\fR, and -\&\fISSL_CTX_sess_get_get_cb()\fR allow to retrieve the function pointers of the -provided callback functions. If a callback function has not been set, -the \s-1NULL\s0 pointer is returned. -.SH "NOTES" -.IX Header "NOTES" -In order to allow external session caching, synchronization with the internal -session cache is realized via callback functions. Inside these callback -functions, session can be saved to disk or put into a database using the -d2i_SSL_SESSION(3) interface. -.PP -The \fInew_session_cb()\fR is called, whenever a new session has been negotiated -and session caching is enabled (see -SSL_CTX_set_session_cache_mode(3)). -The \fInew_session_cb()\fR is passed the \fBssl\fR connection and the ssl session -\&\fBsess\fR. If the callback returns \fB0\fR, the session will be immediately -removed again. -.PP -The \fIremove_session_cb()\fR is called, whenever the \s-1SSL\s0 engine removes a session -from the internal cache. This happens if the session is removed because -it is expired or when a connection was not shutdown cleanly. The -\&\fIremove_session_cb()\fR is passed the \fBctx\fR and the ssl session \fBsess\fR. -It does not provide any feedback. -.PP -The \fIget_session_cb()\fR is only called on \s-1SSL/TLS\s0 servers with the session id -proposed by the client. The \fIget_session_cb()\fR is always called, also when -session caching was disabled. The \fIget_session_cb()\fR is passed the -\&\fBssl\fR connection, the session id of length \fBlength\fR at the memory location -\&\fBdata\fR. With the parameter \fBcopy\fR the callback can require the -\&\s-1SSL\s0 engine to increment the reference count of the \s-1SSL_SESSION\s0 object, -Normally the reference count is not incremented and therefore the -session must not be explicitly freed with -SSL_SESSION_free(3). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3), d2i_SSL_SESSION(3), -SSL_CTX_set_session_cache_mode(3), -SSL_CTX_flush_sessions(3), -SSL_SESSION_free(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3 b/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3 deleted file mode 100644 index 82f6f7f40f39..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3 +++ /dev/null @@ -1,192 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:21 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_CTX_set_cert_store 3" -.TH SSL_CTX_set_cert_store 3 "0.9.6e" "2002-07-30" "OpenSSL" -.UC -.SH "NAME" -SSL_CTX_set_cert_store, SSL_CTX_get_cert_store \- manipulate X509 certificate verification storage -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 2 -\& void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store); -\& X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_CTX_set_cert_store()\fR sets/replaces the certificate verification storage -of \fBctx\fR to/with \fBstore\fR. If another X509_STORE object is currently -set in \fBctx\fR, it will be \fIX509_STORE_free()\fRed. -.PP -\&\fISSL_CTX_get_cert_store()\fR returns a pointer to the current certificate -verification storage. -.SH "NOTES" -.IX Header "NOTES" -In order to verify the certificates presented by the peer, trusted \s-1CA\s0 -certificates must be accessed. These \s-1CA\s0 certificates are made available -via lookup methods, handled inside the X509_STORE. From the X509_STORE -the X509_STORE_CTX used when verifying certificates is created. -.PP -Typically the trusted certificate store is handled indirectly via using -SSL_CTX_load_verify_locations(3). -Using the \fISSL_CTX_set_cert_store()\fR and \fISSL_CTX_get_cert_store()\fR functions -it is possible to manipulate the X509_STORE object beyond the -SSL_CTX_load_verify_locations(3) -call. -.PP -Currently no detailed documentation on how to use the X509_STORE -object is available. Not all members of the X509_STORE are used when -the verification takes place. So will e.g. the \fIverify_callback()\fR be -overridden with the \fIverify_callback()\fR set via the -SSL_CTX_set_verify(3) family of functions. -This document must therefore be updated when documentation about the -X509_STORE object and its handling becomes available. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fISSL_CTX_set_cert_store()\fR does not return diagnostic output. -.PP -\&\fISSL_CTX_get_cert_store()\fR returns the current setting. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3), -SSL_CTX_load_verify_locations(3), -SSL_CTX_set_verify(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3 b/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3 deleted file mode 100644 index 96ea95304bfe..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3 +++ /dev/null @@ -1,205 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:23 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_CTX_set_cipher_list 3" -.TH SSL_CTX_set_cipher_list 3 "0.9.6e" "2002-01-26" "OpenSSL" -.UC -.SH "NAME" -SSL_CTX_set_cipher_list, SSL_set_cipher_list \- choose list of available SSL_CIPHERs -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 2 -\& int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str); -\& int SSL_set_cipher_list(SSL *ssl, const char *str); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_CTX_set_cipher_list()\fR sets the list of available ciphers for \fBctx\fR -using the control string \fBstr\fR. The format of the string is described -in ciphers(1). The list of ciphers is inherited by all -\&\fBssl\fR objects created from \fBctx\fR. -.PP -\&\fISSL_set_cipher_list()\fR sets the list of ciphers only for \fBssl\fR. -.SH "NOTES" -.IX Header "NOTES" -The control string \fBstr\fR should be universally usable and not depend -on details of the library configuration (ciphers compiled in). Thus no -syntax checking takes place. Items that are not recognized, because the -corresponding ciphers are not compiled in or because they are mistyped, -are simply ignored. Failure is only flagged if no ciphers could be collected -at all. -.PP -It should be noted, that inclusion of a cipher to be used into the list is -a necessary condition. On the client side, the inclusion into the list is -also sufficient. On the server side, additional restrictions apply. All ciphers -have additional requirements. \s-1ADH\s0 ciphers don't need a certificate, but -DH-parameters must have been set. All other ciphers need a corresponding -certificate and key. -.PP -A \s-1RSA\s0 cipher can only be chosen, when a \s-1RSA\s0 certificate is available. -\&\s-1RSA\s0 export ciphers with a keylength of 512 bits for the \s-1RSA\s0 key require -a temporary 512 bit \s-1RSA\s0 key, as typically the supplied key has a length -of 1024 bit (see -SSL_CTX_set_tmp_rsa_callback(3)). -\&\s-1RSA\s0 ciphers using \s-1EDH\s0 need a certificate and key and additional DH-parameters -(see SSL_CTX_set_tmp_dh_callback(3)). -.PP -A \s-1DSA\s0 cipher can only be chosen, when a \s-1DSA\s0 certificate is available. -\&\s-1DSA\s0 ciphers always use \s-1DH\s0 key exchange and therefore need DH-parameters -(see SSL_CTX_set_tmp_dh_callback(3)). -.PP -When these conditions are not met for any cipher in the list (e.g. a -client only supports export \s-1RSA\s0 ciphers with a asymmetric key length -of 512 bits and the server is not configured to use temporary \s-1RSA\s0 -keys), the \*(L"no shared cipher\*(R" (\s-1SSL_R_NO_SHARED_CIPHER\s0) error is generated -and the handshake will fail. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fISSL_CTX_set_cipher_list()\fR and \fISSL_set_cipher_list()\fR return 1 if any cipher -could be selected and 0 on complete failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3), SSL_get_ciphers(3), -SSL_CTX_use_certificate(3), -SSL_CTX_set_tmp_rsa_callback(3), -SSL_CTX_set_tmp_dh_callback(3), -ciphers(1) diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3 deleted file mode 100644 index a0f450f28e42..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3 +++ /dev/null @@ -1,229 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:24 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_CTX_set_client_cert_cb 3" -.TH SSL_CTX_set_client_cert_cb 3 "0.9.6e" "2002-07-30" "OpenSSL" -.UC -.SH "NAME" -SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb \- handle client certificate callback function -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 3 -\& void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); -\& int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); -\& int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_CTX_set_client_cert_cb()\fR sets the \fB\f(BIclient_cert_cb()\fB\fR callback, that is -called when a client certificate is requested by a server and no certificate -was yet set for the \s-1SSL\s0 object. -.PP -When \fB\f(BIclient_cert_cb()\fB\fR is \s-1NULL\s0, no callback function is used. -.PP -\&\fISSL_CTX_get_client_cert_cb()\fR returns a pointer to the currently set callback -function. -.PP -\&\fIclient_cert_cb()\fR is the application defined callback. If it wants to -set a certificate, a certificate/private key combination must be set -using the \fBx509\fR and \fBpkey\fR arguments and \*(L"1\*(R" must be returned. The -certificate will be installed into \fBssl\fR, see the \s-1NOTES\s0 and \s-1BUGS\s0 sections. -If no certificate should be set, \*(L"0\*(R" has to be returned and no certificate -will be sent. A negative return value will suspend the handshake and the -handshake function will return immediatly. SSL_get_error(3) -will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to indicate, that the handshake was -suspended. The next call to the handshake function will again lead to the call -of \fIclient_cert_cb()\fR. It is the job of the \fIclient_cert_cb()\fR to store information -about the state of the last call, if required to continue. -.SH "NOTES" -.IX Header "NOTES" -During a handshake (or renegotiation) a server may request a certificate -from the client. A client certificate must only be sent, when the server -did send the request. -.PP -When a certificate was set using the -SSL_CTX_use_certificate(3) family of functions, -it will be sent to the server. The \s-1TLS\s0 standard requires that only a -certificate is sent, if it matches the list of acceptable CAs sent by the -server. This constraint is violated by the default behavior of the OpenSSL -library. Using the callback function it is possible to implement a proper -selection routine or to allow a user interaction to choose the certificate to -be sent. -.PP -If a callback function is defined and no certificate was yet defined for the -\&\s-1SSL\s0 object, the callback function will be called. -If the callback function returns a certificate, the OpenSSL library -will try to load the private key and certificate data into the \s-1SSL\s0 -object using the \fISSL_use_certificate()\fR and \fISSL_use_private_key()\fR functions. -Thus it will permanently install the certificate and key for this \s-1SSL\s0 -object. It will not be reset by calling SSL_clear(3). -If the callback returns no certificate, the OpenSSL library will not send -a certificate. -.SH "BUGS" -.IX Header "BUGS" -The \fIclient_cert_cb()\fR cannot return a complete certificate chain, it can -only return one client certificate. If the chain only has a length of 2, -the root \s-1CA\s0 certificate may be omitted according to the \s-1TLS\s0 standard and -thus a standard conforming answer can be sent to the server. For a -longer chain, the client must send the complete chain (with the option -to leave out the root \s-1CA\s0 certificate). This can only be accomplished by -either adding the intermediate \s-1CA\s0 certificates into the trusted -certificate store for the \s-1SSL_CTX\s0 object (resulting in having to add -\&\s-1CA\s0 certificates that otherwise maybe would not be trusted), or by adding -the chain certificates using the -SSL_CTX_add_extra_chain_cert(3) -function, which is only available for the \s-1SSL_CTX\s0 object as a whole and that -therefore probably can only apply for one client certificate, making -the concept of the callback function (to allow the choice from several -certificates) questionable. -.PP -Once the \s-1SSL\s0 object has been used in conjunction with the callback function, -the certificate will be set for the \s-1SSL\s0 object and will not be cleared -even when SSL_clear(3) is being called. It is therefore -mandatory to destroy the \s-1SSL\s0 object using SSL_free(3) -and create a new one to return to the previous state. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3), SSL_CTX_use_certificate(3), -SSL_CTX_add_extra_chain_cert(3), -SSL_get_client_CA_list(3), -SSL_clear(3), SSL_free(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3 deleted file mode 100644 index e834e944eaa3..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3 +++ /dev/null @@ -1,284 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:25 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_CTX_set_info_callback 3" -.TH SSL_CTX_set_info_callback 3 "0.9.6e" "2002-01-26" "OpenSSL" -.UC -.SH "NAME" -SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL_get_info_callback \- handle information callback for \s-1SSL\s0 connections -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 2 -\& void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)()); -\& void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(); -.Ve -.Vb 2 -\& void SSL_set_info_callback(SSL *ssl, void (*callback)()); -\& void (*SSL_get_info_callback(SSL *ssl))(); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_CTX_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to -obtain state information for \s-1SSL\s0 objects created from \fBctx\fR during connection -setup and use. The setting for \fBctx\fR is overridden from the setting for -a specific \s-1SSL\s0 object, if specified. -When \fBcallback\fR is \s-1NULL\s0, not callback function is used. -.PP -\&\fISSL_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to -obtain state information for \fBssl\fR during connection setup and use. -When \fBcallback\fR is \s-1NULL\s0, the callback setting currently valid for -\&\fBctx\fR is used. -.PP -\&\fISSL_CTX_get_info_callback()\fR returns a pointer to the currently set information -callback function for \fBctx\fR. -.PP -\&\fISSL_get_info_callback()\fR returns a pointer to the currently set information -callback function for \fBssl\fR. -.SH "NOTES" -.IX Header "NOTES" -When setting up a connection and during use, it is possible to obtain state -information from the \s-1SSL/TLS\s0 engine. When set, an information callback function -is called whenever the state changes, an alert appears, or an error occurs. -.PP -The callback function is called as \fBcallback(\s-1SSL\s0 *ssl, int where, int ret)\fR. -The \fBwhere\fR argument specifies information about where (in which context) -the callback function was called. If \fBret\fR is 0, an error condition occurred. -If an alert is handled, \s-1SSL_CB_ALERT\s0 is set and \fBret\fR specifies the alert -information. -.PP -\&\fBwhere\fR is a bitmask made up of the following bits: -.Ip "\s-1SSL_CB_LOOP\s0" 4 -.IX Item "SSL_CB_LOOP" -Callback has been called to indicate state change inside a loop. -.Ip "\s-1SSL_CB_EXIT\s0" 4 -.IX Item "SSL_CB_EXIT" -Callback has been called to indicate error exit of a handshake function. -(May be soft error with retry option for non-blocking setups.) -.Ip "\s-1SSL_CB_READ\s0" 4 -.IX Item "SSL_CB_READ" -Callback has been called during read operation. -.Ip "\s-1SSL_CB_WRITE\s0" 4 -.IX Item "SSL_CB_WRITE" -Callback has been called during write operation. -.Ip "\s-1SSL_CB_ALERT\s0" 4 -.IX Item "SSL_CB_ALERT" -Callback has been called due to an alert being sent or received. -.Ip "\s-1SSL_CB_READ_ALERT\s0 (SSL_CB_ALERT|SSL_CB_READ)" 4 -.IX Item "SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)" -.PD 0 -.Ip "\s-1SSL_CB_WRITE_ALERT\s0 (SSL_CB_ALERT|SSL_CB_WRITE)" 4 -.IX Item "SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)" -.Ip "\s-1SSL_CB_ACCEPT_LOOP\s0 (SSL_ST_ACCEPT|SSL_CB_LOOP)" 4 -.IX Item "SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)" -.Ip "\s-1SSL_CB_ACCEPT_EXIT\s0 (SSL_ST_ACCEPT|SSL_CB_EXIT)" 4 -.IX Item "SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)" -.Ip "\s-1SSL_CB_CONNECT_LOOP\s0 (SSL_ST_CONNECT|SSL_CB_LOOP)" 4 -.IX Item "SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)" -.Ip "\s-1SSL_CB_CONNECT_EXIT\s0 (SSL_ST_CONNECT|SSL_CB_EXIT)" 4 -.IX Item "SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)" -.Ip "\s-1SSL_CB_HANDSHAKE_START\s0" 4 -.IX Item "SSL_CB_HANDSHAKE_START" -.PD -Callback has been called because a new handshake is started. -.Ip "\s-1SSL_CB_HANDSHAKE_DONE\s0 0x20" 4 -.IX Item "SSL_CB_HANDSHAKE_DONE 0x20" -Callback has been called because a handshake is finished. -.PP -The current state information can be obtained using the -SSL_state_string(3) family of functions. -.PP -The \fBret\fR information can be evaluated using the -SSL_alert_type_string(3) family of functions. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fISSL_set_info_callback()\fR does not provide diagnostic information. -.PP -\&\fISSL_get_info_callback()\fR returns the current setting. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -The following example callback function prints state strings, information -about alerts being handled and error messages to the \fBbio_err\fR \s-1BIO\s0. -.PP -.Vb 4 -\& void apps_ssl_info_callback(SSL *s, int where, int ret) -\& { -\& const char *str; -\& int w; -.Ve -.Vb 1 -\& w=where& ~SSL_ST_MASK; -.Ve -.Vb 3 -\& if (w & SSL_ST_CONNECT) str="SSL_connect"; -\& else if (w & SSL_ST_ACCEPT) str="SSL_accept"; -\& else str="undefined"; -.Ve -.Vb 24 -\& if (where & SSL_CB_LOOP) -\& { -\& BIO_printf(bio_err,"%s:%s\en",str,SSL_state_string_long(s)); -\& } -\& else if (where & SSL_CB_ALERT) -\& { -\& str=(where & SSL_CB_READ)?"read":"write"; -\& BIO_printf(bio_err,"SSL3 alert %s:%s:%s\en", -\& str, -\& SSL_alert_type_string_long(ret), -\& SSL_alert_desc_string_long(ret)); -\& } -\& else if (where & SSL_CB_EXIT) -\& { -\& if (ret == 0) -\& BIO_printf(bio_err,"%s:failed in %s\en", -\& str,SSL_state_string_long(s)); -\& else if (ret < 0) -\& { -\& BIO_printf(bio_err,"%s:error in %s\en", -\& str,SSL_state_string_long(s)); -\& } -\& } -\& } -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3), SSL_state_string(3), -SSL_alert_type_string(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_options.3 b/secure/lib/libcrypto/man/SSL_CTX_set_options.3 deleted file mode 100644 index 77d9e085a265..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_options.3 +++ /dev/null @@ -1,321 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:26 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_CTX_set_options 3" -.TH SSL_CTX_set_options 3 "0.9.6e" "2002-07-30" "OpenSSL" -.UC -.SH "NAME" -SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options \- manipulate \s-1SSL\s0 engine options -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 2 -\& long SSL_CTX_set_options(SSL_CTX *ctx, long options); -\& long SSL_set_options(SSL *ssl, long options); -.Ve -.Vb 2 -\& long SSL_CTX_get_options(SSL_CTX *ctx); -\& long SSL_get_options(SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_CTX_set_options()\fR adds the options set via bitmask in \fBoptions\fR to \fBctx\fR. -Options already set before are not cleared! -.PP -\&\fISSL_set_options()\fR adds the options set via bitmask in \fBoptions\fR to \fBssl\fR. -Options already set before are not cleared! -.PP -\&\fISSL_CTX_get_options()\fR returns the options set for \fBctx\fR. -.PP -\&\fISSL_get_options()\fR returns the options set for \fBssl\fR. -.SH "NOTES" -.IX Header "NOTES" -The behaviour of the \s-1SSL\s0 library can be changed by setting several options. -The options are coded as bitmasks and can be combined by a logical \fBor\fR -operation (|). Options can only be added but can never be reset. -.PP -\&\fISSL_CTX_set_options()\fR and \fISSL_set_options()\fR affect the (external) -protocol behaviour of the \s-1SSL\s0 library. The (internal) behaviour of -the \s-1API\s0 can be changed by using the similar -SSL_CTX_set_mode(3) and \fISSL_set_mode()\fR functions. -.PP -During a handshake, the option settings of the \s-1SSL\s0 object are used. When -a new \s-1SSL\s0 object is created from a context using \fISSL_new()\fR, the current -option setting is copied. Changes to \fBctx\fR do not affect already created -\&\s-1SSL\s0 objects. \fISSL_clear()\fR does not affect the settings. -.PP -The following \fBbug workaround\fR options are available: -.Ip "\s-1SSL_OP_MICROSOFT_SESS_ID_BUG\s0" 4 -.IX Item "SSL_OP_MICROSOFT_SESS_ID_BUG" -www.microsoft.com \- when talking SSLv2, if session-id reuse is -performed, the session-id passed back in the server-finished message -is different from the one decided upon. -.Ip "\s-1SSL_OP_NETSCAPE_CHALLENGE_BUG\s0" 4 -.IX Item "SSL_OP_NETSCAPE_CHALLENGE_BUG" -Netscape-Commerce/1.12, when talking SSLv2, accepts a 32 byte -challenge but then appears to only use 16 bytes when generating the -encryption keys. Using 16 bytes is ok but it should be ok to use 32. -According to the SSLv3 spec, one should use 32 bytes for the challenge -when operating in SSLv2/v3 compatibility mode, but as mentioned above, -this breaks this server so 16 bytes is the way to go. -.Ip "\s-1SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG\s0" 4 -.IX Item "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG" -ssl3.netscape.com:443, first a connection is established with \s-1RC4\-MD5\s0. -If it is then resumed, we end up using \s-1DES-CBC3\-SHA\s0. It should be -\&\s-1RC4\-MD5\s0 according to 7.6.1.3, 'cipher_suite'. -.Sp -Netscape-Enterprise/2.01 (https://merchant.netscape.com) has this bug. -It only really shows up when connecting via SSLv2/v3 then reconnecting -via SSLv3. The cipher list changes.... -.Sp -\&\s-1NEW\s0 \s-1INFORMATION\s0. Try connecting with a cipher list of just -\&\s-1DES-CBC-SHA:RC4\-MD5\s0. For some weird reason, each new connection uses -\&\s-1RC4\-MD5\s0, but a re-connect tries to use \s-1DES-CBC-SHA\s0. So netscape, when -doing a re-connect, always takes the first cipher in the cipher list. -.Ip "\s-1SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG\s0" 4 -.IX Item "SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG" -\&... -.Ip "\s-1SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER\s0" 4 -.IX Item "SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER" -\&... -.Ip "\s-1SSL_OP_MSIE_SSLV2_RSA_PADDING\s0" 4 -.IX Item "SSL_OP_MSIE_SSLV2_RSA_PADDING" -\&... -.Ip "\s-1SSL_OP_SSLEAY_080_CLIENT_DH_BUG\s0" 4 -.IX Item "SSL_OP_SSLEAY_080_CLIENT_DH_BUG" -\&... -.Ip "\s-1SSL_OP_TLS_D5_BUG\s0" 4 -.IX Item "SSL_OP_TLS_D5_BUG" -\&... -.Ip "\s-1SSL_OP_TLS_BLOCK_PADDING_BUG\s0" 4 -.IX Item "SSL_OP_TLS_BLOCK_PADDING_BUG" -\&... -.Ip "\s-1SSL_OP_TLS_ROLLBACK_BUG\s0" 4 -.IX Item "SSL_OP_TLS_ROLLBACK_BUG" -Disable version rollback attack detection. -.Sp -During the client key exchange, the client must send the same information -about acceptable \s-1SSL/TLS\s0 protocol levels as during the first hello. Some -clients violate this rule by adapting to the server's answer. (Example: -the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server -only understands up to SSLv3. In this case the client must still use the -same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect -to the server's answer and violate the version rollback protection.) -.Ip "\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0" 4 -.IX Item "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS" -Disables a countermeasure against a \s-1SSL\s0 3.0/TLS 1.0 protocol -vulnerability affecting \s-1CBC\s0 ciphers, which cannot be handled by some -broken \s-1SSL\s0 implementations. This option has no effect for connections -using other ciphers. -.Ip "\s-1SSL_OP_ALL\s0" 4 -.IX Item "SSL_OP_ALL" -All of the above bug workarounds. -.PP -It is usually safe to use \fB\s-1SSL_OP_ALL\s0\fR to enable the bug workaround -options if compatibility with somewhat broken implementations is -desired. -.PP -The following \fBmodifying\fR options are available: -.Ip "\s-1SSL_OP_SINGLE_DH_USE\s0" 4 -.IX Item "SSL_OP_SINGLE_DH_USE" -Always create a new key when using temporary/ephemeral \s-1DH\s0 parameters -(see SSL_CTX_set_tmp_dh_callback(3)). -This option must be used to prevent small subgroup attacks, when -the \s-1DH\s0 parameters were not generated using \*(L"strong\*(R" primes -(e.g. when using DSA-parameters, see dhparam(1)). -If \*(L"strong\*(R" primes were used, it is not strictly necessary to generate -a new \s-1DH\s0 key during each handshake but it is also recommended. -\&\s-1SSL_OP_SINGLE_DH_USE\s0 should therefore be enabled whenever -temporary/ephemeral \s-1DH\s0 parameters are used. -.Ip "\s-1SSL_OP_EPHEMERAL_RSA\s0" 4 -.IX Item "SSL_OP_EPHEMERAL_RSA" -Always use ephemeral (temporary) \s-1RSA\s0 key when doing \s-1RSA\s0 operations -(see SSL_CTX_set_tmp_rsa_callback(3)). -According to the specifications this is only done, when a \s-1RSA\s0 key -can only be used for signature operations (namely under export ciphers -with restricted \s-1RSA\s0 keylength). By setting this option, ephemeral -\&\s-1RSA\s0 keys are always used. This option breaks compatibility with the -\&\s-1SSL/TLS\s0 specifications and may lead to interoperability problems with -clients and should therefore never be used. Ciphers with \s-1EDH\s0 (ephemeral -Diffie-Hellman) key exchange should be used instead. -.Ip "\s-1SSL_OP_PKCS1_CHECK_1\s0" 4 -.IX Item "SSL_OP_PKCS1_CHECK_1" -\&... -.Ip "\s-1SSL_OP_PKCS1_CHECK_2\s0" 4 -.IX Item "SSL_OP_PKCS1_CHECK_2" -\&... -.Ip "\s-1SSL_OP_NETSCAPE_CA_DN_BUG\s0" 4 -.IX Item "SSL_OP_NETSCAPE_CA_DN_BUG" -If we accept a netscape connection, demand a client cert, have a -non-self-sighed \s-1CA\s0 which does not have it's \s-1CA\s0 in netscape, and the -browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta -.Ip "\s-1SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG\s0" 4 -.IX Item "SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG" -\&... -.Ip "SSL_OP_NO_SSLv2" 4 -.IX Item "SSL_OP_NO_SSLv2" -Do not use the SSLv2 protocol. -.Ip "SSL_OP_NO_SSLv3" 4 -.IX Item "SSL_OP_NO_SSLv3" -Do not use the SSLv3 protocol. -.Ip "SSL_OP_NO_TLSv1" 4 -.IX Item "SSL_OP_NO_TLSv1" -Do not use the TLSv1 protocol. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fISSL_CTX_set_options()\fR and \fISSL_set_options()\fR return the new options bitmask -after adding \fBoptions\fR. -.PP -\&\fISSL_CTX_get_options()\fR and \fISSL_get_options()\fR return the current bitmask. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3), SSL_new(3), SSL_clear(3), -SSL_CTX_set_tmp_dh_callback(3), -SSL_CTX_set_tmp_rsa_callback(3), -dhparam(1) -.SH "HISTORY" -.IX Header "HISTORY" -\&\s-1SSL_OP_TLS_ROLLBACK_BUG\s0 has been added in OpenSSL 0.9.6. -.PP -\&\fB\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0\fR has been added in OpenSSL 0.9.6e. -Versions up to OpenSSL 0.9.6c do not include the countermeasure that -can be disabled with this option (in OpenSSL 0.9.6d, it was always -enabled). diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3 b/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3 deleted file mode 100644 index 3f5f5ae06daf..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3 +++ /dev/null @@ -1,232 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:28 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_CTX_set_session_cache_mode 3" -.TH SSL_CTX_set_session_cache_mode 3 "0.9.6e" "2002-01-26" "OpenSSL" -.UC -.SH "NAME" -SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode \- enable/disable session caching -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 2 -\& long SSL_CTX_set_session_cache_mode(SSL_CTX ctx, long mode); -\& long SSL_CTX_get_session_cache_mode(SSL_CTX ctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_CTX_set_session_cache_mode()\fR enables/disables session caching -by setting the operational mode for \fBctx\fR to <mode>. -.PP -\&\fISSL_CTX_get_session_cache_mode()\fR returns the currently used cache mode. -.SH "NOTES" -.IX Header "NOTES" -The OpenSSL library can store/retrieve \s-1SSL/TLS\s0 sessions for later reuse. -The sessions can be held in memory for each \fBctx\fR, if more than one -\&\s-1SSL_CTX\s0 object is being maintained, the sessions are unique for each \s-1SSL_CTX\s0 -object. -.PP -In order to reuse a session, a client must send the session's id to the -server. It can only send exactly one id. The server then decides whether it -agrees in reusing the session or starts the handshake for a new session. -.PP -A server will lookup up the session in its internal session storage. If -the session is not found in internal storage or internal storage is -deactivated, the server will try the external storage if available. -.PP -Since a client may try to reuse a session intended for use in a different -context, the session id context must be set by the server (see -SSL_CTX_set_session_id_context(3)). -.PP -The following session cache modes and modifiers are available: -.Ip "\s-1SSL_SESS_CACHE_OFF\s0" 4 -.IX Item "SSL_SESS_CACHE_OFF" -No session caching for client or server takes place. -.Ip "\s-1SSL_SESS_CACHE_CLIENT\s0" 4 -.IX Item "SSL_SESS_CACHE_CLIENT" -Client sessions are added to the session cache. As there is no reliable way -for the OpenSSL library to know whether a session should be reused or which -session to choose (due to the abstract \s-1BIO\s0 layer the \s-1SSL\s0 engine does not -have details about the connection), the application must select the session -to be reused by using the SSL_set_session(3) -function. This option is not activated by default. -.Ip "\s-1SSL_SESS_CACHE_SERVER\s0" 4 -.IX Item "SSL_SESS_CACHE_SERVER" -Server sessions are added to the session cache. When a client proposes a -session to be reused, the session is looked up in the internal session cache. -If the session is found, the server will try to reuse the session. -This is the default. -.Ip "\s-1SSL_SESS_CACHE_BOTH\s0" 4 -.IX Item "SSL_SESS_CACHE_BOTH" -Enable both \s-1SSL_SESS_CACHE_CLIENT\s0 and \s-1SSL_SESS_CACHE_SERVER\s0 at the same time. -.Ip "\s-1SSL_SESS_CACHE_NO_AUTO_CLEAR\s0" 4 -.IX Item "SSL_SESS_CACHE_NO_AUTO_CLEAR" -Normally the session cache is checked for expired sessions every -255 connections using the -SSL_CTX_flush_sessions(3) function. Since -this may lead to a delay which cannot be controlled, the automatic -flushing may be disabled and -SSL_CTX_flush_sessions(3) can be called -explicitly by the application. -.Ip "\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0" 4 -.IX Item "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" -By setting this flag sessions are cached in the internal storage but -they are not looked up automatically. If an external session cache -is enabled, sessions are looked up in the external cache. As automatic -lookup only applies for \s-1SSL/TLS\s0 servers, the flag has no effect on -clients. -.PP -The default mode is \s-1SSL_SESS_CACHE_SERVER\s0. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fISSL_CTX_set_session_cache_mode()\fR returns the previously set cache mode. -.PP -\&\fISSL_CTX_get_session_cache_mode()\fR returns the currently set cache mode. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3), SSL_set_session(3), -SSL_session_reused(3), -SSL_CTX_sess_number(3), -SSL_CTX_sess_set_cache_size(3), -SSL_CTX_sess_set_get_cb(3), -SSL_CTX_set_session_id_context(3), -SSL_CTX_set_timeout(3), -SSL_CTX_flush_sessions(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3 b/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3 deleted file mode 100644 index 5f7c530d7ae3..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3 +++ /dev/null @@ -1,209 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:28 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_CTX_set_session_id_context 3" -.TH SSL_CTX_set_session_id_context 3 "0.9.6e" "2001-02-17" "OpenSSL" -.UC -.SH "NAME" -SSL_CTX_set_session_id_context, SSL_set_session_id_context \- set context within which session can be reused (server side only) -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 4 -\& int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, -\& unsigned int sid_ctx_len); -\& int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, -\& unsigned int sid_ctx_len); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_CTX_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length -\&\fBsid_ctx_len\fR within which a session can be reused for the \fBctx\fR object. -.PP -\&\fISSL_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length -\&\fBsid_ctx_len\fR within which a session can be reused for the \fBssl\fR object. -.SH "NOTES" -.IX Header "NOTES" -Sessions are generated within a certain context. When exporting/importing -sessions with \fBi2d_SSL_SESSION\fR/\fBd2i_SSL_SESSION\fR it would be possible, -to re-import a session generated from another context (e.g. another -application), which might lead to malfunctions. Therefore each application -must set its own session id context \fBsid_ctx\fR which is used to distinguish -the contexts and is stored in exported sessions. The \fBsid_ctx\fR can be -any kind of binary data with a given length, it is therefore possible -to use e.g. the name of the application and/or the hostname and/or service -name ... -.PP -The session id context becomes part of the session. The session id context -is set by the \s-1SSL/TLS\s0 server. The \fISSL_CTX_set_session_id_context()\fR and -\&\fISSL_set_session_id_context()\fR functions are therefore only useful on the -server side. -.PP -OpenSSL clients will check the session id context returned by the server -when reusing a session. -.PP -The maximum length of the \fBsid_ctx\fR is limited to -\&\fB\s-1SSL_MAX_SSL_SESSION_ID_LENGTH\s0\fR. -.SH "WARNINGS" -.IX Header "WARNINGS" -If the session id context is not set on an \s-1SSL/TLS\s0 server, stored sessions -will not be reused but a fatal error will be flagged and the handshake -will fail. -.PP -If a server returns a different session id context to an OpenSSL client -when reusing a session, an error will be flagged and the handshake will -fail. OpenSSL servers will always return the correct session id context, -as an OpenSSL server checks the session id context itself before reusing -a session as described above. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fISSL_CTX_set_session_id_context()\fR and \fISSL_set_session_id_context()\fR -return the following values: -.Ip "0" 4 -The length \fBsid_ctx_len\fR of the session id context \fBsid_ctx\fR exceeded -the maximum allowed length of \fB\s-1SSL_MAX_SSL_SESSION_ID_LENGTH\s0\fR. The error -is logged to the error stack. -.Ip "1" 4 -.IX Item "1" -The operation succeeded. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3 b/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3 deleted file mode 100644 index 13be7042ddfd..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3 +++ /dev/null @@ -1,189 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:29 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_CTX_set_ssl_version 3" -.TH SSL_CTX_set_ssl_version 3 "0.9.6e" "2001-05-19" "OpenSSL" -.UC -.SH "NAME" -SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method -\&\- choose a new \s-1TLS/SSL\s0 method -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 3 -\& int SSL_CTX_set_ssl_version(SSL_CTX *ctx, SSL_METHOD *method); -\& int SSL_set_ssl_method(SSL *s, SSL_METHOD *method); -\& SSL_METHOD *SSL_get_ssl_method(SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_CTX_set_ssl_version()\fR sets a new default \s-1TLS/SSL\s0 \fBmethod\fR for \s-1SSL\s0 objects -newly created from this \fBctx\fR. \s-1SSL\s0 objects already created with -SSL_new(3) are not affected, except when -SSL_clear(3) is being called. -.PP -\&\fISSL_set_ssl_method()\fR sets a new \s-1TLS/SSL\s0 \fBmethod\fR for a particular \fBssl\fR -object. It may be reset, when \fISSL_clear()\fR is called. -.PP -\&\fISSL_get_ssl_method()\fR returns a function pointer to the \s-1TLS/SSL\s0 method -set in \fBssl\fR. -.SH "NOTES" -.IX Header "NOTES" -The available \fBmethod\fR choices are described in -SSL_CTX_new(3). -.PP -When SSL_clear(3) is called and no session is connected to -an \s-1SSL\s0 object, the method of the \s-1SSL\s0 object is reset to the method currently -set in the corresponding \s-1SSL_CTX\s0 object. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur for \fISSL_CTX_set_ssl_version()\fR -and \fISSL_set_ssl_method()\fR: -.Ip "0" 4 -The new choice failed, check the error stack to find out the reason. -.Ip "1" 4 -.IX Item "1" -The operation succeeded. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -SSL_CTX_new(3), SSL_new(3), -SSL_clear(3), ssl(3), -SSL_set_connect_state(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 deleted file mode 100644 index 8f831357a7ef..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 +++ /dev/null @@ -1,312 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:30 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_CTX_set_tmp_dh_callback 3" -.TH SSL_CTX_set_tmp_dh_callback 3 "0.9.6e" "2002-01-26" "OpenSSL" -.UC -.SH "NAME" -SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh \- handle \s-1DH\s0 keys for ephemeral key exchange -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 3 -\& void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, -\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); -\& long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh); -.Ve -.Vb 3 -\& void SSL_set_tmp_dh_callback(SSL_CTX *ctx, -\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); -\& long SSL_set_tmp_dh(SSL *ssl, DH *dh) -.Ve -.Vb 1 -\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_CTX_set_tmp_dh_callback()\fR sets the callback function for \fBctx\fR to be -used when a \s-1DH\s0 parameters are required to \fBtmp_dh_callback\fR. -The callback is inherited by all \fBssl\fR objects created from \fBctx\fR. -.PP -\&\fISSL_CTX_set_tmp_dh()\fR sets \s-1DH\s0 parameters to be used to be \fBdh\fR. -The key is inherited by all \fBssl\fR objects created from \fBctx\fR. -.PP -\&\fISSL_set_tmp_dh_callback()\fR sets the callback only for \fBssl\fR. -.PP -\&\fISSL_set_tmp_dh()\fR sets the parameters only for \fBssl\fR. -.PP -These functions apply to \s-1SSL/TLS\s0 servers only. -.SH "NOTES" -.IX Header "NOTES" -When using a cipher with \s-1RSA\s0 authentication, an ephemeral \s-1DH\s0 key exchange -can take place. Ciphers with \s-1DSA\s0 keys always use ephemeral \s-1DH\s0 keys as well. -In these cases, the session data are negotiated using the -ephemeral/temporary \s-1DH\s0 key and the key supplied and certified -by the certificate chain is only used for signing. -Anonymous ciphers (without a permanent server key) also use ephemeral \s-1DH\s0 keys. -.PP -Using ephemeral \s-1DH\s0 key exchange yields forward secrecy, as the connection -can only be decrypted, when the \s-1DH\s0 key is known. By generating a temporary -\&\s-1DH\s0 key inside the server application that is lost when the application -is left, it becomes impossible for an attacker to decrypt past sessions, -even if he gets hold of the normal (certified) key, as this key was -only used for signing. -.PP -In order to perform a \s-1DH\s0 key exchange the server must use a \s-1DH\s0 group -(\s-1DH\s0 parameters) and generate a \s-1DH\s0 key. The server will always generate a new -\&\s-1DH\s0 key during the negotiation, when the \s-1DH\s0 parameters are supplied via -callback and/or when the \s-1SSL_OP_SINGLE_DH_USE\s0 option of -SSL_CTX_set_options(3) is set. It will -immediately create a \s-1DH\s0 key, when \s-1DH\s0 parameters are supplied via -\&\fISSL_CTX_set_tmp_dh()\fR and \s-1SSL_OP_SINGLE_DH_USE\s0 is not set. In this case, -it may happen that a key is generated on initialization without later -being needed, while on the other hand the computer time during the -negotiation is being saved. -.PP -If \*(L"strong\*(R" primes were used to generate the \s-1DH\s0 parameters, it is not strictly -necessary to generate a new key for each handshake but it does improve forward -secrecy. If it is not assured, that \*(L"strong\*(R" primes were used (see especially -the section about \s-1DSA\s0 parameters below), \s-1SSL_OP_SINGLE_DH_USE\s0 must be used -in order to prevent small subgroup attacks. Always using \s-1SSL_OP_SINGLE_DH_USE\s0 -has an impact on the computer time needed during negotiation, but it is not -very large, so application authors/users should consider to always enable -this option. -.PP -As generating \s-1DH\s0 parameters is extremely time consuming, an application -should not generate the parameters on the fly but supply the parameters. -\&\s-1DH\s0 parameters can be reused, as the actual key is newly generated during -the negotiation. The risk in reusing \s-1DH\s0 parameters is that an attacker -may specialize on a very often used \s-1DH\s0 group. Applications should therefore -generate their own \s-1DH\s0 parameters during the installation process using the -openssl dhparam(1) application. In order to reduce the computer -time needed for this generation, it is possible to use \s-1DSA\s0 parameters -instead (see dhparam(1)), but in this case \s-1SSL_OP_SINGLE_DH_USE\s0 -is mandatory. -.PP -Application authors may compile in \s-1DH\s0 parameters. Files dh512.pem, -dh1024.pem, dh2048.pem, and dh4096 in the 'apps' directory of current -version of the OpenSSL distribution contain the '\s-1SKIP\s0' \s-1DH\s0 parameters, -which use safe primes and were generated verifiably pseudo-randomly. -These files can be converted into C code using the \fB\-C\fR option of the -dhparam(1) application. -Authors may also generate their own set of parameters using -dhparam(1), but a user may not be sure how the parameters were -generated. The generation of \s-1DH\s0 parameters during installation is therefore -recommended. -.PP -An application may either directly specify the \s-1DH\s0 parameters or -can supply the \s-1DH\s0 parameters via a callback function. The callback approach -has the advantage, that the callback may supply \s-1DH\s0 parameters for different -key lengths. -.PP -The \fBtmp_dh_callback\fR is called with the \fBkeylength\fR needed and -the \fBis_export\fR information. The \fBis_export\fR flag is set, when the -ephemeral \s-1DH\s0 key exchange is performed with an export cipher. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Handle \s-1DH\s0 parameters for key lengths of 512 and 1024 bits. (Error handling -partly left out.) -.PP -.Vb 5 -\& ... -\& /* Set up ephemeral DH stuff */ -\& DH *dh_512 = NULL; -\& DH *dh_1024 = NULL; -\& FILE *paramfile; -.Ve -.Vb 14 -\& ... -\& /* "openssl dhparam -out dh_param_512.pem -2 512" */ -\& paramfile = fopen("dh_param_512.pem", "r"); -\& if (paramfile) { -\& dh_512 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); -\& fclose(paramfile); -\& } -\& /* "openssl dhparam -out dh_param_1024.pem -2 1024" */ -\& paramfile = fopen("dh_param_1024.pem", "r"); -\& if (paramfile) { -\& dh_1024 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); -\& fclose(paramfile); -\& } -\& ... -.Ve -.Vb 3 -\& /* "openssl dhparam -C -2 512" etc... */ -\& DH *get_dh512() { ... } -\& DH *get_dh1024() { ... } -.Ve -.Vb 3 -\& DH *tmp_dh_callback(SSL *s, int is_export, int keylength) -\& { -\& DH *dh_tmp=NULL; -.Ve -.Vb 17 -\& switch (keylength) { -\& case 512: -\& if (!dh_512) -\& dh_512 = get_dh512(); -\& dh_tmp = dh_512; -\& break; -\& case 1024: -\& if (!dh_1024) -\& dh_1024 = get_dh1024(); -\& dh_tmp = dh_1024; -\& break; -\& default: -\& /* Generating a key on the fly is very costly, so use what is there */ -\& setup_dh_parameters_like_above(); -\& } -\& return(dh_tmp); -\& } -.Ve -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fISSL_CTX_set_tmp_dh_callback()\fR and \fISSL_set_tmp_dh_callback()\fR do not return -diagnostic output. -.PP -\&\fISSL_CTX_set_tmp_dh()\fR and \fISSL_set_tmp_dh()\fR do return 1 on success and 0 -on failure. Check the error queue to find out the reason of failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3), SSL_CTX_set_cipher_list(3), -SSL_CTX_set_tmp_rsa_callback(3), -SSL_CTX_set_options(3), -ciphers(1), dhparam(1) diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_tmp_rsa_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_tmp_rsa_callback.3 deleted file mode 100644 index 350e62197f2c..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_tmp_rsa_callback.3 +++ /dev/null @@ -1,309 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:31 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_CTX_set_tmp_rsa_callback 3" -.TH SSL_CTX_set_tmp_rsa_callback 3 "0.9.6e" "2002-01-26" "OpenSSL" -.UC -.SH "NAME" -SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa \- handle \s-1RSA\s0 keys for ephemeral key exchange -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 4 -\& void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, -\& RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)); -\& long SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, RSA *rsa); -\& long SSL_CTX_need_tmp_rsa(SSL_CTX *ctx); -.Ve -.Vb 4 -\& void SSL_set_tmp_rsa_callback(SSL_CTX *ctx, -\& RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)); -\& long SSL_set_tmp_rsa(SSL *ssl, RSA *rsa) -\& long SSL_need_tmp_rsa(SSL *ssl) -.Ve -.Vb 1 -\& RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_CTX_set_tmp_rsa_callback()\fR sets the callback function for \fBctx\fR to be -used when a temporary/ephemeral \s-1RSA\s0 key is required to \fBtmp_rsa_callback\fR. -The callback is inherited by all \s-1SSL\s0 objects newly created from \fBctx\fR -with <\fISSL_new\fR\|(3)|\fISSL_new\fR\|(3)>. Already created \s-1SSL\s0 objects are not affected. -.PP -\&\fISSL_CTX_set_tmp_rsa()\fR sets the temporary/ephemeral \s-1RSA\s0 key to be used to be -\&\fBrsa\fR. The key is inherited by all \s-1SSL\s0 objects newly created from \fBctx\fR -with <\fISSL_new\fR\|(3)|\fISSL_new\fR\|(3)>. Already created \s-1SSL\s0 objects are not affected. -.PP -\&\fISSL_CTX_need_tmp_rsa()\fR returns 1, if a temporary/ephemeral \s-1RSA\s0 key is needed -for RSA-based strength-limited 'exportable' ciphersuites because a \s-1RSA\s0 key -with a keysize larger than 512 bits is installed. -.PP -\&\fISSL_set_tmp_rsa_callback()\fR sets the callback only for \fBssl\fR. -.PP -\&\fISSL_set_tmp_rsa()\fR sets the key only for \fBssl\fR. -.PP -\&\fISSL_need_tmp_rsa()\fR returns 1, if a temporary/ephemeral \s-1RSA\s0 key is needed, -for RSA-based strength-limited 'exportable' ciphersuites because a \s-1RSA\s0 key -with a keysize larger than 512 bits is installed. -.PP -These functions apply to \s-1SSL/TLS\s0 servers only. -.SH "NOTES" -.IX Header "NOTES" -When using a cipher with \s-1RSA\s0 authentication, an ephemeral \s-1RSA\s0 key exchange -can take place. In this case the session data are negotiated using the -ephemeral/temporary \s-1RSA\s0 key and the \s-1RSA\s0 key supplied and certified -by the certificate chain is only used for signing. -.PP -Under previous export restrictions, ciphers with \s-1RSA\s0 keys shorter (512 bits) -than the usual key length of 1024 bits were created. To use these ciphers -with \s-1RSA\s0 keys of usual length, an ephemeral key exchange must be performed, -as the normal (certified) key cannot be directly used. -.PP -Using ephemeral \s-1RSA\s0 key exchange yields forward secrecy, as the connection -can only be decrypted, when the \s-1RSA\s0 key is known. By generating a temporary -\&\s-1RSA\s0 key inside the server application that is lost when the application -is left, it becomes impossible for an attacker to decrypt past sessions, -even if he gets hold of the normal (certified) \s-1RSA\s0 key, as this key was -used for signing only. The downside is that creating a \s-1RSA\s0 key is -computationally expensive. -.PP -Additionally, the use of ephemeral \s-1RSA\s0 key exchange is only allowed in -the \s-1TLS\s0 standard, when the \s-1RSA\s0 key can be used for signing only, that is -for export ciphers. Using ephemeral \s-1RSA\s0 key exchange for other purposes -violates the standard and can break interoperability with clients. -It is therefore strongly recommended to not use ephemeral \s-1RSA\s0 key -exchange and use \s-1EDH\s0 (Ephemeral Diffie-Hellman) key exchange instead -in order to achieve forward secrecy (see -SSL_CTX_set_tmp_dh_callback(3)). -.PP -On OpenSSL servers ephemeral \s-1RSA\s0 key exchange is therefore disabled by default -and must be explicitly enabled using the \s-1SSL_OP_EPHEMERAL_RSA\s0 option of -SSL_CTX_set_options(3), violating the \s-1TLS/SSL\s0 -standard. When ephemeral \s-1RSA\s0 key exchange is required for export ciphers, -it will automatically be used without this option! -.PP -An application may either directly specify the key or can supply the key via -a callback function. The callback approach has the advantage, that the -callback may generate the key only in case it is actually needed. As the -generation of a \s-1RSA\s0 key is however costly, it will lead to a significant -delay in the handshake procedure. Another advantage of the callback function -is that it can supply keys of different size (e.g. for \s-1SSL_OP_EPHEMERAL_RSA\s0 -usage) while the explicit setting of the key is only useful for key size of -512 bits to satisfy the export restricted ciphers and does give away key length -if a longer key would be allowed. -.PP -The \fBtmp_rsa_callback\fR is called with the \fBkeylength\fR needed and -the \fBis_export\fR information. The \fBis_export\fR flag is set, when the -ephemeral \s-1RSA\s0 key exchange is performed with an export cipher. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Generate temporary \s-1RSA\s0 keys to prepare ephemeral \s-1RSA\s0 key exchange. As the -generation of a \s-1RSA\s0 key costs a lot of computer time, they saved for later -reuse. For demonstration purposes, two keys for 512 bits and 1024 bits -respectively are generated. -.PP -.Vb 4 -\& ... -\& /* Set up ephemeral RSA stuff */ -\& RSA *rsa_512 = NULL; -\& RSA *rsa_1024 = NULL; -.Ve -.Vb 3 -\& rsa_512 = RSA_generate_key(512,RSA_F4,NULL,NULL); -\& if (rsa_512 == NULL) -\& evaluate_error_queue(); -.Ve -.Vb 3 -\& rsa_1024 = RSA_generate_key(1024,RSA_F4,NULL,NULL); -\& if (rsa_1024 == NULL) -\& evaluate_error_queue(); -.Ve -.Vb 1 -\& ... -.Ve -.Vb 3 -\& RSA *tmp_rsa_callback(SSL *s, int is_export, int keylength) -\& { -\& RSA *rsa_tmp=NULL; -.Ve -.Vb 24 -\& switch (keylength) { -\& case 512: -\& if (rsa_512) -\& rsa_tmp = rsa_512; -\& else { /* generate on the fly, should not happen in this example */ -\& rsa_tmp = RSA_generate_key(keylength,RSA_F4,NULL,NULL); -\& rsa_512 = rsa_tmp; /* Remember for later reuse */ -\& } -\& break; -\& case 1024: -\& if (rsa_1024) -\& rsa_tmp=rsa_1024; -\& else -\& should_not_happen_in_this_example(); -\& break; -\& default: -\& /* Generating a key on the fly is very costly, so use what is there */ -\& if (rsa_1024) -\& rsa_tmp=rsa_1024; -\& else -\& rsa_tmp=rsa_512; /* Use at least a shorter key */ -\& } -\& return(rsa_tmp); -\& } -.Ve -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fISSL_CTX_set_tmp_rsa_callback()\fR and \fISSL_set_tmp_rsa_callback()\fR do not return -diagnostic output. -.PP -\&\fISSL_CTX_set_tmp_rsa()\fR and \fISSL_set_tmp_rsa()\fR do return 1 on success and 0 -on failure. Check the error queue to find out the reason of failure. -.PP -\&\fISSL_CTX_need_tmp_rsa()\fR and \fISSL_need_tmp_rsa()\fR return 1 if a temporary -\&\s-1RSA\s0 key is needed and 0 otherwise. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3), SSL_CTX_set_cipher_list(3), -SSL_CTX_set_options(3), -SSL_CTX_set_tmp_dh_callback(3), -SSL_new(3), ciphers(1) diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_verify.3 b/secure/lib/libcrypto/man/SSL_CTX_set_verify.3 deleted file mode 100644 index cc4b22a88b5a..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_verify.3 +++ /dev/null @@ -1,434 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:31 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_CTX_set_verify 3" -.TH SSL_CTX_set_verify 3 "0.9.6e" "2002-01-26" "OpenSSL" -.UC -.SH "NAME" -SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_depth \- set peer certificate verification parameters -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 6 -\& void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, -\& int (*verify_callback)(int, X509_STORE_CTX *)); -\& void SSL_set_verify(SSL *s, int mode, -\& int (*verify_callback)(int, X509_STORE_CTX *)); -\& void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth); -\& void SSL_set_verify_depth(SSL *s, int depth); -.Ve -.Vb 1 -\& int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_CTX_set_verify()\fR sets the verification flags for \fBctx\fR to be \fBmode\fR and -specifies the \fBverify_callback\fR function to be used. If no callback function -shall be specified, the \s-1NULL\s0 pointer can be used for \fBverify_callback\fR. -.PP -\&\fISSL_set_verify()\fR sets the verification flags for \fBssl\fR to be \fBmode\fR and -specifies the \fBverify_callback\fR function to be used. If no callback function -shall be specified, the \s-1NULL\s0 pointer can be used for \fBverify_callback\fR. In -this case last \fBverify_callback\fR set specifically for this \fBssl\fR remains. If -no special \fBcallback\fR was set before, the default callback for the underlying -\&\fBctx\fR is used, that was valid at the the time \fBssl\fR was created with -SSL_new(3). -.PP -\&\fISSL_CTX_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain -verification that shall be allowed for \fBctx\fR. (See the \s-1BUGS\s0 section.) -.PP -\&\fISSL_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain -verification that shall be allowed for \fBssl\fR. (See the \s-1BUGS\s0 section.) -.SH "NOTES" -.IX Header "NOTES" -The verification of certificates can be controlled by a set of logically -or'ed \fBmode\fR flags: -.Ip "\s-1SSL_VERIFY_NONE\s0" 4 -.IX Item "SSL_VERIFY_NONE" -\&\fBServer mode:\fR the server will not send a client certificate request to the -client, so the client will not send a certificate. -.Sp -\&\fBClient mode:\fR if not using an anonymous cipher (by default disabled), the -server will send a certificate which will be checked. The result of the -certificate verification process can be checked after the \s-1TLS/SSL\s0 handshake -using the SSL_get_verify_result(3) function. -The handshake will be continued regardless of the verification result. -.Ip "\s-1SSL_VERIFY_PEER\s0" 4 -.IX Item "SSL_VERIFY_PEER" -\&\fBServer mode:\fR the server sends a client certificate request to the client. -The certificate returned (if any) is checked. If the verification process -fails, the \s-1TLS/SSL\s0 handshake is -immediately terminated with an alert message containing the reason for -the verification failure. -The behaviour can be controlled by the additional -\&\s-1SSL_VERIFY_FAIL_IF_NO_PEER_CERT\s0 and \s-1SSL_VERIFY_CLIENT_ONCE\s0 flags. -.Sp -\&\fBClient mode:\fR the server certificate is verified. If the verification process -fails, the \s-1TLS/SSL\s0 handshake is -immediately terminated with an alert message containing the reason for -the verification failure. If no server certificate is sent, because an -anonymous cipher is used, \s-1SSL_VERIFY_PEER\s0 is ignored. -.Ip "\s-1SSL_VERIFY_FAIL_IF_NO_PEER_CERT\s0" 4 -.IX Item "SSL_VERIFY_FAIL_IF_NO_PEER_CERT" -\&\fBServer mode:\fR if the client did not return a certificate, the \s-1TLS/SSL\s0 -handshake is immediately terminated with a \*(L"handshake failure\*(R" alert. -This flag must be used together with \s-1SSL_VERIFY_PEER\s0. -.Sp -\&\fBClient mode:\fR ignored -.Ip "\s-1SSL_VERIFY_CLIENT_ONCE\s0" 4 -.IX Item "SSL_VERIFY_CLIENT_ONCE" -\&\fBServer mode:\fR only request a client certificate on the initial \s-1TLS/SSL\s0 -handshake. Do not ask for a client certificate again in case of a -renegotiation. This flag must be used together with \s-1SSL_VERIFY_PEER\s0. -.Sp -\&\fBClient mode:\fR ignored -.PP -Exactly one of the \fBmode\fR flags \s-1SSL_VERIFY_NONE\s0 and \s-1SSL_VERIFY_PEER\s0 must be -set at any time. -.PP -The actual verification procedure is performed either using the built-in -verification procedure or using another application provided verification -function set with -SSL_CTX_set_cert_verify_callback(3). -The following descriptions apply in the case of the built-in procedure. An -application provided procedure also has access to the verify depth information -and the \fIverify_callback()\fR function, but the way this information is used -may be different. -.PP -\&\fISSL_CTX_set_verify_depth()\fR and \fISSL_set_verify_depth()\fR set the limit up -to which depth certificates in a chain are used during the verification -procedure. If the certificate chain is longer than allowed, the certificates -above the limit are ignored. Error messages are generated as if these -certificates would not be present, most likely a -X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY will be issued. -The depth count is \*(L"level 0:peer certificate\*(R", \*(L"level 1: \s-1CA\s0 certificate\*(R", -\&\*(L"level 2: higher level \s-1CA\s0 certificate\*(R", and so on. Setting the maximum -depth to 2 allows the levels 0, 1, and 2. The default depth limit is 9, -allowing for the peer certificate and additional 9 \s-1CA\s0 certificates. -.PP -The \fBverify_callback\fR function is used to control the behaviour when the -\&\s-1SSL_VERIFY_PEER\s0 flag is set. It must be supplied by the application and -receives two arguments: \fBpreverify_ok\fR indicates, whether the verification of -the certificate in question was passed (preverify_ok=1) or not -(preverify_ok=0). \fBx509_ctx\fR is a pointer to the complete context used -for the certificate chain verification. -.PP -The certificate chain is checked starting with the deepest nesting level -(the root \s-1CA\s0 certificate) and worked upward to the peer's certificate. -At each level signatures and issuer attributes are checked. Whenever -a verification error is found, the error number is stored in \fBx509_ctx\fR -and \fBverify_callback\fR is called with \fBpreverify_ok\fR=0. By applying -X509_CTX_store_* functions \fBverify_callback\fR can locate the certificate -in question and perform additional steps (see \s-1EXAMPLES\s0). If no error is -found for a certificate, \fBverify_callback\fR is called with \fBpreverify_ok\fR=1 -before advancing to the next level. -.PP -The return value of \fBverify_callback\fR controls the strategy of the further -verification process. If \fBverify_callback\fR returns 0, the verification -process is immediately stopped with \*(L"verification failed\*(R" state. If -\&\s-1SSL_VERIFY_PEER\s0 is set, a verification failure alert is sent to the peer and -the \s-1TLS/SSL\s0 handshake is terminated. If \fBverify_callback\fR returns 1, -the verification process is continued. If \fBverify_callback\fR always returns -1, the \s-1TLS/SSL\s0 handshake will never be terminated because of this application -experiencing a verification failure. The calling process can however -retrieve the error code of the last verification error using -SSL_get_verify_result(3) or by maintaining its -own error storage managed by \fBverify_callback\fR. -.PP -If no \fBverify_callback\fR is specified, the default callback will be used. -Its return value is identical to \fBpreverify_ok\fR, so that any verification -failure will lead to a termination of the \s-1TLS/SSL\s0 handshake with an -alert message, if \s-1SSL_VERIFY_PEER\s0 is set. -.SH "BUGS" -.IX Header "BUGS" -In client mode, it is not checked whether the \s-1SSL_VERIFY_PEER\s0 flag -is set, but whether \s-1SSL_VERIFY_NONE\s0 is not set. This can lead to -unexpected behaviour, if the \s-1SSL_VERIFY_PEER\s0 and \s-1SSL_VERIFY_NONE\s0 are not -used as required (exactly one must be set at any time). -.PP -The certificate verification depth set with SSL[_CTX]\fI_verify_depth()\fR -stops the verification at a certain depth. The error message produced -will be that of an incomplete certificate chain and not -X509_V_ERR_CERT_CHAIN_TOO_LONG as may be expected. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The SSL*_set_verify*() functions do not provide diagnostic information. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -The following code sequence realizes an example \fBverify_callback\fR function -that will always continue the \s-1TLS/SSL\s0 handshake regardless of verification -failure, if wished. The callback realizes a verification depth limit with -more informational output. -.PP -All verification errors are printed, informations about the certificate chain -are printed on request. -The example is realized for a server that does allow but not require client -certificates. -.PP -The example makes use of the ex_data technique to store application data -into/retrieve application data from the \s-1SSL\s0 structure -(see SSL_get_ex_new_index(3), -SSL_get_ex_data_X509_STORE_CTX_idx(3)). -.PP -.Vb 15 -\& ... -\& typedef struct { -\& int verbose_mode; -\& int verify_depth; -\& int always_continue; -\& } mydata_t; -\& int mydata_index; -\& ... -\& static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) -\& { -\& char buf[256]; -\& X509 *err_cert; -\& int err, depth; -\& SSL *ssl; -\& mydata_t *mydata; -.Ve -.Vb 3 -\& err_cert = X509_STORE_CTX_get_current_cert(ctx); -\& err = X509_STORE_CTX_get_error(ctx); -\& depth = X509_STORE_CTX_get_error_depth(ctx); -.Ve -.Vb 6 -\& /* -\& * Retrieve the pointer to the SSL of the connection currently treated -\& * and the application specific data stored into the SSL object. -\& */ -\& ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); -\& mydata = SSL_get_ex_data(ssl, mydata_index); -.Ve -.Vb 1 -\& X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256); -.Ve -.Vb 22 -\& /* -\& * Catch a too long certificate chain. The depth limit set using -\& * SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so -\& * that whenever the "depth>verify_depth" condition is met, we -\& * have violated the limit and want to log this error condition. -\& * We must do it here, because the CHAIN_TOO_LONG error would not -\& * be found explicitly; only errors introduced by cutting off the -\& * additional certificates would be logged. -\& */ -\& if (depth > mydata->verify_depth) { -\& preverify_ok = 0; -\& err = X509_V_ERR_CERT_CHAIN_TOO_LONG; -\& X509_STORE_CTX_set_error(ctx, err); -\& } -\& if (!preverify_ok) { -\& printf("verify error:num=%d:%s:depth=%d:%s\en", err, -\& X509_verify_cert_error_string(err), depth, buf); -\& } -\& else if (mydata->verbose_mode) -\& { -\& printf("depth=%d:%s\en", depth, buf); -\& } -.Ve -.Vb 9 -\& /* -\& * At this point, err contains the last verification error. We can use -\& * it for something special -\& */ -\& if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT) -\& { -\& X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256); -\& printf("issuer= %s\en", buf); -\& } -.Ve -.Vb 6 -\& if (mydata->always_continue) -\& return 1; -\& else -\& return preverify_ok; -\& } -\& ... -.Ve -.Vb 1 -\& mydata_t mydata; -.Ve -.Vb 2 -\& ... -\& mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, NULL); -.Ve -.Vb 3 -\& ... -\& SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE, -\& verify_callback); -.Ve -.Vb 5 -\& /* -\& * Let the verify_callback catch the verify_depth error so that we get -\& * an appropriate error in the logfile. -\& */ -\& SSL_CTX_set_verify_depth(verify_depth + 1); -.Ve -.Vb 6 -\& /* -\& * Set up the SSL specific data into "mydata" and store it into th SSL -\& * structure. -\& */ -\& mydata.verify_depth = verify_depth; ... -\& SSL_set_ex_data(ssl, mydata_index, &mydata); -.Ve -.Vb 9 -\& ... -\& SSL_accept(ssl); /* check of success left out for clarity */ -\& if (peer = SSL_get_peer_certificate(ssl)) -\& { -\& if (SSL_get_verify_result(ssl) == X509_V_OK) -\& { -\& /* The client sent a certificate which verified OK */ -\& } -\& } -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3), SSL_new(3), -SSL_CTX_get_verify_mode(3), -SSL_get_verify_result(3), -SSL_CTX_load_verify_locations(3), -SSL_get_peer_certificate(3), -SSL_CTX_set_cert_verify_callback(3), -SSL_get_ex_data_X509_STORE_CTX_idx(3), -SSL_get_ex_new_index(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3 b/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3 deleted file mode 100644 index 159cc732880b..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3 +++ /dev/null @@ -1,293 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:32 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_CTX_use_certificate 3" -.TH SSL_CTX_use_certificate 3 "0.9.6e" "2002-07-30" "OpenSSL" -.UC -.SH "NAME" -SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1, SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key \- load certificate and key data -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 6 -\& int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); -\& int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d); -\& int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); -\& int SSL_use_certificate(SSL *ssl, X509 *x); -\& int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len); -\& int SSL_use_certificate_file(SSL *ssl, const char *file, int type); -.Ve -.Vb 1 -\& int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); -.Ve -.Vb 13 -\& int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); -\& int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d, -\& long len); -\& int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); -\& int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); -\& int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len); -\& int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); -\& int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); -\& int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len); -\& int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); -\& int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); -\& int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); -\& int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); -.Ve -.Vb 2 -\& int SSL_CTX_check_private_key(SSL_CTX *ctx); -\& int SSL_check_private_key(SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -These functions load the certificates and private keys into the \s-1SSL_CTX\s0 -or \s-1SSL\s0 object, respectively. -.PP -The SSL_CTX_* class of functions loads the certificates and keys into the -\&\s-1SSL_CTX\s0 object \fBctx\fR. The information is passed to \s-1SSL\s0 objects \fBssl\fR -created from \fBctx\fR with SSL_new(3) by copying, so that -changes applied to \fBctx\fR do not propagate to already existing \s-1SSL\s0 objects. -.PP -The SSL_* class of functions only loads certificates and keys into a -specific \s-1SSL\s0 object. The specific information is kept, when -SSL_clear(3) is called for this \s-1SSL\s0 object. -.PP -\&\fISSL_CTX_use_certificate()\fR loads the certificate \fBx\fR into \fBctx\fR, -\&\fISSL_use_certificate()\fR loads \fBx\fR into \fBssl\fR. The rest of the -certificates needed to form the complete certificate chain can be -specified using the -SSL_CTX_add_extra_chain_cert(3) -function. -.PP -\&\fISSL_CTX_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate from -the memory location \fBd\fR (with length \fBlen\fR) into \fBctx\fR, -\&\fISSL_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate into \fBssl\fR. -.PP -\&\fISSL_CTX_use_certificate_file()\fR loads the first certificate stored in \fBfile\fR -into \fBctx\fR. The formatting \fBtype\fR of the certificate must be specified -from the known types \s-1SSL_FILETYPE_PEM\s0, \s-1SSL_FILETYPE_ASN1\s0. -\&\fISSL_use_certificate_file()\fR loads the certificate from \fBfile\fR into \fBssl\fR. -See the \s-1NOTES\s0 section on why \fISSL_CTX_use_certificate_chain_file()\fR -should be preferred. -.PP -\&\fISSL_CTX_use_certificate_chain_file()\fR loads a certificate chain from -\&\fBfile\fR into \fBctx\fR. The certificates must be in \s-1PEM\s0 format and must -be sorted starting with the certificate to the highest level (root \s-1CA\s0). -There is no corresponding function working on a single \s-1SSL\s0 object. -.PP -\&\fISSL_CTX_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBctx\fR. -\&\fISSL_CTX_use_RSAPrivateKey()\fR adds the private key \fBrsa\fR of type \s-1RSA\s0 -to \fBctx\fR. \fISSL_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBssl\fR; -\&\fISSL_use_RSAPrivateKey()\fR adds \fBrsa\fR as private key of type \s-1RSA\s0 to \fBssl\fR. -.PP -\&\fISSL_CTX_use_PrivateKey_ASN1()\fR adds the private key of type \fBpk\fR -stored at memory location \fBd\fR (length \fBlen\fR) to \fBctx\fR. -\&\fISSL_CTX_use_RSAPrivateKey_ASN1()\fR adds the private key of type \s-1RSA\s0 -stored at memory location \fBd\fR (length \fBlen\fR) to \fBctx\fR. -\&\fISSL_use_PrivateKey_ASN1()\fR and \fISSL_use_RSAPrivateKey_ASN1()\fR add the private -key to \fBssl\fR. -.PP -\&\fISSL_CTX_use_PrivateKey_file()\fR adds the first private key found in -\&\fBfile\fR to \fBctx\fR. The formatting \fBtype\fR of the certificate must be specified -from the known types \s-1SSL_FILETYPE_PEM\s0, \s-1SSL_FILETYPE_ASN1\s0. -\&\fISSL_CTX_use_RSAPrivateKey_file()\fR adds the first private \s-1RSA\s0 key found in -\&\fBfile\fR to \fBctx\fR. \fISSL_use_PrivateKey_file()\fR adds the first private key found -in \fBfile\fR to \fBssl\fR; \fISSL_use_RSAPrivateKey_file()\fR adds the first private -\&\s-1RSA\s0 key found to \fBssl\fR. -.PP -\&\fISSL_CTX_check_private_key()\fR checks the consistency of a private key with -the corresponding certificate loaded into \fBctx\fR. If more than one -key/certificate pair (\s-1RSA/DSA\s0) is installed, the last item installed will -be checked. If e.g. the last item was a \s-1RSA\s0 certificate or key, the \s-1RSA\s0 -key/certificate pair will be checked. \fISSL_check_private_key()\fR performs -the same check for \fBssl\fR. If no key/certificate was explicitly added for -this \fBssl\fR, the last item added into \fBctx\fR will be checked. -.SH "NOTES" -.IX Header "NOTES" -The internal certificate store of OpenSSL can hold two private key/certificate -pairs at a time: one key/certificate of type \s-1RSA\s0 and one key/certificate -of type \s-1DSA\s0. The certificate used depends on the cipher select, see -also SSL_CTX_set_cipher_list(3). -.PP -When reading certificates and private keys from file, files of type -\&\s-1SSL_FILETYPE_ASN1\s0 (also known as \fB\s-1DER\s0\fR, binary encoding) can only contain -one certificate or private key, consequently -\&\fISSL_CTX_use_certificate_chain_file()\fR is only applicable to \s-1PEM\s0 formatting. -Files of type \s-1SSL_FILETYPE_PEM\s0 can contain more than one item. -.PP -\&\fISSL_CTX_use_certificate_chain_file()\fR adds the first certificate found -in the file to the certificate store. The other certificates are added -to the store of chain certificates using -SSL_CTX_add_extra_chain_cert(3). -There exists only one extra chain store, so that the same chain is appended -to both types of certificates, \s-1RSA\s0 and \s-1DSA\s0! If it is not intended to use -both type of certificate at the same time, it is recommended to use the -\&\fISSL_CTX_use_certificate_chain_file()\fR instead of the -\&\fISSL_CTX_use_certificate_file()\fR function in order to allow the use of -complete certificate chains even when no trusted \s-1CA\s0 storage is used or -when the \s-1CA\s0 issuing the certificate shall not be added to the trusted -\&\s-1CA\s0 storage. -.PP -If additional certificates are needed to complete the chain during the -\&\s-1TLS\s0 negotiation, \s-1CA\s0 certificates are additionally looked up in the -locations of trusted \s-1CA\s0 certificates, see -SSL_CTX_load_verify_locations(3). -.PP -The private keys loaded from file can be encrypted. In order to successfully -load encrypted keys, a function returning the passphrase must have been -supplied, see -SSL_CTX_set_default_passwd_cb(3). -(Certificate files might be encrypted as well from the technical point -of view, it however does not make sense as the data in the certificate -is considered public anyway.) -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -On success, the functions return 1. -Otherwise check out the error stack to find out the reason. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3), SSL_new(3), SSL_clear(3), -SSL_CTX_load_verify_locations(3), -SSL_CTX_set_default_passwd_cb(3), -SSL_CTX_set_cipher_list(3), -SSL_CTX_set_client_cert_cb(3), -SSL_CTX_add_extra_chain_cert(3) diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get_ex_new_index.3 b/secure/lib/libcrypto/man/SSL_SESSION_get_ex_new_index.3 deleted file mode 100644 index 22e7422c7bbd..000000000000 --- a/secure/lib/libcrypto/man/SSL_SESSION_get_ex_new_index.3 +++ /dev/null @@ -1,200 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:33 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_SESSION_get_ex_new_index 3" -.TH SSL_SESSION_get_ex_new_index 3 "0.9.6e" "2001-07-19" "OpenSSL" -.UC -.SH "NAME" -SSL_SESSION_get_ex_new_index, SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data \- internal application specific data functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 4 -\& int SSL_SESSION_get_ex_new_index(long argl, void *argp, -\& CRYPTO_EX_new *new_func, -\& CRYPTO_EX_dup *dup_func, -\& CRYPTO_EX_free *free_func); -.Ve -.Vb 1 -\& int SSL_SESSION_set_ex_data(SSL_SESSION *session, int idx, void *arg); -.Ve -.Vb 1 -\& void *SSL_SESSION_get_ex_data(SSL_SESSION *session, int idx); -.Ve -.Vb 6 -\& typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, -\& int idx, long argl, void *argp); -\& typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, -\& int idx, long argl, void *argp); -\& typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, -\& int idx, long argl, void *argp); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -Several OpenSSL structures can have application specific data attached to them. -These functions are used internally by OpenSSL to manipulate application -specific data attached to a specific structure. -.PP -\&\fISSL_SESSION_get_ex_new_index()\fR is used to register a new index for application -specific data. -.PP -\&\fISSL_SESSION_set_ex_data()\fR is used to store application data at \fBarg\fR for \fBidx\fR -into the \fBsession\fR object. -.PP -\&\fISSL_SESSION_get_ex_data()\fR is used to retrieve the information for \fBidx\fR from -\&\fBsession\fR. -.PP -A detailed description for the \fB*\f(BI_get_ex_new_index()\fB\fR functionality -can be found in RSA_get_ex_new_index(3). -The \fB*\f(BI_get_ex_data()\fB\fR and \fB*\f(BI_set_ex_data()\fB\fR functionality is described in -CRYPTO_set_ex_data(3). -.SH "WARNINGS" -.IX Header "WARNINGS" -The application data is only maintained for sessions held in memory. The -application data is not included when dumping the session with -\&\fIi2d_SSL_SESSION()\fR (and all functions indirectly calling the dump functions -like \fIPEM_write_SSL_SESSION()\fR and \fIPEM_write_bio_SSL_SESSION()\fR) and can -therefore not be restored. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3), -RSA_get_ex_new_index(3), -CRYPTO_set_ex_data(3) diff --git a/secure/lib/libcrypto/man/SSL_accept.3 b/secure/lib/libcrypto/man/SSL_accept.3 deleted file mode 100644 index ca2c4d888725..000000000000 --- a/secure/lib/libcrypto/man/SSL_accept.3 +++ /dev/null @@ -1,202 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:34 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_accept 3" -.TH SSL_accept 3 "0.9.6e" "2002-07-30" "OpenSSL" -.UC -.SH "NAME" -SSL_accept \- wait for a \s-1TLS/SSL\s0 client to initiate a \s-1TLS/SSL\s0 handshake -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 1 -\& int SSL_accept(SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_accept()\fR waits for a \s-1TLS/SSL\s0 client to initiate the \s-1TLS/SSL\s0 handshake. -The communication channel must already have been set and assigned to the -\&\fBssl\fR by setting an underlying \fB\s-1BIO\s0\fR. -.SH "NOTES" -.IX Header "NOTES" -The behaviour of \fISSL_accept()\fR depends on the underlying \s-1BIO\s0. -.PP -If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_accept()\fR will only return once the -handshake has been finished or an error occurred, except for \s-1SGC\s0 (Server -Gated Cryptography). For \s-1SGC\s0, \fISSL_accept()\fR may return with \-1, but -\&\fISSL_get_error()\fR will yield \fB\s-1SSL_ERROR_WANT_READ/WRITE\s0\fR and \fISSL_accept()\fR -should be called again. -.PP -If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_accept()\fR will also return -when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_accept()\fR -to continue the handshake. In this case a call to \fISSL_get_error()\fR with the -return value of \fISSL_accept()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or -\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after -taking appropriate action to satisfy the needs of \fISSL_accept()\fR. -The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket, -nothing is to be done, but \fIselect()\fR can be used to check for the required -condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written -into or retrieved out of the \s-1BIO\s0 before being able to continue. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.Ip "1" 4 -.IX Item "1" -The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been -established. -.Ip "0" 4 -The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and -by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fISSL_get_error()\fR with the -return value \fBret\fR to find out the reason. -.Ip "<0" 4 -.IX Item "<0" -The \s-1TLS/SSL\s0 handshake was not successful because a fatal error occurred either -at the protocol level or a connection failure occurred. The shutdown was -not clean. It can also occur of action is need to continue the operation -for non-blocking BIOs. Call \fISSL_get_error()\fR with the return value \fBret\fR -to find out the reason. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -SSL_get_error(3), SSL_connect(3), -SSL_shutdown(3), ssl(3), bio(3), -SSL_set_connect_state(3), -SSL_do_handshake(3), -SSL_CTX_new(3) diff --git a/secure/lib/libcrypto/man/SSL_alert_type_string.3 b/secure/lib/libcrypto/man/SSL_alert_type_string.3 deleted file mode 100644 index 32a8b3bf34dc..000000000000 --- a/secure/lib/libcrypto/man/SSL_alert_type_string.3 +++ /dev/null @@ -1,360 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:35 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_alert_type_string 3" -.TH SSL_alert_type_string 3 "0.9.6e" "2002-01-26" "OpenSSL" -.UC -.SH "NAME" -SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_alert_desc_string_long \- get textual description of alert information -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 2 -\& char *SSL_alert_type_string(int value); -\& char *SSL_alert_type_string_long(int value); -.Ve -.Vb 2 -\& char *SSL_alert_desc_string(int value); -\& char *SSL_alert_desc_string_long(int value); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_alert_type_string()\fR returns a one letter string indicating the -type of the alert specified by \fBvalue\fR. -.PP -\&\fISSL_alert_type_string_long()\fR returns a string indicating the type of the alert -specified by \fBvalue\fR. -.PP -\&\fISSL_alert_desc_string()\fR returns a two letter string as a short form -describing the reason of the alert specified by \fBvalue\fR. -.PP -\&\fISSL_alert_desc_string_long()\fR returns a string describing the reason -of the alert specified by \fBvalue\fR. -.SH "NOTES" -.IX Header "NOTES" -When one side of an \s-1SSL/TLS\s0 communication wants to inform the peer about -a special situation, it sends an alert. The alert is sent as a special message -and does not influence the normal data stream (unless its contents results -in the communication being canceled). -.PP -A warning alert is sent, when a non-fatal error condition occurs. The -\&\*(L"close notify\*(R" alert is sent as a warning alert. Other examples for -non-fatal errors are certificate errors (\*(L"certificate expired\*(R", -\&\*(L"unsupported certificate\*(R"), for which a warning alert may be sent. -(The sending party may however decide to send a fatal error.) The -receiving side may cancel the connection on reception of a warning -alert on it discretion. -.PP -Several alert messages must be sent as fatal alert messages as specified -by the \s-1TLS\s0 \s-1RFC\s0. A fatal alert always leads to a connection abort. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following strings can occur for \fISSL_alert_type_string()\fR or -\&\fISSL_alert_type_string_long()\fR: -.if n .Ip """""W""""/""""warning""""" 4 -.el .Ip "``W''/``warning''" 4 -.IX Item ""W/warning" -.PD 0 -.if n .Ip """""F""""/""""fatal""""" 4 -.el .Ip "``F''/``fatal''" 4 -.IX Item ""F/fatal" -.if n .Ip """""U""""/""""unknown""""" 4 -.el .Ip "``U''/``unknown''" 4 -.IX Item ""U/unknown" -.PD -This indicates that no support is available for this alert type. -Probably \fBvalue\fR does not contain a correct alert message. -.PP -The following strings can occur for \fISSL_alert_desc_string()\fR or -\&\fISSL_alert_desc_string_long()\fR: -.if n .Ip """""\s-1CN\s0""""/""""close notify""""" 4 -.el .Ip "``\s-1CN\s0''/``close notify''" 4 -.IX Item ""CN/close notify" -The connection shall be closed. This is a warning alert. -.if n .Ip """""\s-1UM\s0""""/""""unexpected message""""" 4 -.el .Ip "``\s-1UM\s0''/``unexpected message''" 4 -.IX Item ""UM/unexpected message" -An inappropriate message was received. This alert is always fatal -and should never be observed in communication between proper -implementations. -.if n .Ip """""\s-1BM\s0""""/""""bad record mac""""" 4 -.el .Ip "``\s-1BM\s0''/``bad record mac''" 4 -.IX Item ""BM/bad record mac" -This alert is returned if a record is received with an incorrect -\&\s-1MAC\s0. This message is always fatal. -.if n .Ip """""\s-1DF\s0""""/""""decompression failure""""" 4 -.el .Ip "``\s-1DF\s0''/``decompression failure''" 4 -.IX Item ""DF/decompression failure" -The decompression function received improper input (e.g. data -that would expand to excessive length). This message is always -fatal. -.if n .Ip """""\s-1HF\s0""""/""""handshake failure""""" 4 -.el .Ip "``\s-1HF\s0''/``handshake failure''" 4 -.IX Item ""HF/handshake failure" -Reception of a handshake_failure alert message indicates that the -sender was unable to negotiate an acceptable set of security -parameters given the options available. This is a fatal error. -.if n .Ip """""\s-1NC\s0""""/""""no certificate""""" 4 -.el .Ip "``\s-1NC\s0''/``no certificate''" 4 -.IX Item ""NC/no certificate" -A client, that was asked to send a certificate, does not send a certificate -(SSLv3 only). -.if n .Ip """""\s-1BC\s0""""/""""bad certificate""""" 4 -.el .Ip "``\s-1BC\s0''/``bad certificate''" 4 -.IX Item ""BC/bad certificate" -A certificate was corrupt, contained signatures that did not -verify correctly, etc -.if n .Ip """""\s-1UC\s0""""/""""unsupported certificate""""" 4 -.el .Ip "``\s-1UC\s0''/``unsupported certificate''" 4 -.IX Item ""UC/unsupported certificate" -A certificate was of an unsupported type. -.if n .Ip """""\s-1CR\s0""""/""""certificate revoked""""" 4 -.el .Ip "``\s-1CR\s0''/``certificate revoked''" 4 -.IX Item ""CR/certificate revoked" -A certificate was revoked by its signer. -.if n .Ip """""\s-1CE\s0""""/""""certificate expired""""" 4 -.el .Ip "``\s-1CE\s0''/``certificate expired''" 4 -.IX Item ""CE/certificate expired" -A certificate has expired or is not currently valid. -.if n .Ip """""\s-1CU\s0""""/""""certificate unknown""""" 4 -.el .Ip "``\s-1CU\s0''/``certificate unknown''" 4 -.IX Item ""CU/certificate unknown" -Some other (unspecified) issue arose in processing the -certificate, rendering it unacceptable. -.if n .Ip """""\s-1IP\s0""""/""""illegal parameter""""" 4 -.el .Ip "``\s-1IP\s0''/``illegal parameter''" 4 -.IX Item ""IP/illegal parameter" -A field in the handshake was out of range or inconsistent with -other fields. This is always fatal. -.if n .Ip """""\s-1DC\s0""""/""""decryption failed""""" 4 -.el .Ip "``\s-1DC\s0''/``decryption failed''" 4 -.IX Item ""DC/decryption failed" -A TLSCiphertext decrypted in an invalid way: either it wasn't an -even multiple of the block length or its padding values, when -checked, weren't correct. This message is always fatal. -.if n .Ip """""\s-1RO\s0""""/""""record overflow""""" 4 -.el .Ip "``\s-1RO\s0''/``record overflow''" 4 -.IX Item ""RO/record overflow" -A TLSCiphertext record was received which had a length more than -2^14+2048 bytes, or a record decrypted to a TLSCompressed record -with more than 2^14+1024 bytes. This message is always fatal. -.if n .Ip """""\s-1CA\s0""""/""""unknown \s-1CA\s0""""" 4 -.el .Ip "``\s-1CA\s0''/``unknown \s-1CA\s0''" 4 -.IX Item ""CA/unknown CA" -A valid certificate chain or partial chain was received, but the -certificate was not accepted because the \s-1CA\s0 certificate could not -be located or couldn't be matched with a known, trusted \s-1CA\s0. This -message is always fatal. -.if n .Ip """""\s-1AD\s0""""/""""access denied""""" 4 -.el .Ip "``\s-1AD\s0''/``access denied''" 4 -.IX Item ""AD/access denied" -A valid certificate was received, but when access control was -applied, the sender decided not to proceed with negotiation. -This message is always fatal. -.if n .Ip """""\s-1DE\s0""""/""""decode error""""" 4 -.el .Ip "``\s-1DE\s0''/``decode error''" 4 -.IX Item ""DE/decode error" -A message could not be decoded because some field was out of the -specified range or the length of the message was incorrect. This -message is always fatal. -.if n .Ip """""\s-1CY\s0""""/""""decrypt error""""" 4 -.el .Ip "``\s-1CY\s0''/``decrypt error''" 4 -.IX Item ""CY/decrypt error" -A handshake cryptographic operation failed, including being -unable to correctly verify a signature, decrypt a key exchange, -or validate a finished message. -.if n .Ip """""\s-1ER\s0""""/""""export restriction""""" 4 -.el .Ip "``\s-1ER\s0''/``export restriction''" 4 -.IX Item ""ER/export restriction" -A negotiation not in compliance with export restrictions was -detected; for example, attempting to transfer a 1024 bit -ephemeral \s-1RSA\s0 key for the \s-1RSA_EXPORT\s0 handshake method. This -message is always fatal. -.if n .Ip """""\s-1PV\s0""""/""""protocol version""""" 4 -.el .Ip "``\s-1PV\s0''/``protocol version''" 4 -.IX Item ""PV/protocol version" -The protocol version the client has attempted to negotiate is -recognized, but not supported. (For example, old protocol -versions might be avoided for security reasons). This message is -always fatal. -.if n .Ip """""\s-1IS\s0""""/""""insufficient security""""" 4 -.el .Ip "``\s-1IS\s0''/``insufficient security''" 4 -.IX Item ""IS/insufficient security" -Returned instead of handshake_failure when a negotiation has -failed specifically because the server requires ciphers more -secure than those supported by the client. This message is always -fatal. -.if n .Ip """""\s-1IE\s0""""/""""internal error""""" 4 -.el .Ip "``\s-1IE\s0''/``internal error''" 4 -.IX Item ""IE/internal error" -An internal error unrelated to the peer or the correctness of the -protocol makes it impossible to continue (such as a memory -allocation failure). This message is always fatal. -.if n .Ip """""\s-1US\s0""""/""""user canceled""""" 4 -.el .Ip "``\s-1US\s0''/``user canceled''" 4 -.IX Item ""US/user canceled" -This handshake is being canceled for some reason unrelated to a -protocol failure. If the user cancels an operation after the -handshake is complete, just closing the connection by sending a -close_notify is more appropriate. This alert should be followed -by a close_notify. This message is generally a warning. -.if n .Ip """""\s-1NR\s0""""/""""no renegotiation""""" 4 -.el .Ip "``\s-1NR\s0''/``no renegotiation''" 4 -.IX Item ""NR/no renegotiation" -Sent by the client in response to a hello request or by the -server in response to a client hello after initial handshaking. -Either of these would normally lead to renegotiation; when that -is not appropriate, the recipient should respond with this alert; -at that point, the original requester can decide whether to -proceed with the connection. One case where this would be -appropriate would be where a server has spawned a process to -satisfy a request; the process might receive security parameters -(key length, authentication, etc.) at startup and it might be -difficult to communicate changes to these parameters after that -point. This message is always a warning. -.if n .Ip """""\s-1UK\s0""""/""""unknown""""" 4 -.el .Ip "``\s-1UK\s0''/``unknown''" 4 -.IX Item ""UK/unknown" -This indicates that no description is available for this alert type. -Probably \fBvalue\fR does not contain a correct alert message. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3), SSL_CTX_set_info_callback(3) diff --git a/secure/lib/libcrypto/man/SSL_clear.3 b/secure/lib/libcrypto/man/SSL_clear.3 deleted file mode 100644 index 6f7bb61d13a2..000000000000 --- a/secure/lib/libcrypto/man/SSL_clear.3 +++ /dev/null @@ -1,197 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:36 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_clear 3" -.TH SSL_clear 3 "0.9.6e" "2002-07-30" "OpenSSL" -.UC -.SH "NAME" -SSL_clear \- reset \s-1SSL\s0 object to allow another connection -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 1 -\& int SSL_clear(SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -Reset \fBssl\fR to allow another connection. All settings (method, ciphers, -BIOs) are kept. -.SH "NOTES" -.IX Header "NOTES" -SSL_clear is used to prepare an \s-1SSL\s0 object for a new connection. While all -settings are kept, a side effect is the handling of the current \s-1SSL\s0 session. -If a session is still \fBopen\fR, it is considered bad and will be removed -from the session cache, as required by \s-1RFC2246\s0. A session is considered open, -if SSL_shutdown(3) was not called for the connection -or at least SSL_set_shutdown(3) was used to -set the \s-1SSL_SENT_SHUTDOWN\s0 state. -.PP -If a session was closed cleanly, the session object will be kept and all -settings corresponding. This explicitly means, that e.g. the special method -used during the session will be kept for the next handshake. So if the -session was a TLSv1 session, a \s-1SSL\s0 client object will use a TLSv1 client -method for the next handshake and a \s-1SSL\s0 server object will use a TLSv1 -server method, even if SSLv23_*_methods were chosen on startup. This -will might lead to connection failures (see SSL_new(3)) -for a description of the method's properties. -.SH "WARNINGS" -.IX Header "WARNINGS" -\&\fISSL_clear()\fR resets the \s-1SSL\s0 object to allow for another connection. The -reset operation however keeps several settings of the last sessions -(some of these settings were made automatically during the last -handshake). It only makes sense when opening a new session (or reusing -an old one) with the same peer that shares these settings. -\&\fISSL_clear()\fR is not a short form for the sequence -SSL_free(3); SSL_new(3); . -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.Ip "0" 4 -The \fISSL_clear()\fR operation could not be performed. Check the error stack to -find out the reason. -.Ip "1" 4 -.IX Item "1" -The \fISSL_clear()\fR operation was successful. -.PP -SSL_new(3), SSL_free(3), -SSL_shutdown(3), SSL_set_shutdown(3), -SSL_CTX_set_options(3), ssl(3), -SSL_CTX_set_client_cert_cb(3) diff --git a/secure/lib/libcrypto/man/SSL_connect.3 b/secure/lib/libcrypto/man/SSL_connect.3 deleted file mode 100644 index ad19131367da..000000000000 --- a/secure/lib/libcrypto/man/SSL_connect.3 +++ /dev/null @@ -1,199 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:36 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_connect 3" -.TH SSL_connect 3 "0.9.6e" "2002-07-30" "OpenSSL" -.UC -.SH "NAME" -SSL_connect \- initiate the \s-1TLS/SSL\s0 handshake with an \s-1TLS/SSL\s0 server -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 1 -\& int SSL_connect(SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_connect()\fR initiates the \s-1TLS/SSL\s0 handshake with a server. The communication -channel must already have been set and assigned to the \fBssl\fR by setting an -underlying \fB\s-1BIO\s0\fR. -.SH "NOTES" -.IX Header "NOTES" -The behaviour of \fISSL_connect()\fR depends on the underlying \s-1BIO\s0. -.PP -If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_connect()\fR will only return once the -handshake has been finished or an error occurred. -.PP -If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_connect()\fR will also return -when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_connect()\fR -to continue the handshake. In this case a call to \fISSL_get_error()\fR with the -return value of \fISSL_connect()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or -\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after -taking appropriate action to satisfy the needs of \fISSL_connect()\fR. -The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket, -nothing is to be done, but \fIselect()\fR can be used to check for the required -condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written -into or retrieved out of the \s-1BIO\s0 before being able to continue. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.Ip "1" 4 -.IX Item "1" -The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been -established. -.Ip "0" 4 -The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and -by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fISSL_get_error()\fR with the -return value \fBret\fR to find out the reason. -.Ip "<0" 4 -.IX Item "<0" -The \s-1TLS/SSL\s0 handshake was not successful, because a fatal error occurred either -at the protocol level or a connection failure occurred. The shutdown was -not clean. It can also occur of action is need to continue the operation -for non-blocking BIOs. Call \fISSL_get_error()\fR with the return value \fBret\fR -to find out the reason. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -SSL_get_error(3), SSL_accept(3), -SSL_shutdown(3), ssl(3), bio(3), -SSL_set_connect_state(3), -SSL_do_handshake(3), -SSL_CTX_new(3) diff --git a/secure/lib/libcrypto/man/SSL_do_handshake.3 b/secure/lib/libcrypto/man/SSL_do_handshake.3 deleted file mode 100644 index 0214192868be..000000000000 --- a/secure/lib/libcrypto/man/SSL_do_handshake.3 +++ /dev/null @@ -1,202 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:37 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_do_handshake 3" -.TH SSL_do_handshake 3 "0.9.6e" "2002-07-30" "OpenSSL" -.UC -.SH "NAME" -SSL_do_handshake \- perform a \s-1TLS/SSL\s0 handshake -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 1 -\& int SSL_do_handshake(SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_do_handshake()\fR will wait for a \s-1SSL/TLS\s0 handshake to take place. If the -connection is in client mode, the handshake will be started. The handshake -routines may have to be explicitly set in advance using either -SSL_set_connect_state(3) or -SSL_set_accept_state(3). -.SH "NOTES" -.IX Header "NOTES" -The behaviour of \fISSL_do_handshake()\fR depends on the underlying \s-1BIO\s0. -.PP -If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_do_handshake()\fR will only return -once the handshake has been finished or an error occurred, except for \s-1SGC\s0 -(Server Gated Cryptography). For \s-1SGC\s0, \fISSL_do_handshake()\fR may return with \-1, -but \fISSL_get_error()\fR will yield \fB\s-1SSL_ERROR_WANT_READ/WRITE\s0\fR and -\&\fISSL_do_handshake()\fR should be called again. -.PP -If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_do_handshake()\fR will also return -when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_do_handshake()\fR -to continue the handshake. In this case a call to \fISSL_get_error()\fR with the -return value of \fISSL_do_handshake()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or -\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after -taking appropriate action to satisfy the needs of \fISSL_do_handshake()\fR. -The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket, -nothing is to be done, but \fIselect()\fR can be used to check for the required -condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written -into or retrieved out of the \s-1BIO\s0 before being able to continue. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.Ip "1" 4 -.IX Item "1" -The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been -established. -.Ip "0" 4 -The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and -by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fISSL_get_error()\fR with the -return value \fBret\fR to find out the reason. -.Ip "<0" 4 -.IX Item "<0" -The \s-1TLS/SSL\s0 handshake was not successful because a fatal error occurred either -at the protocol level or a connection failure occurred. The shutdown was -not clean. It can also occur of action is need to continue the operation -for non-blocking BIOs. Call \fISSL_get_error()\fR with the return value \fBret\fR -to find out the reason. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -SSL_get_error(3), SSL_connect(3), -SSL_accept(3), ssl(3), bio(3), -SSL_set_connect_state(3) diff --git a/secure/lib/libcrypto/man/SSL_free.3 b/secure/lib/libcrypto/man/SSL_free.3 deleted file mode 100644 index c905cfd428eb..000000000000 --- a/secure/lib/libcrypto/man/SSL_free.3 +++ /dev/null @@ -1,180 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:38 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_free 3" -.TH SSL_free 3 "0.9.6e" "2001-05-19" "OpenSSL" -.UC -.SH "NAME" -SSL_free \- free an allocated \s-1SSL\s0 structure -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 1 -\& void SSL_free(SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_free()\fR decrements the reference count of \fBssl\fR, and removes the \s-1SSL\s0 -structure pointed to by \fBssl\fR and frees up the allocated memory if the -the reference count has reached 0. -.SH "NOTES" -.IX Header "NOTES" -\&\fISSL_free()\fR also calls the \fIfree()\fRing procedures for indirectly affected items, if -applicable: the buffering \s-1BIO\s0, the read and write BIOs, -cipher lists specially created for this \fBssl\fR, the \fB\s-1SSL_SESSION\s0\fR. -Do not explicitly free these indirectly freed up items before or after -calling \fISSL_free()\fR, as trying to free things twice may lead to program -failure. -.PP -The ssl session has reference counts from two users: the \s-1SSL\s0 object, for -which the reference count is removed by \fISSL_free()\fR and the internal -session cache. If the session is considered bad, because -SSL_shutdown(3) was not called for the connection -and SSL_set_shutdown(3) was not used to set the -\&\s-1SSL_SENT_SHUTDOWN\s0 state, the session will also be removed -from the session cache as required by \s-1RFC2246\s0. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fISSL_free()\fR does not provide diagnostic information. -.PP -SSL_new(3), SSL_clear(3), -SSL_shutdown(3), SSL_set_shutdown(3), -ssl(3) diff --git a/secure/lib/libcrypto/man/SSL_get_client_CA_list.3 b/secure/lib/libcrypto/man/SSL_get_client_CA_list.3 deleted file mode 100644 index f0f8af03d177..000000000000 --- a/secure/lib/libcrypto/man/SSL_get_client_CA_list.3 +++ /dev/null @@ -1,183 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:39 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_get_client_CA_list 3" -.TH SSL_get_client_CA_list 3 "0.9.6e" "2002-07-30" "OpenSSL" -.UC -.SH "NAME" -SSL_get_client_CA_list, SSL_CTX_get_client_CA_list \- get list of client CAs -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 2 -\& STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s); -\& STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_CTX_get_client_CA_list()\fR returns the list of client CAs explicitly set for -\&\fBctx\fR using SSL_CTX_set_client_CA_list(3). -.PP -\&\fISSL_get_client_CA_list()\fR returns the list of client CAs explicitly -set for \fBssl\fR using \fISSL_set_client_CA_list()\fR or \fBssl\fR's \s-1SSL_CTX\s0 object with -SSL_CTX_set_client_CA_list(3), when in -server mode. In client mode, SSL_get_client_CA_list returns the list of -client CAs sent from the server, if any. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fISSL_CTX_set_client_CA_list()\fR and \fISSL_set_client_CA_list()\fR do not return -diagnostic information. -.PP -\&\fISSL_CTX_add_client_CA()\fR and \fISSL_add_client_CA()\fR have the following return -values: -.Ip "STACK_OF(X509_NAMES)" 4 -.IX Item "STACK_OF(X509_NAMES)" -List of \s-1CA\s0 names explicitly set (for \fBctx\fR or in server mode) or send -by the server (client mode). -.Ip "\s-1NULL\s0" 4 -.IX Item "NULL" -No client \s-1CA\s0 list was explicitly set (for \fBctx\fR or in server mode) or -the server did not send a list of CAs (client mode). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3), -SSL_CTX_set_client_CA_list(3), -SSL_CTX_set_client_cert_cb(3) diff --git a/secure/lib/libcrypto/man/SSL_get_current_cipher.3 b/secure/lib/libcrypto/man/SSL_get_current_cipher.3 deleted file mode 100644 index 4d5bca4f6502..000000000000 --- a/secure/lib/libcrypto/man/SSL_get_current_cipher.3 +++ /dev/null @@ -1,179 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:40 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_get_current_cipher 3" -.TH SSL_get_current_cipher 3 "0.9.6e" "2000-11-12" "OpenSSL" -.UC -.SH "NAME" -SSL_get_current_cipher, SSL_get_cipher, SSL_get_cipher_name, -SSL_get_cipher_bits, SSL_get_cipher_version \- get \s-1SSL_CIPHER\s0 of a connection -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 9 -\& SSL_CIPHER *SSL_get_current_cipher(SSL *ssl); -\& #define SSL_get_cipher(s) \e -\& SSL_CIPHER_get_name(SSL_get_current_cipher(s)) -\& #define SSL_get_cipher_name(s) \e -\& SSL_CIPHER_get_name(SSL_get_current_cipher(s)) -\& #define SSL_get_cipher_bits(s,np) \e -\& SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) -\& #define SSL_get_cipher_version(s) \e -\& SSL_CIPHER_get_version(SSL_get_current_cipher(s)) -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_get_current_cipher()\fR returns a pointer to an \s-1SSL_CIPHER\s0 object containing -the description of the actually used cipher of a connection established with -the \fBssl\fR object. -.PP -\&\fISSL_get_cipher()\fR and \fISSL_get_cipher_name()\fR are identical macros to obtain the -name of the currently used cipher. \fISSL_get_cipher_bits()\fR is a -macro to obtain the number of secret/algorithm bits used and -\&\fISSL_get_cipher_version()\fR returns the protocol name. -See SSL_CIPHER_get_name(3) for more details. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fISSL_get_current_cipher()\fR returns the cipher actually used or \s-1NULL\s0, when -no session has been established. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3), SSL_CIPHER_get_name(3) diff --git a/secure/lib/libcrypto/man/SSL_get_error.3 b/secure/lib/libcrypto/man/SSL_get_error.3 deleted file mode 100644 index c5d74cc31994..000000000000 --- a/secure/lib/libcrypto/man/SSL_get_error.3 +++ /dev/null @@ -1,238 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:41 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_get_error 3" -.TH SSL_get_error 3 "0.9.6e" "2002-07-30" "OpenSSL" -.UC -.SH "NAME" -SSL_get_error \- obtain result code for \s-1TLS/SSL\s0 I/O operation -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 1 -\& int SSL_get_error(SSL *ssl, int ret); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_get_error()\fR returns a result code (suitable for the C \*(L"switch\*(R" -statement) for a preceding call to \fISSL_connect()\fR, \fISSL_accept()\fR, \fISSL_do_handshake()\fR, -\&\fISSL_read()\fR, \fISSL_peek()\fR, or \fISSL_write()\fR on \fBssl\fR. The value returned by -that \s-1TLS/SSL\s0 I/O function must be passed to \fISSL_get_error()\fR in parameter -\&\fBret\fR. -.PP -In addition to \fBssl\fR and \fBret\fR, \fISSL_get_error()\fR inspects the -current thread's OpenSSL error queue. Thus, \fISSL_get_error()\fR must be -used in the same thread that performed the \s-1TLS/SSL\s0 I/O operation, and no -other OpenSSL function calls should appear in between. The current -thread's error queue must be empty before the \s-1TLS/SSL\s0 I/O operation is -attempted, or \fISSL_get_error()\fR will not work reliably. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can currently occur: -.Ip "\s-1SSL_ERROR_NONE\s0" 4 -.IX Item "SSL_ERROR_NONE" -The \s-1TLS/SSL\s0 I/O operation completed. This result code is returned -if and only if \fBret > 0\fR. -.Ip "\s-1SSL_ERROR_ZERO_RETURN\s0" 4 -.IX Item "SSL_ERROR_ZERO_RETURN" -The \s-1TLS/SSL\s0 connection has been closed. If the protocol version is \s-1SSL\s0 3.0 -or \s-1TLS\s0 1.0, this result code is returned only if a closure -alert has occurred in the protocol, i.e. if the connection has been -closed cleanly. Note that in this case \fB\s-1SSL_ERROR_ZERO_RETURN\s0\fR -does not necessarily indicate that the underlying transport -has been closed. -.Ip "\s-1SSL_ERROR_WANT_READ\s0, \s-1SSL_ERROR_WANT_WRITE\s0" 4 -.IX Item "SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE" -The operation did not complete; the same \s-1TLS/SSL\s0 I/O function should be -called again later. If, by then, the underlying \fB\s-1BIO\s0\fR has data -available for reading (if the result code is \fB\s-1SSL_ERROR_WANT_READ\s0\fR) -or allows writing data (\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR), then some \s-1TLS/SSL\s0 -protocol progress will take place, i.e. at least part of an \s-1TLS/SSL\s0 -record will be read or written. Note that the retry may again lead to -a \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR condition. -There is no fixed upper limit for the number of iterations that -may be necessary until progress becomes visible at application -protocol level. -.Sp -For socket \fB\s-1BIO\s0\fRs (e.g. when \fISSL_set_fd()\fR was used), \fIselect()\fR or -\&\fIpoll()\fR on the underlying socket can be used to find out when the -\&\s-1TLS/SSL\s0 I/O function should be retried. -.Sp -Caveat: Any \s-1TLS/SSL\s0 I/O function can lead to either of -\&\fB\s-1SSL_ERROR_WANT_READ\s0\fR and \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. In particular, -\&\fISSL_read()\fR or \fISSL_peek()\fR may want to write data and \fISSL_write()\fR may want -to read data. This is mainly because \s-1TLS/SSL\s0 handshakes may occur at any -time during the protocol (initiated by either the client or the server); -\&\fISSL_read()\fR, \fISSL_peek()\fR, and \fISSL_write()\fR will handle any pending handshakes. -.Ip "\s-1SSL_ERROR_WANT_CONNECT\s0, \s-1SSL_ERROR_WANT_ACCEPT\s0" 4 -.IX Item "SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT" -The operation did not complete; the same \s-1TLS/SSL\s0 I/O function should be -called again later. The underlying \s-1BIO\s0 was not connected yet to the peer -and the call would block in \fIconnect()\fR/\fIaccept()\fR. The \s-1SSL\s0 function should be -called again when the connection is established. These messages can only -appear with a \fIBIO_s_connect()\fR or \fIBIO_s_accept()\fR \s-1BIO\s0, respectively. -In order to find out, when the connection has been successfully established, -on many platforms \fIselect()\fR or \fIpoll()\fR for writing on the socket file descriptor -can be used. -.Ip "\s-1SSL_ERROR_WANT_X509_LOOKUP\s0" 4 -.IX Item "SSL_ERROR_WANT_X509_LOOKUP" -The operation did not complete because an application callback set by -\&\fISSL_CTX_set_client_cert_cb()\fR has asked to be called again. -The \s-1TLS/SSL\s0 I/O function should be called again later. -Details depend on the application. -.Ip "\s-1SSL_ERROR_SYSCALL\s0" 4 -.IX Item "SSL_ERROR_SYSCALL" -Some I/O error occurred. The OpenSSL error queue may contain more -information on the error. If the error queue is empty -(i.e. \fIERR_get_error()\fR returns 0), \fBret\fR can be used to find out more -about the error: If \fBret == 0\fR, an \s-1EOF\s0 was observed that violates -the protocol. If \fBret == \-1\fR, the underlying \fB\s-1BIO\s0\fR reported an -I/O error (for socket I/O on Unix systems, consult \fBerrno\fR for details). -.Ip "\s-1SSL_ERROR_SSL\s0" 4 -.IX Item "SSL_ERROR_SSL" -A failure in the \s-1SSL\s0 library occurred, usually a protocol error. The -OpenSSL error queue contains more information on the error. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3), err(3) -.SH "HISTORY" -.IX Header "HISTORY" -\&\fISSL_get_error()\fR was added in SSLeay 0.8. diff --git a/secure/lib/libcrypto/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 b/secure/lib/libcrypto/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 deleted file mode 100644 index ef03a576cc44..000000000000 --- a/secure/lib/libcrypto/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 +++ /dev/null @@ -1,190 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:42 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_get_ex_data_X509_STORE_CTX_idx 3" -.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "0.9.6e" "2001-02-17" "OpenSSL" -.UC -.SH "NAME" -SSL_get_ex_data_X509_STORE_CTX_idx \- get ex_data index to access \s-1SSL\s0 structure -from X509_STORE_CTX -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 1 -\& int SSL_get_ex_data_X509_STORE_CTX_idx(void); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_get_ex_data_X509_STORE_CTX_idx()\fR returns the index number under which -the pointer to the \s-1SSL\s0 object is stored into the X509_STORE_CTX object. -.SH "NOTES" -.IX Header "NOTES" -Whenever a X509_STORE_CTX object is created for the verification of the -peers certificate during a handshake, a pointer to the \s-1SSL\s0 object is -stored into the X509_STORE_CTX object to identify the connection affected. -To retrieve this pointer the \fIX509_STORE_CTX_get_ex_data()\fR function can -be used with the correct index. This index is globally the same for all -X509_STORE_CTX objects and can be retrieved using -\&\fISSL_get_ex_data_X509_STORE_CTX_idx()\fR. The index value is set when -\&\fISSL_get_ex_data_X509_STORE_CTX_idx()\fR is first called either by the application -program directly or indirectly during other \s-1SSL\s0 setup functions or during -the handshake. -.PP -The value depends on other index values defined for X509_STORE_CTX objects -before the \s-1SSL\s0 index is created. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -.Ip ">=0" 4 -.IX Item ">=0" -The index value to access the pointer. -.Ip "<0" 4 -.IX Item "<0" -An error occurred, check the error stack for a detailed error message. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -The index returned from \fISSL_get_ex_data_X509_STORE_CTX_idx()\fR allows to -access the \s-1SSL\s0 object for the connection to be accessed during the -\&\fIverify_callback()\fR when checking the peers certificate. Please check -the example in SSL_CTX_set_verify(3), -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3), SSL_CTX_set_verify(3), -CRYPTO_set_ex_data(3) diff --git a/secure/lib/libcrypto/man/SSL_get_ex_new_index.3 b/secure/lib/libcrypto/man/SSL_get_ex_new_index.3 deleted file mode 100644 index 09afa617a51b..000000000000 --- a/secure/lib/libcrypto/man/SSL_get_ex_new_index.3 +++ /dev/null @@ -1,198 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:42 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_get_ex_new_index 3" -.TH SSL_get_ex_new_index 3 "0.9.6e" "2001-07-19" "OpenSSL" -.UC -.SH "NAME" -SSL_get_ex_new_index, SSL_set_ex_data, SSL_get_ex_data \- internal application specific data functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 4 -\& int SSL_get_ex_new_index(long argl, void *argp, -\& CRYPTO_EX_new *new_func, -\& CRYPTO_EX_dup *dup_func, -\& CRYPTO_EX_free *free_func); -.Ve -.Vb 1 -\& int SSL_set_ex_data(SSL *ssl, int idx, void *arg); -.Ve -.Vb 1 -\& void *SSL_get_ex_data(SSL *ssl, int idx); -.Ve -.Vb 6 -\& typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, -\& int idx, long argl, void *argp); -\& typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, -\& int idx, long argl, void *argp); -\& typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, -\& int idx, long argl, void *argp); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -Several OpenSSL structures can have application specific data attached to them. -These functions are used internally by OpenSSL to manipulate application -specific data attached to a specific structure. -.PP -\&\fISSL_get_ex_new_index()\fR is used to register a new index for application -specific data. -.PP -\&\fISSL_set_ex_data()\fR is used to store application data at \fBarg\fR for \fBidx\fR into -the \fBssl\fR object. -.PP -\&\fISSL_get_ex_data()\fR is used to retrieve the information for \fBidx\fR from -\&\fBssl\fR. -.PP -A detailed description for the \fB*\f(BI_get_ex_new_index()\fB\fR functionality -can be found in RSA_get_ex_new_index(3). -The \fB*\f(BI_get_ex_data()\fB\fR and \fB*\f(BI_set_ex_data()\fB\fR functionality is described in -CRYPTO_set_ex_data(3). -.SH "EXAMPLES" -.IX Header "EXAMPLES" -An example on how to use the functionality is included in the example -\&\fIverify_callback()\fR in SSL_CTX_set_verify(3). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3), -RSA_get_ex_new_index(3), -CRYPTO_set_ex_data(3), -SSL_CTX_set_verify(3) diff --git a/secure/lib/libcrypto/man/SSL_get_fd.3 b/secure/lib/libcrypto/man/SSL_get_fd.3 deleted file mode 100644 index 4d077fe9cd9f..000000000000 --- a/secure/lib/libcrypto/man/SSL_get_fd.3 +++ /dev/null @@ -1,174 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:43 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_get_fd 3" -.TH SSL_get_fd 3 "0.9.6e" "2000-11-12" "OpenSSL" -.UC -.SH "NAME" -SSL_get_fd \- get file descriptor linked to an \s-1SSL\s0 object -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 3 -\& int SSL_get_fd(SSL *ssl); -\& int SSL_get_rfd(SSL *ssl); -\& int SSL_get_wfd(SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_get_fd()\fR returns the file descriptor which is linked to \fBssl\fR. -\&\fISSL_get_rfd()\fR and \fISSL_get_wfd()\fR return the file descriptors for the -read or the write channel, which can be different. If the read and the -write channel are different, \fISSL_get_fd()\fR will return the file descriptor -of the read channel. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.Ip "\-1" 4 -.IX Item "-1" -The operation failed, because the underlying \s-1BIO\s0 is not of the correct type -(suitable for file descriptors). -.Ip ">=0" 4 -.IX Item ">=0" -The file descriptor linked to \fBssl\fR. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -SSL_set_fd(3), ssl(3) , bio(3) diff --git a/secure/lib/libcrypto/man/SSL_get_peer_certificate.3 b/secure/lib/libcrypto/man/SSL_get_peer_certificate.3 deleted file mode 100644 index 49acf8b6a015..000000000000 --- a/secure/lib/libcrypto/man/SSL_get_peer_certificate.3 +++ /dev/null @@ -1,184 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:44 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_get_peer_certificate 3" -.TH SSL_get_peer_certificate 3 "0.9.6e" "2002-01-26" "OpenSSL" -.UC -.SH "NAME" -SSL_get_peer_certificate \- get the X509 certificate of the peer -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 1 -\& X509 *SSL_get_peer_certificate(SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_get_peer_certificate()\fR returns a pointer to the X509 certificate the -peer presented. If the peer did not present a certificate, \s-1NULL\s0 is returned. -.SH "NOTES" -.IX Header "NOTES" -Due to the protocol definition, a \s-1TLS/SSL\s0 server will always send a -certificate, if present. A client will only send a certificate when -explicitly requested to do so by the server (see -SSL_CTX_set_verify(3)). If an anonymous cipher -is used, no certificates are sent. -.PP -That a certificate is returned does not indicate information about the -verification state, use SSL_get_verify_result(3) -to check the verification state. -.PP -The reference count of the X509 object is incremented by one, so that it -will not be destroyed when the session containing the peer certificate is -freed. The X509 object must be explicitly freed using \fIX509_free()\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.Ip "\s-1NULL\s0" 4 -.IX Item "NULL" -No certificate was presented by the peer or no connection was established. -.Ip "Pointer to an X509 certificate" 4 -.IX Item "Pointer to an X509 certificate" -The return value points to the certificate presented by the peer. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3), SSL_get_verify_result(3), -SSL_CTX_set_verify(3) diff --git a/secure/lib/libcrypto/man/SSL_get_session.3 b/secure/lib/libcrypto/man/SSL_get_session.3 deleted file mode 100644 index bcfd33bdc7c2..000000000000 --- a/secure/lib/libcrypto/man/SSL_get_session.3 +++ /dev/null @@ -1,202 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:45 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_get_session 3" -.TH SSL_get_session 3 "0.9.6e" "2002-01-26" "OpenSSL" -.UC -.SH "NAME" -SSL_get_session \- retrieve \s-1TLS/SSL\s0 session data -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 3 -\& SSL_SESSION *SSL_get_session(SSL *ssl); -\& SSL_SESSION *SSL_get0_session(SSL *ssl); -\& SSL_SESSION *SSL_get1_session(SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_get_session()\fR returns a pointer to the \fB\s-1SSL_SESSION\s0\fR actually used in -\&\fBssl\fR. The reference count of the \fB\s-1SSL_SESSION\s0\fR is not incremented, so -that the pointer can become invalid by other operations. -.PP -\&\fISSL_get0_session()\fR is the same as \fISSL_get_session()\fR. -.PP -\&\fISSL_get1_session()\fR is the same as \fISSL_get_session()\fR, but the reference -count of the \fB\s-1SSL_SESSION\s0\fR is incremented by one. -.SH "NOTES" -.IX Header "NOTES" -The ssl session contains all information required to re-establish the -connection without a new handshake. -.PP -\&\fISSL_get0_session()\fR returns a pointer to the actual session. As the -reference counter is not incremented, the pointer is only valid while -the connection is in use. If SSL_clear(3) or -SSL_free(3) is called, the session may be removed completely -(if considered bad), and the pointer obtained will become invalid. Even -if the session is valid, it can be removed at any time due to timeout -during SSL_CTX_flush_sessions(3). -.PP -If the data is to be kept, \fISSL_get1_session()\fR will increment the reference -count, so that the session will not be implicitly removed by other operations -but stays in memory. In order to remove the session -SSL_SESSION_free(3) must be explicitly called once -to decrement the reference count again. -.PP -\&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache -list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. -One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore -only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created -from this \s-1SSL_CTX\s0 object). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.Ip "\s-1NULL\s0" 4 -.IX Item "NULL" -There is no session available in \fBssl\fR. -.Ip "Pointer to an \s-1SSL\s0" 4 -.IX Item "Pointer to an SSL" -The return value points to the data of an \s-1SSL\s0 session. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3), SSL_free(3), -SSL_clear(3), -SSL_SESSION_free(3) diff --git a/secure/lib/libcrypto/man/SSL_get_version.3 b/secure/lib/libcrypto/man/SSL_get_version.3 deleted file mode 100644 index c80c552e57d1..000000000000 --- a/secure/lib/libcrypto/man/SSL_get_version.3 +++ /dev/null @@ -1,174 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:47 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_get_version 3" -.TH SSL_get_version 3 "0.9.6e" "2001-05-19" "OpenSSL" -.UC -.SH "NAME" -SSL_get_version \- get the protocol version of a connection. -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 1 -\& const char *SSL_get_version(SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_get_cipher_version()\fR returns the name of the protocol used for the -connection \fBssl\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following strings can occur: -.Ip "SSLv2" 4 -.IX Item "SSLv2" -The connection uses the SSLv2 protocol. -.Ip "SSLv3" 4 -.IX Item "SSLv3" -The connection uses the SSLv3 protocol. -.Ip "TLSv1" 4 -.IX Item "TLSv1" -The connection uses the TLSv1 protocol. -.Ip "unknown" 4 -.IX Item "unknown" -This indicates that no version has been set (no connection established). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3) diff --git a/secure/lib/libcrypto/man/SSL_load_client_CA_file.3 b/secure/lib/libcrypto/man/SSL_load_client_CA_file.3 deleted file mode 100644 index 886985386898..000000000000 --- a/secure/lib/libcrypto/man/SSL_load_client_CA_file.3 +++ /dev/null @@ -1,193 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:48 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_load_client_CA_file 3" -.TH SSL_load_client_CA_file 3 "0.9.6e" "2001-02-17" "OpenSSL" -.UC -.SH "NAME" -SSL_load_client_CA_file \- load certificate names from file -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 1 -\& STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_load_client_CA_file()\fR reads certificates from \fBfile\fR and returns -a STACK_OF(X509_NAME) with the subject names found. -.SH "NOTES" -.IX Header "NOTES" -\&\fISSL_load_client_CA_file()\fR reads a file of \s-1PEM\s0 formatted certificates and -extracts the X509_NAMES of the certificates found. While the name suggests -the specific usage as support function for -SSL_CTX_set_client_CA_list(3), -it is not limited to \s-1CA\s0 certificates. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Load names of CAs from file and use it as a client \s-1CA\s0 list: -.PP -.Vb 2 -\& SSL_CTX *ctx; -\& STACK_OF(X509_NAME) *cert_names; -.Ve -.Vb 7 -\& ... -\& cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem"); -\& if (cert_names != NULL) -\& SSL_CTX_set_client_CA_list(ctx, cert_names); -\& else -\& error_handling(); -\& ... -.Ve -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.Ip "\s-1NULL\s0" 4 -.IX Item "NULL" -The operation failed, check out the error stack for the reason. -.Ip "Pointer to STACK_OF(X509_NAME)" 4 -.IX Item "Pointer to STACK_OF(X509_NAME)" -Pointer to the subject names of the successfully read certificates. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3), -SSL_CTX_set_client_CA_list(3) diff --git a/secure/lib/libcrypto/man/SSL_new.3 b/secure/lib/libcrypto/man/SSL_new.3 deleted file mode 100644 index 976e31ecee87..000000000000 --- a/secure/lib/libcrypto/man/SSL_new.3 +++ /dev/null @@ -1,174 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:48 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_new 3" -.TH SSL_new 3 "0.9.6e" "2002-01-26" "OpenSSL" -.UC -.SH "NAME" -SSL_new \- create a new \s-1SSL\s0 structure for a connection -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 1 -\& SSL *SSL_new(SSL_CTX *ctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_new()\fR creates a new \fB\s-1SSL\s0\fR structure which is needed to hold the -data for a \s-1TLS/SSL\s0 connection. The new structure inherits the settings -of the underlying context \fBctx\fR: connection method (SSLv2/v3/TLSv1), -options, verification settings, timeout settings. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.Ip "\s-1NULL\s0" 4 -.IX Item "NULL" -The creation of a new \s-1SSL\s0 structure failed. Check the error stack to -find out the reason. -.Ip "Pointer to an \s-1SSL\s0 structure" 4 -.IX Item "Pointer to an SSL structure" -The return value points to an allocated \s-1SSL\s0 structure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -SSL_free(3), SSL_clear(3), -SSL_CTX_set_options(3), -SSL_get_SSL_CTX(3), -ssl(3) diff --git a/secure/lib/libcrypto/man/SSL_read.3 b/secure/lib/libcrypto/man/SSL_read.3 deleted file mode 100644 index 49a080e7cc89..000000000000 --- a/secure/lib/libcrypto/man/SSL_read.3 +++ /dev/null @@ -1,244 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:50 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_read 3" -.TH SSL_read 3 "0.9.6e" "2002-01-26" "OpenSSL" -.UC -.SH "NAME" -SSL_read \- read bytes from a \s-1TLS/SSL\s0 connection. -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 1 -\& int SSL_read(SSL *ssl, void *buf, int num); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_read()\fR tries to read \fBnum\fR bytes from the specified \fBssl\fR into the -buffer \fBbuf\fR. -.SH "NOTES" -.IX Header "NOTES" -If necessary, \fISSL_read()\fR will negotiate a \s-1TLS/SSL\s0 session, if -not already explicitly performed by SSL_connect(3) or -SSL_accept(3). If the -peer requests a re-negotiation, it will be performed transparently during -the \fISSL_read()\fR operation. The behaviour of \fISSL_read()\fR depends on the -underlying \s-1BIO\s0. -.PP -For the transparent negotiation to succeed, the \fBssl\fR must have been -initialized to client or server mode. This is being done by calling -SSL_set_connect_state(3) or \fISSL_set_accept_state()\fR -before the first call to an \fISSL_read()\fR or SSL_write(3) -function. -.PP -\&\fISSL_read()\fR works based on the \s-1SSL/TLS\s0 records. The data are received in -records (with a maximum record size of 16kB for SSLv3/TLSv1). Only when a -record has been completely received, it can be processed (decryption and -check of integrity). Therefore data that was not retrieved at the last -call of \fISSL_read()\fR can still be buffered inside the \s-1SSL\s0 layer and will be -retrieved on the next call to \fISSL_read()\fR. If \fBnum\fR is higher than the -number of bytes buffered, \fISSL_read()\fR will return with the bytes buffered. -If no more bytes are in the buffer, \fISSL_read()\fR will trigger the processing -of the next record. Only when the record has been received and processed -completely, \fISSL_read()\fR will return reporting success. At most the contents -of the record will be returned. As the size of an \s-1SSL/TLS\s0 record may exceed -the maximum packet size of the underlying transport (e.g. \s-1TCP\s0), it may -be necessary to read several packets from the transport layer before the -record is complete and \fISSL_read()\fR can succeed. -.PP -If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_read()\fR will only return, once the -read operation has been finished or an error occurred, except when a -renegotiation take place, in which case a \s-1SSL_ERROR_WANT_READ\s0 may occur. -This behaviour can be controlled with the \s-1SSL_MODE_AUTO_RETRY\s0 flag of the -SSL_CTX_set_mode(3) call. -.PP -If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_read()\fR will also return -when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_read()\fR -to continue the operation. In this case a call to -SSL_get_error(3) with the -return value of \fISSL_read()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or -\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. As at any time a re-negotiation is possible, a -call to \fISSL_read()\fR can also cause write operations! The calling process -then must repeat the call after taking appropriate action to satisfy the -needs of \fISSL_read()\fR. The action depends on the underlying \s-1BIO\s0. When using a -non-blocking socket, nothing is to be done, but \fIselect()\fR can be used to check -for the required condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data -must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. -.SH "WARNING" -.IX Header "WARNING" -When an \fISSL_read()\fR operation has to be repeated because of -\&\fB\s-1SSL_ERROR_WANT_READ\s0\fR or \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR, it must be repeated -with the same arguments. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.Ip ">0" 4 -.IX Item ">0" -The read operation was successful; the return value is the number of -bytes actually read from the \s-1TLS/SSL\s0 connection. -.Ip "0" 4 -The read operation was not successful. The reason may either be a clean -shutdown due to a \*(L"close notify\*(R" alert sent by the peer (in which case -the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag in the ssl shutdown state is set -(see SSL_shutdown(3), -SSL_set_shutdown(3)). It is also possible, that -the peer simply shut down the underlying transport and the shutdown is -incomplete. Call \fISSL_get_error()\fR with the return value \fBret\fR to find out, -whether an error occurred or the connection was shut down cleanly -(\s-1SSL_ERROR_ZERO_RETURN\s0). -.Sp -SSLv2 (deprecated) does not support a shutdown alert protocol, so it can -only be detected, whether the underlying connection was closed. It cannot -be checked, whether the closure was initiated by the peer or by something -else. -.Ip "<0" 4 -.IX Item "<0" -The read operation was not successful, because either an error occurred -or action must be taken by the calling process. Call \fISSL_get_error()\fR with the -return value \fBret\fR to find out the reason. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -SSL_get_error(3), SSL_write(3), -SSL_CTX_set_mode(3), SSL_CTX_new(3), -SSL_connect(3), SSL_accept(3) -SSL_set_connect_state(3), -SSL_shutdown(3), SSL_set_shutdown(3), -ssl(3), bio(3) diff --git a/secure/lib/libcrypto/man/SSL_rstate_string.3 b/secure/lib/libcrypto/man/SSL_rstate_string.3 deleted file mode 100644 index e6a93bda0ff3..000000000000 --- a/secure/lib/libcrypto/man/SSL_rstate_string.3 +++ /dev/null @@ -1,190 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:50 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_rstate_string 3" -.TH SSL_rstate_string 3 "0.9.6e" "2002-01-26" "OpenSSL" -.UC -.SH "NAME" -SSL_rstate_string, SSL_rstate_string_long \- get textual description of state of an \s-1SSL\s0 object during read operation -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 2 -\& char *SSL_rstate_string(SSL *ssl); -\& char *SSL_rstate_string_long(SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_rstate_string()\fR returns a 2 letter string indicating the current read state -of the \s-1SSL\s0 object \fBssl\fR. -.PP -\&\fISSL_rstate_string_long()\fR returns a string indicating the current read state of -the \s-1SSL\s0 object \fBssl\fR. -.SH "NOTES" -.IX Header "NOTES" -When performing a read operation, the \s-1SSL/TLS\s0 engine must parse the record, -consisting of header and body. When working in a blocking environment, -SSL_rstate_string[_long]() should always return \*(L"\s-1RD\s0\*(R"/\*(L"read done\*(R". -.PP -This function should only seldom be needed in applications. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fISSL_rstate_string()\fR and \fISSL_rstate_string_long()\fR can return the following -values: -.if n .Ip """""\s-1RH\s0""""/""""read header""""" 4 -.el .Ip "``\s-1RH\s0''/``read header''" 4 -.IX Item ""RH/read header" -The header of the record is being evaluated. -.if n .Ip """""\s-1RB\s0""""/""""read body""""" 4 -.el .Ip "``\s-1RB\s0''/``read body''" 4 -.IX Item ""RB/read body" -The body of the record is being evaluated. -.if n .Ip """""\s-1RD\s0""""/""""read done""""" 4 -.el .Ip "``\s-1RD\s0''/``read done''" 4 -.IX Item ""RD/read done" -The record has been completely processed. -.if n .Ip """""unknown""""/""""unknown""""" 4 -.el .Ip "``unknown''/``unknown''" 4 -.IX Item ""unknown/unknown" -The read state is unknown. This should never happen. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3) diff --git a/secure/lib/libcrypto/man/SSL_session_reused.3 b/secure/lib/libcrypto/man/SSL_session_reused.3 deleted file mode 100644 index 302ccac6d667..000000000000 --- a/secure/lib/libcrypto/man/SSL_session_reused.3 +++ /dev/null @@ -1,173 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:51 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_session_reused 3" -.TH SSL_session_reused 3 "0.9.6e" "2002-01-26" "OpenSSL" -.UC -.SH "NAME" -SSL_session_reused \- query whether a reused session was negotiated during handshake -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 1 -\& int SSL_session_reused(SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -Query, whether a reused session was negotiated during the handshake. -.SH "NOTES" -.IX Header "NOTES" -During the negotiation, a client can propose to reuse a session. The server -then looks up the session in its cache. If both client and server agree -on the session, it will be reused and a flag is being set that can be -queried by the application. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.Ip "0" 4 -A new session was negotiated. -.Ip "1" 4 -.IX Item "1" -A session was reused. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3), SSL_set_session(3), -SSL_CTX_set_session_cache_mode(3) diff --git a/secure/lib/libcrypto/man/SSL_set_connect_state.3 b/secure/lib/libcrypto/man/SSL_set_connect_state.3 deleted file mode 100644 index 8be743a8f289..000000000000 --- a/secure/lib/libcrypto/man/SSL_set_connect_state.3 +++ /dev/null @@ -1,191 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:52 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_set_connect_state 3" -.TH SSL_set_connect_state 3 "0.9.6e" "2002-07-30" "OpenSSL" -.UC -.SH "NAME" -SSL_set_connect_state, SSL_get_accept_state \- prepare \s-1SSL\s0 object to work in client or server mode -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 1 -\& void SSL_set_connect_state(SSL *ssl); -.Ve -.Vb 1 -\& void SSL_set_accept_state(SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_set_connect_state()\fR sets \fBssl\fR to work in client mode. -.PP -\&\fISSL_set_accept_state()\fR sets \fBssl\fR to work in server mode. -.SH "NOTES" -.IX Header "NOTES" -When the \s-1SSL_CTX\s0 object was created with SSL_CTX_new(3), -it was either assigned a dedicated client method, a dedicated server -method, or a generic method, that can be used for both client and -server connections. (The method might have been changed with -SSL_CTX_set_ssl_version(3) or -\&\fISSL_set_ssl_method()\fR.) -.PP -When beginning a new handshake, the \s-1SSL\s0 engine must know whether it must -call the connect (client) or accept (server) routines. Even though it may -be clear from the method chosen, whether client or server mode was -requested, the handshake routines must be explicitly set. -.PP -When using the SSL_connect(3) or -SSL_accept(3) routines, the correct handshake -routines are automatically set. When performing a transparent negotiation -using SSL_write(3) or SSL_read(3), the -handshake routines must be explicitly set in advance using either -\&\fISSL_set_connect_state()\fR or \fISSL_set_accept_state()\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fISSL_set_connect_state()\fR and \fISSL_set_accept_state()\fR do not return diagnostic -information. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3), SSL_new(3), SSL_CTX_new(3), -SSL_connect(3), SSL_accept(3), -SSL_write(3), SSL_read(3), -SSL_do_handshake(3), -SSL_CTX_set_ssl_version(3) diff --git a/secure/lib/libcrypto/man/SSL_set_fd.3 b/secure/lib/libcrypto/man/SSL_set_fd.3 deleted file mode 100644 index c2628f9d7417..000000000000 --- a/secure/lib/libcrypto/man/SSL_set_fd.3 +++ /dev/null @@ -1,183 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:53 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_set_fd 3" -.TH SSL_set_fd 3 "0.9.6e" "2000-11-12" "OpenSSL" -.UC -.SH "NAME" -SSL_set_fd \- connect the \s-1SSL\s0 object with a file descriptor -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 3 -\& int SSL_set_fd(SSL *ssl, int fd); -\& int SSL_set_rfd(SSL *ssl, int fd); -\& int SSL_set_wfd(SSL *ssl, int fd); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_set_fd()\fR sets the file descriptor \fBfd\fR as the input/output facility -for the \s-1TLS/SSL\s0 (encrypted) side of \fBssl\fR. \fBfd\fR will typically be the -socket file descriptor of a network connection. -.PP -When performing the operation, a \fBsocket \s-1BIO\s0\fR is automatically created to -interface between the \fBssl\fR and \fBfd\fR. The \s-1BIO\s0 and hence the \s-1SSL\s0 engine -inherit the behaviour of \fBfd\fR. If \fBfd\fR is non-blocking, the \fBssl\fR will -also have non-blocking behaviour. -.PP -If there was already a \s-1BIO\s0 connected to \fBssl\fR, \fIBIO_free()\fR will be called -(for both the reading and writing side, if different). -.PP -\&\fISSL_set_rfd()\fR and \fISSL_set_wfd()\fR perform the respective action, but only -for the read channel or the write channel, which can be set independently. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.Ip "0" 4 -The operation failed. Check the error stack to find out why. -.Ip "1" 4 -.IX Item "1" -The operation succeeded. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -SSL_get_fd(3), SSL_set_bio(3), -SSL_connect(3), SSL_accept(3), -SSL_shutdown(3), ssl(3) , bio(3) diff --git a/secure/lib/libcrypto/man/SSL_set_session.3 b/secure/lib/libcrypto/man/SSL_set_session.3 deleted file mode 100644 index 7c688ec93c08..000000000000 --- a/secure/lib/libcrypto/man/SSL_set_session.3 +++ /dev/null @@ -1,185 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:53 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_set_session 3" -.TH SSL_set_session 3 "0.9.6e" "2002-01-26" "OpenSSL" -.UC -.SH "NAME" -SSL_set_session \- set a \s-1TLS/SSL\s0 session to be used during \s-1TLS/SSL\s0 connect -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 1 -\& int SSL_set_session(SSL *ssl, SSL_SESSION *session); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_set_session()\fR sets \fBsession\fR to be used when the \s-1TLS/SSL\s0 connection -is to be established. \fISSL_set_session()\fR is only useful for \s-1TLS/SSL\s0 clients. -When the session is set, the reference count of \fBsession\fR is incremented -by 1. If the session is not reused, the reference count is decremented -again during \fISSL_connect()\fR. Whether the session was reused can be queried -with the SSL_session_reused(3) call. -.PP -If there is already a session set inside \fBssl\fR (because it was set with -\&\fISSL_set_session()\fR before or because the same \fBssl\fR was already used for -a connection), \fISSL_SESSION_free()\fR will be called for that session. -.SH "NOTES" -.IX Header "NOTES" -\&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache -list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. -One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore -only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created -from this \s-1SSL_CTX\s0 object). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.Ip "0" 4 -The operation failed; check the error stack to find out the reason. -.Ip "1" 4 -.IX Item "1" -The operation succeeded. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3), SSL_SESSION_free(3), -SSL_get_session(3), -SSL_session_reused(3), -SSL_CTX_set_session_cache_mode(3) diff --git a/secure/lib/libcrypto/man/SSL_shutdown.3 b/secure/lib/libcrypto/man/SSL_shutdown.3 deleted file mode 100644 index 7dbc29e55308..000000000000 --- a/secure/lib/libcrypto/man/SSL_shutdown.3 +++ /dev/null @@ -1,237 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:55 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_shutdown 3" -.TH SSL_shutdown 3 "0.9.6e" "2002-01-26" "OpenSSL" -.UC -.SH "NAME" -SSL_shutdown \- shut down a \s-1TLS/SSL\s0 connection -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 1 -\& int SSL_shutdown(SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_shutdown()\fR shuts down an active \s-1TLS/SSL\s0 connection. It sends the -\&\*(L"close notify\*(R" shutdown alert to the peer. -.SH "NOTES" -.IX Header "NOTES" -\&\fISSL_shutdown()\fR tries to send the \*(L"close notify\*(R" shutdown alert to the peer. -Whether the operation succeeds or not, the \s-1SSL_SENT_SHUTDOWN\s0 flag is set and -a currently open session is considered closed and good and will be kept in the -session cache for further reuse. -.PP -The shutdown procedure consists of 2 steps: the sending of the \*(L"close notify\*(R" -shutdown alert and the reception of the peer's \*(L"close notify\*(R" shutdown -alert. According to the \s-1TLS\s0 standard, it is acceptable for an application -to only send its shutdown alert and then close the underlying connection -without waiting for the peer's response (this way resources can be saved, -as the process can already terminate or serve another connection). -When the underlying connection shall be used for more communications, the -complete shutdown procedure (bidirectional \*(L"close notify\*(R" alerts) must be -performed, so that the peers stay synchronized. -.PP -\&\fISSL_shutdown()\fR supports both uni- and bidirectional shutdown by its 2 step -behaviour. -.if n .Ip "When the application is the first party to send the """"close notify"""" alert, \fISSL_shutdown()\fR will only send the alert and the set the \s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will be kept in cache). \fISSL_shutdown()\fR will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to \fISSL_shutdown()\fR is sufficient. In order to complete the bidirectional shutdown handshake, \fISSL_shutdown()\fR must be called again. The second call will make \fISSL_shutdown()\fR wait for the peer's """"close notify"""" shutdown alert. On success, the second call to \fISSL_shutdown()\fR will return with 1." 4 -.el .Ip "When the application is the first party to send the ``close notify'' alert, \fISSL_shutdown()\fR will only send the alert and the set the \s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will be kept in cache). \fISSL_shutdown()\fR will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to \fISSL_shutdown()\fR is sufficient. In order to complete the bidirectional shutdown handshake, \fISSL_shutdown()\fR must be called again. The second call will make \fISSL_shutdown()\fR wait for the peer's ``close notify'' shutdown alert. On success, the second call to \fISSL_shutdown()\fR will return with 1." 4 -.IX Item "When the application is the first party to send the "close notify alert, SSL_shutdown() will only send the alert and the set the SSL_SENT_SHUTDOWN flag (so that the session is considered good and will be kept in cache). SSL_shutdown() will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to SSL_shutdown() is sufficient. In order to complete the bidirectional shutdown handshake, SSL_shutdown() must be called again. The second call will make SSL_shutdown() wait for the peer's close notify shutdown alert. On success, the second call to SSL_shutdown() will return with 1." -.PD 0 -.if n .Ip "If the peer already sent the """"close notify"""" alert \fBand\fR it was already processed implicitly inside another function (SSL_read(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. \fISSL_shutdown()\fR will send the """"close notify"""" alert, set the \s-1SSL_SENT_SHUTDOWN\s0 flag and will immediately return with 1. Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the \fISSL_get_shutdown()\fR (see also SSL_set_shutdown(3) call." 4 -.el .Ip "If the peer already sent the ``close notify'' alert \fBand\fR it was already processed implicitly inside another function (SSL_read(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. \fISSL_shutdown()\fR will send the ``close notify'' alert, set the \s-1SSL_SENT_SHUTDOWN\s0 flag and will immediately return with 1. Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the \fISSL_get_shutdown()\fR (see also SSL_set_shutdown(3) call." 4 -.IX Item "If the peer already sent the "close notify alert and it was already processed implicitly inside another function (SSL_read(3)), the SSL_RECEIVED_SHUTDOWN flag is set. SSL_shutdown() will send the close notify alert, set the SSL_SENT_SHUTDOWN flag and will immediately return with 1. Whether SSL_RECEIVED_SHUTDOWN is already set can be checked using the SSL_get_shutdown() (see also SSL_set_shutdown(3) call." -.PD -.PP -It is therefore recommended, to check the return value of \fISSL_shutdown()\fR -and call \fISSL_shutdown()\fR again, if the bidirectional shutdown is not yet -complete (return value of the first call is 0). As the shutdown is not -specially handled in the SSLv2 protocol, \fISSL_shutdown()\fR will succeed on -the first call. -.PP -The behaviour of \fISSL_shutdown()\fR additionally depends on the underlying \s-1BIO\s0. -.PP -If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_shutdown()\fR will only return once the -handshake step has been finished or an error occurred. -.PP -If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_shutdown()\fR will also return -when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_shutdown()\fR -to continue the handshake. In this case a call to \fISSL_get_error()\fR with the -return value of \fISSL_shutdown()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or -\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after -taking appropriate action to satisfy the needs of \fISSL_shutdown()\fR. -The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket, -nothing is to be done, but \fIselect()\fR can be used to check for the required -condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written -into or retrieved out of the \s-1BIO\s0 before being able to continue. -.PP -\&\fISSL_shutdown()\fR can be modified to only set the connection to \*(L"shutdown\*(R" -state but not actually send the \*(L"close notify\*(R" alert messages, -see SSL_CTX_set_quiet_shutdown(3). -When \*(L"quiet shutdown\*(R" is enabled, \fISSL_shutdown()\fR will always succeed -and return 1. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.Ip "1" 4 -.IX Item "1" -The shutdown was successfully completed. The \*(L"close notify\*(R" alert was sent -and the peer's \*(L"close notify\*(R" alert was received. -.Ip "0" 4 -The shutdown is not yet finished. Call \fISSL_shutdown()\fR for a second time, -if a bidirectional shutdown shall be performed. -The output of SSL_get_error(3) may be misleading, as an -erroneous \s-1SSL_ERROR_SYSCALL\s0 may be flagged even though no error occurred. -.Ip "\-1" 4 -.IX Item "-1" -The shutdown was not successful because a fatal error occurred either -at the protocol level or a connection failure occurred. It can also occur if -action is need to continue the operation for non-blocking BIOs. -Call SSL_get_error(3) with the return value \fBret\fR -to find out the reason. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -SSL_get_error(3), SSL_connect(3), -SSL_accept(3), SSL_set_shutdown(3), -SSL_CTX_set_quiet_shutdown(3), -SSL_clear(3), SSL_free(3), -ssl(3), bio(3) diff --git a/secure/lib/libcrypto/man/SSL_state_string.3 b/secure/lib/libcrypto/man/SSL_state_string.3 deleted file mode 100644 index 115fffc66e91..000000000000 --- a/secure/lib/libcrypto/man/SSL_state_string.3 +++ /dev/null @@ -1,180 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:56 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_state_string 3" -.TH SSL_state_string 3 "0.9.6e" "2002-01-26" "OpenSSL" -.UC -.SH "NAME" -SSL_state_string, SSL_state_string_long \- get textual description of state of an \s-1SSL\s0 object -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 2 -\& char *SSL_state_string(SSL *ssl); -\& char *SSL_state_string_long(SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_state_string()\fR returns a 6 letter string indicating the current state -of the \s-1SSL\s0 object \fBssl\fR. -.PP -\&\fISSL_state_string_long()\fR returns a string indicating the current state of -the \s-1SSL\s0 object \fBssl\fR. -.SH "NOTES" -.IX Header "NOTES" -During its use, an \s-1SSL\s0 objects passes several states. The state is internally -maintained. Querying the state information is not very informative before -or when a connection has been established. It however can be of significant -interest during the handshake. -.PP -When using non-blocking sockets, the function call performing the handshake -may return with \s-1SSL_ERROR_WANT_READ\s0 or \s-1SSL_ERROR_WANT_WRITE\s0 condition, -so that SSL_state_string[_long]() may be called. -.PP -For both blocking or non-blocking sockets, the details state information -can be used within the info_callback function set with the -\&\fISSL_set_info_callback()\fR call. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -Detailed description of possible states to be included later. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3), SSL_CTX_set_info_callback(3) diff --git a/secure/lib/libcrypto/man/SSL_want.3 b/secure/lib/libcrypto/man/SSL_want.3 deleted file mode 100644 index 288e22a4861b..000000000000 --- a/secure/lib/libcrypto/man/SSL_want.3 +++ /dev/null @@ -1,204 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:56 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_want 3" -.TH SSL_want 3 "0.9.6e" "2002-01-26" "OpenSSL" -.UC -.SH "NAME" -SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup \- obtain state information \s-1TLS/SSL\s0 I/O operation -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 5 -\& int SSL_want(SSL *ssl); -\& int SSL_want_nothing(SSL *ssl); -\& int SSL_want_read(SSL *ssl); -\& int SSL_want_write(SSL *ssl); -\& int SSL_want_x509_lookup(SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_want()\fR returns state information for the \s-1SSL\s0 object \fBssl\fR. -.PP -The other SSL_want_*() calls are shortcuts for the possible states returned -by \fISSL_want()\fR. -.SH "NOTES" -.IX Header "NOTES" -\&\fISSL_want()\fR examines the internal state information of the \s-1SSL\s0 object. Its -return values are similar to that of SSL_get_error(3). -Unlike SSL_get_error(3), which also evaluates the -error queue, the results are obtained by examining an internal state flag -only. The information must therefore only be used for normal operation under -non-blocking I/O. Error conditions are not handled and must be treated -using SSL_get_error(3). -.PP -The result returned by \fISSL_want()\fR should always be consistent with -the result of SSL_get_error(3). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can currently occur for \fISSL_want()\fR: -.Ip "\s-1SSL_NOTHING\s0" 4 -.IX Item "SSL_NOTHING" -There is no data to be written or to be read. -.Ip "\s-1SSL_WRITING\s0" 4 -.IX Item "SSL_WRITING" -There are data in the \s-1SSL\s0 buffer that must be written to the underlying -\&\fB\s-1BIO\s0\fR layer in order to complete the actual SSL_*() operation. -A call to SSL_get_error(3) should return -\&\s-1SSL_ERROR_WANT_WRITE\s0. -.Ip "\s-1SSL_READING\s0" 4 -.IX Item "SSL_READING" -More data must be read from the underlying \fB\s-1BIO\s0\fR layer in order to -complete the actual SSL_*() operation. -A call to SSL_get_error(3) should return -\&\s-1SSL_ERROR_WANT_READ\s0. -.Ip "\s-1SSL_X509_LOOKUP\s0" 4 -.IX Item "SSL_X509_LOOKUP" -The operation did not complete because an application callback set by -\&\fISSL_CTX_set_client_cert_cb()\fR has asked to be called again. -A call to SSL_get_error(3) should return -\&\s-1SSL_ERROR_WANT_X509_LOOKUP\s0. -.PP -\&\fISSL_want_nothing()\fR, \fISSL_want_read()\fR, \fISSL_want_write()\fR, \fISSL_want_x509_lookup()\fR -return 1, when the corresponding condition is true or 0 otherwise. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3), err(3), SSL_get_error(3) diff --git a/secure/lib/libcrypto/man/SSL_write.3 b/secure/lib/libcrypto/man/SSL_write.3 deleted file mode 100644 index 487a9da1aa1b..000000000000 --- a/secure/lib/libcrypto/man/SSL_write.3 +++ /dev/null @@ -1,235 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:57 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SSL_write 3" -.TH SSL_write 3 "0.9.6e" "2002-07-30" "OpenSSL" -.UC -.SH "NAME" -SSL_write \- write bytes to a \s-1TLS/SSL\s0 connection. -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 1 -\& int SSL_write(SSL *ssl, const void *buf, int num); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_write()\fR writes \fBnum\fR bytes from the buffer \fBbuf\fR into the specified -\&\fBssl\fR connection. -.SH "NOTES" -.IX Header "NOTES" -If necessary, \fISSL_write()\fR will negotiate a \s-1TLS/SSL\s0 session, if -not already explicitly performed by SSL_connect(3) or -SSL_accept(3). If the -peer requests a re-negotiation, it will be performed transparently during -the \fISSL_write()\fR operation. The behaviour of \fISSL_write()\fR depends on the -underlying \s-1BIO\s0. -.PP -For the transparent negotiation to succeed, the \fBssl\fR must have been -initialized to client or server mode. This is being done by calling -SSL_set_connect_state(3) or \fISSL_set_accept_state()\fR -before the first call to an SSL_read(3) or \fISSL_write()\fR function. -.PP -If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_write()\fR will only return, once the -write operation has been finished or an error occurred, except when a -renegotiation take place, in which case a \s-1SSL_ERROR_WANT_READ\s0 may occur. -This behaviour can be controlled with the \s-1SSL_MODE_AUTO_RETRY\s0 flag of the -SSL_CTX_set_mode(3) call. -.PP -If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_write()\fR will also return, -when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_write()\fR -to continue the operation. In this case a call to -SSL_get_error(3) with the -return value of \fISSL_write()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or -\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. As at any time a re-negotiation is possible, a -call to \fISSL_write()\fR can also cause read operations! The calling process -then must repeat the call after taking appropriate action to satisfy the -needs of \fISSL_write()\fR. The action depends on the underlying \s-1BIO\s0. When using a -non-blocking socket, nothing is to be done, but \fIselect()\fR can be used to check -for the required condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data -must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. -.PP -\&\fISSL_write()\fR will only return with success, when the complete contents -of \fBbuf\fR of length \fBnum\fR has been written. This default behaviour -can be changed with the \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 option of -SSL_CTX_set_mode(3). When this flag is set, -\&\fISSL_write()\fR will also return with success, when a partial write has been -successfully completed. In this case the \fISSL_write()\fR operation is considered -completed. The bytes are sent and a new \fISSL_write()\fR operation with a new -buffer (with the already sent bytes removed) must be started. -A partial write is performed with the size of a message block, which is -16kB for SSLv3/TLSv1. -.SH "WARNING" -.IX Header "WARNING" -When an \fISSL_write()\fR operation has to be repeated because of -\&\fB\s-1SSL_ERROR_WANT_READ\s0\fR or \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR, it must be repeated -with the same arguments. -.PP -When calling \fISSL_write()\fR with num=0 bytes to be sent the behaviour is -undefined. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.Ip ">0" 4 -.IX Item ">0" -The write operation was successful, the return value is the number of -bytes actually written to the \s-1TLS/SSL\s0 connection. -.Ip "0" 4 -The write operation was not successful. Probably the underlying connection -was closed. Call \fISSL_get_error()\fR with the return value \fBret\fR to find out, -whether an error occurred or the connection was shut down cleanly -(\s-1SSL_ERROR_ZERO_RETURN\s0). -.Sp -SSLv2 (deprecated) does not support a shutdown alert protocol, so it can -only be detected, whether the underlying connection was closed. It cannot -be checked, why the closure happened. -.Ip "<0" 4 -.IX Item "<0" -The write operation was not successful, because either an error occurred -or action must be taken by the calling process. Call \fISSL_get_error()\fR with the -return value \fBret\fR to find out the reason. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -SSL_get_error(3), SSL_read(3), -SSL_CTX_set_mode(3), SSL_CTX_new(3), -SSL_connect(3), SSL_accept(3) -SSL_set_connect_state(3), -ssl(3), bio(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_mode.3 b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 index 4ed6233e952f..11907bdae154 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_mode.3 +++ b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:26 2002 +.\" Mon Jan 13 19:28:47 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,73 +137,68 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "SSL_CTX_set_mode 3" -.TH SSL_CTX_set_mode 3 "0.9.6e" "2002-01-26" "OpenSSL" +.IX Title "X509_NAME_ENTRY_get_object 3" +.TH X509_NAME_ENTRY_get_object 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -SSL_CTX_set_mode, SSL_set_mode, SSL_CTX_get_mode, SSL_get_mode \- manipulate \s-1SSL\s0 engine mode +X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data, +X509_NAME_ENTRY_set_object, X509_NAME_ENTRY_set_data, +X509_NAME_ENTRY_create_by_txt, X509_NAME_ENTRY_create_by_NID, +X509_NAME_ENTRY_create_by_OBJ \- X509_NAME_ENTRY utility functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 2 -\& long SSL_CTX_set_mode(SSL_CTX *ctx, long mode); -\& long SSL_set_mode(SSL *ssl, long mode); -.Ve -.Vb 2 -\& long SSL_CTX_get_mode(SSL_CTX *ctx); -\& long SSL_get_mode(SSL *ssl); -.Ve +\&\s-1ASN1_OBJECT\s0 * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); +\&\s-1ASN1_STRING\s0 * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); +.PP +int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, \s-1ASN1_OBJECT\s0 *obj); +int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, unsigned char *bytes, int len); +.PP +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, char *field, int type, unsigned char *bytes, int len); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, \s-1ASN1_OBJECT\s0 *obj, int type,unsigned char *bytes, int len); .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_mode()\fR adds the mode set via bitmask in \fBmode\fR to \fBctx\fR. -Options already set before are not cleared. +\&\fIX509_NAME_ENTRY_get_object()\fR retrieves the field name of \fBne\fR in +and \fB\s-1ASN1_OBJECT\s0\fR structure. .PP -\&\fISSL_set_mode()\fR adds the mode set via bitmask in \fBmode\fR to \fBssl\fR. -Options already set before are not cleared. +\&\fIX509_NAME_ENTRY_get_data()\fR retrieves the field value of \fBne\fR in +and \fB\s-1ASN1_STRING\s0\fR structure. .PP -\&\fISSL_CTX_get_mode()\fR returns the mode set for \fBctx\fR. +\&\fIX509_NAME_ENTRY_set_object()\fR sets the field name of \fBne\fR to \fBobj\fR. .PP -\&\fISSL_get_mode()\fR returns the mode set for \fBssl\fR. +\&\fIX509_NAME_ENTRY_set_data()\fR sets the field value of \fBne\fR to string type +\&\fBtype\fR and value determined by \fBbytes\fR and \fBlen\fR. +.PP +\&\fIX509_NAME_ENTRY_create_by_txt()\fR, \fIX509_NAME_ENTRY_create_by_NID()\fR +and \fIX509_NAME_ENTRY_create_by_OBJ()\fR create and return an +\&\fBX509_NAME_ENTRY\fR structure. .SH "NOTES" .IX Header "NOTES" -The following mode changes are available: -.Ip "\s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0" 4 -.IX Item "SSL_MODE_ENABLE_PARTIAL_WRITE" -Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success -when just a single record has been written). When not set (the default), -\&\fISSL_write()\fR will only report success once the complete chunk was written. -Once \fISSL_write()\fR returns with r, r bytes have been successfully written -and the next call to \fISSL_write()\fR must only send the n-r bytes left, -imitating the behaviour of \fIwrite()\fR. -.Ip "\s-1SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\s0" 4 -.IX Item "SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER" -Make it possible to retry \fISSL_write()\fR with changed buffer location -(the buffer contents must stay the same). This is not the default to avoid -the misconception that non-blocking \fISSL_write()\fR behaves like -non-blocking \fIwrite()\fR. -.Ip "\s-1SSL_MODE_AUTO_RETRY\s0" 4 -.IX Item "SSL_MODE_AUTO_RETRY" -Never bother the application with retries if the transport is blocking. -If a renegotiation take place during normal operation, a -SSL_read(3) or SSL_write(3) would return -with \-1 and indicate the need to retry with \s-1SSL_ERROR_WANT_READ\s0. -In a non-blocking environment applications must be prepared to handle -incomplete read/write operations. -In a blocking environment, applications are not always prepared to -deal with read/write operations returning without success report. The -flag \s-1SSL_MODE_AUTO_RETRY\s0 will cause read/write operations to only -return after the handshake and successful completion. +\&\fIX509_NAME_ENTRY_get_object()\fR and \fIX509_NAME_ENTRY_get_data()\fR can be +used to examine an \fBX509_NAME_ENTRY\fR function as returned by +\&\fIX509_NAME_get_entry()\fR for example. +.PP +\&\fIX509_NAME_ENTRY_create_by_txt()\fR, \fIX509_NAME_ENTRY_create_by_NID()\fR, +and \fIX509_NAME_ENTRY_create_by_OBJ()\fR create and return an +.PP +\&\fIX509_NAME_ENTRY_create_by_txt()\fR, \fIX509_NAME_ENTRY_create_by_OBJ()\fR, +\&\fIX509_NAME_ENTRY_create_by_NID()\fR and \fIX509_NAME_ENTRY_set_data()\fR +are seldom used in practice because \fBX509_NAME_ENTRY\fR structures +are almost always part of \fBX509_NAME\fR structures and the +corresponding \fBX509_NAME\fR functions are typically used to +create and add new entries in a single operation. +.PP +The arguments of these functions support similar options to the similarly +named ones of the corresponding \fBX509_NAME\fR functions such as +\&\fIX509_NAME_add_entry_by_txt()\fR. So for example \fBtype\fR can be set to +\&\fB\s-1MBSTRING_ASC\s0\fR but in the case of \fIX509_set_data()\fR the field name must be +set first so the relevant field information can be looked up internally. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_mode()\fR and \fISSL_set_mode()\fR return the new mode bitmask -after adding \fBmode\fR. -.PP -\&\fISSL_CTX_get_mode()\fR and \fISSL_get_mode()\fR return the current bitmask. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_read(3), SSL_write(3) +ERR_get_error(3), d2i_X509_NAME(3), +\&\fIOBJ_nid2obj\fR\|(3),OBJ_nid2obj(3) .SH "HISTORY" .IX Header "HISTORY" -\&\s-1SSL_MODE_AUTO_RETRY\s0 as been added in OpenSSL 0.9.6. +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 new file mode 100644 index 000000000000..754b9e38b39e --- /dev/null +++ b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 @@ -0,0 +1,242 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:48 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "X509_NAME_add_entry_by_txt 3" +.TH X509_NAME_add_entry_by_txt 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID, +X509_NAME_add_entry, X509_NAME_delete_entry \- X509_NAME modification functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type, unsigned char *bytes, int len, int loc, int set); +int X509_NAME_add_entry_by_OBJ(X509_NAME *name, \s-1ASN1_OBJECT\s0 *obj, int type, unsigned char *bytes, int len, int loc, int set); +int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set); +int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set); +X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_NAME_add_entry_by_txt()\fR, \fIX509_NAME_add_entry_by_OBJ()\fR and +\&\fIX509_NAME_add_entry_by_NID()\fR add a field whose name is defined +by a string \fBfield\fR, an object \fBobj\fR or a \s-1NID\s0 \fBnid\fR respectively. +The field value to be added is in \fBbytes\fR of length \fBlen\fR. If +\&\fBlen\fR is \-1 then the field length is calculated internally using +strlen(bytes). +.PP +The type of field is determined by \fBtype\fR which can either be a +definition of the type of \fBbytes\fR (such as \fB\s-1MBSTRING_ASC\s0\fR) or a +standard \s-1ASN1\s0 type (such as \fBV_ASN1_IA5STRING\fR). The new entry is +added to a position determined by \fBloc\fR and \fBset\fR. +.PP +\&\fIX509_NAME_add_entry()\fR adds a copy of \fBX509_NAME_ENTRY\fR structure \fBne\fR +to \fBname\fR. The new entry is added to a position determined by \fBloc\fR +and \fBset\fR. Since a copy of \fBne\fR is added \fBne\fR must be freed up after +the call. +.PP +\&\fIX509_NAME_delete_entry()\fR deletes an entry from \fBname\fR at position +\&\fBloc\fR. The deleted entry is returned and must be freed up. +.SH "NOTES" +.IX Header "NOTES" +The use of string types such as \fB\s-1MBSTRING_ASC\s0\fR or \fB\s-1MBSTRING_UTF8\s0\fR +is strongly recommened for the \fBtype\fR parameter. This allows the +internal code to correctly determine the type of the field and to +apply length checks according to the relevant standards. This is +done using \fIASN1_STRING_set_by_NID()\fR. +.PP +If instead an \s-1ASN1\s0 type is used no checks are performed and the +supplied data in \fBbytes\fR is used directly. +.PP +In \fIX509_NAME_add_entry_by_txt()\fR the \fBfield\fR string represents +the field name using OBJ_txt2obj(field, 0). +.PP +The \fBloc\fR and \fBset\fR parameters determine where a new entry should +be added. For almost all applications \fBloc\fR can be set to \-1 and \fBset\fR +to 0. This adds a new entry to the end of \fBname\fR as a single valued +RelativeDistinguishedName (\s-1RDN\s0). +.PP +\&\fBloc\fR actually determines the index where the new entry is inserted: +if it is \-1 it is appended. +.PP +\&\fBset\fR determines how the new type is added. If it is zero a +new \s-1RDN\s0 is created. +.PP +If \fBset\fR is \-1 or 1 it is added to the previous or next \s-1RDN\s0 +structure respectively. This will then be a multivalued \s-1RDN:\s0 +since multivalues RDNs are very seldom used \fBset\fR is almost +always set to zero. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create an \fBX509_NAME\fR structure: +.PP +\&\*(L"C=UK, O=Disorganized Organization, CN=Joe Bloggs\*(R" +.PP +.Vb 13 +\& X509_NAME *nm; +\& nm = X509_NAME_new(); +\& if (nm == NULL) +\& /* Some error */ +\& if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC, +\& "C", "UK", -1, -1, 0)) +\& /* Error */ +\& if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC, +\& "O", "Disorganized Organization", -1, -1, 0)) +\& /* Error */ +\& if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC, +\& "CN", "Joe Bloggs", -1, -1, 0)) +\& /* Error */ +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_NAME_add_entry_by_txt()\fR, \fIX509_NAME_add_entry_by_OBJ()\fR, +\&\fIX509_NAME_add_entry_by_NID()\fR and \fIX509_NAME_add_entry()\fR return 1 for +success of 0 if an error occurred. +.PP +\&\fIX509_NAME_delete_entry()\fR returns either the deleted \fBX509_NAME_ENTRY\fR +structure of \fB\s-1NULL\s0\fR if an error occurred. +.SH "BUGS" +.IX Header "BUGS" +\&\fBtype\fR can still be set to \fBV_ASN1_APP_CHOOSE\fR to use a +different algorithm to determine field types. Since this form does +not understand multicharacter types, performs no length checks and +can result in invalid field types its use is strongly discouraged. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ERR_get_error(3), d2i_X509_NAME(3) +.SH "HISTORY" +.IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_client_CA_list.3 b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 index e440c6a3e941..0b8081ebe6d0 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_client_CA_list.3 +++ b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:23 2002 +.\" Mon Jan 13 19:28:49 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,87 +137,105 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "SSL_CTX_set_client_CA_list 3" -.TH SSL_CTX_set_client_CA_list 3 "0.9.6e" "2001-07-19" "OpenSSL" +.IX Title "X509_NAME_get_index_by_NID 3" +.TH X509_NAME_get_index_by_NID 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_CTX_add_client_CA, -SSL_add_client_CA \- set list of CAs sent to the client when requesting a -client certificate +X509_NAME_get_index_by_NID, X509_NAME_get_index_by_OBJ, X509_NAME_get_entry, +X509_NAME_entry_count, X509_NAME_get_text_by_NID, X509_NAME_get_text_by_OBJ \- +X509_NAME lookup and enumeration functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 4 -\& void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list); -\& void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list); -\& int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert); -\& int SSL_add_client_CA(SSL *ssl, X509 *cacert); -.Ve +int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos); +int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos); +.PP +int X509_NAME_entry_count(X509_NAME *name); +X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc); +.PP +int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len); +int X509_NAME_get_text_by_OBJ(X509_NAME *name, \s-1ASN1_OBJECT\s0 *obj, char *buf,int len); .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when -requesting a client certificate for \fBctx\fR. +These functions allow an \fBX509_NAME\fR structure to be examined. The +\&\fBX509_NAME\fR structure is the same as the \fBName\fR type defined in +\&\s-1RFC2459\s0 (and elsewhere) and used for example in certificate subject +and issuer names. .PP -\&\fISSL_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when -requesting a client certificate for the chosen \fBssl\fR, overriding the -setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object. +\&\fIX509_NAME_get_index_by_NID()\fR and \fIX509_NAME_get_index_by_OBJ()\fR retrieve +the next index matching \fBnid\fR or \fBobj\fR after \fBlastpos\fR. \fBlastpos\fR +should initially be set to \-1. If there are no more entries \-1 is returned. .PP -\&\fISSL_CTX_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the -list of CAs sent to the client when requesting a client certificate for -\&\fBctx\fR. +\&\fIX509_NAME_entry_count()\fR returns the total number of entries in \fBname\fR. .PP -\&\fISSL_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the -list of CAs sent to the client when requesting a client certificate for -the chosen \fBssl\fR, overriding the setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object. +\&\fIX509_NAME_get_entry()\fR retrieves the \fBX509_NAME_ENTRY\fR from \fBname\fR +corresponding to index \fBloc\fR. Acceptable values for \fBloc\fR run from +0 to (X509_NAME_entry_count(name) \- 1). The value returned is an +internal pointer which must not be freed. +.PP +\&\fIX509_NAME_get_text_by_NID()\fR, \fIX509_NAME_get_text_by_OBJ()\fR retrieve +the \*(L"text\*(R" from the first entry in \fBname\fR which matches \fBnid\fR or +\&\fBobj\fR, if no such entry exists \-1 is returned. At most \fBlen\fR bytes +will be written and the text written to \fBbuf\fR will be null +terminated. The length of the output string written is returned +excluding the terminating null. If \fBbuf\fR is <\s-1NULL\s0> then the amount +of space needed in \fBbuf\fR (excluding the final null) is returned. .SH "NOTES" .IX Header "NOTES" -When a \s-1TLS/SSL\s0 server requests a client certificate (see -\&\fB\f(BISSL_CTX_set_verify_options()\fB\fR), it sends a list of CAs, for which -it will accept certificates, to the client. -.PP -This list must explicitly be set using \fISSL_CTX_set_client_CA_list()\fR for -\&\fBctx\fR and \fISSL_set_client_CA_list()\fR for the specific \fBssl\fR. The list -specified overrides the previous setting. The CAs listed do not become -trusted (\fBlist\fR only contains the names, not the complete certificates); use -SSL_CTX_load_verify_locations(3) -to additionally load them for verification. +\&\fIX509_NAME_get_text_by_NID()\fR and \fIX509_NAME_get_text_by_OBJ()\fR are +legacy functions which have various limitations which make them +of minimal use in practice. They can only find the first matching +entry and will copy the contents of the field verbatim: this can +be highly confusing if the target is a muticharacter string type +like a BMPString or a UTF8String. .PP -If the list of acceptable CAs is compiled in a file, the -SSL_load_client_CA_file(3) -function can be used to help importing the necessary data. +For a more general solution \fIX509_NAME_get_index_by_NID()\fR or +\&\fIX509_NAME_get_index_by_OBJ()\fR should be used followed by +\&\fIX509_NAME_get_entry()\fR on any matching indices and then the +various \fBX509_NAME_ENTRY\fR utility functions on the result. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Process all entries: .PP -\&\fISSL_CTX_add_client_CA()\fR and \fISSL_add_client_CA()\fR can be used to add additional -items the list of client CAs. If no list was specified before using -\&\fISSL_CTX_set_client_CA_list()\fR or \fISSL_set_client_CA_list()\fR, a new client -\&\s-1CA\s0 list for \fBctx\fR or \fBssl\fR (as appropriate) is opened. +.Vb 2 +\& int i; +\& X509_NAME_ENTRY *e; +.Ve +.Vb 5 +\& for (i = 0; i < X509_NAME_entry_count(nm); i++) +\& { +\& e = X509_NAME_get_entry(nm, i); +\& /* Do something with e */ +\& } +.Ve +Process all commonName entries: .PP -These functions are only useful for \s-1TLS/SSL\s0 servers. +.Vb 2 +\& int loc; +\& X509_NAME_ENTRY *e; +.Ve +.Vb 9 +\& loc = -1; +\& for (;;) +\& { +\& lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos); +\& if (lastpos == -1) +\& break; +\& e = X509_NAME_get_entry(nm, lastpos); +\& /* Do something with e */ +\& } +.Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_client_CA_list()\fR and \fISSL_set_client_CA_list()\fR do not return -diagnostic information. +\&\fIX509_NAME_get_index_by_NID()\fR and \fIX509_NAME_get_index_by_OBJ()\fR +return the index of the next matching entry or \-1 if not found. .PP -\&\fISSL_CTX_add_client_CA()\fR and \fISSL_add_client_CA()\fR have the following return -values: -.Ip "1" 4 -.IX Item "1" -The operation succeeded. -.Ip "0" 4 -A failure while manipulating the STACK_OF(X509_NAME) object occurred or -the X509_NAME could not be extracted from \fBcacert\fR. Check the error stack -to find out the reason. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Scan all certificates in \fBCAfile\fR and list them as acceptable CAs: +\&\fIX509_NAME_entry_count()\fR returns the total number of entries. .PP -.Vb 1 -\& SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile)); -.Ve +\&\fIX509_NAME_get_entry()\fR returns an \fBX509_NAME\fR pointer to the +requested entry or \fB\s-1NULL\s0\fR if the index is invalid. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -SSL_get_client_CA_list(3), -SSL_load_client_CA_file(3), -SSL_CTX_load_verify_locations(3) +ERR_get_error(3), d2i_X509_NAME(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/X509_NAME_print_ex.3 b/secure/lib/libcrypto/man/X509_NAME_print_ex.3 new file mode 100644 index 000000000000..bb2e9acf95e4 --- /dev/null +++ b/secure/lib/libcrypto/man/X509_NAME_print_ex.3 @@ -0,0 +1,239 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:50 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "X509_NAME_print_ex 3" +.TH X509_NAME_print_ex 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print, +X509_NAME_oneline \- X509_NAME printing routines. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/x509.h> +.Ve +.Vb 4 +\& int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags); +\& int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags); +\& char * X509_NAME_oneline(X509_NAME *a,char *buf,int size); +\& int X509_NAME_print(BIO *bp, X509_NAME *name, int obase); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_NAME_print_ex()\fR prints a human readable version of \fBnm\fR to \s-1BIO\s0 \fBout\fR. Each +line (for multiline formats) is indented by \fBindent\fR spaces. The output format +can be extensively customised by use of the \fBflags\fR parameter. +.PP +\&\fIX509_NAME_print_ex_fp()\fR is identical to \fIX509_NAME_print_ex()\fR except the output is +written to \s-1FILE\s0 pointer \fBfp\fR. +.PP +\&\fIX509_NAME_oneline()\fR prints an \s-1ASCII\s0 version of \fBa\fR to \fBbuf\fR. At most \fBsize\fR +bytes will be written. If \fBbuf\fR is \fB\s-1NULL\s0\fR then a buffer is dynamically allocated +and returned, otherwise \fBbuf\fR is returned. +.PP +\&\fIX509_NAME_print()\fR prints out \fBname\fR to \fBbp\fR indenting each line by \fBobase\fR +characters. Multiple lines are used if the output (including indent) exceeds +80 characters. +.SH "NOTES" +.IX Header "NOTES" +The functions \fIX509_NAME_oneline()\fR and \fIX509_NAME_print()\fR are legacy functions which +produce a non standard output form, they don't handle multi character fields and +have various quirks and inconsistencies. Their use is strongly discouraged in new +applications. +.PP +Although there are a large number of possible flags for most purposes +\&\fB\s-1XN_FLAG_ONELINE\s0\fR, \fB\s-1XN_FLAG_MULTILINE\s0\fR or \fB\s-1XN_FLAG_RFC2253\s0\fR will suffice. +As noted on the ASN1_STRING_print_ex(3) manual page +for \s-1UTF8\s0 terminals the \fB\s-1ASN1_STRFLAGS_ESC_MSB\s0\fR should be unset: so for example +\&\fB\s-1XN_FLAG_ONELINE\s0 & ~ASN1_STRFLAGS_ESC_MSB\fR would be used. +.PP +The complete set of the flags supported by \fIX509_NAME_print_ex()\fR is listed below. +.PP +Several options can be ored together. +.PP +The options \fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR, \fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR, +\&\fB\s-1XN_FLAG_SEP_SPLUS_SPC\s0\fR and \fB\s-1XN_FLAG_SEP_MULTILINE\s0\fR determine the field separators +to use. Two distinct separators are used between distinct RelativeDistinguishedName +components and separate values in the same \s-1RDN\s0 for a multi-valued \s-1RDN\s0. Multi-valued +RDNs are currently very rare so the second separator will hardly ever be used. +.PP +\&\fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR uses comma and plus as separators. \fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR +uses comma and plus with spaces: this is more readable that plain comma and plus. +\&\fB\s-1XN_FLAG_SEP_SPLUS_SPC\s0\fR uses spaced semicolon and plus. \fB\s-1XN_FLAG_SEP_MULTILINE\s0\fR uses +spaced newline and plus respectively. +.PP +If \fB\s-1XN_FLAG_DN_REV\s0\fR is set the whole \s-1DN\s0 is printed in reversed order. +.PP +The fields \fB\s-1XN_FLAG_FN_SN\s0\fR, \fB\s-1XN_FLAG_FN_LN\s0\fR, \fB\s-1XN_FLAG_FN_OID\s0\fR, +\&\fB\s-1XN_FLAG_FN_NONE\s0\fR determine how a field name is displayed. It will +use the short name (e.g. \s-1CN\s0) the long name (e.g. commonName) always +use \s-1OID\s0 numerical form (normally OIDs are only used if the field name is not +recognised) and no field name respectively. +.PP +If \fB\s-1XN_FLAG_SPC_EQ\s0\fR is set then spaces will be placed around the '=' character +separating field names and values. +.PP +If \fB\s-1XN_FLAG_DUMP_UNKNOWN_FIELDS\s0\fR is set then the encoding of unknown fields is +printed instead of the values. +.PP +If \fB\s-1XN_FLAG_FN_ALIGN\s0\fR is set then field names are padded to 20 characters: this +is only of use for multiline format. +.PP +Additionally all the options supported by \fIASN1_STRING_print_ex()\fR can be used to +control how each field value is displayed. +.PP +In addition a number options can be set for commonly used formats. +.PP +\&\fB\s-1XN_FLAG_RFC2253\s0\fR sets options which produce an output compatible with \s-1RFC2253\s0 it +is equivalent to: + \fB\s-1ASN1_STRFLGS_RFC2253\s0 | \s-1XN_FLAG_SEP_COMMA_PLUS\s0 | \s-1XN_FLAG_DN_REV\s0 | \s-1XN_FLAG_FN_SN\s0 | \s-1XN_FLAG_DUMP_UNKNOWN_FIELDS\s0\fR +.PP +\&\fB\s-1XN_FLAG_ONELINE\s0\fR is a more readable one line format it is the same as: + \fB\s-1ASN1_STRFLGS_RFC2253\s0 | \s-1ASN1_STRFLGS_ESC_QUOTE\s0 | \s-1XN_FLAG_SEP_CPLUS_SPC\s0 | \s-1XN_FLAG_SPC_EQ\s0 | \s-1XN_FLAG_FN_SN\s0\fR +.PP +\&\fB\s-1XN_FLAG_MULTILINE\s0\fR is a multiline format is is the same as: + \fB\s-1ASN1_STRFLGS_ESC_CTRL\s0 | \s-1ASN1_STRFLGS_ESC_MSB\s0 | \s-1XN_FLAG_SEP_MULTILINE\s0 | \s-1XN_FLAG_SPC_EQ\s0 | \s-1XN_FLAG_FN_LN\s0 | \s-1XN_FLAG_FN_ALIGN\s0\fR +.PP +\&\fB\s-1XN_FLAG_COMPAT\s0\fR uses a format identical to \fIX509_NAME_print()\fR: in fact it calls \fIX509_NAME_print()\fR internally. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ASN1_STRING_print_ex(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/SSL_set_bio.3 b/secure/lib/libcrypto/man/X509_new.3 index 80c46a4f350d..44d0c7280067 100644 --- a/secure/lib/libcrypto/man/SSL_set_bio.3 +++ b/secure/lib/libcrypto/man/X509_new.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:51 2002 +.\" Mon Jan 13 19:28:52 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,34 +137,35 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "SSL_set_bio 3" -.TH SSL_set_bio 3 "0.9.6e" "2000-11-12" "OpenSSL" +.IX Title "X509_new 3" +.TH X509_new 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -SSL_set_bio \- connect the \s-1SSL\s0 object with a \s-1BIO\s0 +X509_new, X509_free \- X509 certificate \s-1ASN1\s0 allocation functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 1 -\& void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio); +.Vb 2 +\& X509 *X509_new(void); +\& void X509_free(X509 *a); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_set_bio()\fR connects the BIOs \fBrbio\fR and \fBwbio\fR for the read and write -operations of the \s-1TLS/SSL\s0 (encrypted) side of \fBssl\fR. +The X509 \s-1ASN1\s0 allocation routines, allocate and free an +X509 structure, which represents an X509 certificate. .PP -The \s-1SSL\s0 engine inherits the behaviour of \fBrbio\fR and \fBwbio\fR, respectively. -If a \s-1BIO\s0 is non-blocking, the \fBssl\fR will also have non-blocking behaviour. +\&\fIX509_new()\fR allocates and initializes a X509 structure. .PP -If there was already a \s-1BIO\s0 connected to \fBssl\fR, \fIBIO_free()\fR will be called -(for both the reading and writing side, if different). +\&\fIX509_free()\fR frees up the \fBX509\fR structure \fBa\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_set_bio()\fR cannot fail. +If the allocation fails, \fIX509_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by ERR_get_error(3). +Otherwise it returns a pointer to the newly allocated structure. +.PP +\&\fIX509_free()\fR returns no value. .SH "SEE ALSO" .IX Header "SEE ALSO" -SSL_get_rbio(3), -SSL_connect(3), SSL_accept(3), -SSL_shutdown(3), ssl(3), bio(3) +ERR_get_error(3), d2i_X509(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIX509_new()\fR and \fIX509_free()\fR are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/asn1parse.1 b/secure/lib/libcrypto/man/asn1parse.1 deleted file mode 100644 index 6401c6198adb..000000000000 --- a/secure/lib/libcrypto/man/asn1parse.1 +++ /dev/null @@ -1,251 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:39 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "ASN1PARSE 1" -.TH ASN1PARSE 1 "0.9.6e" "2000-04-13" "OpenSSL" -.UC -.SH "NAME" -asn1parse \- \s-1ASN\s0.1 parsing tool -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBasn1parse\fR -[\fB\-inform PEM|DER\fR] -[\fB\-in filename\fR] -[\fB\-out filename\fR] -[\fB\-noout\fR] -[\fB\-offset number\fR] -[\fB\-length number\fR] -[\fB\-i\fR] -[\fB\-oid filename\fR] -[\fB\-strparse offset\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBasn1parse\fR command is a diagnostic utility that can parse \s-1ASN\s0.1 -structures. It can also be used to extract data from \s-1ASN\s0.1 formatted data. -.SH "OPTIONS" -.IX Header "OPTIONS" -.Ip "\fB\-inform\fR \fBDER|PEM\fR" 4 -.IX Item "-inform DER|PEM" -the input format. \fB\s-1DER\s0\fR is binary format and \fB\s-1PEM\s0\fR (the default) is base64 -encoded. -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -the input file, default is standard input -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -output file to place the \s-1DER\s0 encoded data into. If this -option is not present then no data will be output. This is most useful when -combined with the \fB\-strparse\fR option. -.Ip "\fB\-noout\fR" 4 -.IX Item "-noout" -don't output the parsed version of the input file. -.Ip "\fB\-offset number\fR" 4 -.IX Item "-offset number" -starting offset to begin parsing, default is start of file. -.Ip "\fB\-length number\fR" 4 -.IX Item "-length number" -number of bytes to parse, default is until end of file. -.Ip "\fB\-i\fR" 4 -.IX Item "-i" -indents the output according to the \*(L"depth\*(R" of the structures. -.Ip "\fB\-oid filename\fR" 4 -.IX Item "-oid filename" -a file containing additional \s-1OBJECT\s0 IDENTIFIERs (OIDs). The format of this -file is described in the \s-1NOTES\s0 section below. -.Ip "\fB\-strparse offset\fR" 4 -.IX Item "-strparse offset" -parse the contents octets of the \s-1ASN\s0.1 object starting at \fBoffset\fR. This -option can be used multiple times to \*(L"drill down\*(R" into a nested structure. -.Sh "\s-1OUTPUT\s0" -.IX Subsection "OUTPUT" -The output will typically contain lines like this: -.PP -.Vb 1 -\& 0:d=0 hl=4 l= 681 cons: SEQUENCE -.Ve -\&..... -.PP -.Vb 10 -\& 229:d=3 hl=3 l= 141 prim: BIT STRING -\& 373:d=2 hl=3 l= 162 cons: cont [ 3 ] -\& 376:d=3 hl=3 l= 159 cons: SEQUENCE -\& 379:d=4 hl=2 l= 29 cons: SEQUENCE -\& 381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier -\& 386:d=5 hl=2 l= 22 prim: OCTET STRING -\& 410:d=4 hl=2 l= 112 cons: SEQUENCE -\& 412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier -\& 417:d=5 hl=2 l= 105 prim: OCTET STRING -\& 524:d=4 hl=2 l= 12 cons: SEQUENCE -.Ve -\&..... -.PP -This example is part of a self signed certificate. Each line starts with the -offset in decimal. \fBd=XX\fR specifies the current depth. The depth is increased -within the scope of any \s-1SET\s0 or \s-1SEQUENCE\s0. \fBhl=XX\fR gives the header length -(tag and length octets) of the current type. \fBl=XX\fR gives the length of -the contents octets. -.PP -The \fB\-i\fR option can be used to make the output more readable. -.PP -Some knowledge of the \s-1ASN\s0.1 structure is needed to interpret the output. -.PP -In this example the \s-1BIT\s0 \s-1STRING\s0 at offset 229 is the certificate public key. -The contents octets of this will contain the public key information. This can -be examined using the option \fB\-strparse 229\fR to yield: -.PP -.Vb 3 -\& 0:d=0 hl=3 l= 137 cons: SEQUENCE -\& 3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897 -\& 135:d=1 hl=2 l= 3 prim: INTEGER :010001 -.Ve -.SH "NOTES" -.IX Header "NOTES" -If an \s-1OID\s0 is not part of OpenSSL's internal table it will be represented in -numerical form (for example 1.2.3.4). The file passed to the \fB\-oid\fR option -allows additional OIDs to be included. Each line consists of three columns, -the first column is the \s-1OID\s0 in numerical format and should be followed by white -space. The second column is the \*(L"short name\*(R" which is a single word followed -by white space. The final column is the rest of the line and is the -\&\*(L"long name\*(R". \fBasn1parse\fR displays the long name. Example: -.PP -\&\f(CW\*(C`1.2.3.4 shortName A long name\*(C'\fR -.SH "BUGS" -.IX Header "BUGS" -There should be options to change the format of input lines. The output of some -\&\s-1ASN\s0.1 types is not well handled (if at all). diff --git a/secure/lib/libcrypto/man/bio.3 b/secure/lib/libcrypto/man/bio.3 index 327f8b1ad663..a2f96bc2c33d 100644 --- a/secure/lib/libcrypto/man/bio.3 +++ b/secure/lib/libcrypto/man/bio.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:57 2002 +.\" Mon Jan 13 19:28:53 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "bio 3" -.TH bio 3 "0.9.6e" "2001-07-19" "OpenSSL" +.TH bio 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" bio \- I/O abstraction diff --git a/secure/lib/libcrypto/man/blowfish.3 b/secure/lib/libcrypto/man/blowfish.3 index 4433e24a320c..789c06e73408 100644 --- a/secure/lib/libcrypto/man/blowfish.3 +++ b/secure/lib/libcrypto/man/blowfish.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:57 2002 +.\" Mon Jan 13 19:28:54 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "blowfish 3" -.TH blowfish 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH blowfish 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" blowfish, BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt, diff --git a/secure/lib/libcrypto/man/bn.3 b/secure/lib/libcrypto/man/bn.3 index 0c1e345bd5b1..e3ed4c75bf3f 100644 --- a/secure/lib/libcrypto/man/bn.3 +++ b/secure/lib/libcrypto/man/bn.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:58 2002 +.\" Mon Jan 13 19:28:55 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "bn 3" -.TH bn 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH bn 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" bn \- multiprecision integer arithmetics @@ -163,21 +163,30 @@ bn \- multiprecision integer arithmetics \& BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); \& BIGNUM *BN_dup(const BIGNUM *a); .Ve +.Vb 1 +\& BIGNUM *BN_swap(BIGNUM *a, BIGNUM *b); +.Ve .Vb 3 \& int BN_num_bytes(const BIGNUM *a); \& int BN_num_bits(const BIGNUM *a); \& int BN_num_bits_word(BN_ULONG w); .Ve -.Vb 13 -\& int BN_add(BIGNUM *r, BIGNUM *a, BIGNUM *b); +.Vb 19 +\& int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); \& int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); \& int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); +\& int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); \& int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d, \& BN_CTX *ctx); -\& int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); \& int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +\& int BN_nnmod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +\& int BN_mod_add(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, +\& BN_CTX *ctx); +\& int BN_mod_sub(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, +\& BN_CTX *ctx); \& int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, \& BN_CTX *ctx); +\& int BN_mod_sqr(BIGNUM *ret, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); \& int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx); \& int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, \& const BIGNUM *m, BN_CTX *ctx); @@ -201,7 +210,7 @@ bn \- multiprecision integer arithmetics .Vb 5 \& int BN_zero(BIGNUM *a); \& int BN_one(BIGNUM *a); -\& BIGNUM *BN_value_one(void); +\& const BIGNUM *BN_value_one(void); \& int BN_set_word(BIGNUM *a, unsigned long w); \& unsigned long BN_get_word(BIGNUM *a); .Ve @@ -291,7 +300,7 @@ of \fB\s-1BIGNUM\s0\fRs to external formats is described in BN_bn2bin(3). bn_internal(3), dh(3), err(3), rand(3), rsa(3), BN_new(3), BN_CTX_new(3), -BN_copy(3), BN_num_bytes(3), +BN_copy(3), BN_swap(3), BN_num_bytes(3), BN_add(3), BN_add_word(3), BN_cmp(3), BN_zero(3), BN_rand(3), BN_generate_prime(3), BN_set_bit(3), diff --git a/secure/lib/libcrypto/man/bn_internal.3 b/secure/lib/libcrypto/man/bn_internal.3 index a00f9dcbadc4..8b4546b7ed76 100644 --- a/secure/lib/libcrypto/man/bn_internal.3 +++ b/secure/lib/libcrypto/man/bn_internal.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:58 2002 +.\" Mon Jan 13 19:28:56 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "bn_internal 3" -.TH bn_internal 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH bn_internal 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" bn_mul_words, bn_mul_add_words, bn_sqr_words, bn_div_words, @@ -176,9 +176,9 @@ library internal functions \& int nb); \& void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n); \& void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, -\& BN_ULONG *tmp); +\& int dna,int dnb,BN_ULONG *tmp); \& void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, -\& int tn, int n, BN_ULONG *tmp); +\& int n, int tna,int tnb, BN_ULONG *tmp); \& void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, \& int n2, BN_ULONG *tmp); \& void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, @@ -297,14 +297,15 @@ bn_mul_low_normal(\fBr\fR, \fBa\fR, \fBb\fR, \fBn\fR) operates on the \fBn\fR wo arrays \fBr\fR, \fBa\fR and \fBb\fR. It computes the \fBn\fR low words of \&\fBa\fR*\fBb\fR and places the result in \fBr\fR. .PP -bn_mul_recursive(\fBr\fR, \fBa\fR, \fBb\fR, \fBn2\fR, \fBt\fR) operates on the \fBn2\fR -word arrays \fBa\fR and \fBb\fR and the 2*\fBn2\fR word arrays \fBr\fR and \fBt\fR. -\&\fBn2\fR must be a power of 2. It computes \fBa\fR*\fBb\fR and places the -result in \fBr\fR. +bn_mul_recursive(\fBr\fR, \fBa\fR, \fBb\fR, \fBn2\fR, \fBdna\fR, \fBdnb\fR, \fBt\fR) operates +on the word arrays \fBa\fR and \fBb\fR of length \fBn2\fR+\fBdna\fR and \fBn2\fR+\fBdnb\fR +(\fBdna\fR and \fBdnb\fR are currently allowed to be 0 or negative) and the 2*\fBn2\fR +word arrays \fBr\fR and \fBt\fR. \fBn2\fR must be a power of 2. It computes +\&\fBa\fR*\fBb\fR and places the result in \fBr\fR. .PP -bn_mul_part_recursive(\fBr\fR, \fBa\fR, \fBb\fR, \fBtn\fR, \fBn\fR, \fBtmp\fR) operates -on the \fBn\fR+\fBtn\fR word arrays \fBa\fR and \fBb\fR and the 4*\fBn\fR word arrays -\&\fBr\fR and \fBtmp\fR. +bn_mul_part_recursive(\fBr\fR, \fBa\fR, \fBb\fR, \fBn\fR, \fBtna\fR, \fBtnb\fR, \fBtmp\fR) +operates on the word arrays \fBa\fR and \fBb\fR of length \fBn\fR+\fBtna\fR and +\&\fBn\fR+\fBtnb\fR and the 4*\fBn\fR word arrays \fBr\fR and \fBtmp\fR. .PP bn_mul_low_recursive(\fBr\fR, \fBa\fR, \fBb\fR, \fBn2\fR, \fBtmp\fR) operates on the \&\fBn2\fR word arrays \fBr\fR and \fBtmp\fR and the \fBn2\fR/2 word arrays \fBa\fR diff --git a/secure/lib/libcrypto/man/buffer.3 b/secure/lib/libcrypto/man/buffer.3 index 4687d39c1b40..4920493d4f3f 100644 --- a/secure/lib/libcrypto/man/buffer.3 +++ b/secure/lib/libcrypto/man/buffer.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:59 2002 +.\" Mon Jan 13 19:28:58 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "buffer 3" -.TH buffer 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH buffer 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BUF_MEM_new, BUF_MEM_free, BUF_MEM_grow, BUF_strdup \- simple diff --git a/secure/lib/libcrypto/man/ca.1 b/secure/lib/libcrypto/man/ca.1 deleted file mode 100644 index 86f7b2cd0c82..000000000000 --- a/secure/lib/libcrypto/man/ca.1 +++ /dev/null @@ -1,587 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:40 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "CA 1" -.TH CA 1 "0.9.6e" "2002-01-26" "OpenSSL" -.UC -.SH "NAME" -ca \- sample minimal \s-1CA\s0 application -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBca\fR -[\fB\-verbose\fR] -[\fB\-config filename\fR] -[\fB\-name section\fR] -[\fB\-gencrl\fR] -[\fB\-revoke file\fR] -[\fB\-crldays days\fR] -[\fB\-crlhours hours\fR] -[\fB\-crlexts section\fR] -[\fB\-startdate date\fR] -[\fB\-enddate date\fR] -[\fB\-days arg\fR] -[\fB\-md arg\fR] -[\fB\-policy arg\fR] -[\fB\-keyfile arg\fR] -[\fB\-key arg\fR] -[\fB\-passin arg\fR] -[\fB\-cert file\fR] -[\fB\-in file\fR] -[\fB\-out file\fR] -[\fB\-notext\fR] -[\fB\-outdir dir\fR] -[\fB\-infiles\fR] -[\fB\-spkac file\fR] -[\fB\-ss_cert file\fR] -[\fB\-preserveDN\fR] -[\fB\-batch\fR] -[\fB\-msie_hack\fR] -[\fB\-extensions section\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBca\fR command is a minimal \s-1CA\s0 application. It can be used -to sign certificate requests in a variety of forms and generate -CRLs it also maintains a text database of issued certificates -and their status. -.PP -The options descriptions will be divided into each purpose. -.SH "CA OPTIONS" -.IX Header "CA OPTIONS" -.Ip "\fB\-config filename\fR" 4 -.IX Item "-config filename" -specifies the configuration file to use. -.Ip "\fB\-name section\fR" 4 -.IX Item "-name section" -specifies the configuration file section to use (overrides -\&\fBdefault_ca\fR in the \fBca\fR section). -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -an input filename containing a single certificate request to be -signed by the \s-1CA\s0. -.Ip "\fB\-ss_cert filename\fR" 4 -.IX Item "-ss_cert filename" -a single self signed certificate to be signed by the \s-1CA\s0. -.Ip "\fB\-spkac filename\fR" 4 -.IX Item "-spkac filename" -a file containing a single Netscape signed public key and challenge -and additional field values to be signed by the \s-1CA\s0. See the \fB\s-1NOTES\s0\fR -section for information on the required format. -.Ip "\fB\-infiles\fR" 4 -.IX Item "-infiles" -if present this should be the last option, all subsequent arguments -are assumed to the the names of files containing certificate requests. -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -the output file to output certificates to. The default is standard -output. The certificate details will also be printed out to this -file. -.Ip "\fB\-outdir directory\fR" 4 -.IX Item "-outdir directory" -the directory to output certificates to. The certificate will be -written to a filename consisting of the serial number in hex with -\&\*(L".pem\*(R" appended. -.Ip "\fB\-cert\fR" 4 -.IX Item "-cert" -the \s-1CA\s0 certificate file. -.Ip "\fB\-keyfile filename\fR" 4 -.IX Item "-keyfile filename" -the private key to sign requests with. -.Ip "\fB\-key password\fR" 4 -.IX Item "-key password" -the password used to encrypt the private key. Since on some -systems the command line arguments are visible (e.g. Unix with -the 'ps' utility) this option should be used with caution. -.Ip "\fB\-passin arg\fR" 4 -.IX Item "-passin arg" -the key password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). -=item \fB\-verbose\fR -.Sp -this prints extra details about the operations being performed. -.Ip "\fB\-notext\fR" 4 -.IX Item "-notext" -don't output the text form of a certificate to the output file. -.Ip "\fB\-startdate date\fR" 4 -.IX Item "-startdate date" -this allows the start date to be explicitly set. The format of the -date is \s-1YYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 UTCTime structure). -.Ip "\fB\-enddate date\fR" 4 -.IX Item "-enddate date" -this allows the expiry date to be explicitly set. The format of the -date is \s-1YYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 UTCTime structure). -.Ip "\fB\-days arg\fR" 4 -.IX Item "-days arg" -the number of days to certify the certificate for. -.Ip "\fB\-md alg\fR" 4 -.IX Item "-md alg" -the message digest to use. Possible values include md5, sha1 and mdc2. -This option also applies to CRLs. -.Ip "\fB\-policy arg\fR" 4 -.IX Item "-policy arg" -this option defines the \s-1CA\s0 \*(L"policy\*(R" to use. This is a section in -the configuration file which decides which fields should be mandatory -or match the \s-1CA\s0 certificate. Check out the \fB\s-1POLICY\s0 \s-1FORMAT\s0\fR section -for more information. -.Ip "\fB\-msie_hack\fR" 4 -.IX Item "-msie_hack" -this is a legacy option to make \fBca\fR work with very old versions of -the \s-1IE\s0 certificate enrollment control \*(L"certenr3\*(R". It used UniversalStrings -for almost everything. Since the old control has various security bugs -its use is strongly discouraged. The newer control \*(L"Xenroll\*(R" does not -need this option. -.Ip "\fB\-preserveDN\fR" 4 -.IX Item "-preserveDN" -Normally the \s-1DN\s0 order of a certificate is the same as the order of the -fields in the relevant policy section. When this option is set the order -is the same as the request. This is largely for compatibility with the -older \s-1IE\s0 enrollment control which would only accept certificates if their -DNs match the order of the request. This is not needed for Xenroll. -.Ip "\fB\-batch\fR" 4 -.IX Item "-batch" -this sets the batch mode. In this mode no questions will be asked -and all certificates will be certified automatically. -.Ip "\fB\-extensions section\fR" 4 -.IX Item "-extensions section" -the section of the configuration file containing certificate extensions -to be added when a certificate is issued. If no extension section is -present then a V1 certificate is created. If the extension section -is present (even if it is empty) then a V3 certificate is created. -.SH "CRL OPTIONS" -.IX Header "CRL OPTIONS" -.Ip "\fB\-gencrl\fR" 4 -.IX Item "-gencrl" -this option generates a \s-1CRL\s0 based on information in the index file. -.Ip "\fB\-crldays num\fR" 4 -.IX Item "-crldays num" -the number of days before the next \s-1CRL\s0 is due. That is the days from -now to place in the \s-1CRL\s0 nextUpdate field. -.Ip "\fB\-crlhours num\fR" 4 -.IX Item "-crlhours num" -the number of hours before the next \s-1CRL\s0 is due. -.Ip "\fB\-revoke filename\fR" 4 -.IX Item "-revoke filename" -a filename containing a certificate to revoke. -.Ip "\fB\-crlexts section\fR" 4 -.IX Item "-crlexts section" -the section of the configuration file containing \s-1CRL\s0 extensions to -include. If no \s-1CRL\s0 extension section is present then a V1 \s-1CRL\s0 is -created, if the \s-1CRL\s0 extension section is present (even if it is -empty) then a V2 \s-1CRL\s0 is created. The \s-1CRL\s0 extensions specified are -\&\s-1CRL\s0 extensions and \fBnot\fR \s-1CRL\s0 entry extensions. It should be noted -that some software (for example Netscape) can't handle V2 CRLs. -.SH "CONFIGURATION FILE OPTIONS" -.IX Header "CONFIGURATION FILE OPTIONS" -The section of the configuration file containing options for \fBca\fR -is found as follows: If the \fB\-name\fR command line option is used, -then it names the section to be used. Otherwise the section to -be used must be named in the \fBdefault_ca\fR option of the \fBca\fR section -of the configuration file (or in the default section of the -configuration file). Besides \fBdefault_ca\fR, the following options are -read directly from the \fBca\fR section: - \s-1RANDFILE\s0 - preserve - msie_hack -With the exception of \fB\s-1RANDFILE\s0\fR, this is probably a bug and may -change in future releases. -.PP -Many of the configuration file options are identical to command line -options. Where the option is present in the configuration file -and the command line the command line value is used. Where an -option is described as mandatory then it must be present in -the configuration file or the command line equivalent (if -any) used. -.Ip "\fBoid_file\fR" 4 -.IX Item "oid_file" -This specifies a file containing additional \fB\s-1OBJECT\s0 \s-1IDENTIFIERS\s0\fR. -Each line of the file should consist of the numerical form of the -object identifier followed by white space then the short name followed -by white space and finally the long name. -.Ip "\fBoid_section\fR" 4 -.IX Item "oid_section" -This specifies a section in the configuration file containing extra -object identifiers. Each line should consist of the short name of the -object identifier followed by \fB=\fR and the numerical form. The short -and long names are the same when this option is used. -.Ip "\fBnew_certs_dir\fR" 4 -.IX Item "new_certs_dir" -the same as the \fB\-outdir\fR command line option. It specifies -the directory where new certificates will be placed. Mandatory. -.Ip "\fBcertificate\fR" 4 -.IX Item "certificate" -the same as \fB\-cert\fR. It gives the file containing the \s-1CA\s0 -certificate. Mandatory. -.Ip "\fBprivate_key\fR" 4 -.IX Item "private_key" -same as the \fB\-keyfile\fR option. The file containing the -\&\s-1CA\s0 private key. Mandatory. -.Ip "\fB\s-1RANDFILE\s0\fR" 4 -.IX Item "RANDFILE" -a file used to read and write random number seed information, or -an \s-1EGD\s0 socket (see RAND_egd(3)). -.Ip "\fBdefault_days\fR" 4 -.IX Item "default_days" -the same as the \fB\-days\fR option. The number of days to certify -a certificate for. -.Ip "\fBdefault_startdate\fR" 4 -.IX Item "default_startdate" -the same as the \fB\-startdate\fR option. The start date to certify -a certificate for. If not set the current time is used. -.Ip "\fBdefault_enddate\fR" 4 -.IX Item "default_enddate" -the same as the \fB\-enddate\fR option. Either this option or -\&\fBdefault_days\fR (or the command line equivalents) must be -present. -.Ip "\fBdefault_crl_hours default_crl_days\fR" 4 -.IX Item "default_crl_hours default_crl_days" -the same as the \fB\-crlhours\fR and the \fB\-crldays\fR options. These -will only be used if neither command line option is present. At -least one of these must be present to generate a \s-1CRL\s0. -.Ip "\fBdefault_md\fR" 4 -.IX Item "default_md" -the same as the \fB\-md\fR option. The message digest to use. Mandatory. -.Ip "\fBdatabase\fR" 4 -.IX Item "database" -the text database file to use. Mandatory. This file must be present -though initially it will be empty. -.Ip "\fBserialfile\fR" 4 -.IX Item "serialfile" -a text file containing the next serial number to use in hex. Mandatory. -This file must be present and contain a valid serial number. -.Ip "\fBx509_extensions\fR" 4 -.IX Item "x509_extensions" -the same as \fB\-extensions\fR. -.Ip "\fBcrl_extensions\fR" 4 -.IX Item "crl_extensions" -the same as \fB\-crlexts\fR. -.Ip "\fBpreserve\fR" 4 -.IX Item "preserve" -the same as \fB\-preserveDN\fR -.Ip "\fBmsie_hack\fR" 4 -.IX Item "msie_hack" -the same as \fB\-msie_hack\fR -.Ip "\fBpolicy\fR" 4 -.IX Item "policy" -the same as \fB\-policy\fR. Mandatory. See the \fB\s-1POLICY\s0 \s-1FORMAT\s0\fR section -for more information. -.SH "POLICY FORMAT" -.IX Header "POLICY FORMAT" -The policy section consists of a set of variables corresponding to -certificate \s-1DN\s0 fields. If the value is \*(L"match\*(R" then the field value -must match the same field in the \s-1CA\s0 certificate. If the value is -\&\*(L"supplied\*(R" then it must be present. If the value is \*(L"optional\*(R" then -it may be present. Any fields not mentioned in the policy section -are silently deleted, unless the \fB\-preserveDN\fR option is set but -this can be regarded more of a quirk than intended behaviour. -.SH "SPKAC FORMAT" -.IX Header "SPKAC FORMAT" -The input to the \fB\-spkac\fR command line option is a Netscape -signed public key and challenge. This will usually come from -the \fB\s-1KEYGEN\s0\fR tag in an \s-1HTML\s0 form to create a new private key. -It is however possible to create SPKACs using the \fBspkac\fR utility. -.PP -The file should contain the variable \s-1SPKAC\s0 set to the value of -the \s-1SPKAC\s0 and also the required \s-1DN\s0 components as name value pairs. -If you need to include the same component twice then it can be -preceded by a number and a '.'. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Note: these examples assume that the \fBca\fR directory structure is -already set up and the relevant files already exist. This usually -involves creating a \s-1CA\s0 certificate and private key with \fBreq\fR, a -serial number file and an empty index file and placing them in -the relevant directories. -.PP -To use the sample configuration file below the directories demoCA, -demoCA/private and demoCA/newcerts would be created. The \s-1CA\s0 -certificate would be copied to demoCA/cacert.pem and its private -key to demoCA/private/cakey.pem. A file demoCA/serial would be -created containing for example \*(L"01\*(R" and the empty index file -demoCA/index.txt. -.PP -Sign a certificate request: -.PP -.Vb 1 -\& openssl ca -in req.pem -out newcert.pem -.Ve -Sign a certificate request, using \s-1CA\s0 extensions: -.PP -.Vb 1 -\& openssl ca -in req.pem -extensions v3_ca -out newcert.pem -.Ve -Generate a \s-1CRL\s0 -.PP -.Vb 1 -\& openssl ca -gencrl -out crl.pem -.Ve -Sign several requests: -.PP -.Vb 1 -\& openssl ca -infiles req1.pem req2.pem req3.pem -.Ve -Certify a Netscape \s-1SPKAC:\s0 -.PP -.Vb 1 -\& openssl ca -spkac spkac.txt -.Ve -A sample \s-1SPKAC\s0 file (the \s-1SPKAC\s0 line has been truncated for clarity): -.PP -.Vb 5 -\& SPKAC=MIG0MGAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PDhCeV/xIxUg8V70YRxK2A5 -\& CN=Steve Test -\& emailAddress=steve@openssl.org -\& 0.OU=OpenSSL Group -\& 1.OU=Another Group -.Ve -A sample configuration file with the relevant sections for \fBca\fR: -.PP -.Vb 2 -\& [ ca ] -\& default_ca = CA_default # The default ca section -.Ve -.Vb 1 -\& [ CA_default ] -.Ve -.Vb 3 -\& dir = ./demoCA # top dir -\& database = $dir/index.txt # index file. -\& new_certs_dir = $dir/newcerts # new certs dir -.Ve -.Vb 4 -\& certificate = $dir/cacert.pem # The CA cert -\& serial = $dir/serial # serial no file -\& private_key = $dir/private/cakey.pem# CA private key -\& RANDFILE = $dir/private/.rand # random number file -.Ve -.Vb 3 -\& default_days = 365 # how long to certify for -\& default_crl_days= 30 # how long before next CRL -\& default_md = md5 # md to use -.Ve -.Vb 1 -\& policy = policy_any # default policy -.Ve -.Vb 7 -\& [ policy_any ] -\& countryName = supplied -\& stateOrProvinceName = optional -\& organizationName = optional -\& organizationalUnitName = optional -\& commonName = supplied -\& emailAddress = optional -.Ve -.SH "WARNINGS" -.IX Header "WARNINGS" -The \fBca\fR command is quirky and at times downright unfriendly. -.PP -The \fBca\fR utility was originally meant as an example of how to do things -in a \s-1CA\s0. It was not supposed be be used as a full blown \s-1CA\s0 itself: -nevertheless some people are using it for this purpose. -.PP -The \fBca\fR command is effectively a single user command: no locking is -done on the various files and attempts to run more than one \fBca\fR command -on the same database can have unpredictable results. -.SH "FILES" -.IX Header "FILES" -Note: the location of all files can change either by compile time options, -configuration file entries, environment variables or command line options. -The values below reflect the default values. -.PP -.Vb 10 -\& /usr/local/ssl/lib/openssl.cnf - master configuration file -\& ./demoCA - main CA directory -\& ./demoCA/cacert.pem - CA certificate -\& ./demoCA/private/cakey.pem - CA private key -\& ./demoCA/serial - CA serial number file -\& ./demoCA/serial.old - CA serial number backup file -\& ./demoCA/index.txt - CA text database file -\& ./demoCA/index.txt.old - CA text database backup file -\& ./demoCA/certs - certificate output file -\& ./demoCA/.rnd - CA random seed information -.Ve -.SH "ENVIRONMENT VARIABLES" -.IX Header "ENVIRONMENT VARIABLES" -\&\fB\s-1OPENSSL_CONF\s0\fR reflects the location of master configuration file it can -be overridden by the \fB\-config\fR command line option. -.SH "RESTRICTIONS" -.IX Header "RESTRICTIONS" -The text database index file is a critical part of the process and -if corrupted it can be difficult to fix. It is theoretically possible -to rebuild the index file from all the issued certificates and a current -\&\s-1CRL:\s0 however there is no option to do this. -.PP -\&\s-1CRL\s0 entry extensions cannot currently be created: only \s-1CRL\s0 extensions -can be added. -.PP -V2 \s-1CRL\s0 features like delta \s-1CRL\s0 support and \s-1CRL\s0 numbers are not currently -supported. -.PP -Although several requests can be input and handled at once it is only -possible to include one \s-1SPKAC\s0 or self signed certificate. -.SH "BUGS" -.IX Header "BUGS" -The use of an in memory text database can cause problems when large -numbers of certificates are present because, as the name implies -the database has to be kept in memory. -.PP -Certificate request extensions are ignored: some kind of \*(L"policy\*(R" should -be included to use certain static extensions and certain extensions -from the request. -.PP -It is not possible to certify two certificates with the same \s-1DN:\s0 this -is a side effect of how the text database is indexed and it cannot easily -be fixed without introducing other problems. Some S/MIME clients can use -two certificates with the same \s-1DN\s0 for separate signing and encryption -keys. -.PP -The \fBca\fR command really needs rewriting or the required functionality -exposed at either a command or interface level so a more friendly utility -(perl script or \s-1GUI\s0) can handle things properly. The scripts \fB\s-1CA\s0.sh\fR and -\&\fB\s-1CA\s0.pl\fR help a little but not very much. -.PP -Any fields in a request that are not present in a policy are silently -deleted. This does not happen if the \fB\-preserveDN\fR option is used but -the extra fields are not displayed when the user is asked to certify -a request. The behaviour should be more friendly and configurable. -.PP -Cancelling some commands by refusing to certify a certificate can -create an empty file. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -req(1), spkac(1), x509(1), CA.pl(1), -config(5) diff --git a/secure/lib/libcrypto/man/ciphers.1 b/secure/lib/libcrypto/man/ciphers.1 deleted file mode 100644 index 620a08189cd7..000000000000 --- a/secure/lib/libcrypto/man/ciphers.1 +++ /dev/null @@ -1,447 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:40 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "CIPHERS 1" -.TH CIPHERS 1 "0.9.6e" "2000-11-12" "OpenSSL" -.UC -.SH "NAME" -ciphers \- \s-1SSL\s0 cipher display and cipher list tool. -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBciphers\fR -[\fB\-v\fR] -[\fB\-ssl2\fR] -[\fB\-ssl3\fR] -[\fB\-tls1\fR] -[\fBcipherlist\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBcipherlist\fR command converts OpenSSL cipher lists into ordered -\&\s-1SSL\s0 cipher preference lists. It can be used as a test tool to determine -the appropriate cipherlist. -.SH "COMMAND OPTIONS" -.IX Header "COMMAND OPTIONS" -.Ip "\fB\-v\fR" 4 -.IX Item "-v" -verbose option. List ciphers with a complete description of -protocol version (SSLv2 or SSLv3; the latter includes \s-1TLS\s0), key exchange, -authentication, encryption and mac algorithms used along with any key size -restrictions and whether the algorithm is classed as an \*(L"export\*(R" cipher. -Note that without the \fB\-v\fR option, ciphers may seem to appear twice -in a cipher list; this is when similar ciphers are available for -\&\s-1SSL\s0 v2 and for \s-1SSL\s0 v3/TLS v1. -.Ip "\fB\-ssl3\fR" 4 -.IX Item "-ssl3" -only include \s-1SSL\s0 v3 ciphers. -.Ip "\fB\-ssl2\fR" 4 -.IX Item "-ssl2" -only include \s-1SSL\s0 v2 ciphers. -.Ip "\fB\-tls1\fR" 4 -.IX Item "-tls1" -only include \s-1TLS\s0 v1 ciphers. -.Ip "\fB\-h\fR, \fB\-?\fR" 4 -.IX Item "-h, -?" -print a brief usage message. -.Ip "\fBcipherlist\fR" 4 -.IX Item "cipherlist" -a cipher list to convert to a cipher preference list. If it is not included -then the default cipher list will be used. The format is described below. -.SH "CIPHER LIST FORMAT" -.IX Header "CIPHER LIST FORMAT" -The cipher list consists of one or more \fIcipher strings\fR separated by colons. -Commas or spaces are also acceptable separators but colons are normally used. -.PP -The actual cipher string can take several different forms. -.PP -It can consist of a single cipher suite such as \fB\s-1RC4\-SHA\s0\fR. -.PP -It can represent a list of cipher suites containing a certain algorithm, or -cipher suites of a certain type. For example \fB\s-1SHA1\s0\fR represents all ciphers -suites using the digest algorithm \s-1SHA1\s0 and \fBSSLv3\fR represents all \s-1SSL\s0 v3 -algorithms. -.PP -Lists of cipher suites can be combined in a single cipher string using the -\&\fB+\fR character. This is used as a logical \fBand\fR operation. For example -\&\fB\s-1SHA1+DES\s0\fR represents all cipher suites containing the \s-1SHA1\s0 \fBand\fR the \s-1DES\s0 -algorithms. -.PP -Each cipher string can be optionally preceded by the characters \fB!\fR, -\&\fB-\fR or \fB+\fR. -.PP -If \fB!\fR is used then the ciphers are permanently deleted from the list. -The ciphers deleted can never reappear in the list even if they are -explicitly stated. -.PP -If \fB-\fR is used then the ciphers are deleted from the list, but some or -all of the ciphers can be added again by later options. -.PP -If \fB+\fR is used then the ciphers are moved to the end of the list. This -option doesn't add any new ciphers it just moves matching existing ones. -.PP -If none of these characters is present then the string is just interpreted -as a list of ciphers to be appended to the current preference list. If the -list includes any ciphers already present they will be ignored: that is they -will not moved to the end of the list. -.PP -Additionally the cipher string \fB@STRENGTH\fR can be used at any point to sort -the current cipher list in order of encryption algorithm key length. -.SH "CIPHER STRINGS" -.IX Header "CIPHER STRINGS" -The following is a list of all permitted cipher strings and their meanings. -.Ip "\fB\s-1DEFAULT\s0\fR" 4 -.IX Item "DEFAULT" -the default cipher list. This is determined at compile time and is normally -\&\fB\s-1ALL:\s0!ADH:RC4+RSA:+SSLv2:@STRENGTH\fR. This must be the first cipher string -specified. -.Ip "\fB\s-1ALL\s0\fR" 4 -.IX Item "ALL" -all ciphers suites except the \fBeNULL\fR ciphers which must be explicitly enabled. -.Ip "\fB\s-1HIGH\s0\fR" 4 -.IX Item "HIGH" -\&\*(L"high\*(R" encryption cipher suites. This currently means those with key lengths larger -than 128 bits. -.Ip "\fB\s-1MEDIUM\s0\fR" 4 -.IX Item "MEDIUM" -\&\*(L"medium\*(R" encryption cipher suites, currently those using 128 bit encryption. -.Ip "\fB\s-1LOW\s0\fR" 4 -.IX Item "LOW" -\&\*(L"low\*(R" encryption cipher suites, currently those using 64 or 56 bit encryption algorithms -but excluding export cipher suites. -.Ip "\fB\s-1EXP\s0\fR, \fB\s-1EXPORT\s0\fR" 4 -.IX Item "EXP, EXPORT" -export encryption algorithms. Including 40 and 56 bits algorithms. -.Ip "\fB\s-1EXPORT40\s0\fR" 4 -.IX Item "EXPORT40" -40 bit export encryption algorithms -.Ip "\fB\s-1EXPORT56\s0\fR" 4 -.IX Item "EXPORT56" -56 bit export encryption algorithms. -.Ip "\fBeNULL\fR, \fB\s-1NULL\s0\fR" 4 -.IX Item "eNULL, NULL" -the \*(L"\s-1NULL\s0\*(R" ciphers that is those offering no encryption. Because these offer no -encryption at all and are a security risk they are disabled unless explicitly -included. -.Ip "\fBaNULL\fR" 4 -.IX Item "aNULL" -the cipher suites offering no authentication. This is currently the anonymous -\&\s-1DH\s0 algorithms. These cipher suites are vulnerable to a \*(L"man in the middle\*(R" -attack and so their use is normally discouraged. -.Ip "\fBkRSA\fR, \fB\s-1RSA\s0\fR" 4 -.IX Item "kRSA, RSA" -cipher suites using \s-1RSA\s0 key exchange. -.Ip "\fBkEDH\fR" 4 -.IX Item "kEDH" -cipher suites using ephemeral \s-1DH\s0 key agreement. -.Ip "\fBkDHr\fR, \fBkDHd\fR" 4 -.IX Item "kDHr, kDHd" -cipher suites using \s-1DH\s0 key agreement and \s-1DH\s0 certificates signed by CAs with \s-1RSA\s0 -and \s-1DSS\s0 keys respectively. Not implemented. -.Ip "\fBaRSA\fR" 4 -.IX Item "aRSA" -cipher suites using \s-1RSA\s0 authentication, i.e. the certificates carry \s-1RSA\s0 keys. -.Ip "\fBaDSS\fR, \fB\s-1DSS\s0\fR" 4 -.IX Item "aDSS, DSS" -cipher suites using \s-1DSS\s0 authentication, i.e. the certificates carry \s-1DSS\s0 keys. -.Ip "\fBaDH\fR" 4 -.IX Item "aDH" -cipher suites effectively using \s-1DH\s0 authentication, i.e. the certificates carry -\&\s-1DH\s0 keys. Not implemented. -.Ip "\fBkFZA\fR, \fBaFZA\fR, \fBeFZA\fR, \fB\s-1FZA\s0\fR" 4 -.IX Item "kFZA, aFZA, eFZA, FZA" -ciphers suites using \s-1FORTEZZA\s0 key exchange, authentication, encryption or all -\&\s-1FORTEZZA\s0 algorithms. Not implemented. -.Ip "\fBTLSv1\fR, \fBSSLv3\fR, \fBSSLv2\fR" 4 -.IX Item "TLSv1, SSLv3, SSLv2" -\&\s-1TLS\s0 v1.0, \s-1SSL\s0 v3.0 or \s-1SSL\s0 v2.0 cipher suites respectively. -.Ip "\fB\s-1DH\s0\fR" 4 -.IX Item "DH" -cipher suites using \s-1DH\s0, including anonymous \s-1DH\s0. -.Ip "\fB\s-1ADH\s0\fR" 4 -.IX Item "ADH" -anonymous \s-1DH\s0 cipher suites. -.Ip "\fB3DES\fR" 4 -.IX Item "3DES" -cipher suites using triple \s-1DES\s0. -.Ip "\fB\s-1DES\s0\fR" 4 -.IX Item "DES" -cipher suites using \s-1DES\s0 (not triple \s-1DES\s0). -.Ip "\fB\s-1RC4\s0\fR" 4 -.IX Item "RC4" -cipher suites using \s-1RC4\s0. -.Ip "\fB\s-1RC2\s0\fR" 4 -.IX Item "RC2" -cipher suites using \s-1RC2\s0. -.Ip "\fB\s-1IDEA\s0\fR" 4 -.IX Item "IDEA" -cipher suites using \s-1IDEA\s0. -.Ip "\fB\s-1MD5\s0\fR" 4 -.IX Item "MD5" -cipher suites using \s-1MD5\s0. -.Ip "\fB\s-1SHA1\s0\fR, \fB\s-1SHA\s0\fR" 4 -.IX Item "SHA1, SHA" -cipher suites using \s-1SHA1\s0. -.SH "CIPHER SUITE NAMES" -.IX Header "CIPHER SUITE NAMES" -The following lists give the \s-1SSL\s0 or \s-1TLS\s0 cipher suites names from the -relevant specification and their OpenSSL equivalents. -.Sh "\s-1SSL\s0 v3.0 cipher suites." -.IX Subsection "SSL v3.0 cipher suites." -.Vb 10 -\& SSL_RSA_WITH_NULL_MD5 NULL-MD5 -\& SSL_RSA_WITH_NULL_SHA NULL-SHA -\& SSL_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5 -\& SSL_RSA_WITH_RC4_128_MD5 RC4-MD5 -\& SSL_RSA_WITH_RC4_128_SHA RC4-SHA -\& SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5 -\& SSL_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA -\& SSL_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA -\& SSL_RSA_WITH_DES_CBC_SHA DES-CBC-SHA -\& SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA -.Ve -.Vb 12 -\& SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented. -\& SSL_DH_DSS_WITH_DES_CBC_SHA Not implemented. -\& SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented. -\& SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented. -\& SSL_DH_RSA_WITH_DES_CBC_SHA Not implemented. -\& SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented. -\& SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA -\& SSL_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBC-SHA -\& SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA -\& SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-RSA-DES-CBC-SHA -\& SSL_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DES-CBC-SHA -\& SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA -.Ve -.Vb 5 -\& SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5 -\& SSL_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5 -\& SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA -\& SSL_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA -\& SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA -.Ve -.Vb 3 -\& SSL_FORTEZZA_KEA_WITH_NULL_SHA Not implemented. -\& SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA Not implemented. -\& SSL_FORTEZZA_KEA_WITH_RC4_128_SHA Not implemented. -.Ve -.Sh "\s-1TLS\s0 v1.0 cipher suites." -.IX Subsection "TLS v1.0 cipher suites." -.Vb 10 -\& TLS_RSA_WITH_NULL_MD5 NULL-MD5 -\& TLS_RSA_WITH_NULL_SHA NULL-SHA -\& TLS_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5 -\& TLS_RSA_WITH_RC4_128_MD5 RC4-MD5 -\& TLS_RSA_WITH_RC4_128_SHA RC4-SHA -\& TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5 -\& TLS_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA -\& TLS_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA -\& TLS_RSA_WITH_DES_CBC_SHA DES-CBC-SHA -\& TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA -.Ve -.Vb 12 -\& TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented. -\& TLS_DH_DSS_WITH_DES_CBC_SHA Not implemented. -\& TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented. -\& TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented. -\& TLS_DH_RSA_WITH_DES_CBC_SHA Not implemented. -\& TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented. -\& TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA -\& TLS_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBC-SHA -\& TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA -\& TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-RSA-DES-CBC-SHA -\& TLS_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DES-CBC-SHA -\& TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA -.Ve -.Vb 5 -\& TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5 -\& TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5 -\& TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA -\& TLS_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA -\& TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA -.Ve -.Sh "Additional Export 1024 and other cipher suites" -.IX Subsection "Additional Export 1024 and other cipher suites" -Note: these ciphers can also be used in \s-1SSL\s0 v3. -.PP -.Vb 5 -\& TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DES-CBC-SHA -\& TLS_RSA_EXPORT1024_WITH_RC4_56_SHA EXP1024-RC4-SHA -\& TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DHE-DSS-DES-CBC-SHA -\& TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA EXP1024-DHE-DSS-RC4-SHA -\& TLS_DHE_DSS_WITH_RC4_128_SHA DHE-DSS-RC4-SHA -.Ve -.Sh "\s-1SSL\s0 v2.0 cipher suites." -.IX Subsection "SSL v2.0 cipher suites." -.Vb 7 -\& SSL_CK_RC4_128_WITH_MD5 RC4-MD5 -\& SSL_CK_RC4_128_EXPORT40_WITH_MD5 EXP-RC4-MD5 -\& SSL_CK_RC2_128_CBC_WITH_MD5 RC2-MD5 -\& SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 EXP-RC2-MD5 -\& SSL_CK_IDEA_128_CBC_WITH_MD5 IDEA-CBC-MD5 -\& SSL_CK_DES_64_CBC_WITH_MD5 DES-CBC-MD5 -\& SSL_CK_DES_192_EDE3_CBC_WITH_MD5 DES-CBC3-MD5 -.Ve -.SH "NOTES" -.IX Header "NOTES" -The non-ephemeral \s-1DH\s0 modes are currently unimplemented in OpenSSL -because there is no support for \s-1DH\s0 certificates. -.PP -Some compiled versions of OpenSSL may not include all the ciphers -listed here because some ciphers were excluded at compile time. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Verbose listing of all OpenSSL ciphers including \s-1NULL\s0 ciphers: -.PP -.Vb 1 -\& openssl ciphers -v 'ALL:eNULL' -.Ve -Include all ciphers except \s-1NULL\s0 and anonymous \s-1DH\s0 then sort by -strength: -.PP -.Vb 1 -\& openssl ciphers -v 'ALL:!ADH:@STRENGTH' -.Ve -Include only 3DES ciphers and then place \s-1RSA\s0 ciphers last: -.PP -.Vb 1 -\& openssl ciphers -v '3DES:+RSA' -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -s_client(1), s_server(1), ssl(3) diff --git a/secure/lib/libcrypto/man/config.1 b/secure/lib/libcrypto/man/config.1 deleted file mode 100644 index ff8800404396..000000000000 --- a/secure/lib/libcrypto/man/config.1 +++ /dev/null @@ -1,282 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Thu May 9 13:14:01 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "CONFIG 1" -.TH CONFIG 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" -.UC -.SH "NAME" -config \- OpenSSL \s-1CONF\s0 library configuration files -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The OpenSSL \s-1CONF\s0 library can be used to read configuration files. -It is used for the OpenSSL master configuration file \fBopenssl.cnf\fR -and in a few other places like \fB\s-1SPKAC\s0\fR files and certificate extension -files for the \fBx509\fR utility. -.PP -A configuration file is divided into a number of sections. Each section -starts with a line \fB[ section_name ]\fR and ends when a new section is -started or end of file is reached. A section name can consist of -alphanumeric characters and underscores. -.PP -The first section of a configuration file is special and is referred -to as the \fBdefault\fR section this is usually unnamed and is from the -start of file until the first named section. When a name is being looked up -it is first looked up in a named section (if any) and then the -default section. -.PP -The environment is mapped onto a section called \fB\s-1ENV\s0\fR. -.PP -Comments can be included by preceding them with the \fB#\fR character -.PP -Each section in a configuration file consists of a number of name and -value pairs of the form \fBname=value\fR -.PP -The \fBname\fR string can contain any alphanumeric characters as well as -a few punctuation symbols such as \fB.\fR \fB,\fR \fB;\fR and \fB_\fR. -.PP -The \fBvalue\fR string consists of the string following the \fB=\fR character -until end of line with any leading and trailing white space removed. -.PP -The value string undergoes variable expansion. This can be done by -including the form \fB$var\fR or \fB${var}\fR: this will substitute the value -of the named variable in the current section. It is also possible to -substitute a value from another section using the syntax \fB$section::name\fR -or \fB${section::name}\fR. By using the form \fB$ENV::name\fR environment -variables can be substituted. It is also possible to assign values to -environment variables by using the name \fB\s-1ENV:\s0:name\fR, this will work -if the program looks up environment variables using the \fB\s-1CONF\s0\fR library -instead of calling \fB\f(BIgetenv()\fB\fR directly. -.PP -It is possible to escape certain characters by using any kind of quote -or the \fB\e\fR character. By making the last character of a line a \fB\e\fR -a \fBvalue\fR string can be spread across multiple lines. In addition -the sequences \fB\en\fR, \fB\er\fR, \fB\eb\fR and \fB\et\fR are recognized. -.SH "NOTES" -.IX Header "NOTES" -If a configuration file attempts to expand a variable that doesn't exist -then an error is flagged and the file will not load. This can happen -if an attempt is made to expand an environment variable that doesn't -exist. For example the default OpenSSL master configuration file used -the value of \fB\s-1HOME\s0\fR which may not be defined on non Unix systems. -.PP -This can be worked around by including a \fBdefault\fR section to provide -a default value: then if the environment lookup fails the default value -will be used instead. For this to work properly the default value must -be defined earlier in the configuration file than the expansion. See -the \fB\s-1EXAMPLES\s0\fR section for an example of how to do this. -.PP -If the same variable exists in the same section then all but the last -value will be silently ignored. In certain circumstances such as with -DNs the same field may occur multiple times. This is usually worked -around by ignoring any characters before an initial \fB.\fR e.g. -.PP -.Vb 2 -\& 1.OU="My first OU" -\& 2.OU="My Second OU" -.Ve -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Here is a sample configuration file using some of the features -mentioned above. -.PP -.Vb 1 -\& # This is the default section. -.Ve -.Vb 3 -\& HOME=/temp -\& RANDFILE= ${ENV::HOME}/.rnd -\& configdir=$ENV::HOME/config -.Ve -.Vb 1 -\& [ section_one ] -.Ve -.Vb 1 -\& # We are now in section one. -.Ve -.Vb 2 -\& # Quotes permit leading and trailing whitespace -\& any = " any variable name " -.Ve -.Vb 3 -\& other = A string that can \e -\& cover several lines \e -\& by including \e\e characters -.Ve -.Vb 1 -\& message = Hello World\en -.Ve -.Vb 1 -\& [ section_two ] -.Ve -.Vb 1 -\& greeting = $section_one::message -.Ve -This next example shows how to expand environment variables safely. -.PP -Suppose you want a variable called \fBtmpfile\fR to refer to a -temporary filename. The directory it is placed in can determined by -the the \fB\s-1TEMP\s0\fR or \fB\s-1TMP\s0\fR environment variables but they may not be -set to any value at all. If you just include the environment variable -names and the variable doesn't exist then this will cause an error when -an attempt is made to load the configuration file. By making use of the -default section both values can be looked up with \fB\s-1TEMP\s0\fR taking -priority and \fB/tmp\fR used if neither is defined: -.PP -.Vb 5 -\& TMP=/tmp -\& # The above value is used if TMP isn't in the environment -\& TEMP=$ENV::TMP -\& # The above value is used if TEMP isn't in the environment -\& tmpfile=${ENV::TEMP}/tmp.filename -.Ve -.SH "BUGS" -.IX Header "BUGS" -Currently there is no way to include characters using the octal \fB\ennn\fR -form. Strings are all null terminated so nulls cannot form part of -the value. -.PP -The escaping isn't quite right: if you want to use sequences like \fB\en\fR -you can't use any quote escaping on the same line. -.PP -Files are loaded in a single pass. This means that an variable expansion -will only work if the variables referenced are defined earlier in the -file. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -x509(1), req(1), ca(1) diff --git a/secure/lib/libcrypto/man/config.5 b/secure/lib/libcrypto/man/config.5 deleted file mode 100644 index fbe41e16d4fa..000000000000 --- a/secure/lib/libcrypto/man/config.5 +++ /dev/null @@ -1,282 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:41 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "config 5" -.TH config 5 "0.9.6e" "2000-04-13" "OpenSSL" -.UC -.SH "NAME" -config \- OpenSSL \s-1CONF\s0 library configuration files -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The OpenSSL \s-1CONF\s0 library can be used to read configuration files. -It is used for the OpenSSL master configuration file \fBopenssl.cnf\fR -and in a few other places like \fB\s-1SPKAC\s0\fR files and certificate extension -files for the \fBx509\fR utility. -.PP -A configuration file is divided into a number of sections. Each section -starts with a line \fB[ section_name ]\fR and ends when a new section is -started or end of file is reached. A section name can consist of -alphanumeric characters and underscores. -.PP -The first section of a configuration file is special and is referred -to as the \fBdefault\fR section this is usually unnamed and is from the -start of file until the first named section. When a name is being looked up -it is first looked up in a named section (if any) and then the -default section. -.PP -The environment is mapped onto a section called \fB\s-1ENV\s0\fR. -.PP -Comments can be included by preceding them with the \fB#\fR character -.PP -Each section in a configuration file consists of a number of name and -value pairs of the form \fBname=value\fR -.PP -The \fBname\fR string can contain any alphanumeric characters as well as -a few punctuation symbols such as \fB.\fR \fB,\fR \fB;\fR and \fB_\fR. -.PP -The \fBvalue\fR string consists of the string following the \fB=\fR character -until end of line with any leading and trailing white space removed. -.PP -The value string undergoes variable expansion. This can be done by -including the form \fB$var\fR or \fB${var}\fR: this will substitute the value -of the named variable in the current section. It is also possible to -substitute a value from another section using the syntax \fB$section::name\fR -or \fB${section::name}\fR. By using the form \fB$ENV::name\fR environment -variables can be substituted. It is also possible to assign values to -environment variables by using the name \fB\s-1ENV:\s0:name\fR, this will work -if the program looks up environment variables using the \fB\s-1CONF\s0\fR library -instead of calling \fB\f(BIgetenv()\fB\fR directly. -.PP -It is possible to escape certain characters by using any kind of quote -or the \fB\e\fR character. By making the last character of a line a \fB\e\fR -a \fBvalue\fR string can be spread across multiple lines. In addition -the sequences \fB\en\fR, \fB\er\fR, \fB\eb\fR and \fB\et\fR are recognized. -.SH "NOTES" -.IX Header "NOTES" -If a configuration file attempts to expand a variable that doesn't exist -then an error is flagged and the file will not load. This can happen -if an attempt is made to expand an environment variable that doesn't -exist. For example the default OpenSSL master configuration file used -the value of \fB\s-1HOME\s0\fR which may not be defined on non Unix systems. -.PP -This can be worked around by including a \fBdefault\fR section to provide -a default value: then if the environment lookup fails the default value -will be used instead. For this to work properly the default value must -be defined earlier in the configuration file than the expansion. See -the \fB\s-1EXAMPLES\s0\fR section for an example of how to do this. -.PP -If the same variable exists in the same section then all but the last -value will be silently ignored. In certain circumstances such as with -DNs the same field may occur multiple times. This is usually worked -around by ignoring any characters before an initial \fB.\fR e.g. -.PP -.Vb 2 -\& 1.OU="My first OU" -\& 2.OU="My Second OU" -.Ve -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Here is a sample configuration file using some of the features -mentioned above. -.PP -.Vb 1 -\& # This is the default section. -.Ve -.Vb 3 -\& HOME=/temp -\& RANDFILE= ${ENV::HOME}/.rnd -\& configdir=$ENV::HOME/config -.Ve -.Vb 1 -\& [ section_one ] -.Ve -.Vb 1 -\& # We are now in section one. -.Ve -.Vb 2 -\& # Quotes permit leading and trailing whitespace -\& any = " any variable name " -.Ve -.Vb 3 -\& other = A string that can \e -\& cover several lines \e -\& by including \e\e characters -.Ve -.Vb 1 -\& message = Hello World\en -.Ve -.Vb 1 -\& [ section_two ] -.Ve -.Vb 1 -\& greeting = $section_one::message -.Ve -This next example shows how to expand environment variables safely. -.PP -Suppose you want a variable called \fBtmpfile\fR to refer to a -temporary filename. The directory it is placed in can determined by -the the \fB\s-1TEMP\s0\fR or \fB\s-1TMP\s0\fR environment variables but they may not be -set to any value at all. If you just include the environment variable -names and the variable doesn't exist then this will cause an error when -an attempt is made to load the configuration file. By making use of the -default section both values can be looked up with \fB\s-1TEMP\s0\fR taking -priority and \fB/tmp\fR used if neither is defined: -.PP -.Vb 5 -\& TMP=/tmp -\& # The above value is used if TMP isn't in the environment -\& TEMP=$ENV::TMP -\& # The above value is used if TEMP isn't in the environment -\& tmpfile=${ENV::TEMP}/tmp.filename -.Ve -.SH "BUGS" -.IX Header "BUGS" -Currently there is no way to include characters using the octal \fB\ennn\fR -form. Strings are all null terminated so nulls cannot form part of -the value. -.PP -The escaping isn't quite right: if you want to use sequences like \fB\en\fR -you can't use any quote escaping on the same line. -.PP -Files are loaded in a single pass. This means that an variable expansion -will only work if the variables referenced are defined earlier in the -file. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -x509(1), req(1), ca(1) diff --git a/secure/lib/libcrypto/man/crl.1 b/secure/lib/libcrypto/man/crl.1 deleted file mode 100644 index 8c71fec7c7f3..000000000000 --- a/secure/lib/libcrypto/man/crl.1 +++ /dev/null @@ -1,237 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:42 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "CRL 1" -.TH CRL 1 "0.9.6e" "2000-04-13" "OpenSSL" -.UC -.SH "NAME" -crl \- \s-1CRL\s0 utility -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBcrl\fR -[\fB\-inform PEM|DER\fR] -[\fB\-outform PEM|DER\fR] -[\fB\-text\fR] -[\fB\-in filename\fR] -[\fB\-out filename\fR] -[\fB\-noout\fR] -[\fB\-hash\fR] -[\fB\-issuer\fR] -[\fB\-lastupdate\fR] -[\fB\-nextupdate\fR] -[\fB\-CAfile file\fR] -[\fB\-CApath dir\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBcrl\fR command processes \s-1CRL\s0 files in \s-1DER\s0 or \s-1PEM\s0 format. -.SH "COMMAND OPTIONS" -.IX Header "COMMAND OPTIONS" -.Ip "\fB\-inform DER|PEM\fR" 4 -.IX Item "-inform DER|PEM" -This specifies the input format. \fB\s-1DER\s0\fR format is \s-1DER\s0 encoded \s-1CRL\s0 -structure. \fB\s-1PEM\s0\fR (the default) is a base64 encoded version of -the \s-1DER\s0 form with header and footer lines. -.Ip "\fB\-outform DER|PEM\fR" 4 -.IX Item "-outform DER|PEM" -This specifies the output format, the options have the same meaning as the -\&\fB\-inform\fR option. -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -This specifies the input filename to read from or standard input if this -option is not specified. -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -specifies the output filename to write to or standard output by -default. -.Ip "\fB\-text\fR" 4 -.IX Item "-text" -print out the \s-1CRL\s0 in text form. -.Ip "\fB\-noout\fR" 4 -.IX Item "-noout" -don't output the encoded version of the \s-1CRL\s0. -.Ip "\fB\-hash\fR" 4 -.IX Item "-hash" -output a hash of the issuer name. This can be use to lookup CRLs in -a directory by issuer name. -.Ip "\fB\-issuer\fR" 4 -.IX Item "-issuer" -output the issuer name. -.Ip "\fB\-lastupdate\fR" 4 -.IX Item "-lastupdate" -output the lastUpdate field. -.Ip "\fB\-nextupdate\fR" 4 -.IX Item "-nextupdate" -output the nextUpdate field. -.Ip "\fB\-CAfile file\fR" 4 -.IX Item "-CAfile file" -verify the signature on a \s-1CRL\s0 by looking up the issuing certificate in -\&\fBfile\fR -.Ip "\fB\-CApath dir\fR" 4 -.IX Item "-CApath dir" -verify the signature on a \s-1CRL\s0 by looking up the issuing certificate in -\&\fBdir\fR. This directory must be a standard certificate directory: that -is a hash of each subject name (using \fBx509 \-hash\fR) should be linked -to each certificate. -.SH "NOTES" -.IX Header "NOTES" -The \s-1PEM\s0 \s-1CRL\s0 format uses the header and footer lines: -.PP -.Vb 2 -\& -----BEGIN X509 CRL----- -\& -----END X509 CRL----- -.Ve -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Convert a \s-1CRL\s0 file from \s-1PEM\s0 to \s-1DER:\s0 -.PP -.Vb 1 -\& openssl crl -in crl.pem -outform DER -out crl.der -.Ve -Output the text form of a \s-1DER\s0 encoded certificate: -.PP -.Vb 1 -\& openssl crl -in crl.der -text -noout -.Ve -.SH "BUGS" -.IX Header "BUGS" -Ideally it should be possible to create a \s-1CRL\s0 using appropriate options -and files too. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -crl2pkcs7(1), ca(1), x509(1) diff --git a/secure/lib/libcrypto/man/crl2pkcs7.1 b/secure/lib/libcrypto/man/crl2pkcs7.1 deleted file mode 100644 index 0cb8dd915627..000000000000 --- a/secure/lib/libcrypto/man/crl2pkcs7.1 +++ /dev/null @@ -1,216 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:42 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "CRL2PKCS7 1" -.TH CRL2PKCS7 1 "0.9.6e" "2002-07-30" "OpenSSL" -.UC -.SH "NAME" -crl2pkcs7 \- Create a PKCS#7 structure from a \s-1CRL\s0 and certificates. -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBcrl2pkcs7\fR -[\fB\-inform PEM|DER\fR] -[\fB\-outform PEM|DER\fR] -[\fB\-in filename\fR] -[\fB\-out filename\fR] -[\fB\-certfile filename\fR] -[\fB\-nocrl\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBcrl2pkcs7\fR command takes an optional \s-1CRL\s0 and one or more -certificates and converts them into a PKCS#7 degenerate \*(L"certificates -only\*(R" structure. -.SH "COMMAND OPTIONS" -.IX Header "COMMAND OPTIONS" -.Ip "\fB\-inform DER|PEM\fR" 4 -.IX Item "-inform DER|PEM" -This specifies the \s-1CRL\s0 input format. \fB\s-1DER\s0\fR format is \s-1DER\s0 encoded \s-1CRL\s0 -structure.\fB\s-1PEM\s0\fR (the default) is a base64 encoded version of -the \s-1DER\s0 form with header and footer lines. -.Ip "\fB\-outform DER|PEM\fR" 4 -.IX Item "-outform DER|PEM" -This specifies the PKCS#7 structure output format. \fB\s-1DER\s0\fR format is \s-1DER\s0 -encoded PKCS#7 structure.\fB\s-1PEM\s0\fR (the default) is a base64 encoded version of -the \s-1DER\s0 form with header and footer lines. -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -This specifies the input filename to read a \s-1CRL\s0 from or standard input if this -option is not specified. -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -specifies the output filename to write the PKCS#7 structure to or standard -output by default. -.Ip "\fB\-certfile filename\fR" 4 -.IX Item "-certfile filename" -specifies a filename containing one or more certificates in \fB\s-1PEM\s0\fR format. -All certificates in the file will be added to the PKCS#7 structure. This -option can be used more than once to read certificates form multiple -files. -.Ip "\fB\-nocrl\fR" 4 -.IX Item "-nocrl" -normally a \s-1CRL\s0 is included in the output file. With this option no \s-1CRL\s0 is -included in the output file and a \s-1CRL\s0 is not read from the input file. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Create a PKCS#7 structure from a certificate and \s-1CRL:\s0 -.PP -.Vb 1 -\& openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem -.Ve -Creates a PKCS#7 structure in \s-1DER\s0 format with no \s-1CRL\s0 from several -different certificates: -.PP -.Vb 2 -\& openssl crl2pkcs7 -nocrl -certfile newcert.pem -\& -certfile demoCA/cacert.pem -outform DER -out p7.der -.Ve -.SH "NOTES" -.IX Header "NOTES" -The output file is a PKCS#7 signed data structure containing no signers and -just certificates and an optional \s-1CRL\s0. -.PP -This utility can be used to send certificates and CAs to Netscape as part of -the certificate enrollment process. This involves sending the \s-1DER\s0 encoded output -as \s-1MIME\s0 type application/x-x509\-user-cert. -.PP -The \fB\s-1PEM\s0\fR encoded form with the header and footer lines removed can be used to -install user certificates and CAs in \s-1MSIE\s0 using the Xenroll control. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -pkcs7(1) diff --git a/secure/lib/libcrypto/man/crypto.3 b/secure/lib/libcrypto/man/crypto.3 index 38ef4b62cc47..2152f8375623 100644 --- a/secure/lib/libcrypto/man/crypto.3 +++ b/secure/lib/libcrypto/man/crypto.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:00 2002 +.\" Mon Jan 13 19:28:59 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "crypto 3" -.TH crypto 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH crypto 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" crypto \- OpenSSL cryptographic library @@ -187,6 +187,22 @@ pkcs7(3), pkcs12(3) bn(3), buffer(3), lhash(3), objects(3), stack(3), txt_db(3) +.SH "NOTES" +.IX Header "NOTES" +Some of the newer functions follow a naming convention using the numbers +\&\fB0\fR and \fB1\fR. For example the functions: +.PP +.Vb 2 +\& int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); +\& int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj); +.Ve +The \fB0\fR version uses the supplied structure pointer directly +in the parent and it will be freed up when the parent is freed. +In the above example \fBcrl\fR would be freed but \fBrev\fR would not. +.PP +The \fB1\fR function uses a copy of the supplied structure pointer +(or in some cases increases its link count) in the parent and +so both (\fBx\fR and \fBobj\fR above) should be freed up. .SH "SEE ALSO" .IX Header "SEE ALSO" openssl(1), ssl(3) diff --git a/secure/lib/libcrypto/man/speed.1 b/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 index a0483b84840a..a1579df6afc6 100644 --- a/secure/lib/libcrypto/man/speed.1 +++ b/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:57 2002 +.\" Mon Jan 13 19:29:00 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,43 +137,29 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "SPEED 1" -.TH SPEED 1 "0.9.6e" "2000-11-12" "OpenSSL" +.IX Title "d2i_ASN1_OBJECT 3" +.TH d2i_ASN1_OBJECT 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -speed \- test library performance +d2i_ASN1_OBJECT, i2d_ASN1_OBJECT \- \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0 functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" -\&\fBopenssl speed\fR -[\fBmd2\fR] -[\fBmdc2\fR] -[\fBmd5\fR] -[\fBhmac\fR] -[\fBsha1\fR] -[\fBrmd160\fR] -[\fBidea-cbc\fR] -[\fBrc2\-cbc\fR] -[\fBrc5\-cbc\fR] -[\fBbf-cbc\fR] -[\fBdes-cbc\fR] -[\fBdes-ede3\fR] -[\fBrc4\fR] -[\fBrsa512\fR] -[\fBrsa1024\fR] -[\fBrsa2048\fR] -[\fBrsa4096\fR] -[\fBdsa512\fR] -[\fBdsa1024\fR] -[\fBdsa2048\fR] -[\fBidea\fR] -[\fBrc2\fR] -[\fBdes\fR] -[\fBrsa\fR] -[\fBblowfish\fR] +.Vb 1 +\& #include <openssl/objects.h> +.Ve +.Vb 2 +\& ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp, long length); +\& int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -This command is used to test the performance of cryptographic algorithms. -.SH "OPTIONS" -.IX Header "OPTIONS" -If any options are given, \fBspeed\fR tests those algorithms, otherwise all of -the above are tested. +These functions decode and encode an \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0. +.PP +Othewise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR +described in the d2i_X509(3) manual page. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +d2i_X509(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/d2i_DHparams.3 b/secure/lib/libcrypto/man/d2i_DHparams.3 index 845a38c7ebb8..deda229fe930 100644 --- a/secure/lib/libcrypto/man/d2i_DHparams.3 +++ b/secure/lib/libcrypto/man/d2i_DHparams.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:01 2002 +.\" Mon Jan 13 19:29:01 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,10 +138,10 @@ .\" ====================================================================== .\" .IX Title "d2i_DHparams 3" -.TH d2i_DHparams 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH d2i_DHparams 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -d2i_DHparams, i2d_DHparams \- ... +d2i_DHparams, i2d_DHparams \- PKCS#3 \s-1DH\s0 parameter functions. .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -153,13 +153,14 @@ d2i_DHparams, i2d_DHparams \- ... .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&... -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&... +These functions decode and encode PKCS#3 \s-1DH\s0 parameters using the +DHparameter structure described in PKCS#3. +.PP +Othewise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR +described in the d2i_X509(3) manual page. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&... +d2i_X509(3) .SH "HISTORY" .IX Header "HISTORY" -\&... +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/dsaparam.1 b/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 index f40010472e98..faef90d75c42 100644 --- a/secure/lib/libcrypto/man/dsaparam.1 +++ b/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:45 2002 +.\" Mon Jan 13 19:29:02 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,86 +137,90 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "DSAPARAM 1" -.TH DSAPARAM 1 "0.9.6e" "2000-11-12" "OpenSSL" +.IX Title "d2i_DSAPublicKey 3" +.TH d2i_DSAPublicKey 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -dsaparam \- \s-1DSA\s0 parameter manipulation and generation +d2i_DSAPublicKey, i2d_DSAPublicKey, d2i_DSAPrivateKey, i2d_DSAPrivateKey, +d2i_DSA_PUBKEY, i2d_DSA_PUBKEY, d2i_DSA_SIG, i2d_DSA_SIG \- \s-1DSA\s0 key encoding +and parsing functions. .SH "SYNOPSIS" .IX Header "SYNOPSIS" -\&\fBopenssl dsaparam\fR -[\fB\-inform DER|PEM\fR] -[\fB\-outform DER|PEM\fR] -[\fB\-in filename\fR] -[\fB\-out filename\fR] -[\fB\-noout\fR] -[\fB\-text\fR] -[\fB\-C\fR] -[\fB\-rand \f(BIfile\fB\|(s)\fR] -[\fB\-genkey\fR] -[\fBnumbits\fR] +.Vb 1 +\& #include <openssl/dsa.h> +.Ve +.Vb 1 +\& DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length); +.Ve +.Vb 1 +\& int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); +.Ve +.Vb 1 +\& DSA * d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length); +.Ve +.Vb 1 +\& int i2d_DSA_PUBKEY(const DSA *a, unsigned char **pp); +.Ve +.Vb 1 +\& DSA * d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length); +.Ve +.Vb 1 +\& int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); +.Ve +.Vb 1 +\& DSA * d2i_DSAparams(DSA **a, const unsigned char **pp, long length); +.Ve +.Vb 1 +\& int i2d_DSAparams(const DSA *a, unsigned char **pp); +.Ve +.Vb 1 +\& DSA * d2i_DSA_SIG(DSA_SIG **a, const unsigned char **pp, long length); +.Ve +.Vb 1 +\& int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -This command is used to manipulate or generate \s-1DSA\s0 parameter files. -.SH "OPTIONS" -.IX Header "OPTIONS" -.Ip "\fB\-inform DER|PEM\fR" 4 -.IX Item "-inform DER|PEM" -This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded -form compatible with \s-1RFC2459\s0 (\s-1PKIX\s0) DSS-Parms that is a \s-1SEQUENCE\s0 consisting -of p, q and g respectively. The \s-1PEM\s0 form is the default format: it consists -of the \fB\s-1DER\s0\fR format base64 encoded with additional header and footer lines. -.Ip "\fB\-outform DER|PEM\fR" 4 -.IX Item "-outform DER|PEM" -This specifies the output format, the options have the same meaning as the -\&\fB\-inform\fR option. -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -This specifies the input filename to read parameters from or standard input if -this option is not specified. If the \fBnumbits\fR parameter is included then -this option will be ignored. -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -This specifies the output filename parameters to. Standard output is used -if this option is not present. The output filename should \fBnot\fR be the same -as the input filename. -.Ip "\fB\-noout\fR" 4 -.IX Item "-noout" -this option inhibits the output of the encoded version of the parameters. -.Ip "\fB\-text\fR" 4 -.IX Item "-text" -this option prints out the \s-1DSA\s0 parameters in human readable form. -.Ip "\fB\-C\fR" 4 -.IX Item "-C" -this option converts the parameters into C code. The parameters can then -be loaded by calling the \fB\f(BIget_dsaXXX()\fB\fR function. -.Ip "\fB\-genkey\fR" 4 -.IX Item "-genkey" -this option will generate a \s-1DSA\s0 either using the specified or generated -parameters. -.Ip "\fB\-rand \f(BIfile\fB\|(s)\fR" 4 -.IX Item "-rand file" -a file or files containing random data used to seed the random number -generator, or an \s-1EGD\s0 socket (see RAND_egd(3)). -Multiple files can be specified separated by a OS-dependent character. -The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for -all others. -.Ip "\fBnumbits\fR" 4 -.IX Item "numbits" -this option specifies that a parameter set should be generated of size -\&\fBnumbits\fR. It must be the last option. If this option is included then -the input file (if any) is ignored. +\&\fId2i_DSAPublicKey()\fR and \fIi2d_DSAPublicKey()\fR decode and encode the \s-1DSA\s0 public key +components structure. +.PP +\&\fId2i_DSA_PUKEY()\fR and \fIi2d_DSA_PUKEY()\fR decode and encode an \s-1DSA\s0 public key using a +SubjectPublicKeyInfo (certificate public key) structure. +.PP +\&\fId2i_DSAPrivateKey()\fR, \fIi2d_DSAPrivateKey()\fR decode and encode the \s-1DSA\s0 private key +components. +.PP +\&\fId2i_DSAparams()\fR, \fIi2d_DSAparams()\fR decode and encode the \s-1DSA\s0 parameters using +a \fBDss-Parms\fR structure as defined in \s-1RFC2459\s0. +.PP +\&\fId2i_DSA_SIG()\fR, \fIi2d_DSA_SIG()\fR decode and encode a \s-1DSA\s0 signature using a +\&\fBDss-Sig-Value\fR structure as defined in \s-1RFC2459\s0. +.PP +The usage of all of these functions is similar to the \fId2i_X509()\fR and +\&\fIi2d_X509()\fR described in the d2i_X509(3) manual page. .SH "NOTES" .IX Header "NOTES" -\&\s-1PEM\s0 format \s-1DSA\s0 parameters use the header and footer lines: +The \fB\s-1DSA\s0\fR structure passed to the private key encoding functions should have +all the private key components present. .PP -.Vb 2 -\& -----BEGIN DSA PARAMETERS----- -\& -----END DSA PARAMETERS----- -.Ve -\&\s-1DSA\s0 parameter generation is a slow process and as a result the same set of -\&\s-1DSA\s0 parameters is often used to generate several distinct keys. +The data encoded by the private key functions is unencrypted and therefore +offers no private key security. +.PP +The \fB\s-1DSA_PUBKEY\s0\fR functions should be used in preference to the \fBDSAPublicKey\fR +functions when encoding public keys because they use a standard format. +.PP +The \fBDSAPublicKey\fR functions use an non standard format the actual data encoded +depends on the value of the \fBwrite_params\fR field of the \fBa\fR key parameter. +If \fBwrite_params\fR is zero then only the \fBpub_key\fR field is encoded as an +\&\fB\s-1INTEGER\s0\fR. If \fBwrite_params\fR is 1 then a \fB\s-1SEQUENCE\s0\fR consisting of the +\&\fBp\fR, \fBq\fR, \fBg\fR and \fBpub_key\fR respectively fields are encoded. +.PP +The \fBDSAPrivateKey\fR functions also use a non standard structure consiting +consisting of a \s-1SEQUENCE\s0 containing the \fBp\fR, \fBq\fR, \fBg\fR and \fBpub_key\fR and +\&\fBpriv_key\fR fields respectively. .SH "SEE ALSO" .IX Header "SEE ALSO" -gendsa(1), dsa(1), genrsa(1), -rsa(1) +d2i_X509(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/SSL_library_init.3 b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 index 437f1da1a87f..3e233b955d73 100644 --- a/secure/lib/libcrypto/man/SSL_library_init.3 +++ b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:47 2002 +.\" Mon Jan 13 19:29:03 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,51 +137,60 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "SSL_library_init 3" -.TH SSL_library_init 3 "0.9.6e" "2000-11-12" "OpenSSL" +.IX Title "d2i_PKCS8PrivateKey 3" +.TH d2i_PKCS8PrivateKey 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -SSL_library_init, OpenSSL_add_ssl_algorithms, SSLeay_add_ssl_algorithms -\&\- initialize \s-1SSL\s0 library by registering algorithms +d2i_PKCS8PrivateKey_bio, d2i_PKCS8PrivateKey_fp, +i2d_PKCS8PrivateKey_bio, i2d_PKCS8PrivateKey_fp, +i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp \- PKCS#8 format private key functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 -\& #include <openssl/ssl.h> +\& #include <openssl/evp.h> +.Ve +.Vb 2 +\& EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u); +\& EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); .Ve .Vb 3 -\& int SSL_library_init(void); -\& #define OpenSSL_add_ssl_algorithms() SSL_library_init() -\& #define SSLeay_add_ssl_algorithms() SSL_library_init() +\& int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_library_init()\fR registers the available ciphers and digests. +The PKCS#8 functions encode and decode private keys in PKCS#8 format using both +PKCS#5 v1.5 and PKCS#5 v2.0 password based encryption algorithms. .PP -\&\fIOpenSSL_add_ssl_algorithms()\fR and \fISSLeay_add_ssl_algorithms()\fR are synonyms -for \fISSL_library_init()\fR. +Other than the use of \s-1DER\s0 as opposed to \s-1PEM\s0 these functions are identical to the +corresponding \fB\s-1PEM\s0\fR function as described in the pem(3) manual page. .SH "NOTES" .IX Header "NOTES" -\&\fISSL_library_init()\fR must be called before any other action takes place. -.SH "WARNING" -.IX Header "WARNING" -\&\fISSL_library_init()\fR only registers ciphers. Another important initialization -is the seeding of the \s-1PRNG\s0 (Pseudo Random Number Generator), which has to -be performed separately. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -A typical \s-1TLS/SSL\s0 application will start with the library initialization, -will provide readable error messages and will seed the \s-1PRNG\s0. +Before using these functions OpenSSL_add_all_algorithms(3) +should be called to initialize the internal algorithm lookup tables otherwise errors about +unknown algorithms will occur if an attempt is made to decrypt a private key. .PP -.Vb 3 -\& SSL_load_error_strings(); /* readable error messages */ -\& SSL_library_init(); /* initialize library */ -\& actions_to_seed_PRNG(); -.Ve -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fISSL_library_init()\fR always returns \*(L"1\*(R", so it is safe to discard the return -value. +These functions are currently the only way to store encrypted private keys using \s-1DER\s0 format. +.PP +Currently all the functions use BIOs or \s-1FILE\s0 pointers, there are no functions which +work directly on memory: this can be readily worked around by converting the buffers +to memory BIOs, see BIO_s_mem(3) for details. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_load_error_strings(3), -RAND_add(3) +pem(3) diff --git a/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 b/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 index 97a381b25abf..06bed7706f47 100644 --- a/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 +++ b/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:01 2002 +.\" Mon Jan 13 19:29:04 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,10 +138,12 @@ .\" ====================================================================== .\" .IX Title "d2i_RSAPublicKey 3" -.TH d2i_RSAPublicKey 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH d2i_RSAPublicKey 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, i2d_Netscape_RSA, d2i_Netscape_RSA \- ... +d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, +d2i_RSA_PUBKEY, i2d_RSA_PUBKEY, i2d_Netscape_RSA, +d2i_Netscape_RSA \- \s-1RSA\s0 public and private key encoding functions. .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -154,6 +156,12 @@ d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, i2d_Ne \& int i2d_RSAPublicKey(RSA *a, unsigned char **pp); .Ve .Vb 1 +\& RSA * d2i_RSA_PUBKEY(RSA **a, unsigned char **pp, long length); +.Ve +.Vb 1 +\& int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp); +.Ve +.Vb 1 \& RSA * d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length); .Ve .Vb 1 @@ -167,13 +175,34 @@ d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, i2d_Ne .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&... -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&... +\&\fId2i_RSAPublicKey()\fR and \fIi2d_RSAPublicKey()\fR decode and encode a PKCS#1 RSAPublicKey +structure. +.PP +\&\fId2i_RSA_PUKEY()\fR and \fIi2d_RSA_PUKEY()\fR decode and encode an \s-1RSA\s0 public key using a +SubjectPublicKeyInfo (certificate public key) structure. +.PP +\&\fId2i_RSAPrivateKey()\fR, \fIi2d_RSAPrivateKey()\fR decode and encode a PKCS#1 RSAPrivateKey +structure. +.PP +\&\fId2i_Netscape_RSA()\fR, \fIi2d_Netscape_RSA()\fR decode and encode an \s-1RSA\s0 private key in +\&\s-1NET\s0 format. +.PP +The usage of all of these functions is similar to the \fId2i_X509()\fR and +\&\fIi2d_X509()\fR described in the d2i_X509(3) manual page. +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1RSA\s0\fR structure passed to the private key encoding functions should have +all the PKCS#1 private key components present. +.PP +The data encoded by the private key functions is unencrypted and therefore +offers no private key security. +.PP +The \s-1NET\s0 format functions are present to provide compatibility with certain very +old software. This format has some severe security weaknesses and should be +avoided if possible. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&... +d2i_X509(3) .SH "HISTORY" .IX Header "HISTORY" -\&... +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/d2i_SSL_SESSION.3 b/secure/lib/libcrypto/man/d2i_SSL_SESSION.3 deleted file mode 100644 index 64d9f8a72a02..000000000000 --- a/secure/lib/libcrypto/man/d2i_SSL_SESSION.3 +++ /dev/null @@ -1,201 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:58 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "d2i_SSL_SESSION 3" -.TH d2i_SSL_SESSION 3 "0.9.6e" "2002-01-26" "OpenSSL" -.UC -.SH "NAME" -d2i_SSL_SESSION, i2d_SSL_SESSION \- convert \s-1SSL_SESSION\s0 object from/to \s-1ASN1\s0 representation -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 2 -\& SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, long length); -\& int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fId2i_SSL_SESSION()\fR transforms the external \s-1ASN1\s0 representation of an \s-1SSL/TLS\s0 -session, stored as binary data at location \fBpp\fR with length \fBlength\fR, into -an \s-1SSL_SESSION\s0 object. -.PP -\&\fIi2d_SSL_SESSION()\fR transforms the \s-1SSL_SESSION\s0 object \fBin\fR into the \s-1ASN1\s0 -representation and stores it into the memory location pointed to by \fBpp\fR. -The length of the resulting \s-1ASN1\s0 representation is returned. If \fBpp\fR is -the \s-1NULL\s0 pointer, only the length is calculated and returned. -.SH "NOTES" -.IX Header "NOTES" -The \s-1SSL_SESSION\s0 object is built from several \fImalloc()\fRed parts, it can -therefore not be moved, copied or stored directly. In order to store -session data on disk or into a database, it must be transformed into -a binary \s-1ASN1\s0 representation. -.PP -When using \fId2i_SSL_SESSION()\fR, the \s-1SSL_SESSION\s0 object is automatically -allocated. The reference count is 1, so that the session must be -explicitly removed using SSL_SESSION_free(3), -unless the \s-1SSL_SESSION\s0 object is completely taken over, when being called -inside the \fIget_session_cb()\fR (see -SSL_CTX_sess_set_get_cb(3)). -.PP -\&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache -list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. -One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore -only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created -from this \s-1SSL_CTX\s0 object). -.PP -When using \fIi2d_SSL_SESSION()\fR, the memory location pointed to by \fBpp\fR must be -large enough to hold the binary representation of the session. There is no -known limit on the size of the created \s-1ASN1\s0 representation, so the necessary -amount of space should be obtained by first calling \fIi2d_SSL_SESSION()\fR with -\&\fBpp=NULL\fR, and obtain the size needed, then allocate the memory and -call \fIi2d_SSL_SESSION()\fR again. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fId2i_SSL_SESSION()\fR returns a pointer to the newly allocated \s-1SSL_SESSION\s0 -object. In case of failure the NULL-pointer is returned and the error message -can be retrieved from the error stack. -.PP -\&\fIi2d_SSL_SESSION()\fR returns the size of the \s-1ASN1\s0 representation in bytes. -When the session is not valid, \fB0\fR is returned and no operation is performed. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ssl(3), SSL_SESSION_free(3), -SSL_CTX_sess_set_get_cb(3) diff --git a/secure/lib/libcrypto/man/d2i_X509.3 b/secure/lib/libcrypto/man/d2i_X509.3 new file mode 100644 index 000000000000..c69f3de99234 --- /dev/null +++ b/secure/lib/libcrypto/man/d2i_X509.3 @@ -0,0 +1,396 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:29:05 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "d2i_X509 3" +.TH d2i_X509 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio, +i2d_X509_fp \- X509 encode and decode functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/x509.h> +.Ve +.Vb 2 +\& X509 *d2i_X509(X509 **px, unsigned char **in, int len); +\& int i2d_X509(X509 *x, unsigned char **out); +.Ve +.Vb 2 +\& X509 *d2i_X509_bio(BIO *bp, X509 **x); +\& X509 *d2i_X509_fp(FILE *fp, X509 **x); +.Ve +.Vb 2 +\& int i2d_X509_bio(X509 *x, BIO *bp); +\& int i2d_X509_fp(X509 *x, FILE *fp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The X509 encode and decode routines encode and parse an +\&\fBX509\fR structure, which represents an X509 certificate. +.PP +\&\fId2i_X509()\fR attempts to decode \fBlen\fR bytes at \fB*out\fR. If +successful a pointer to the \fBX509\fR structure is returned. If an error +occurred then \fB\s-1NULL\s0\fR is returned. If \fBpx\fR is not \fB\s-1NULL\s0\fR then the +returned structure is written to \fB*px\fR. If \fB*px\fR is not \fB\s-1NULL\s0\fR +then it is assumed that \fB*px\fR contains a valid \fBX509\fR +structure and an attempt is made to reuse it. If the call is +successful \fB*out\fR is incremented to the byte following the +parsed data. +.PP +\&\fIi2d_X509()\fR encodes the structure pointed to by \fBx\fR into \s-1DER\s0 format. +If \fBout\fR is not \fB\s-1NULL\s0\fR is writes the \s-1DER\s0 encoded data to the buffer +at \fB*out\fR, and increments it to point after the data just written. +If the return value is negative an error occurred, otherwise it +returns the length of the encoded data. +.PP +For OpenSSL 0.9.7 and later if \fB*out\fR is \fB\s-1NULL\s0\fR memory will be +allocated for a buffer and the encoded data written to it. In this +case \fB*out\fR is not incremented and it points to the start of the +data just written. +.PP +\&\fId2i_X509_bio()\fR is similar to \fId2i_X509()\fR except it attempts +to parse data from \s-1BIO\s0 \fBbp\fR. +.PP +\&\fId2i_X509_fp()\fR is similar to \fId2i_X509()\fR except it attempts +to parse data from \s-1FILE\s0 pointer \fBfp\fR. +.PP +\&\fIi2d_X509_bio()\fR is similar to \fIi2d_X509()\fR except it writes +the encoding of the structure \fBx\fR to \s-1BIO\s0 \fBbp\fR and it +returns 1 for success and 0 for failure. +.PP +\&\fIi2d_X509_fp()\fR is similar to \fIi2d_X509()\fR except it writes +the encoding of the structure \fBx\fR to \s-1BIO\s0 \fBbp\fR and it +returns 1 for success and 0 for failure. +.SH "NOTES" +.IX Header "NOTES" +The letters \fBi\fR and \fBd\fR in for example \fBi2d_X509\fR stand for +\&\*(L"internal\*(R" (that is an internal C structure) and \*(L"\s-1DER\s0\*(R". So that +\&\fBi2d_X509\fR converts from internal to \s-1DER\s0. +.PP +The functions can also understand \fB\s-1BER\s0\fR forms. +.PP +The actual X509 structure passed to \fIi2d_X509()\fR must be a valid +populated \fBX509\fR structure it can \fBnot\fR simply be fed with an +empty structure such as that returned by \fIX509_new()\fR. +.PP +The encoded data is in binary form and may contain embedded zeroes. +Therefore any \s-1FILE\s0 pointers or BIOs should be opened in binary mode. +Functions such as \fB\f(BIstrlen()\fB\fR will \fBnot\fR return the correct length +of the encoded structure. +.PP +The ways that \fB*in\fR and \fB*out\fR are incremented after the operation +can trap the unwary. See the \fB\s-1WARNINGS\s0\fR section for some common +errors. +.PP +The reason for the auto increment behaviour is to reflect a typical +usage of \s-1ASN1\s0 functions: after one structure is encoded or decoded +another will processed after it. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Allocate and encode the \s-1DER\s0 encoding of an X509 structure: +.PP +.Vb 2 +\& int len; +\& unsigned char *buf, *p; +.Ve +.Vb 1 +\& len = i2d_X509(x, NULL); +.Ve +.Vb 1 +\& buf = OPENSSL_malloc(len); +.Ve +.Vb 2 +\& if (buf == NULL) +\& /* error */ +.Ve +.Vb 1 +\& p = buf; +.Ve +.Vb 1 +\& i2d_X509(x, &p); +.Ve +If you are using OpenSSL 0.9.7 or later then this can be +simplified to: +.PP +.Vb 2 +\& int len; +\& unsigned char *buf; +.Ve +.Vb 1 +\& buf = NULL; +.Ve +.Vb 1 +\& len = i2d_X509(x, &buf); +.Ve +.Vb 2 +\& if (len < 0) +\& /* error */ +.Ve +Attempt to decode a buffer: +.PP +.Vb 1 +\& X509 *x; +.Ve +.Vb 1 +\& unsigned char *buf, *p; +.Ve +.Vb 1 +\& int len; +.Ve +.Vb 1 +\& /* Something to setup buf and len */ +.Ve +.Vb 1 +\& p = buf; +.Ve +.Vb 1 +\& x = d2i_X509(NULL, &p, len); +.Ve +.Vb 2 +\& if (x == NULL) +\& /* Some error */ +.Ve +Alternative technique: +.PP +.Vb 1 +\& X509 *x; +.Ve +.Vb 1 +\& unsigned char *buf, *p; +.Ve +.Vb 1 +\& int len; +.Ve +.Vb 1 +\& /* Something to setup buf and len */ +.Ve +.Vb 1 +\& p = buf; +.Ve +.Vb 1 +\& x = NULL; +.Ve +.Vb 2 +\& if(!d2i_X509(&x, &p, len)) +\& /* Some error */ +.Ve +.SH "WARNINGS" +.IX Header "WARNINGS" +The use of temporary variable is mandatory. A common +mistake is to attempt to use a buffer directly as follows: +.PP +.Vb 2 +\& int len; +\& unsigned char *buf; +.Ve +.Vb 1 +\& len = i2d_X509(x, NULL); +.Ve +.Vb 1 +\& buf = OPENSSL_malloc(len); +.Ve +.Vb 2 +\& if (buf == NULL) +\& /* error */ +.Ve +.Vb 1 +\& i2d_X509(x, &buf); +.Ve +.Vb 1 +\& /* Other stuff ... */ +.Ve +.Vb 1 +\& OPENSSL_free(buf); +.Ve +This code will result in \fBbuf\fR apparently containing garbage because +it was incremented after the call to point after the data just written. +Also \fBbuf\fR will no longer contain the pointer allocated by \fB\f(BIOPENSSL_malloc()\fB\fR +and the subsequent call to \fB\f(BIOPENSSL_free()\fB\fR may well crash. +.PP +The auto allocation feature (setting buf to \s-1NULL\s0) only works on OpenSSL +0.9.7 and later. Attempts to use it on earlier versions will typically +cause a segmentation violation. +.PP +Another trap to avoid is misuse of the \fBxp\fR argument to \fB\f(BId2i_X509()\fB\fR: +.PP +.Vb 1 +\& X509 *x; +.Ve +.Vb 2 +\& if (!d2i_X509(&x, &p, len)) +\& /* Some error */ +.Ve +This will probably crash somewhere in \fB\f(BId2i_X509()\fB\fR. The reason for this +is that the variable \fBx\fR is uninitialized and an attempt will be made to +interpret its (invalid) value as an \fBX509\fR structure, typically causing +a segmentation violation. If \fBx\fR is set to \s-1NULL\s0 first then this will not +happen. +.SH "BUGS" +.IX Header "BUGS" +In some versions of OpenSSL the \*(L"reuse\*(R" behaviour of \fId2i_X509()\fR when +\&\fB*px\fR is valid is broken and some parts of the reused structure may +persist if they are not present in the new one. As a result the use +of this \*(L"reuse\*(R" behaviour is strongly discouraged. +.PP +\&\fIi2d_X509()\fR will not return an error in many versions of OpenSSL, +if mandatory fields are not initialized due to a programming error +then the encoded structure may contain invalid data or omit the +fields entirely and will not be parsed by \fId2i_X509()\fR. This may be +fixed in future so code should not assume that \fIi2d_X509()\fR will +always succeed. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fId2i_X509()\fR, \fId2i_X509_bio()\fR and \fId2i_X509_fp()\fR return a valid \fBX509\fR structure +or \fB\s-1NULL\s0\fR if an error occurs. The error code that can be obtained by +ERR_get_error(3). +.PP +\&\fIi2d_X509()\fR, \fIi2d_X509_bio()\fR and \fIi2d_X509_fp()\fR return a the number of bytes +successfully encoded or a negative value if an error occurs. The error code +can be obtained by ERR_get_error(3). +.PP +\&\fIi2d_X509_bio()\fR and \fIi2d_X509_fp()\fR returns 1 for success and 0 if an error +occurs The error code can be obtained by ERR_get_error(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ERR_get_error(3) +.SH "HISTORY" +.IX Header "HISTORY" +d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio and i2d_X509_fp +are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/SSL_get_rbio.3 b/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 index a8719afa3efc..24838afc0a77 100644 --- a/secure/lib/libcrypto/man/SSL_get_rbio.3 +++ b/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:45 2002 +.\" Mon Jan 13 19:29:07 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,34 +137,30 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "SSL_get_rbio 3" -.TH SSL_get_rbio 3 "0.9.6e" "2000-11-12" "OpenSSL" +.IX Title "d2i_X509_ALGOR 3" +.TH d2i_X509_ALGOR 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -SSL_get_rbio \- get \s-1BIO\s0 linked to an \s-1SSL\s0 object +d2i_X509_ALGOR, i2d_X509_ALGOR \- AlgorithmIdentifier functions. .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 -\& #include <openssl/ssl.h> +\& #include <openssl/x509.h> .Ve .Vb 2 -\& BIO *SSL_get_rbio(SSL *ssl); -\& BIO *SSL_get_wbio(SSL *ssl); +\& X509_ALGOR *d2i_X509_ALGOR(X509_ALGOR **a, unsigned char **pp, long length); +\& int i2d_X509_ALGOR(X509_ALGOR *a, unsigned char **pp); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_rbio()\fR and \fISSL_get_wbio()\fR return pointers to the BIOs for the -read or the write channel, which can be different. The reference count -of the \s-1BIO\s0 is not incremented. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.Ip "\s-1NULL\s0" 4 -.IX Item "NULL" -No \s-1BIO\s0 was connected to the \s-1SSL\s0 object -.Ip "Any other pointer" 4 -.IX Item "Any other pointer" -The \s-1BIO\s0 linked to \fBssl\fR. +These functions decode and encode an \fBX509_ALGOR\fR structure which is +equivalent to the \fBAlgorithmIdentifier\fR structure. +.PP +Othewise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR +described in the d2i_X509(3) manual page. .SH "SEE ALSO" .IX Header "SEE ALSO" -SSL_set_bio(3), ssl(3) , bio(3) +d2i_X509(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/d2i_X509_CRL.3 b/secure/lib/libcrypto/man/d2i_X509_CRL.3 new file mode 100644 index 000000000000..f1edd3b74489 --- /dev/null +++ b/secure/lib/libcrypto/man/d2i_X509_CRL.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:29:08 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "d2i_X509_CRL 3" +.TH d2i_X509_CRL 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +d2i_X509_CRL, i2d_X509_CRL, d2i_X509_CRL_bio, d2i_509_CRL_fp, +i2d_X509_CRL_bio, i2d_X509_CRL_fp \- PKCS#10 certificate request functions. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/x509.h> +.Ve +.Vb 2 +\& X509_CRL *d2i_X509_CRL(X509_CRL **a, unsigned char **pp, long length); +\& int i2d_X509_CRL(X509_CRL *a, unsigned char **pp); +.Ve +.Vb 2 +\& X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **x); +\& X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **x); +.Ve +.Vb 2 +\& int i2d_X509_CRL_bio(X509_CRL *x, BIO *bp); +\& int i2d_X509_CRL_fp(X509_CRL *x, FILE *fp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions decode and encode an X509 \s-1CRL\s0 (certificate revocation +list). +.PP +Othewise the functions behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR +described in the d2i_X509(3) manual page. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +d2i_X509(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/SSL_CTX_free.3 b/secure/lib/libcrypto/man/d2i_X509_NAME.3 index 537d73f21598..a58596ad7d96 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_free.3 +++ b/secure/lib/libcrypto/man/d2i_X509_NAME.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:16 2002 +.\" Mon Jan 13 19:29:09 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,31 +137,31 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "SSL_CTX_free 3" -.TH SSL_CTX_free 3 "0.9.6e" "2002-01-26" "OpenSSL" +.IX Title "d2i_X509_NAME 3" +.TH d2i_X509_NAME 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -SSL_CTX_free \- free an allocated \s-1SSL_CTX\s0 object +d2i_X509_NAME, i2d_X509_NAME \- X509_NAME encoding functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 -\& #include <openssl/ssl.h> +\& #include <openssl/x509.h> .Ve -.Vb 1 -\& void SSL_CTX_free(SSL_CTX *ctx); +.Vb 2 +\& X509_NAME *d2i_X509_NAME(X509_NAME **a, unsigned char **pp, long length); +\& int i2d_X509_NAME(X509_NAME *a, unsigned char **pp); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_free()\fR decrements the reference count of \fBctx\fR, and removes the -\&\s-1SSL_CTX\s0 object pointed to by \fBctx\fR and frees up the allocated memory if the -the reference count has reached 0. +These functions decode and encode an \fBX509_NAME\fR structure which is the +the same as the \fBName\fR type defined in \s-1RFC2459\s0 (and elsewhere) and used +for example in certificate subject and issuer names. .PP -It also calls the \fIfree()\fRing procedures for indirectly affected items, if -applicable: the session cache, the list of ciphers, the list of Client CAs, -the certificates and keys. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fISSL_CTX_free()\fR does not provide diagnostic information. +Othewise the functions behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR +described in the d2i_X509(3) manual page. .SH "SEE ALSO" .IX Header "SEE ALSO" -SSL_CTX_new(3), ssl(3) +d2i_X509(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/SSL_CTX_sessions.3 b/secure/lib/libcrypto/man/d2i_X509_REQ.3 index 19802ef6ff9b..6e2544c6e430 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_sessions.3 +++ b/secure/lib/libcrypto/man/d2i_X509_REQ.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:21 2002 +.\" Mon Jan 13 19:29:10 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,34 +137,38 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "SSL_CTX_sessions 3" -.TH SSL_CTX_sessions 3 "0.9.6e" "2001-05-19" "OpenSSL" +.IX Title "d2i_X509_REQ 3" +.TH d2i_X509_REQ 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -SSL_CTX_sessions \- access internal session cache +d2i_X509_REQ, i2d_X509_REQ, d2i_X509_REQ_bio, d2i_X509_REQ_fp, +i2d_X509_REQ_bio, i2d_X509_REQ_fp \- PKCS#10 certificate request functions. .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 -\& #include <openssl/ssl.h> +\& #include <openssl/x509.h> .Ve -.Vb 1 -\& struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx); +.Vb 2 +\& X509_REQ *d2i_X509_REQ(X509_REQ **a, unsigned char **pp, long length); +\& int i2d_X509_REQ(X509_REQ *a, unsigned char **pp); +.Ve +.Vb 2 +\& X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **x); +\& X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **x); +.Ve +.Vb 2 +\& int i2d_X509_REQ_bio(X509_REQ *x, BIO *bp); +\& int i2d_X509_REQ_fp(X509_REQ *x, FILE *fp); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_sessions()\fR returns a pointer to the lhash databases containing the -internal session cache for \fBctx\fR. -.SH "NOTES" -.IX Header "NOTES" -The sessions in the internal session cache are kept in an -lhash(3) type database. It is possible to directly -access this database e.g. for searching. In parallel, the sessions -form a linked list which is maintained separately from the -lhash(3) operations, so that the database must not be -modified directly but by using the -SSL_CTX_add_session(3) family of functions. +These functions decode and encode a PKCS#10 certificate request. +.PP +Othewise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR +described in the d2i_X509(3) manual page. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), lhash(3), -SSL_CTX_add_session(3), -SSL_CTX_set_session_cache_mode(3) +d2i_X509(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/d2i_X509_SIG.3 b/secure/lib/libcrypto/man/d2i_X509_SIG.3 new file mode 100644 index 000000000000..04c8bf88f265 --- /dev/null +++ b/secure/lib/libcrypto/man/d2i_X509_SIG.3 @@ -0,0 +1,166 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:29:11 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "d2i_X509_SIG 3" +.TH d2i_X509_SIG 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +d2i_X509_SIG, i2d_X509_SIG \- DigestInfo functions. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/x509.h> +.Ve +.Vb 2 +\& X509_SIG *d2i_X509_SIG(X509_SIG **a, unsigned char **pp, long length); +\& int i2d_X509_SIG(X509_SIG *a, unsigned char **pp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions decode and encode an X509_SIG structure which is +equivalent to the \fBDigestInfo\fR structure defined in PKCS#1 and PKCS#7. +.PP +Othewise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR +described in the d2i_X509(3) manual page. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +d2i_X509(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/des.3 b/secure/lib/libcrypto/man/des.3 index b046d59c67b5..a937fdc401c5 100644 --- a/secure/lib/libcrypto/man/des.3 +++ b/secure/lib/libcrypto/man/des.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:02 2002 +.\" Mon Jan 13 19:29:12 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,128 +138,119 @@ .\" ====================================================================== .\" .IX Title "des 3" -.TH des 3 "0.9.6e" "2001-02-17" "OpenSSL" +.TH des 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -des_random_key, des_set_key, des_key_sched, des_set_key_checked, -des_set_key_unchecked, des_set_odd_parity, des_is_weak_key, -des_ecb_encrypt, des_ecb2_encrypt, des_ecb3_encrypt, des_ncbc_encrypt, -des_cfb_encrypt, des_ofb_encrypt, des_pcbc_encrypt, des_cfb64_encrypt, -des_ofb64_encrypt, des_xcbc_encrypt, des_ede2_cbc_encrypt, -des_ede2_cfb64_encrypt, des_ede2_ofb64_encrypt, des_ede3_cbc_encrypt, -des_ede3_cbcm_encrypt, des_ede3_cfb64_encrypt, des_ede3_ofb64_encrypt, -des_read_password, des_read_2passwords, des_read_pw_string, -des_cbc_cksum, des_quad_cksum, des_string_to_key, des_string_to_2keys, -des_fcrypt, des_crypt, des_enc_read, des_enc_write \- \s-1DES\s0 encryption +DES_random_key, DES_set_key, DES_key_sched, DES_set_key_checked, +DES_set_key_unchecked, DES_set_odd_parity, DES_is_weak_key, +DES_ecb_encrypt, DES_ecb2_encrypt, DES_ecb3_encrypt, DES_ncbc_encrypt, +DES_cfb_encrypt, DES_ofb_encrypt, DES_pcbc_encrypt, DES_cfb64_encrypt, +DES_ofb64_encrypt, DES_xcbc_encrypt, DES_ede2_cbc_encrypt, +DES_ede2_cfb64_encrypt, DES_ede2_ofb64_encrypt, DES_ede3_cbc_encrypt, +DES_ede3_cbcm_encrypt, DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt, +DES_cbc_cksum, DES_quad_cksum, DES_string_to_key, DES_string_to_2keys, +DES_fcrypt, DES_crypt, DES_enc_read, DES_enc_write \- \s-1DES\s0 encryption .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/des.h> .Ve .Vb 1 -\& void des_random_key(des_cblock *ret); +\& void DES_random_key(DES_cblock *ret); .Ve .Vb 6 -\& int des_set_key(const_des_cblock *key, des_key_schedule schedule); -\& int des_key_sched(const_des_cblock *key, des_key_schedule schedule); -\& int des_set_key_checked(const_des_cblock *key, -\& des_key_schedule schedule); -\& void des_set_key_unchecked(const_des_cblock *key, -\& des_key_schedule schedule); +\& int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule); +\& int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule); +\& int DES_set_key_checked(const_DES_cblock *key, +\& DES_key_schedule *schedule); +\& void DES_set_key_unchecked(const_DES_cblock *key, +\& DES_key_schedule *schedule); .Ve .Vb 2 -\& void des_set_odd_parity(des_cblock *key); -\& int des_is_weak_key(const_des_cblock *key); +\& void DES_set_odd_parity(DES_cblock *key); +\& int DES_is_weak_key(const_DES_cblock *key); .Ve .Vb 7 -\& void des_ecb_encrypt(const_des_cblock *input, des_cblock *output, -\& des_key_schedule ks, int enc); -\& void des_ecb2_encrypt(const_des_cblock *input, des_cblock *output, -\& des_key_schedule ks1, des_key_schedule ks2, int enc); -\& void des_ecb3_encrypt(const_des_cblock *input, des_cblock *output, -\& des_key_schedule ks1, des_key_schedule ks2, -\& des_key_schedule ks3, int enc); +\& void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, +\& DES_key_schedule *ks, int enc); +\& void DES_ecb2_encrypt(const_DES_cblock *input, DES_cblock *output, +\& DES_key_schedule *ks1, DES_key_schedule *ks2, int enc); +\& void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, +\& DES_key_schedule *ks1, DES_key_schedule *ks2, +\& DES_key_schedule *ks3, int enc); .Ve .Vb 18 -\& void des_ncbc_encrypt(const unsigned char *input, unsigned char *output, -\& long length, des_key_schedule schedule, des_cblock *ivec, +\& void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, \& int enc); -\& void des_cfb_encrypt(const unsigned char *in, unsigned char *out, -\& int numbits, long length, des_key_schedule schedule, -\& des_cblock *ivec, int enc); -\& void des_ofb_encrypt(const unsigned char *in, unsigned char *out, -\& int numbits, long length, des_key_schedule schedule, -\& des_cblock *ivec); -\& void des_pcbc_encrypt(const unsigned char *input, unsigned char *output, -\& long length, des_key_schedule schedule, des_cblock *ivec, +\& void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, +\& int numbits, long length, DES_key_schedule *schedule, +\& DES_cblock *ivec, int enc); +\& void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, +\& int numbits, long length, DES_key_schedule *schedule, +\& DES_cblock *ivec); +\& void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, \& int enc); -\& void des_cfb64_encrypt(const unsigned char *in, unsigned char *out, -\& long length, des_key_schedule schedule, des_cblock *ivec, +\& void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, \& int *num, int enc); -\& void des_ofb64_encrypt(const unsigned char *in, unsigned char *out, -\& long length, des_key_schedule schedule, des_cblock *ivec, +\& void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, \& int *num); .Ve .Vb 3 -\& void des_xcbc_encrypt(const unsigned char *input, unsigned char *output, -\& long length, des_key_schedule schedule, des_cblock *ivec, -\& const_des_cblock *inw, const_des_cblock *outw, int enc); +\& void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, +\& const_DES_cblock *inw, const_DES_cblock *outw, int enc); .Ve .Vb 9 -\& void des_ede2_cbc_encrypt(const unsigned char *input, -\& unsigned char *output, long length, des_key_schedule ks1, -\& des_key_schedule ks2, des_cblock *ivec, int enc); -\& void des_ede2_cfb64_encrypt(const unsigned char *in, -\& unsigned char *out, long length, des_key_schedule ks1, -\& des_key_schedule ks2, des_cblock *ivec, int *num, int enc); -\& void des_ede2_ofb64_encrypt(const unsigned char *in, -\& unsigned char *out, long length, des_key_schedule ks1, -\& des_key_schedule ks2, des_cblock *ivec, int *num); +\& void DES_ede2_cbc_encrypt(const unsigned char *input, +\& unsigned char *output, long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_cblock *ivec, int enc); +\& void DES_ede2_cfb64_encrypt(const unsigned char *in, +\& unsigned char *out, long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_cblock *ivec, int *num, int enc); +\& void DES_ede2_ofb64_encrypt(const unsigned char *in, +\& unsigned char *out, long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_cblock *ivec, int *num); .Ve .Vb 15 -\& void des_ede3_cbc_encrypt(const unsigned char *input, -\& unsigned char *output, long length, des_key_schedule ks1, -\& des_key_schedule ks2, des_key_schedule ks3, des_cblock *ivec, +\& void DES_ede3_cbc_encrypt(const unsigned char *input, +\& unsigned char *output, long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_key_schedule *ks3, DES_cblock *ivec, \& int enc); -\& void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, -\& long length, des_key_schedule ks1, des_key_schedule ks2, -\& des_key_schedule ks3, des_cblock *ivec1, des_cblock *ivec2, +\& void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *ks1, DES_key_schedule *ks2, +\& DES_key_schedule *ks3, DES_cblock *ivec1, DES_cblock *ivec2, \& int enc); -\& void des_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, -\& long length, des_key_schedule ks1, des_key_schedule ks2, -\& des_key_schedule ks3, des_cblock *ivec, int *num, int enc); -\& void des_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, -\& long length, des_key_schedule ks1, -\& des_key_schedule ks2, des_key_schedule ks3, -\& des_cblock *ivec, int *num); -.Ve -.Vb 5 -\& int des_read_password(des_cblock *key, const char *prompt, int verify); -\& int des_read_2passwords(des_cblock *key1, des_cblock *key2, -\& const char *prompt, int verify); -\& int des_read_pw_string(char *buf, int length, const char *prompt, -\& int verify); +\& void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *ks1, DES_key_schedule *ks2, +\& DES_key_schedule *ks3, DES_cblock *ivec, int *num, int enc); +\& void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_key_schedule *ks3, +\& DES_cblock *ivec, int *num); .Ve .Vb 8 -\& DES_LONG des_cbc_cksum(const unsigned char *input, des_cblock *output, -\& long length, des_key_schedule schedule, -\& const_des_cblock *ivec); -\& DES_LONG des_quad_cksum(const unsigned char *input, des_cblock output[], -\& long length, int out_count, des_cblock *seed); -\& void des_string_to_key(const char *str, des_cblock *key); -\& void des_string_to_2keys(const char *str, des_cblock *key1, -\& des_cblock *key2); +\& DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output, +\& long length, DES_key_schedule *schedule, +\& const_DES_cblock *ivec); +\& DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], +\& long length, int out_count, DES_cblock *seed); +\& void DES_string_to_key(const char *str, DES_cblock *key); +\& void DES_string_to_2keys(const char *str, DES_cblock *key1, +\& DES_cblock *key2); .Ve -.Vb 3 -\& char *des_fcrypt(const char *buf, const char *salt, char *ret); -\& char *des_crypt(const char *buf, const char *salt); -\& char *crypt(const char *buf, const char *salt); +.Vb 2 +\& char *DES_fcrypt(const char *buf, const char *salt, char *ret); +\& char *DES_crypt(const char *buf, const char *salt); .Ve .Vb 4 -\& int des_enc_read(int fd, void *buf, int len, des_key_schedule sched, -\& des_cblock *iv); -\& int des_enc_write(int fd, const void *buf, int len, -\& des_key_schedule sched, des_cblock *iv); +\& int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, +\& DES_cblock *iv); +\& int DES_enc_write(int fd, const void *buf, int len, +\& DES_key_schedule *sched, DES_cblock *iv); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -267,56 +258,52 @@ This library contains a fast implementation of the \s-1DES\s0 encryption algorithm. .PP There are two phases to the use of \s-1DES\s0 encryption. The first is the -generation of a \fIdes_key_schedule\fR from a key, the second is the -actual encryption. A \s-1DES\s0 key is of type \fIdes_cblock\fR. This type is +generation of a \fIDES_key_schedule\fR from a key, the second is the +actual encryption. A \s-1DES\s0 key is of type \fIDES_cblock\fR. This type is consists of 8 bytes with odd parity. The least significant bit in each byte is the parity bit. The key schedule is an expanded form of the key; it is used to speed the encryption process. .PP -\&\fIdes_random_key()\fR generates a random key. The \s-1PRNG\s0 must be seeded -prior to using this function (see rand(3); for backward -compatibility the function \fIdes_random_seed()\fR is available as well). -If the \s-1PRNG\s0 could not generate a secure key, 0 is returned. In -earlier versions of the library, \fIdes_random_key()\fR did not generate -secure keys. +\&\fIDES_random_key()\fR generates a random key. The \s-1PRNG\s0 must be seeded +prior to using this function (see rand(3)). If the \s-1PRNG\s0 +could not generate a secure key, 0 is returned. .PP Before a \s-1DES\s0 key can be used, it must be converted into the -architecture dependent \fIdes_key_schedule\fR via the -\&\fIdes_set_key_checked()\fR or \fIdes_set_key_unchecked()\fR function. +architecture dependent \fIDES_key_schedule\fR via the +\&\fIDES_set_key_checked()\fR or \fIDES_set_key_unchecked()\fR function. .PP -\&\fIdes_set_key_checked()\fR will check that the key passed is of odd parity +\&\fIDES_set_key_checked()\fR will check that the key passed is of odd parity and is not a week or semi-weak key. If the parity is wrong, then \-1 is returned. If the key is a weak key, then \-2 is returned. If an error is returned, the key schedule is not generated. .PP -\&\fIdes_set_key()\fR (called \fIdes_key_sched()\fR in the \s-1MIT\s0 library) works like -\&\fIdes_set_key_checked()\fR if the \fIdes_check_key\fR flag is non-zero, -otherwise like \fIdes_set_key_unchecked()\fR. These functions are available +\&\fIDES_set_key()\fR works like +\&\fIDES_set_key_checked()\fR if the \fIDES_check_key\fR flag is non-zero, +otherwise like \fIDES_set_key_unchecked()\fR. These functions are available for compatibility; it is recommended to use a function that does not depend on a global variable. .PP -\&\fIdes_set_odd_parity()\fR (called \fIdes_fixup_key_parity()\fR in the \s-1MIT\s0 -library) sets the parity of the passed \fIkey\fR to odd. +\&\fIDES_set_odd_parity()\fR sets the parity of the passed \fIkey\fR to odd. .PP -\&\fIdes_is_weak_key()\fR returns 1 is the passed key is a weak key, 0 if it +\&\fIDES_is_weak_key()\fR returns 1 is the passed key is a weak key, 0 if it is ok. The probability that a randomly generated key is weak is 1/2^52, so it is not really worth checking for them. .PP The following routines mostly operate on an input and output stream of -\&\fIdes_cblock\fRs. +\&\fIDES_cblock\fRs. .PP -\&\fIdes_ecb_encrypt()\fR is the basic \s-1DES\s0 encryption routine that encrypts or -decrypts a single 8\-byte \fIdes_cblock\fR in \fIelectronic code book\fR +\&\fIDES_ecb_encrypt()\fR is the basic \s-1DES\s0 encryption routine that encrypts or +decrypts a single 8\-byte \fIDES_cblock\fR in \fIelectronic code book\fR (\s-1ECB\s0) mode. It always transforms the input data, pointed to by \&\fIinput\fR, into the output data, pointed to by the \fIoutput\fR argument. If the \fIencrypt\fR argument is non-zero (\s-1DES_ENCRYPT\s0), the \fIinput\fR (cleartext) is encrypted in to the \fIoutput\fR (ciphertext) using the key_schedule specified by the \fIschedule\fR argument, previously set via -\&\fIdes_set_key\fR. If \fIencrypt\fR is zero (\s-1DES_DECRYPT\s0), the \fIinput\fR (now +\&\fIDES_set_key\fR. If \fIencrypt\fR is zero (\s-1DES_DECRYPT\s0), the \fIinput\fR (now ciphertext) is decrypted into the \fIoutput\fR (now cleartext). Input -and output may overlap. \fIdes_ecb_encrypt()\fR does not return a value. +and output may overlap. \fIDES_ecb_encrypt()\fR does not return a value. .PP -\&\fIdes_ecb3_encrypt()\fR encrypts/decrypts the \fIinput\fR block by using +\&\fIDES_ecb3_encrypt()\fR encrypts/decrypts the \fIinput\fR block by using three-key Triple-DES encryption in \s-1ECB\s0 mode. This involves encrypting the input with \fIks1\fR, decrypting with the key schedule \fIks2\fR, and then encrypting with \fIks3\fR. This routine greatly reduces the chances @@ -324,10 +311,10 @@ of brute force breaking of \s-1DES\s0 and has the advantage of if \fIks1\fR, \&\fIks2\fR and \fIks3\fR are the same, it is equivalent to just encryption using \s-1ECB\s0 mode and \fIks1\fR as the key. .PP -The macro \fIdes_ecb2_encrypt()\fR is provided to perform two-key Triple-DES +The macro \fIDES_ecb2_encrypt()\fR is provided to perform two-key Triple-DES encryption by using \fIks1\fR for the final encryption. .PP -\&\fIdes_ncbc_encrypt()\fR encrypts/decrypts using the \fIcipher-block-chaining\fR +\&\fIDES_ncbc_encrypt()\fR encrypts/decrypts using the \fIcipher-block-chaining\fR (\s-1CBC\s0) mode of \s-1DES\s0. If the \fIencrypt\fR argument is non-zero, the routine cipher-block-chain encrypts the cleartext data pointed to by the \fIinput\fR argument into the ciphertext pointed to by the \fIoutput\fR @@ -337,24 +324,24 @@ and initialization vector provided by the \fIivec\fR argument. If the last block is copied to a temporary area and zero filled. The output is always an integral multiple of eight bytes. .PP -\&\fIdes_xcbc_encrypt()\fR is \s-1RSA\s0's \s-1DESX\s0 mode of \s-1DES\s0. It uses \fIinw\fR and +\&\fIDES_xcbc_encrypt()\fR is \s-1RSA\s0's \s-1DESX\s0 mode of \s-1DES\s0. It uses \fIinw\fR and \&\fIoutw\fR to 'whiten' the encryption. \fIinw\fR and \fIoutw\fR are secret (unlike the iv) and are as such, part of the key. So the key is sort of 24 bytes. This is much better than \s-1CBC\s0 \s-1DES\s0. .PP -\&\fIdes_ede3_cbc_encrypt()\fR implements outer triple \s-1CBC\s0 \s-1DES\s0 encryption with +\&\fIDES_ede3_cbc_encrypt()\fR implements outer triple \s-1CBC\s0 \s-1DES\s0 encryption with three keys. This means that each \s-1DES\s0 operation inside the \s-1CBC\s0 mode is really an \f(CW\*(C`C=E(ks3,D(ks2,E(ks1,M)))\*(C'\fR. This mode is used by \s-1SSL\s0. .PP -The \fIdes_ede2_cbc_encrypt()\fR macro implements two-key Triple-DES by +The \fIDES_ede2_cbc_encrypt()\fR macro implements two-key Triple-DES by reusing \fIks1\fR for the final encryption. \f(CW\*(C`C=E(ks1,D(ks2,E(ks1,M)))\*(C'\fR. This form of Triple-DES is used by the \s-1RSAREF\s0 library. .PP -\&\fIdes_pcbc_encrypt()\fR encrypt/decrypts using the propagating cipher block +\&\fIDES_pcbc_encrypt()\fR encrypt/decrypts using the propagating cipher block chaining mode used by Kerberos v4. Its parameters are the same as -\&\fIdes_ncbc_encrypt()\fR. +\&\fIDES_ncbc_encrypt()\fR. .PP -\&\fIdes_cfb_encrypt()\fR encrypt/decrypts using cipher feedback mode. This +\&\fIDES_cfb_encrypt()\fR encrypt/decrypts using cipher feedback mode. This method takes an array of characters as input and outputs and array of characters. It does not require any padding to 8 character groups. Note: the \fIivec\fR variable is changed and the new changed value needs to @@ -362,7 +349,7 @@ be passed to the next call to this function. Since this function runs a complete \s-1DES\s0 \s-1ECB\s0 encryption per \fInumbits\fR, this function is only suggested for use when sending small numbers of characters. .PP -\&\fIdes_cfb64_encrypt()\fR +\&\fIDES_cfb64_encrypt()\fR implements \s-1CFB\s0 mode of \s-1DES\s0 with 64bit feedback. Why is this useful you ask? Because this routine will allow you to encrypt an arbitrary number of bytes, no 8 byte padding. Each call to this @@ -370,10 +357,10 @@ routine will encrypt the input bytes to output and then update ivec and num. num contains 'how far' we are though ivec. If this does not make much sense, read more about cfb mode of \s-1DES\s0 :\-). .PP -\&\fIdes_ede3_cfb64_encrypt()\fR and \fIdes_ede2_cfb64_encrypt()\fR is the same as -\&\fIdes_cfb64_encrypt()\fR except that Triple-DES is used. +\&\fIDES_ede3_cfb64_encrypt()\fR and \fIDES_ede2_cfb64_encrypt()\fR is the same as +\&\fIDES_cfb64_encrypt()\fR except that Triple-DES is used. .PP -\&\fIdes_ofb_encrypt()\fR encrypts using output feedback mode. This method +\&\fIDES_ofb_encrypt()\fR encrypts using output feedback mode. This method takes an array of characters as input and outputs and array of characters. It does not require any padding to 8 character groups. Note: the \fIivec\fR variable is changed and the new changed value needs to @@ -381,39 +368,22 @@ be passed to the next call to this function. Since this function runs a complete \s-1DES\s0 \s-1ECB\s0 encryption per numbits, this function is only suggested for use when sending small numbers of characters. .PP -\&\fIdes_ofb64_encrypt()\fR is the same as \fIdes_cfb64_encrypt()\fR using Output +\&\fIDES_ofb64_encrypt()\fR is the same as \fIDES_cfb64_encrypt()\fR using Output Feed Back mode. .PP -\&\fIdes_ede3_ofb64_encrypt()\fR and \fIdes_ede2_ofb64_encrypt()\fR is the same as -\&\fIdes_ofb64_encrypt()\fR, using Triple-DES. +\&\fIDES_ede3_ofb64_encrypt()\fR and \fIDES_ede2_ofb64_encrypt()\fR is the same as +\&\fIDES_ofb64_encrypt()\fR, using Triple-DES. .PP The following functions are included in the \s-1DES\s0 library for -compatibility with the \s-1MIT\s0 Kerberos library. \fIdes_read_pw_string()\fR -is also available under the name \fIEVP_read_pw_string()\fR. -.PP -\&\fIdes_read_pw_string()\fR writes the string specified by \fIprompt\fR to -standard output, turns echo off and reads in input string from the -terminal. The string is returned in \fIbuf\fR, which must have space for -at least \fIlength\fR bytes. If \fIverify\fR is set, the user is asked for -the password twice and unless the two copies match, an error is -returned. A return code of \-1 indicates a system error, 1 failure due -to use interaction, and 0 is success. -.PP -\&\fIdes_read_password()\fR does the same and converts the password to a \s-1DES\s0 -key by calling \fIdes_string_to_key()\fR; \fIdes_read_2password()\fR operates in -the same way as \fIdes_read_password()\fR except that it generates two keys -by using the \fIdes_string_to_2key()\fR function. \fIdes_string_to_key()\fR is -available for backward compatibility with the \s-1MIT\s0 library. New -applications should use a cryptographic hash function. The same -applies for \fIdes_string_to_2key()\fR. -.PP -\&\fIdes_cbc_cksum()\fR produces an 8 byte checksum based on the input stream +compatibility with the \s-1MIT\s0 Kerberos library. +.PP +\&\fIDES_cbc_cksum()\fR produces an 8 byte checksum based on the input stream (via \s-1CBC\s0 encryption). The last 4 bytes of the checksum are returned and the complete 8 bytes are placed in \fIoutput\fR. This function is used by Kerberos v4. Other applications should use EVP_DigestInit(3) etc. instead. .PP -\&\fIdes_quad_cksum()\fR is a Kerberos v4 function. It returns a 4 byte +\&\fIDES_quad_cksum()\fR is a Kerberos v4 function. It returns a 4 byte checksum from the input bytes. The algorithm can be iterated over the input, depending on \fIout_count\fR, 1, 2, 3 or 4 times. If \fIoutput\fR is non-NULL, the 8 bytes generated by each pass are written into @@ -421,19 +391,19 @@ non-NULL, the 8 bytes generated by each pass are written into .PP The following are DES-based transformations: .PP -\&\fIdes_fcrypt()\fR is a fast version of the Unix \fIcrypt\fR\|(3) function. This +\&\fIDES_fcrypt()\fR is a fast version of the Unix \fIcrypt\fR\|(3) function. This version takes only a small amount of space relative to other fast \&\fIcrypt()\fR implementations. This is different to the normal crypt in that the third parameter is the buffer that the return value is written into. It needs to be at least 14 bytes long. This function is thread safe, unlike the normal crypt. .PP -\&\fIdes_crypt()\fR is a faster replacement for the normal system \fIcrypt()\fR. -This function calls \fIdes_fcrypt()\fR with a static array passed as the +\&\fIDES_crypt()\fR is a faster replacement for the normal system \fIcrypt()\fR. +This function calls \fIDES_fcrypt()\fR with a static array passed as the third parameter. This emulates the normal non-thread safe semantics of \fIcrypt\fR\|(3). .PP -\&\fIdes_enc_write()\fR writes \fIlen\fR bytes to file descriptor \fIfd\fR from +\&\fIDES_enc_write()\fR writes \fIlen\fR bytes to file descriptor \fIfd\fR from buffer \fIbuf\fR. The data is encrypted via \fIpcbc_encrypt\fR (default) using \fIsched\fR for the key and \fIiv\fR as a starting vector. The actual data send down \fIfd\fR consists of 4 bytes (in network byte order) @@ -441,38 +411,38 @@ containing the length of the following encrypted data. The encrypted data then follows, padded with random data out to a multiple of 8 bytes. .PP -\&\fIdes_enc_read()\fR is used to read \fIlen\fR bytes from file descriptor +\&\fIDES_enc_read()\fR is used to read \fIlen\fR bytes from file descriptor \&\fIfd\fR into buffer \fIbuf\fR. The data being read from \fIfd\fR is assumed to -have come from \fIdes_enc_write()\fR and is decrypted using \fIsched\fR for +have come from \fIDES_enc_write()\fR and is decrypted using \fIsched\fR for the key schedule and \fIiv\fR for the initial vector. .PP -\&\fBWarning:\fR The data format used by \fIdes_enc_write()\fR and \fIdes_enc_read()\fR +\&\fBWarning:\fR The data format used by \fIDES_enc_write()\fR and \fIDES_enc_read()\fR has a cryptographic weakness: When asked to write more than \s-1MAXWRITE\s0 -bytes, \fIdes_enc_write()\fR will split the data into several chunks that +bytes, \fIDES_enc_write()\fR will split the data into several chunks that are all encrypted using the same \s-1IV\s0. So don't use these functions unless you are sure you know what you do (in which case you might not want to use them anyway). They cannot handle non-blocking sockets. -\&\fIdes_enc_read()\fR uses an internal state and thus cannot be used on +\&\fIDES_enc_read()\fR uses an internal state and thus cannot be used on multiple files. .PP -\&\fIdes_rw_mode\fR is used to specify the encryption mode to use with -\&\fIdes_enc_read()\fR and \fIdes_end_write()\fR. If set to \fI\s-1DES_PCBC_MODE\s0\fR (the -default), des_pcbc_encrypt is used. If set to \fI\s-1DES_CBC_MODE\s0\fR -des_cbc_encrypt is used. +\&\fIDES_rw_mode\fR is used to specify the encryption mode to use with +\&\fIDES_enc_read()\fR and \fIDES_end_write()\fR. If set to \fI\s-1DES_PCBC_MODE\s0\fR (the +default), DES_pcbc_encrypt is used. If set to \fI\s-1DES_CBC_MODE\s0\fR +DES_cbc_encrypt is used. .SH "NOTES" .IX Header "NOTES" Single-key \s-1DES\s0 is insecure due to its short key size. \s-1ECB\s0 mode is -not suitable for most applications; see des_modes(7). +not suitable for most applications; see DES_modes(7). .PP The evp(3) library provides higher-level encryption functions. .SH "BUGS" .IX Header "BUGS" -\&\fIdes_3cbc_encrypt()\fR is flawed and must not be used in applications. +\&\fIDES_3cbc_encrypt()\fR is flawed and must not be used in applications. .PP -\&\fIdes_cbc_encrypt()\fR does not modify \fBivec\fR; use \fIdes_ncbc_encrypt()\fR +\&\fIDES_cbc_encrypt()\fR does not modify \fBivec\fR; use \fIDES_ncbc_encrypt()\fR instead. .PP -\&\fIdes_cfb_encrypt()\fR and \fIdes_ofb_encrypt()\fR operates on input of 8 bits. +\&\fIDES_cfb_encrypt()\fR and \fIDES_ofb_encrypt()\fR operates on input of 8 bits. What this means is that if you set numbits to 12, and length to 2, the first 12 bits will come from the 1st input byte and the low half of the second input byte. The second 12 bits will have the low 8 bits @@ -482,8 +452,9 @@ implemented this way because most people will be using a multiple of 8 and because once you get into pulling bytes input bytes apart things get ugly! .PP -\&\fIdes_read_pw_string()\fR is the most machine/OS dependent function and -normally generates the most problems when porting this code. +\&\fIDES_string_to_key()\fR is available for backward compatibility with the +\&\s-1MIT\s0 library. New applications should use a cryptographic hash function. +The same applies for \fIDES_string_to_2key()\fR. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1ANSI\s0 X3.106 @@ -495,10 +466,20 @@ the \s-1MIT\s0 Kerberos library. \&\fIcrypt\fR\|(3), des_modes(7), evp(3), rand(3) .SH "HISTORY" .IX Header "HISTORY" +In OpenSSL 0.9.7, all des_ functions were renamed to \s-1DES_\s0 to avoid +clashes with older versions of libdes. Compatibility des_ functions +are provided for a short while, as well as \fIcrypt()\fR. +Declarations for these are in <openssl/des_old.h>. There is no \s-1DES_\s0 +variant for \fIdes_random_seed()\fR. +This will happen to other functions +as well if they are deemed redundant (\fIdes_random_seed()\fR just calls +\&\fIRAND_seed()\fR and is present for backward compatibility only), buggy or +already scheduled for removal. +.PP \&\fIdes_cbc_cksum()\fR, \fIdes_cbc_encrypt()\fR, \fIdes_ecb_encrypt()\fR, \&\fIdes_is_weak_key()\fR, \fIdes_key_sched()\fR, \fIdes_pcbc_encrypt()\fR, -\&\fIdes_quad_cksum()\fR, \fIdes_random_key()\fR, \fIdes_read_password()\fR and -\&\fIdes_string_to_key()\fR are available in the \s-1MIT\s0 Kerberos library; +\&\fIdes_quad_cksum()\fR, \fIdes_random_key()\fR and \fIdes_string_to_key()\fR +are available in the \s-1MIT\s0 Kerberos library; \&\fIdes_check_key_parity()\fR, \fIdes_fixup_key_parity()\fR and \fIdes_is_weak_key()\fR are available in newer versions of that library. .PP diff --git a/secure/lib/libcrypto/man/des_modes.3 b/secure/lib/libcrypto/man/des_modes.3 index b8cf5b062fd2..788e0e803b72 100644 --- a/secure/lib/libcrypto/man/des_modes.3 +++ b/secure/lib/libcrypto/man/des_modes.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:02 2002 +.\" Mon Jan 13 19:29:14 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "des_modes 3" -.TH des_modes 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH des_modes 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" Modes of \s-1DES\s0 \- the variants of \s-1DES\s0 and other crypto algorithms of OpenSSL diff --git a/secure/lib/libcrypto/man/dgst.1 b/secure/lib/libcrypto/man/dgst.1 deleted file mode 100644 index b848f581bd45..000000000000 --- a/secure/lib/libcrypto/man/dgst.1 +++ /dev/null @@ -1,223 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:43 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "DGST 1" -.TH DGST 1 "0.9.6e" "2000-11-12" "OpenSSL" -.UC -.SH "NAME" -dgst, md5, md4, md2, sha1, sha, mdc2, ripemd160 \- message digests -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBdgst\fR -[\fB\-md5|\-md4|\-md2|\-sha1|\-sha|\-mdc2|\-ripemd160|\-dss1\fR] -[\fB\-c\fR] -[\fB\-d\fR] -[\fB\-hex\fR] -[\fB\-binary\fR] -[\fB\-out filename\fR] -[\fB\-sign filename\fR] -[\fB\-verify filename\fR] -[\fB\-prverify filename\fR] -[\fB\-signature filename\fR] -[\fBfile...\fR] -.PP -[\fBmd5|md4|md2|sha1|sha|mdc2|ripemd160\fR] -[\fB\-c\fR] -[\fB\-d\fR] -[\fBfile...\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The digest functions output the message digest of a supplied file or files -in hexadecimal form. They can also be used for digital signing and verification. -.SH "OPTIONS" -.IX Header "OPTIONS" -.Ip "\fB\-c\fR" 4 -.IX Item "-c" -print out the digest in two digit groups separated by colons, only relevant if -\&\fBhex\fR format output is used. -.Ip "\fB\-d\fR" 4 -.IX Item "-d" -print out \s-1BIO\s0 debugging information. -.Ip "\fB\-hex\fR" 4 -.IX Item "-hex" -digest is to be output as a hex dump. This is the default case for a \*(L"normal\*(R" -digest as opposed to a digital signature. -.Ip "\fB\-binary\fR" 4 -.IX Item "-binary" -output the digest or signature in binary form. -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -filename to output to, or standard output by default. -.Ip "\fB\-sign filename\fR" 4 -.IX Item "-sign filename" -digitally sign the digest using the private key in \*(L"filename\*(R". -.Ip "\fB\-verify filename\fR" 4 -.IX Item "-verify filename" -verify the signature using the the public key in \*(L"filename\*(R". -The output is either \*(L"Verification \s-1OK\s0\*(R" or \*(L"Verification Failure\*(R". -.Ip "\fB\-prverify filename\fR" 4 -.IX Item "-prverify filename" -verify the signature using the the private key in \*(L"filename\*(R". -.Ip "\fB\-signature filename\fR" 4 -.IX Item "-signature filename" -the actual signature to verify. -.Ip "\fB\-rand \f(BIfile\fB\|(s)\fR" 4 -.IX Item "-rand file" -a file or files containing random data used to seed the random number -generator, or an \s-1EGD\s0 socket (see RAND_egd(3)). -Multiple files can be specified separated by a OS-dependent character. -The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for -all others. -.Ip "\fBfile...\fR" 4 -.IX Item "file..." -file or files to digest. If no files are specified then standard input is -used. -.SH "NOTES" -.IX Header "NOTES" -The digest of choice for all new applications is \s-1SHA1\s0. Other digests are -however still widely used. -.PP -If you wish to sign or verify data using the \s-1DSA\s0 algorithm then the dss1 -digest must be used. -.PP -A source of random numbers is required for certain signing algorithms, in -particular \s-1DSA\s0. -.PP -The signing and verify options should only be used if a single file is -being signed or verified. diff --git a/secure/lib/libcrypto/man/dh.3 b/secure/lib/libcrypto/man/dh.3 index 31cdc5975fd2..3c40e68a672b 100644 --- a/secure/lib/libcrypto/man/dh.3 +++ b/secure/lib/libcrypto/man/dh.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:03 2002 +.\" Mon Jan 13 19:29:15 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,37 +138,38 @@ .\" ====================================================================== .\" .IX Title "dh 3" -.TH dh 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH dh 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" dh \- Diffie-Hellman key agreement .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 1 +.Vb 2 \& #include <openssl/dh.h> +\& #include <openssl/engine.h> .Ve .Vb 2 \& DH * DH_new(void); \& void DH_free(DH *dh); .Ve .Vb 1 -\& int DH_size(DH *dh); +\& int DH_size(const DH *dh); .Ve .Vb 3 \& DH * DH_generate_parameters(int prime_len, int generator, \& void (*callback)(int, int, void *), void *cb_arg); -\& int DH_check(DH *dh, int *codes); +\& int DH_check(const DH *dh, int *codes); .Ve .Vb 2 \& int DH_generate_key(DH *dh); \& int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh); .Ve .Vb 5 -\& void DH_set_default_method(DH_METHOD *meth); -\& DH_METHOD *DH_get_default_method(void); -\& DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth); -\& DH *DH_new_method(DH_METHOD *meth); -\& DH_METHOD *DH_OpenSSL(void); +\& void DH_set_default_method(const DH_METHOD *meth); +\& const DH_METHOD *DH_get_default_method(void); +\& int DH_set_method(DH *dh, const DH_METHOD *meth); +\& DH *DH_new_method(ENGINE *engine); +\& const DH_METHOD *DH_OpenSSL(void); .Ve .Vb 4 \& int DH_get_ex_new_index(long argl, char *argp, int (*new_func)(), @@ -178,11 +179,11 @@ dh \- Diffie-Hellman key agreement .Ve .Vb 2 \& DH * d2i_DHparams(DH **a, unsigned char **pp, long length); -\& int i2d_DHparams(DH *a, unsigned char **pp); +\& int i2d_DHparams(const DH *a, unsigned char **pp); .Ve .Vb 2 -\& int DHparams_print_fp(FILE *fp, DH *x); -\& int DHparams_print(BIO *bp, DH *x); +\& int DHparams_print_fp(FILE *fp, const DH *x); +\& int DHparams_print(BIO *bp, const DH *x); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -204,11 +205,19 @@ The \fB\s-1DH\s0\fR structure consists of several \s-1BIGNUM\s0 components. \& }; \& DH .Ve +Note that \s-1DH\s0 keys may use non-standard \fB\s-1DH_METHOD\s0\fR implementations, +either directly or by the use of \fB\s-1ENGINE\s0\fR modules. In some cases (eg. an +\&\s-1ENGINE\s0 providing support for hardware-embedded keys), these \s-1BIGNUM\s0 values +will not be used by the implementation or may be used for alternative data +storage. For this reason, applications should generally avoid using \s-1DH\s0 +structure elements directly and instead use \s-1API\s0 functions to query or +modify keys. .SH "SEE ALSO" .IX Header "SEE ALSO" dhparam(1), bn(3), dsa(3), err(3), -rand(3), rsa(3), DH_set_method(3), -DH_new(3), DH_get_ex_new_index(3), +rand(3), rsa(3), engine(3), +DH_set_method(3), DH_new(3), +DH_get_ex_new_index(3), DH_generate_parameters(3), DH_compute_key(3), d2i_DHparams(3), RSA_print(3) diff --git a/secure/lib/libcrypto/man/dhparam.1 b/secure/lib/libcrypto/man/dhparam.1 deleted file mode 100644 index 98a449f8f630..000000000000 --- a/secure/lib/libcrypto/man/dhparam.1 +++ /dev/null @@ -1,249 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:44 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "DHPARAM 1" -.TH DHPARAM 1 "0.9.6e" "2000-11-12" "OpenSSL" -.UC -.SH "NAME" -dhparam \- \s-1DH\s0 parameter manipulation and generation -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl dhparam\fR -[\fB\-inform DER|PEM\fR] -[\fB\-outform DER|PEM\fR] -[\fB\-in\fR \fIfilename\fR] -[\fB\-out\fR \fIfilename\fR] -[\fB\-dsaparam\fR] -[\fB\-noout\fR] -[\fB\-text\fR] -[\fB\-C\fR] -[\fB\-2\fR] -[\fB\-5\fR] -[\fB\-rand\fR \fI\fIfile\fI\|(s)\fR] -[\fInumbits\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -This command is used to manipulate \s-1DH\s0 parameter files. -.SH "OPTIONS" -.IX Header "OPTIONS" -.Ip "\fB\-inform DER|PEM\fR" 4 -.IX Item "-inform DER|PEM" -This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded -form compatible with the PKCS#3 DHparameter structure. The \s-1PEM\s0 form is the -default format: it consists of the \fB\s-1DER\s0\fR format base64 encoded with -additional header and footer lines. -.Ip "\fB\-outform DER|PEM\fR" 4 -.IX Item "-outform DER|PEM" -This specifies the output format, the options have the same meaning as the -\&\fB\-inform\fR option. -.Ip "\fB\-in\fR \fIfilename\fR" 4 -.IX Item "-in filename" -This specifies the input filename to read parameters from or standard input if -this option is not specified. -.Ip "\fB\-out\fR \fIfilename\fR" 4 -.IX Item "-out filename" -This specifies the output filename parameters to. Standard output is used -if this option is not present. The output filename should \fBnot\fR be the same -as the input filename. -.Ip "\fB\-dsaparam\fR" 4 -.IX Item "-dsaparam" -If this option is used, \s-1DSA\s0 rather than \s-1DH\s0 parameters are read or created; -they are converted to \s-1DH\s0 format. Otherwise, \*(L"strong\*(R" primes (such -that (p-1)/2 is also prime) will be used for \s-1DH\s0 parameter generation. -.Sp -\&\s-1DH\s0 parameter generation with the \fB\-dsaparam\fR option is much faster, -and the recommended exponent length is shorter, which makes \s-1DH\s0 key -exchange more efficient. Beware that with such DSA-style \s-1DH\s0 -parameters, a fresh \s-1DH\s0 key should be created for each use to -avoid small-subgroup attacks that may be possible otherwise. -.Ip "\fB\-2\fR, \fB\-5\fR" 4 -.IX Item "-2, -5" -The generator to use, either 2 or 5. 2 is the default. If present then the -input file is ignored and parameters are generated instead. -.Ip "\fB\-rand\fR \fI\fIfile\fI\|(s)\fR" 4 -.IX Item "-rand file" -a file or files containing random data used to seed the random number -generator, or an \s-1EGD\s0 socket (see RAND_egd(3)). -Multiple files can be specified separated by a OS-dependent character. -The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for -all others. -.Ip "\fInumbits\fR" 4 -.IX Item "numbits" -this option specifies that a parameter set should be generated of size -\&\fInumbits\fR. It must be the last option. If not present then a value of 512 -is used. If this option is present then the input file is ignored and -parameters are generated instead. -.Ip "\fB\-noout\fR" 4 -.IX Item "-noout" -this option inhibits the output of the encoded version of the parameters. -.Ip "\fB\-text\fR" 4 -.IX Item "-text" -this option prints out the \s-1DH\s0 parameters in human readable form. -.Ip "\fB\-C\fR" 4 -.IX Item "-C" -this option converts the parameters into C code. The parameters can then -be loaded by calling the \fBget_dh\fR\fInumbits\fR\fB()\fR function. -.SH "WARNINGS" -.IX Header "WARNINGS" -The program \fBdhparam\fR combines the functionality of the programs \fBdh\fR and -\&\fBgendh\fR in previous versions of OpenSSL and SSLeay. The \fBdh\fR and \fBgendh\fR -programs are retained for now but may have different purposes in future -versions of OpenSSL. -.SH "NOTES" -.IX Header "NOTES" -\&\s-1PEM\s0 format \s-1DH\s0 parameters use the header and footer lines: -.PP -.Vb 2 -\& -----BEGIN DH PARAMETERS----- -\& -----END DH PARAMETERS----- -.Ve -OpenSSL currently only supports the older PKCS#3 \s-1DH\s0, not the newer X9.42 -\&\s-1DH\s0. -.PP -This program manipulates \s-1DH\s0 parameters not keys. -.SH "BUGS" -.IX Header "BUGS" -There should be a way to generate and manipulate \s-1DH\s0 keys. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -dsaparam(1) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBdhparam\fR command was added in OpenSSL 0.9.5. -The \fB\-dsaparam\fR option was added in OpenSSL 0.9.6. diff --git a/secure/lib/libcrypto/man/dsa.1 b/secure/lib/libcrypto/man/dsa.1 deleted file mode 100644 index dcc68e9a2362..000000000000 --- a/secure/lib/libcrypto/man/dsa.1 +++ /dev/null @@ -1,275 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:44 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "DSA 1" -.TH DSA 1 "0.9.6e" "2000-04-13" "OpenSSL" -.UC -.SH "NAME" -dsa \- \s-1DSA\s0 key processing -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBdsa\fR -[\fB\-inform PEM|DER\fR] -[\fB\-outform PEM|DER\fR] -[\fB\-in filename\fR] -[\fB\-passin arg\fR] -[\fB\-out filename\fR] -[\fB\-passout arg\fR] -[\fB\-des\fR] -[\fB\-des3\fR] -[\fB\-idea\fR] -[\fB\-text\fR] -[\fB\-noout\fR] -[\fB\-modulus\fR] -[\fB\-pubin\fR] -[\fB\-pubout\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBdsa\fR command processes \s-1DSA\s0 keys. They can be converted between various -forms and their components printed out. \fBNote\fR This command uses the -traditional SSLeay compatible format for private key encryption: newer -applications should use the more secure PKCS#8 format using the \fBpkcs8\fR -.SH "COMMAND OPTIONS" -.IX Header "COMMAND OPTIONS" -.Ip "\fB\-inform DER|PEM\fR" 4 -.IX Item "-inform DER|PEM" -This specifies the input format. The \fB\s-1DER\s0\fR option with a private key uses -an \s-1ASN1\s0 \s-1DER\s0 encoded form of an \s-1ASN\s0.1 \s-1SEQUENCE\s0 consisting of the values of -version (currently zero), p, q, g, the public and private key components -respectively as \s-1ASN\s0.1 INTEGERs. When used with a public key it uses a -SubjectPublicKeyInfo structure: it is an error if the key is not \s-1DSA\s0. -.Sp -The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR format base64 -encoded with additional header and footer lines. In the case of a private key -PKCS#8 format is also accepted. -.Ip "\fB\-outform DER|PEM\fR" 4 -.IX Item "-outform DER|PEM" -This specifies the output format, the options have the same meaning as the -\&\fB\-inform\fR option. -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -This specifies the input filename to read a key from or standard input if this -option is not specified. If the key is encrypted a pass phrase will be -prompted for. -.Ip "\fB\-passin arg\fR" 4 -.IX Item "-passin arg" -the input file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -This specifies the output filename to write a key to or standard output by -is not specified. If any encryption options are set then a pass phrase will be -prompted for. The output filename should \fBnot\fR be the same as the input -filename. -.Ip "\fB\-passout arg\fR" 4 -.IX Item "-passout arg" -the output file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). -.Ip "\fB\-des|\-des3|\-idea\fR" 4 -.IX Item "-des|-des3|-idea" -These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, or the -\&\s-1IDEA\s0 ciphers respectively before outputting it. A pass phrase is prompted for. -If none of these options is specified the key is written in plain text. This -means that using the \fBdsa\fR utility to read in an encrypted key with no -encryption option can be used to remove the pass phrase from a key, or by -setting the encryption options it can be use to add or change the pass phrase. -These options can only be used with \s-1PEM\s0 format output files. -.Ip "\fB\-text\fR" 4 -.IX Item "-text" -prints out the public, private key components and parameters. -.Ip "\fB\-noout\fR" 4 -.IX Item "-noout" -this option prevents output of the encoded version of the key. -.Ip "\fB\-modulus\fR" 4 -.IX Item "-modulus" -this option prints out the value of the public key component of the key. -.Ip "\fB\-pubin\fR" 4 -.IX Item "-pubin" -by default a private key is read from the input file: with this option a -public key is read instead. -.Ip "\fB\-pubout\fR" 4 -.IX Item "-pubout" -by default a private key is output. With this option a public -key will be output instead. This option is automatically set if the input is -a public key. -.SH "NOTES" -.IX Header "NOTES" -The \s-1PEM\s0 private key format uses the header and footer lines: -.PP -.Vb 2 -\& -----BEGIN DSA PRIVATE KEY----- -\& -----END DSA PRIVATE KEY----- -.Ve -The \s-1PEM\s0 public key format uses the header and footer lines: -.PP -.Vb 2 -\& -----BEGIN PUBLIC KEY----- -\& -----END PUBLIC KEY----- -.Ve -.SH "EXAMPLES" -.IX Header "EXAMPLES" -To remove the pass phrase on a \s-1DSA\s0 private key: -.PP -.Vb 1 -\& openssl dsa -in key.pem -out keyout.pem -.Ve -To encrypt a private key using triple \s-1DES:\s0 -.PP -.Vb 1 -\& openssl dsa -in key.pem -des3 -out keyout.pem -.Ve -To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format: -.PP -.Vb 1 -\& openssl dsa -in key.pem -outform DER -out keyout.der -.Ve -To print out the components of a private key to standard output: -.PP -.Vb 1 -\& openssl dsa -in key.pem -text -noout -.Ve -To just output the public part of a private key: -.PP -.Vb 1 -\& openssl dsa -in key.pem -pubout -out pubkey.pem -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -dsaparam(1), gendsa(1), rsa(1), -genrsa(1) diff --git a/secure/lib/libcrypto/man/dsa.3 b/secure/lib/libcrypto/man/dsa.3 index c4528186742d..67b693df576b 100644 --- a/secure/lib/libcrypto/man/dsa.3 +++ b/secure/lib/libcrypto/man/dsa.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:04 2002 +.\" Mon Jan 13 19:29:16 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,21 +138,22 @@ .\" ====================================================================== .\" .IX Title "dsa 3" -.TH dsa 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH dsa 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" dsa \- Digital Signature Algorithm .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 1 +.Vb 2 \& #include <openssl/dsa.h> +\& #include <openssl/engine.h> .Ve .Vb 2 \& DSA * DSA_new(void); \& void DSA_free(DSA *dsa); .Ve .Vb 1 -\& int DSA_size(DSA *dsa); +\& int DSA_size(const DSA *dsa); .Ve .Vb 3 \& DSA * DSA_generate_parameters(int bits, unsigned char *seed, @@ -160,7 +161,7 @@ dsa \- Digital Signature Algorithm \& void (*callback)(int, int, void *), void *cb_arg); .Ve .Vb 1 -\& DH * DSA_dup_DH(DSA *r); +\& DH * DSA_dup_DH(const DSA *r); .Ve .Vb 1 \& int DSA_generate_key(DSA *dsa); @@ -171,14 +172,14 @@ dsa \- Digital Signature Algorithm \& int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp, \& BIGNUM **rp); \& int DSA_verify(int dummy, const unsigned char *dgst, int len, -\& unsigned char *sigbuf, int siglen, DSA *dsa); +\& const unsigned char *sigbuf, int siglen, DSA *dsa); .Ve .Vb 5 -\& void DSA_set_default_method(DSA_METHOD *meth); -\& DSA_METHOD *DSA_get_default_method(void); -\& DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth); -\& DSA *DSA_new_method(DSA_METHOD *meth); -\& DSA_METHOD *DSA_OpenSSL(void); +\& void DSA_set_default_method(const DSA_METHOD *meth); +\& const DSA_METHOD *DSA_get_default_method(void); +\& int DSA_set_method(DSA *dsa, const DSA_METHOD *meth); +\& DSA *DSA_new_method(ENGINE *engine); +\& const DSA_METHOD *DSA_OpenSSL(void); .Ve .Vb 4 \& int DSA_get_ex_new_index(long argl, char *argp, int (*new_func)(), @@ -189,7 +190,7 @@ dsa \- Digital Signature Algorithm .Vb 4 \& DSA_SIG *DSA_SIG_new(void); \& void DSA_SIG_free(DSA_SIG *a); -\& int i2d_DSA_SIG(DSA_SIG *a, unsigned char **pp); +\& int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); \& DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, unsigned char **pp, long length); .Ve .Vb 3 @@ -201,15 +202,15 @@ dsa \- Digital Signature Algorithm \& DSA * d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length); \& DSA * d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length); \& DSA * d2i_DSAparams(DSA **a, unsigned char **pp, long length); -\& int i2d_DSAPublicKey(DSA *a, unsigned char **pp); -\& int i2d_DSAPrivateKey(DSA *a, unsigned char **pp); -\& int i2d_DSAparams(DSA *a,unsigned char **pp); +\& int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); +\& int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); +\& int i2d_DSAparams(const DSA *a,unsigned char **pp); .Ve .Vb 4 -\& int DSAparams_print(BIO *bp, DSA *x); -\& int DSAparams_print_fp(FILE *fp, DSA *x); -\& int DSA_print(BIO *bp, DSA *x, int off); -\& int DSA_print_fp(FILE *bp, DSA *x, int off); +\& int DSAparams_print(BIO *bp, const DSA *x); +\& int DSAparams_print_fp(FILE *fp, const DSA *x); +\& int DSA_print(BIO *bp, const DSA *x, int off); +\& int DSA_print_fp(FILE *bp, const DSA *x, int off); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -235,6 +236,14 @@ The \fB\s-1DSA\s0\fR structure consists of several \s-1BIGNUM\s0 components. \& DSA; .Ve In public keys, \fBpriv_key\fR is \s-1NULL\s0. +.PP +Note that \s-1DSA\s0 keys may use non-standard \fB\s-1DSA_METHOD\s0\fR implementations, +either directly or by the use of \fB\s-1ENGINE\s0\fR modules. In some cases (eg. an +\&\s-1ENGINE\s0 providing support for hardware-embedded keys), these \s-1BIGNUM\s0 values +will not be used by the implementation or may be used for alternative data +storage. For this reason, applications should generally avoid using \s-1DSA\s0 +structure elements directly and instead use \s-1API\s0 functions to query or +modify keys. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 186 (Digital Signature @@ -242,7 +251,8 @@ Standard, \s-1DSS\s0), \s-1ANSI\s0 X9.30 .SH "SEE ALSO" .IX Header "SEE ALSO" bn(3), dh(3), err(3), rand(3), -rsa(3), sha(3), DSA_new(3), +rsa(3), sha(3), engine(3), +DSA_new(3), DSA_size(3), DSA_generate_parameters(3), DSA_dup_DH(3), diff --git a/secure/lib/libcrypto/man/enc.1 b/secure/lib/libcrypto/man/enc.1 deleted file mode 100644 index ee1597d5d3d1..000000000000 --- a/secure/lib/libcrypto/man/enc.1 +++ /dev/null @@ -1,392 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:46 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "ENC 1" -.TH ENC 1 "0.9.6e" "2001-07-19" "OpenSSL" -.UC -.SH "NAME" -enc \- symmetric cipher routines -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl enc \-ciphername\fR -[\fB\-in filename\fR] -[\fB\-out filename\fR] -[\fB\-pass arg\fR] -[\fB\-e\fR] -[\fB\-d\fR] -[\fB\-a\fR] -[\fB\-A\fR] -[\fB\-k password\fR] -[\fB\-kfile filename\fR] -[\fB\-K key\fR] -[\fB\-iv \s-1IV\s0\fR] -[\fB\-p\fR] -[\fB\-P\fR] -[\fB\-bufsize number\fR] -[\fB\-debug\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The symmetric cipher commands allow data to be encrypted or decrypted -using various block and stream ciphers using keys based on passwords -or explicitly provided. Base64 encoding or decoding can also be performed -either by itself or in addition to the encryption or decryption. -.SH "OPTIONS" -.IX Header "OPTIONS" -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -the input filename, standard input by default. -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -the output filename, standard output by default. -.Ip "\fB\-pass arg\fR" 4 -.IX Item "-pass arg" -the password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). -.Ip "\fB\-salt\fR" 4 -.IX Item "-salt" -use a salt in the key derivation routines. This option should \fB\s-1ALWAYS\s0\fR -be used unless compatibility with previous versions of OpenSSL or SSLeay -is required. This option is only present on OpenSSL versions 0.9.5 or -above. -.Ip "\fB\-nosalt\fR" 4 -.IX Item "-nosalt" -don't use a salt in the key derivation routines. This is the default for -compatibility with previous versions of OpenSSL and SSLeay. -.Ip "\fB\-e\fR" 4 -.IX Item "-e" -encrypt the input data: this is the default. -.Ip "\fB\-d\fR" 4 -.IX Item "-d" -decrypt the input data. -.Ip "\fB\-a\fR" 4 -.IX Item "-a" -base64 process the data. This means that if encryption is taking place -the data is base64 encoded after encryption. If decryption is set then -the input data is base64 decoded before being decrypted. -.Ip "\fB\-A\fR" 4 -.IX Item "-A" -if the \fB\-a\fR option is set then base64 process the data on one line. -.Ip "\fB\-k password\fR" 4 -.IX Item "-k password" -the password to derive the key from. This is for compatibility with previous -versions of OpenSSL. Superseded by the \fB\-pass\fR argument. -.Ip "\fB\-kfile filename\fR" 4 -.IX Item "-kfile filename" -read the password to derive the key from the first line of \fBfilename\fR. -This is for computability with previous versions of OpenSSL. Superseded by -the \fB\-pass\fR argument. -.Ip "\fB\-S salt\fR" 4 -.IX Item "-S salt" -the actual salt to use: this must be represented as a string comprised only -of hex digits. -.Ip "\fB\-K key\fR" 4 -.IX Item "-K key" -the actual key to use: this must be represented as a string comprised only -of hex digits. If only the key is specified, the \s-1IV\s0 must additionally specified -using the \fB\-iv\fR option. When both a key and a password are specified, the -key given with the \fB\-K\fR option will be used and the \s-1IV\s0 generated from the -password will be taken. It probably does not make much sense to specify -both key and password. -.Ip "\fB\-iv \s-1IV\s0\fR" 4 -.IX Item "-iv IV" -the actual \s-1IV\s0 to use: this must be represented as a string comprised only -of hex digits. When only the key is specified using the \fB\-K\fR option, the -\&\s-1IV\s0 must explicitly be defined. When a password is being specified using -one of the other options, the \s-1IV\s0 is generated from this password. -.Ip "\fB\-p\fR" 4 -.IX Item "-p" -print out the key and \s-1IV\s0 used. -.Ip "\fB\-P\fR" 4 -.IX Item "-P" -print out the key and \s-1IV\s0 used then immediately exit: don't do any encryption -or decryption. -.Ip "\fB\-bufsize number\fR" 4 -.IX Item "-bufsize number" -set the buffer size for I/O -.Ip "\fB\-debug\fR" 4 -.IX Item "-debug" -debug the BIOs used for I/O. -.SH "NOTES" -.IX Header "NOTES" -The program can be called either as \fBopenssl ciphername\fR or -\&\fBopenssl enc \-ciphername\fR. -.PP -A password will be prompted for to derive the key and \s-1IV\s0 if necessary. -.PP -The \fB\-salt\fR option should \fB\s-1ALWAYS\s0\fR be used if the key is being derived -from a password unless you want compatibility with previous versions of -OpenSSL and SSLeay. -.PP -Without the \fB\-salt\fR option it is possible to perform efficient dictionary -attacks on the password and to attack stream cipher encrypted data. The reason -for this is that without the salt the same password always generates the same -encryption key. When the salt is being used the first eight bytes of the -encrypted data are reserved for the salt: it is generated at random when -encrypting a file and read from the encrypted file when it is decrypted. -.PP -Some of the ciphers do not have large keys and others have security -implications if not used correctly. A beginner is advised to just use -a strong block cipher in \s-1CBC\s0 mode such as bf or des3. -.PP -All the block ciphers use PKCS#5 padding also known as standard block -padding: this allows a rudimentary integrity or password check to be -performed. However since the chance of random data passing the test is -better than 1 in 256 it isn't a very good test. -.PP -All \s-1RC2\s0 ciphers have the same key and effective key length. -.PP -Blowfish and \s-1RC5\s0 algorithms use a 128 bit key. -.SH "SUPPORTED CIPHERS" -.IX Header "SUPPORTED CIPHERS" -.Vb 1 -\& base64 Base 64 -.Ve -.Vb 5 -\& bf-cbc Blowfish in CBC mode -\& bf Alias for bf-cbc -\& bf-cfb Blowfish in CFB mode -\& bf-ecb Blowfish in ECB mode -\& bf-ofb Blowfish in OFB mode -.Ve -.Vb 6 -\& cast-cbc CAST in CBC mode -\& cast Alias for cast-cbc -\& cast5-cbc CAST5 in CBC mode -\& cast5-cfb CAST5 in CFB mode -\& cast5-ecb CAST5 in ECB mode -\& cast5-ofb CAST5 in OFB mode -.Ve -.Vb 5 -\& des-cbc DES in CBC mode -\& des Alias for des-cbc -\& des-cfb DES in CBC mode -\& des-ofb DES in OFB mode -\& des-ecb DES in ECB mode -.Ve -.Vb 4 -\& des-ede-cbc Two key triple DES EDE in CBC mode -\& des-ede Alias for des-ede -\& des-ede-cfb Two key triple DES EDE in CFB mode -\& des-ede-ofb Two key triple DES EDE in OFB mode -.Ve -.Vb 5 -\& des-ede3-cbc Three key triple DES EDE in CBC mode -\& des-ede3 Alias for des-ede3-cbc -\& des3 Alias for des-ede3-cbc -\& des-ede3-cfb Three key triple DES EDE CFB mode -\& des-ede3-ofb Three key triple DES EDE in OFB mode -.Ve -.Vb 1 -\& desx DESX algorithm. -.Ve -.Vb 5 -\& idea-cbc IDEA algorithm in CBC mode -\& idea same as idea-cbc -\& idea-cfb IDEA in CFB mode -\& idea-ecb IDEA in ECB mode -\& idea-ofb IDEA in OFB mode -.Ve -.Vb 7 -\& rc2-cbc 128 bit RC2 in CBC mode -\& rc2 Alias for rc2-cbc -\& rc2-cfb 128 bit RC2 in CBC mode -\& rc2-ecb 128 bit RC2 in CBC mode -\& rc2-ofb 128 bit RC2 in CBC mode -\& rc2-64-cbc 64 bit RC2 in CBC mode -\& rc2-40-cbc 40 bit RC2 in CBC mode -.Ve -.Vb 3 -\& rc4 128 bit RC4 -\& rc4-64 64 bit RC4 -\& rc4-40 40 bit RC4 -.Ve -.Vb 5 -\& rc5-cbc RC5 cipher in CBC mode -\& rc5 Alias for rc5-cbc -\& rc5-cfb RC5 cipher in CBC mode -\& rc5-ecb RC5 cipher in CBC mode -\& rc5-ofb RC5 cipher in CBC mode -.Ve -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Just base64 encode a binary file: -.PP -.Vb 1 -\& openssl base64 -in file.bin -out file.b64 -.Ve -Decode the same file -.PP -.Vb 1 -\& openssl base64 -d -in file.b64 -out file.bin -.Ve -Encrypt a file using triple \s-1DES\s0 in \s-1CBC\s0 mode using a prompted password: -.PP -.Vb 1 -\& openssl des3 -salt -in file.txt -out file.des3 -.Ve -Decrypt a file using a supplied password: -.PP -.Vb 1 -\& openssl des3 -d -salt -in file.des3 -out file.txt -k mypassword -.Ve -Encrypt a file then base64 encode it (so it can be sent via mail for example) -using Blowfish in \s-1CBC\s0 mode: -.PP -.Vb 1 -\& openssl bf -a -salt -in file.txt -out file.bf -.Ve -Base64 decode a file then decrypt it: -.PP -.Vb 1 -\& openssl bf -d -salt -a -in file.bf -out file.txt -.Ve -Decrypt some data using a supplied 40 bit \s-1RC4\s0 key: -.PP -.Vb 1 -\& openssl rc4-40 -in file.rc4 -out file.txt -K 0102030405 -.Ve -.SH "BUGS" -.IX Header "BUGS" -The \fB\-A\fR option when used with large files doesn't work properly. -.PP -There should be an option to allow an iteration count to be included. -.PP -Like the \s-1EVP\s0 library the \fBenc\fR program only supports a fixed number of -algorithms with certain parameters. So if, for example, you want to use \s-1RC2\s0 -with a 76 bit key or \s-1RC4\s0 with an 84 bit key you can't use this program. diff --git a/secure/lib/libcrypto/man/engine.3 b/secure/lib/libcrypto/man/engine.3 new file mode 100644 index 000000000000..f9c42dd9cca3 --- /dev/null +++ b/secure/lib/libcrypto/man/engine.3 @@ -0,0 +1,784 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:29:17 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "engine 3" +.TH engine 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +engine \- \s-1ENGINE\s0 cryptographic module support +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/engine.h> +.Ve +.Vb 4 +\& ENGINE *ENGINE_get_first(void); +\& ENGINE *ENGINE_get_last(void); +\& ENGINE *ENGINE_get_next(ENGINE *e); +\& ENGINE *ENGINE_get_prev(ENGINE *e); +.Ve +.Vb 2 +\& int ENGINE_add(ENGINE *e); +\& int ENGINE_remove(ENGINE *e); +.Ve +.Vb 1 +\& ENGINE *ENGINE_by_id(const char *id); +.Ve +.Vb 2 +\& int ENGINE_init(ENGINE *e); +\& int ENGINE_finish(ENGINE *e); +.Ve +.Vb 12 +\& void ENGINE_load_openssl(void); +\& void ENGINE_load_dynamic(void); +\& void ENGINE_load_cswift(void); +\& void ENGINE_load_chil(void); +\& void ENGINE_load_atalla(void); +\& void ENGINE_load_nuron(void); +\& void ENGINE_load_ubsec(void); +\& void ENGINE_load_aep(void); +\& void ENGINE_load_sureware(void); +\& void ENGINE_load_4758cca(void); +\& void ENGINE_load_openbsd_dev_crypto(void); +\& void ENGINE_load_builtin_engines(void); +.Ve +.Vb 1 +\& void ENGINE_cleanup(void); +.Ve +.Vb 6 +\& ENGINE *ENGINE_get_default_RSA(void); +\& ENGINE *ENGINE_get_default_DSA(void); +\& ENGINE *ENGINE_get_default_DH(void); +\& ENGINE *ENGINE_get_default_RAND(void); +\& ENGINE *ENGINE_get_cipher_engine(int nid); +\& ENGINE *ENGINE_get_digest_engine(int nid); +.Ve +.Vb 7 +\& int ENGINE_set_default_RSA(ENGINE *e); +\& int ENGINE_set_default_DSA(ENGINE *e); +\& int ENGINE_set_default_DH(ENGINE *e); +\& int ENGINE_set_default_RAND(ENGINE *e); +\& int ENGINE_set_default_ciphers(ENGINE *e); +\& int ENGINE_set_default_digests(ENGINE *e); +\& int ENGINE_set_default_string(ENGINE *e, const char *list); +.Ve +.Vb 1 +\& int ENGINE_set_default(ENGINE *e, unsigned int flags); +.Ve +.Vb 2 +\& unsigned int ENGINE_get_table_flags(void); +\& void ENGINE_set_table_flags(unsigned int flags); +.Ve +.Vb 20 +\& int ENGINE_register_RSA(ENGINE *e); +\& void ENGINE_unregister_RSA(ENGINE *e); +\& void ENGINE_register_all_RSA(void); +\& int ENGINE_register_DSA(ENGINE *e); +\& void ENGINE_unregister_DSA(ENGINE *e); +\& void ENGINE_register_all_DSA(void); +\& int ENGINE_register_DH(ENGINE *e); +\& void ENGINE_unregister_DH(ENGINE *e); +\& void ENGINE_register_all_DH(void); +\& int ENGINE_register_RAND(ENGINE *e); +\& void ENGINE_unregister_RAND(ENGINE *e); +\& void ENGINE_register_all_RAND(void); +\& int ENGINE_register_ciphers(ENGINE *e); +\& void ENGINE_unregister_ciphers(ENGINE *e); +\& void ENGINE_register_all_ciphers(void); +\& int ENGINE_register_digests(ENGINE *e); +\& void ENGINE_unregister_digests(ENGINE *e); +\& void ENGINE_register_all_digests(void); +\& int ENGINE_register_complete(ENGINE *e); +\& int ENGINE_register_all_complete(void); +.Ve +.Vb 6 +\& int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +\& int ENGINE_cmd_is_executable(ENGINE *e, int cmd); +\& int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, +\& long i, void *p, void (*f)(), int cmd_optional); +\& int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, +\& int cmd_optional); +.Ve +.Vb 2 +\& int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg); +\& void *ENGINE_get_ex_data(const ENGINE *e, int idx); +.Ve +.Vb 2 +\& int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +\& CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +.Ve +.Vb 2 +\& ENGINE *ENGINE_new(void); +\& int ENGINE_free(ENGINE *e); +.Ve +.Vb 16 +\& int ENGINE_set_id(ENGINE *e, const char *id); +\& int ENGINE_set_name(ENGINE *e, const char *name); +\& int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); +\& int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); +\& int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); +\& int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); +\& int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); +\& int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); +\& int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); +\& int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); +\& int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f); +\& int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); +\& int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); +\& int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); +\& int ENGINE_set_flags(ENGINE *e, int flags); +\& int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); +.Ve +.Vb 18 +\& const char *ENGINE_get_id(const ENGINE *e); +\& const char *ENGINE_get_name(const ENGINE *e); +\& const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); +\& const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); +\& const DH_METHOD *ENGINE_get_DH(const ENGINE *e); +\& const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); +\& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); +\& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); +\& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); +\& ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e); +\& ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e); +\& ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e); +\& ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); +\& ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); +\& const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); +\& const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); +\& int ENGINE_get_flags(const ENGINE *e); +\& const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); +.Ve +.Vb 4 +\& EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, +\& UI_METHOD *ui_method, void *callback_data); +\& EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, +\& UI_METHOD *ui_method, void *callback_data); +.Ve +.Vb 1 +\& void ENGINE_add_conf_module(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions create, manipulate, and use cryptographic modules in the +form of \fB\s-1ENGINE\s0\fR objects. These objects act as containers for +implementations of cryptographic algorithms, and support a +reference-counted mechanism to allow them to be dynamically loaded in and +out of the running application. +.PP +The cryptographic functionality that can be provided by an \fB\s-1ENGINE\s0\fR +implementation includes the following abstractions; +.PP +.Vb 5 +\& RSA_METHOD - for providing alternative RSA implementations +\& DSA_METHOD, DH_METHOD, RAND_METHOD - alternative DSA, DH, and RAND +\& EVP_CIPHER - potentially multiple cipher algorithms (indexed by 'nid') +\& EVP_DIGEST - potentially multiple hash algorithms (indexed by 'nid') +\& key-loading - loading public and/or private EVP_PKEY keys +.Ve +.Sh "Reference counting and handles" +.IX Subsection "Reference counting and handles" +Due to the modular nature of the \s-1ENGINE\s0 \s-1API\s0, pointers to ENGINEs need to be +treated as handles \- ie. not only as pointers, but also as references to +the underlying \s-1ENGINE\s0 object. Ie. you should obtain a new reference when +making copies of an \s-1ENGINE\s0 pointer if the copies will be used (and +released) independantly. +.PP +\&\s-1ENGINE\s0 objects have two levels of reference-counting to match the way in +which the objects are used. At the most basic level, each \s-1ENGINE\s0 pointer is +inherently a \fBstructural\fR reference \- you need a structural reference +simply to refer to the pointer value at all, as this kind of reference is +your guarantee that the structure can not be deallocated until you release +your reference. +.PP +However, a structural reference provides no guarantee that the \s-1ENGINE\s0 has +been initiliased to be usable to perform any of its cryptographic +implementations \- and indeed it's quite possible that most ENGINEs will not +initialised at all on standard setups, as ENGINEs are typically used to +support specialised hardware. To use an \s-1ENGINE\s0's functionality, you need a +\&\fBfunctional\fR reference. This kind of reference can be considered a +specialised form of structural reference, because each functional reference +implicitly contains a structural reference as well \- however to avoid +difficult-to-find programming bugs, it is recommended to treat the two +kinds of reference independantly. If you have a functional reference to an +\&\s-1ENGINE\s0, you have a guarantee that the \s-1ENGINE\s0 has been initialised ready to +perform cryptographic operations and will not be uninitialised or cleaned +up until after you have released your reference. +.PP +We will discuss the two kinds of reference separately, including how to +tell which one you are dealing with at any given point in time (after all +they are both simply (\s-1ENGINE\s0 *) pointers, the difference is in the way they +are used). +.PP +\&\fIStructural references\fR +.PP +This basic type of reference is typically used for creating new ENGINEs +dynamically, iterating across OpenSSL's internal linked-list of loaded +ENGINEs, reading information about an \s-1ENGINE\s0, etc. Essentially a structural +reference is sufficient if you only need to query or manipulate the data of +an \s-1ENGINE\s0 implementation rather than use its functionality. +.PP +The \fIENGINE_new()\fR function returns a structural reference to a new (empty) +\&\s-1ENGINE\s0 object. Other than that, structural references come from return +values to various \s-1ENGINE\s0 \s-1API\s0 functions such as; \fIENGINE_by_id()\fR, +\&\fIENGINE_get_first()\fR, \fIENGINE_get_last()\fR, \fIENGINE_get_next()\fR, +\&\fIENGINE_get_prev()\fR. All structural references should be released by a +corresponding to call to the \fIENGINE_free()\fR function \- the \s-1ENGINE\s0 object +itself will only actually be cleaned up and deallocated when the last +structural reference is released. +.PP +It should also be noted that many \s-1ENGINE\s0 \s-1API\s0 function calls that accept a +structural reference will internally obtain another reference \- typically +this happens whenever the supplied \s-1ENGINE\s0 will be needed by OpenSSL after +the function has returned. Eg. the function to add a new \s-1ENGINE\s0 to +OpenSSL's internal list is \fIENGINE_add()\fR \- if this function returns success, +then OpenSSL will have stored a new structural reference internally so the +caller is still responsible for freeing their own reference with +\&\fIENGINE_free()\fR when they are finished with it. In a similar way, some +functions will automatically release the structural reference passed to it +if part of the function's job is to do so. Eg. the \fIENGINE_get_next()\fR and +\&\fIENGINE_get_prev()\fR functions are used for iterating across the internal +\&\s-1ENGINE\s0 list \- they will return a new structural reference to the next (or +previous) \s-1ENGINE\s0 in the list or \s-1NULL\s0 if at the end (or beginning) of the +list, but in either case the structural reference passed to the function is +released on behalf of the caller. +.PP +To clarify a particular function's handling of references, one should +always consult that function's documentation \*(L"man\*(R" page, or failing that +the openssl/engine.h header file includes some hints. +.PP +\&\fIFunctional references\fR +.PP +As mentioned, functional references exist when the cryptographic +functionality of an \s-1ENGINE\s0 is required to be available. A functional +reference can be obtained in one of two ways; from an existing structural +reference to the required \s-1ENGINE\s0, or by asking OpenSSL for the default +operational \s-1ENGINE\s0 for a given cryptographic purpose. +.PP +To obtain a functional reference from an existing structural reference, +call the \fIENGINE_init()\fR function. This returns zero if the \s-1ENGINE\s0 was not +already operational and couldn't be successfully initialised (eg. lack of +system drivers, no special hardware attached, etc), otherwise it will +return non-zero to indicate that the \s-1ENGINE\s0 is now operational and will +have allocated a new \fBfunctional\fR reference to the \s-1ENGINE\s0. In this case, +the supplied \s-1ENGINE\s0 pointer is, from the point of the view of the caller, +both a structural reference and a functional reference \- so if the caller +intends to use it as a functional reference it should free the structural +reference with \fIENGINE_free()\fR first. If the caller wishes to use it only as +a structural reference (eg. if the \fIENGINE_init()\fR call was simply to test if +the \s-1ENGINE\s0 seems available/online), then it should free the functional +reference; all functional references are released by the \fIENGINE_finish()\fR +function. +.PP +The second way to get a functional reference is by asking OpenSSL for a +default implementation for a given task, eg. by \fIENGINE_get_default_RSA()\fR, +\&\fIENGINE_get_default_cipher_engine()\fR, etc. These are discussed in the next +section, though they are not usually required by application programmers as +they are used automatically when creating and using the relevant +algorithm-specific types in OpenSSL, such as \s-1RSA\s0, \s-1DSA\s0, \s-1EVP_CIPHER_CTX\s0, etc. +.Sh "Default implementations" +.IX Subsection "Default implementations" +For each supported abstraction, the \s-1ENGINE\s0 code maintains an internal table +of state to control which implementations are available for a given +abstraction and which should be used by default. These implementations are +registered in the tables separated-out by an 'nid' index, because +abstractions like \s-1EVP_CIPHER\s0 and \s-1EVP_DIGEST\s0 support many distinct +algorithms and modes \- ENGINEs will support different numbers and +combinations of these. In the case of other abstractions like \s-1RSA\s0, \s-1DSA\s0, +etc, there is only one \*(L"algorithm\*(R" so all implementations implicitly +register using the same 'nid' index. ENGINEs can be \fBregistered\fR into +these tables to make themselves available for use automatically by the +various abstractions, eg. \s-1RSA\s0. For illustrative purposes, we continue with +the \s-1RSA\s0 example, though all comments apply similarly to the other +abstractions (they each get their own table and linkage to the +corresponding section of openssl code). +.PP +When a new \s-1RSA\s0 key is being created, ie. in \fIRSA_new_method()\fR, a +\&\*(L"get_default\*(R" call will be made to the \s-1ENGINE\s0 subsystem to process the \s-1RSA\s0 +state table and return a functional reference to an initialised \s-1ENGINE\s0 +whose \s-1RSA_METHOD\s0 should be used. If no \s-1ENGINE\s0 should (or can) be used, it +will return \s-1NULL\s0 and the \s-1RSA\s0 key will operate with a \s-1NULL\s0 \s-1ENGINE\s0 handle by +using the conventional \s-1RSA\s0 implementation in OpenSSL (and will from then on +behave the way it used to before the \s-1ENGINE\s0 \s-1API\s0 existed \- for details see +RSA_new_method(3)). +.PP +Each state table has a flag to note whether it has processed this +\&\*(L"get_default\*(R" query since the table was last modified, because to process +this question it must iterate across all the registered ENGINEs in the +table trying to initialise each of them in turn, in case one of them is +operational. If it returns a functional reference to an \s-1ENGINE\s0, it will +also cache another reference to speed up processing future queries (without +needing to iterate across the table). Likewise, it will cache a \s-1NULL\s0 +response if no \s-1ENGINE\s0 was available so that future queries won't repeat the +same iteration unless the state table changes. This behaviour can also be +changed; if the \s-1ENGINE_TABLE_FLAG_NOINIT\s0 flag is set (using +\&\fIENGINE_set_table_flags()\fR), no attempted initialisations will take place, +instead the only way for the state table to return a non-NULL \s-1ENGINE\s0 to the +\&\*(L"get_default\*(R" query will be if one is expressly set in the table. Eg. +\&\fIENGINE_set_default_RSA()\fR does the same job as \fIENGINE_register_RSA()\fR except +that it also sets the state table's cached response for the \*(L"get_default\*(R" +query. +.PP +In the case of abstractions like \s-1EVP_CIPHER\s0, where implementations are +indexed by 'nid', these flags and cached-responses are distinct for each +\&'nid' value. +.PP +It is worth illustrating the difference between \*(L"registration\*(R" of ENGINEs +into these per-algorithm state tables and using the alternative +\&\*(L"set_default\*(R" functions. The latter handles both \*(L"registration\*(R" and also +setting the cached \*(L"default\*(R" \s-1ENGINE\s0 in each relevant state table \- so +registered ENGINEs will only have a chance to be initialised for use as a +default if a default \s-1ENGINE\s0 wasn't already set for the same state table. +Eg. if \s-1ENGINE\s0 X supports cipher nids {A,B} and \s-1RSA\s0, \s-1ENGINE\s0 Y supports +ciphers {A} and \s-1DSA\s0, and the following code is executed; +.PP +.Vb 7 +\& ENGINE_register_complete(X); +\& ENGINE_set_default(Y, ENGINE_METHOD_ALL); +\& e1 = ENGINE_get_default_RSA(); +\& e2 = ENGINE_get_cipher_engine(A); +\& e3 = ENGINE_get_cipher_engine(B); +\& e4 = ENGINE_get_default_DSA(); +\& e5 = ENGINE_get_cipher_engine(C); +.Ve +The results would be as follows; +.PP +.Vb 5 +\& assert(e1 == X); +\& assert(e2 == Y); +\& assert(e3 == X); +\& assert(e4 == Y); +\& assert(e5 == NULL); +.Ve +.Sh "Application requirements" +.IX Subsection "Application requirements" +This section will explain the basic things an application programmer should +support to make the most useful elements of the \s-1ENGINE\s0 functionality +available to the user. The first thing to consider is whether the +programmer wishes to make alternative \s-1ENGINE\s0 modules available to the +application and user. OpenSSL maintains an internal linked list of +\&\*(L"visible\*(R" ENGINEs from which it has to operate \- at start-up, this list is +empty and in fact if an application does not call any \s-1ENGINE\s0 \s-1API\s0 calls and +it uses static linking against openssl, then the resulting application +binary will not contain any alternative \s-1ENGINE\s0 code at all. So the first +consideration is whether any/all available \s-1ENGINE\s0 implementations should be +made visible to OpenSSL \- this is controlled by calling the various \*(L"load\*(R" +functions, eg. +.PP +.Vb 9 +\& /* Make the "dynamic" ENGINE available */ +\& void ENGINE_load_dynamic(void); +\& /* Make the CryptoSwift hardware acceleration support available */ +\& void ENGINE_load_cswift(void); +\& /* Make support for nCipher's "CHIL" hardware available */ +\& void ENGINE_load_chil(void); +\& ... +\& /* Make ALL ENGINE implementations bundled with OpenSSL available */ +\& void ENGINE_load_builtin_engines(void); +.Ve +Having called any of these functions, \s-1ENGINE\s0 objects would have been +dynamically allocated and populated with these implementations and linked +into OpenSSL's internal linked list. At this point it is important to +mention an important \s-1API\s0 function; +.PP +.Vb 1 +\& void ENGINE_cleanup(void); +.Ve +If no \s-1ENGINE\s0 \s-1API\s0 functions are called at all in an application, then there +are no inherent memory leaks to worry about from the \s-1ENGINE\s0 functionality, +however if any ENGINEs are \*(L"load\*(R"ed, even if they are never registered or +used, it is necessary to use the \fIENGINE_cleanup()\fR function to +correspondingly cleanup before program exit, if the caller wishes to avoid +memory leaks. This mechanism uses an internal callback registration table +so that any \s-1ENGINE\s0 \s-1API\s0 functionality that knows it requires cleanup can +register its cleanup details to be called during \fIENGINE_cleanup()\fR. This +approach allows \fIENGINE_cleanup()\fR to clean up after any \s-1ENGINE\s0 functionality +at all that your program uses, yet doesn't automatically create linker +dependencies to all possible \s-1ENGINE\s0 functionality \- only the cleanup +callbacks required by the functionality you do use will be required by the +linker. +.PP +The fact that ENGINEs are made visible to OpenSSL (and thus are linked into +the program and loaded into memory at run-time) does not mean they are +\&\*(L"registered\*(R" or called into use by OpenSSL automatically \- that behaviour +is something for the application to have control over. Some applications +will want to allow the user to specify exactly which \s-1ENGINE\s0 they want used +if any is to be used at all. Others may prefer to load all support and have +OpenSSL automatically use at run-time any \s-1ENGINE\s0 that is able to +successfully initialise \- ie. to assume that this corresponds to +acceleration hardware attached to the machine or some such thing. There are +probably numerous other ways in which applications may prefer to handle +things, so we will simply illustrate the consequences as they apply to a +couple of simple cases and leave developers to consider these and the +source code to openssl's builtin utilities as guides. +.PP +\&\fIUsing a specific \s-1ENGINE\s0 implementation\fR +.PP +Here we'll assume an application has been configured by its user or admin +to want to use the \*(L"\s-1ACME\s0\*(R" \s-1ENGINE\s0 if it is available in the version of +OpenSSL the application was compiled with. If it is available, it should be +used by default for all \s-1RSA\s0, \s-1DSA\s0, and symmetric cipher operation, otherwise +OpenSSL should use its builtin software as per usual. The following code +illustrates how to approach this; +.PP +.Vb 22 +\& ENGINE *e; +\& const char *engine_id = "ACME"; +\& ENGINE_load_builtin_engines(); +\& e = ENGINE_by_id(engine_id); +\& if(!e) +\& /* the engine isn't available */ +\& return; +\& if(!ENGINE_init(e)) { +\& /* the engine couldn't initialise, release 'e' */ +\& ENGINE_free(e); +\& return; +\& } +\& if(!ENGINE_set_default_RSA(e)) +\& /* This should only happen when 'e' can't initialise, but the previous +\& * statement suggests it did. */ +\& abort(); +\& ENGINE_set_default_DSA(e); +\& ENGINE_set_default_ciphers(e); +\& /* Release the functional reference from ENGINE_init() */ +\& ENGINE_finish(e); +\& /* Release the structural reference from ENGINE_by_id() */ +\& ENGINE_free(e); +.Ve +\&\fIAutomatically using builtin \s-1ENGINE\s0 implementations\fR +.PP +Here we'll assume we want to load and register all \s-1ENGINE\s0 implementations +bundled with OpenSSL, such that for any cryptographic algorithm required by +OpenSSL \- if there is an \s-1ENGINE\s0 that implements it and can be initialise, +it should be used. The following code illustrates how this can work; +.PP +.Vb 4 +\& /* Load all bundled ENGINEs into memory and make them visible */ +\& ENGINE_load_builtin_engines(); +\& /* Register all of them for every algorithm they collectively implement */ +\& ENGINE_register_all_complete(); +.Ve +That's all that's required. Eg. the next time OpenSSL tries to set up an +\&\s-1RSA\s0 key, any bundled ENGINEs that implement \s-1RSA_METHOD\s0 will be passed to +\&\fIENGINE_init()\fR and if any of those succeed, that \s-1ENGINE\s0 will be set as the +default for use with \s-1RSA\s0 from then on. +.Sh "Advanced configuration support" +.IX Subsection "Advanced configuration support" +There is a mechanism supported by the \s-1ENGINE\s0 framework that allows each +\&\s-1ENGINE\s0 implementation to define an arbitrary set of configuration +\&\*(L"commands\*(R" and expose them to OpenSSL and any applications based on +OpenSSL. This mechanism is entirely based on the use of name-value pairs +and and assumes \s-1ASCII\s0 input (no unicode or \s-1UTF\s0 for now!), so it is ideal if +applications want to provide a transparent way for users to provide +arbitrary configuration \*(L"directives\*(R" directly to such ENGINEs. It is also +possible for the application to dynamically interrogate the loaded \s-1ENGINE\s0 +implementations for the names, descriptions, and input flags of their +available \*(L"control commands\*(R", providing a more flexible configuration +scheme. However, if the user is expected to know which \s-1ENGINE\s0 device he/she +is using (in the case of specialised hardware, this goes without saying) +then applications may not need to concern themselves with discovering the +supported control commands and simply prefer to allow settings to passed +into ENGINEs exactly as they are provided by the user. +.PP +Before illustrating how control commands work, it is worth mentioning what +they are typically used for. Broadly speaking there are two uses for +control commands; the first is to provide the necessary details to the +implementation (which may know nothing at all specific to the host system) +so that it can be initialised for use. This could include the path to any +driver or config files it needs to load, required network addresses, +smart-card identifiers, passwords to initialise password-protected devices, +logging information, etc etc. This class of commands typically needs to be +passed to an \s-1ENGINE\s0 \fBbefore\fR attempting to initialise it, ie. before +calling \fIENGINE_init()\fR. The other class of commands consist of settings or +operations that tweak certain behaviour or cause certain operations to take +place, and these commands may work either before or after \fIENGINE_init()\fR, or +in same cases both. \s-1ENGINE\s0 implementations should provide indications of +this in the descriptions attached to builtin control commands and/or in +external product documentation. +.PP +\&\fIIssuing control commands to an \s-1ENGINE\s0\fR +.PP +Let's illustrate by example; a function for which the caller supplies the +name of the \s-1ENGINE\s0 it wishes to use, a table of string-pairs for use before +initialisation, and another table for use after initialisation. Note that +the string-pairs used for control commands consist of a command \*(L"name\*(R" +followed by the command \*(L"parameter\*(R" \- the parameter could be \s-1NULL\s0 in some +cases but the name can not. This function should initialise the \s-1ENGINE\s0 +(issuing the \*(L"pre\*(R" commands beforehand and the \*(L"post\*(R" commands afterwards) +and set it as the default for everything except \s-1RAND\s0 and then return a +boolean success or failure. +.PP +.Vb 36 +\& int generic_load_engine_fn(const char *engine_id, +\& const char **pre_cmds, int pre_num, +\& const char **post_cmds, int post_num) +\& { +\& ENGINE *e = ENGINE_by_id(engine_id); +\& if(!e) return 0; +\& while(pre_num--) { +\& if(!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) { +\& fprintf(stderr, "Failed command (%s - %s:%s)\en", engine_id, +\& pre_cmds[0], pre_cmds[1] ? pre_cmds[1] : "(NULL)"); +\& ENGINE_free(e); +\& return 0; +\& } +\& pre_cmds += 2; +\& } +\& if(!ENGINE_init(e)) { +\& fprintf(stderr, "Failed initialisation\en"); +\& ENGINE_free(e); +\& return 0; +\& } +\& /* ENGINE_init() returned a functional reference, so free the structural +\& * reference from ENGINE_by_id(). */ +\& ENGINE_free(e); +\& while(post_num--) { +\& if(!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) { +\& fprintf(stderr, "Failed command (%s - %s:%s)\en", engine_id, +\& post_cmds[0], post_cmds[1] ? post_cmds[1] : "(NULL)"); +\& ENGINE_finish(e); +\& return 0; +\& } +\& post_cmds += 2; +\& } +\& ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND); +\& /* Success */ +\& return 1; +\& } +.Ve +Note that \fIENGINE_ctrl_cmd_string()\fR accepts a boolean argument that can +relax the semantics of the function \- if set non-zero it will only return +failure if the \s-1ENGINE\s0 supported the given command name but failed while +executing it, if the \s-1ENGINE\s0 doesn't support the command name it will simply +return success without doing anything. In this case we assume the user is +only supplying commands specific to the given \s-1ENGINE\s0 so we set this to +\&\s-1FALSE\s0. +.PP +\&\fIDiscovering supported control commands\fR +.PP +It is possible to discover at run-time the names, numerical-ids, descriptions +and input parameters of the control commands supported from a structural +reference to any \s-1ENGINE\s0. It is first important to note that some control +commands are defined by OpenSSL itself and it will intercept and handle these +control commands on behalf of the \s-1ENGINE\s0, ie. the \s-1ENGINE\s0's \fIctrl()\fR handler is not +used for the control command. openssl/engine.h defines a symbol, +\&\s-1ENGINE_CMD_BASE\s0, that all control commands implemented by ENGINEs from. Any +command value lower than this symbol is considered a \*(L"generic\*(R" command is +handled directly by the OpenSSL core routines. +.PP +It is using these \*(L"core\*(R" control commands that one can discover the the control +commands implemented by a given \s-1ENGINE\s0, specifically the commands; +.PP +.Vb 9 +\& #define ENGINE_HAS_CTRL_FUNCTION 10 +\& #define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11 +\& #define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12 +\& #define ENGINE_CTRL_GET_CMD_FROM_NAME 13 +\& #define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14 +\& #define ENGINE_CTRL_GET_NAME_FROM_CMD 15 +\& #define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16 +\& #define ENGINE_CTRL_GET_DESC_FROM_CMD 17 +\& #define ENGINE_CTRL_GET_CMD_FLAGS 18 +.Ve +Whilst these commands are automatically processed by the OpenSSL framework code, +they use various properties exposed by each \s-1ENGINE\s0 by which to process these +queries. An \s-1ENGINE\s0 has 3 properties it exposes that can affect this behaviour; +it can supply a \fIctrl()\fR handler, it can specify \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 in +the \s-1ENGINE\s0's flags, and it can expose an array of control command descriptions. +If an \s-1ENGINE\s0 specifies the \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 flag, then it will +simply pass all these \*(L"core\*(R" control commands directly to the \s-1ENGINE\s0's \fIctrl()\fR +handler (and thus, it must have supplied one), so it is up to the \s-1ENGINE\s0 to +reply to these \*(L"discovery\*(R" commands itself. If that flag is not set, then the +OpenSSL framework code will work with the following rules; +.PP +.Vb 9 +\& if no ctrl() handler supplied; +\& ENGINE_HAS_CTRL_FUNCTION returns FALSE (zero), +\& all other commands fail. +\& if a ctrl() handler was supplied but no array of control commands; +\& ENGINE_HAS_CTRL_FUNCTION returns TRUE, +\& all other commands fail. +\& if a ctrl() handler and array of control commands was supplied; +\& ENGINE_HAS_CTRL_FUNCTION returns TRUE, +\& all other commands proceed processing ... +.Ve +If the \s-1ENGINE\s0's array of control commands is empty then all other commands will +fail, otherwise; \s-1ENGINE_CTRL_GET_FIRST_CMD_TYPE\s0 returns the identifier of +the first command supported by the \s-1ENGINE\s0, \s-1ENGINE_GET_NEXT_CMD_TYPE\s0 takes the +identifier of a command supported by the \s-1ENGINE\s0 and returns the next command +identifier or fails if there are no more, \s-1ENGINE_CMD_FROM_NAME\s0 takes a string +name for a command and returns the corresponding identifier or fails if no such +command name exists, and the remaining commands take a command identifier and +return properties of the corresponding commands. All except +\&\s-1ENGINE_CTRL_GET_FLAGS\s0 return the string length of a command name or description, +or populate a supplied character buffer with a copy of the command name or +description. \s-1ENGINE_CTRL_GET_FLAGS\s0 returns a bitwise-OR'd mask of the following +possible values; +.PP +.Vb 4 +\& #define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001 +\& #define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002 +\& #define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004 +\& #define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008 +.Ve +If the \s-1ENGINE_CMD_FLAG_INTERNAL\s0 flag is set, then any other flags are purely +informational to the caller \- this flag will prevent the command being usable +for any higher-level \s-1ENGINE\s0 functions such as \fIENGINE_ctrl_cmd_string()\fR. +\&\*(L"\s-1INTERNAL\s0\*(R" commands are not intended to be exposed to text-based configuration +by applications, administrations, users, etc. These can support arbitrary +operations via \fIENGINE_ctrl()\fR, including passing to and/or from the control +commands data of any arbitrary type. These commands are supported in the +discovery mechanisms simply to allow applications determinie if an \s-1ENGINE\s0 +supports certain specific commands it might want to use (eg. application \*(L"foo\*(R" +might query various ENGINEs to see if they implement \*(L"\s-1FOO_GET_VENDOR_LOGO_GIF\s0\*(R" \- +and \s-1ENGINE\s0 could therefore decide whether or not to support this \*(L"foo\*(R"\-specific +extension). +.Sh "Future developments" +.IX Subsection "Future developments" +The \s-1ENGINE\s0 \s-1API\s0 and internal architecture is currently being reviewed. Slated for +possible release in 0.9.8 is support for transparent loading of \*(L"dynamic\*(R" +ENGINEs (built as self-contained shared-libraries). This would allow \s-1ENGINE\s0 +implementations to be provided independantly of OpenSSL libraries and/or +OpenSSL-based applications, and would also remove any requirement for +applications to explicitly use the \*(L"dynamic\*(R" \s-1ENGINE\s0 to bind to shared-library +implementations. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +rsa(3), dsa(3), dh(3), rand(3), +RSA_new_method(3) diff --git a/secure/lib/libcrypto/man/err.3 b/secure/lib/libcrypto/man/err.3 index bd76dd783a6c..22599ed78726 100644 --- a/secure/lib/libcrypto/man/err.3 +++ b/secure/lib/libcrypto/man/err.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:04 2002 +.\" Mon Jan 13 19:29:19 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "err 3" -.TH err 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH err 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" err \- error codes diff --git a/secure/lib/libcrypto/man/evp.3 b/secure/lib/libcrypto/man/evp.3 index dae3c8223f54..d50439f40569 100644 --- a/secure/lib/libcrypto/man/evp.3 +++ b/secure/lib/libcrypto/man/evp.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:05 2002 +.\" Mon Jan 13 19:29:20 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "evp 3" -.TH evp 3 "0.9.6e" "2001-02-17" "OpenSSL" +.TH evp 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" evp \- high-level cryptographic functions @@ -162,6 +162,13 @@ Symmetric encryption is available with the \fBEVP_Encrypt\fR\fI...\fR functions. The \fBEVP_Digest\fR\fI...\fR functions provide message digests. .PP Algorithms are loaded with \fIOpenSSL_add_all_algorithms\fR\|(3). +.PP +All the symmetric algorithms (ciphers) and digests can be replaced by \s-1ENGINE\s0 +modules providing alternative implementations. If \s-1ENGINE\s0 implementations of +ciphers or digests are registered as defaults, then the various \s-1EVP\s0 functions +will automatically use those implementations automatically in preference to +built in software implementations. For more information, consult the \fIengine\fR\|(3) +man page. .SH "SEE ALSO" .IX Header "SEE ALSO" EVP_DigestInit(3), @@ -170,4 +177,5 @@ EVP_OpenInit(3), EVP_SealInit(3), EVP_SignInit(3), EVP_VerifyInit(3), -OpenSSL_add_all_algorithms(3) +OpenSSL_add_all_algorithms(3), +engine(3) diff --git a/secure/lib/libcrypto/man/gendsa.1 b/secure/lib/libcrypto/man/gendsa.1 deleted file mode 100644 index 19ec49bbcc9e..000000000000 --- a/secure/lib/libcrypto/man/gendsa.1 +++ /dev/null @@ -1,184 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:46 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "GENDSA 1" -.TH GENDSA 1 "0.9.6e" "2000-11-12" "OpenSSL" -.UC -.SH "NAME" -gendsa \- generate a \s-1DSA\s0 private key from a set of parameters -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBgendsa\fR -[\fB\-out filename\fR] -[\fB\-des\fR] -[\fB\-des3\fR] -[\fB\-idea\fR] -[\fB\-rand \f(BIfile\fB\|(s)\fR] -[\fBparamfile\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBgendsa\fR command generates a \s-1DSA\s0 private key from a \s-1DSA\s0 parameter file -(which will be typically generated by the \fBopenssl dsaparam\fR command). -.SH "OPTIONS" -.IX Header "OPTIONS" -.Ip "\fB\-des|\-des3|\-idea\fR" 4 -.IX Item "-des|-des3|-idea" -These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, or the -\&\s-1IDEA\s0 ciphers respectively before outputting it. A pass phrase is prompted for. -If none of these options is specified no encryption is used. -.Ip "\fB\-rand \f(BIfile\fB\|(s)\fR" 4 -.IX Item "-rand file" -a file or files containing random data used to seed the random number -generator, or an \s-1EGD\s0 socket (see RAND_egd(3)). -Multiple files can be specified separated by a OS-dependent character. -The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for -all others. -.Ip "\fBparamfile\fR" 4 -.IX Item "paramfile" -This option specifies the \s-1DSA\s0 parameter file to use. The parameters in this -file determine the size of the private key. \s-1DSA\s0 parameters can be generated -and examined using the \fBopenssl dsaparam\fR command. -.SH "NOTES" -.IX Header "NOTES" -\&\s-1DSA\s0 key generation is little more than random number generation so it is -much quicker that \s-1RSA\s0 key generation for example. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -dsaparam(1), dsa(1), genrsa(1), -rsa(1) diff --git a/secure/lib/libcrypto/man/genrsa.1 b/secure/lib/libcrypto/man/genrsa.1 deleted file mode 100644 index aaea7623c51f..000000000000 --- a/secure/lib/libcrypto/man/genrsa.1 +++ /dev/null @@ -1,209 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:47 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "GENRSA 1" -.TH GENRSA 1 "0.9.6e" "2000-11-12" "OpenSSL" -.UC -.SH "NAME" -genrsa \- generate an \s-1RSA\s0 private key -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBgenrsa\fR -[\fB\-out filename\fR] -[\fB\-passout arg\fR] -[\fB\-des\fR] -[\fB\-des3\fR] -[\fB\-idea\fR] -[\fB\-f4\fR] -[\fB\-3\fR] -[\fB\-rand \f(BIfile\fB\|(s)\fR] -[\fBnumbits\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBgenrsa\fR command generates an \s-1RSA\s0 private key. -.SH "OPTIONS" -.IX Header "OPTIONS" -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -the output filename. If this argument is not specified then standard output is -used. -.Ip "\fB\-passout arg\fR" 4 -.IX Item "-passout arg" -the output file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). -.Ip "\fB\-des|\-des3|\-idea\fR" 4 -.IX Item "-des|-des3|-idea" -These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, or the -\&\s-1IDEA\s0 ciphers respectively before outputting it. If none of these options is -specified no encryption is used. If encryption is used a pass phrase is prompted -for if it is not supplied via the \fB\-passout\fR argument. -.Ip "\fB\-F4|\-3\fR" 4 -.IX Item "-F4|-3" -the public exponent to use, either 65537 or 3. The default is 65537. -.Ip "\fB\-rand \f(BIfile\fB\|(s)\fR" 4 -.IX Item "-rand file" -a file or files containing random data used to seed the random number -generator, or an \s-1EGD\s0 socket (see RAND_egd(3)). -Multiple files can be specified separated by a OS-dependent character. -The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for -all others. -.Ip "\fBnumbits\fR" 4 -.IX Item "numbits" -the size of the private key to generate in bits. This must be the last option -specified. The default is 512. -.SH "NOTES" -.IX Header "NOTES" -\&\s-1RSA\s0 private key generation essentially involves the generation of two prime -numbers. When generating a private key various symbols will be output to -indicate the progress of the generation. A \fB.\fR represents each number which -has passed an initial sieve test, \fB+\fR means a number has passed a single -round of the Miller-Rabin primality test. A newline means that the number has -passed all the prime tests (the actual number depends on the key size). -.PP -Because key generation is a random process the time taken to generate a key -may vary somewhat. -.SH "BUGS" -.IX Header "BUGS" -A quirk of the prime generation algorithm is that it cannot generate small -primes. Therefore the number of bits should not be less that 64. For typical -private keys this will not matter because for security reasons they will -be much larger (typically 1024 bits). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -gendsa(1) diff --git a/secure/lib/libcrypto/man/hmac.3 b/secure/lib/libcrypto/man/hmac.3 index c62de6349aa5..27eeff8334e7 100644 --- a/secure/lib/libcrypto/man/hmac.3 +++ b/secure/lib/libcrypto/man/hmac.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:06 2002 +.\" Mon Jan 13 19:29:21 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "hmac 3" -.TH hmac 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH hmac 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" \&\s-1HMAC\s0, HMAC_Init, HMAC_Update, HMAC_Final, HMAC_cleanup \- \s-1HMAC\s0 message @@ -153,13 +153,19 @@ authentication code \& int key_len, const unsigned char *d, int n, \& unsigned char *md, unsigned int *md_len); .Ve -.Vb 4 +.Vb 1 +\& void HMAC_CTX_init(HMAC_CTX *ctx); +.Ve +.Vb 6 \& void HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len, \& const EVP_MD *md); +\& void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, +\& const EVP_MD *md); \& void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len); \& void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); .Ve -.Vb 1 +.Vb 2 +\& void HMAC_CTX_cleanup(HMAC_CTX *ctx); \& void HMAC_cleanup(HMAC_CTX *ctx); .Ve .SH "DESCRIPTION" @@ -181,13 +187,31 @@ the output is placed in \fBmd_len\fR, unless it is \fB\s-1NULL\s0\fR. \&\fBkey\fR and \fBevp_md\fR may be \fB\s-1NULL\s0\fR if a key and hash function have been set in a previous call to \fIHMAC_Init()\fR for that \fB\s-1HMAC_CTX\s0\fR. .PP -\&\fIHMAC_cleanup()\fR erases the key and other data from the \fB\s-1HMAC_CTX\s0\fR. +\&\fIHMAC_CTX_init()\fR initialises a \fB\s-1HMAC_CTX\s0\fR before first use. It must be +called. +.PP +\&\fIHMAC_CTX_cleanup()\fR erases the key and other data from the \fB\s-1HMAC_CTX\s0\fR +and releases any associated resources. It must be called when an +\&\fB\s-1HMAC_CTX\s0\fR is no longer required. +.PP +\&\fIHMAC_cleanup()\fR is an alias for \fIHMAC_CTX_cleanup()\fR included for back +compatibility with 0.9.6b, it is deprecated. .PP The following functions may be used if the message is not completely stored in memory: .PP \&\fIHMAC_Init()\fR initializes a \fB\s-1HMAC_CTX\s0\fR structure to use the hash -function \fBevp_md\fR and the key \fBkey\fR which is \fBkey_len\fR bytes long. +function \fBevp_md\fR and the key \fBkey\fR which is \fBkey_len\fR bytes +long. It is deprecated and only included for backward compatibility +with OpenSSL 0.9.6b. +.PP +\&\fIHMAC_Init_ex()\fR initializes or reuses a \fB\s-1HMAC_CTX\s0\fR structure to use +the function \fBevp_md\fR and key \fBkey\fR. Either can be \s-1NULL\s0, in which +case the existing one will be reused. \fIHMAC_CTX_init()\fR must have been +called before the first use of an \fB\s-1HMAC_CTX\s0\fR in this +function. \fBN.B. \f(BIHMAC_Init()\fB had this undocumented behaviour in +previous versions of OpenSSL \- failure to switch to \f(BIHMAC_Init_ex()\fB in +programs that expect it will cause them to stop working\fR. .PP \&\fIHMAC_Update()\fR can be called repeatedly with chunks of the message to be authenticated (\fBlen\fR bytes at \fBdata\fR). @@ -198,8 +222,8 @@ must have space for the hash function output. .IX Header "RETURN VALUES" \&\fIHMAC()\fR returns a pointer to the message authentication code. .PP -\&\fIHMAC_Init()\fR, \fIHMAC_Update()\fR, \fIHMAC_Final()\fR and \fIHMAC_cleanup()\fR do not -return values. +\&\fIHMAC_CTX_init()\fR, \fIHMAC_Init_ex()\fR, \fIHMAC_Update()\fR, \fIHMAC_Final()\fR and +\&\fIHMAC_CTX_cleanup()\fR do not return values. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1RFC\s0 2104 @@ -210,3 +234,6 @@ sha(3), evp(3) .IX Header "HISTORY" \&\fIHMAC()\fR, \fIHMAC_Init()\fR, \fIHMAC_Update()\fR, \fIHMAC_Final()\fR and \fIHMAC_cleanup()\fR are available since SSLeay 0.9.0. +.PP +\&\fIHMAC_CTX_init()\fR, \fIHMAC_Init_ex()\fR and \fIHMAC_CTX_cleanup()\fR are available +since OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/lh_stats.3 b/secure/lib/libcrypto/man/lh_stats.3 index 44645f06a440..aeb26e2e4acd 100644 --- a/secure/lib/libcrypto/man/lh_stats.3 +++ b/secure/lib/libcrypto/man/lh_stats.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:06 2002 +.\" Mon Jan 13 19:29:22 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "lh_stats 3" -.TH lh_stats 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH lh_stats 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" lh_stats, lh_node_stats, lh_node_usage_stats, lh_stats_bio, diff --git a/secure/lib/libcrypto/man/lhash.3 b/secure/lib/libcrypto/man/lhash.3 index e5ee467db8b9..f698fcecad49 100644 --- a/secure/lib/libcrypto/man/lhash.3 +++ b/secure/lib/libcrypto/man/lhash.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:07 2002 +.\" Mon Jan 13 19:29:23 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,19 +138,17 @@ .\" ====================================================================== .\" .IX Title "lhash 3" -.TH lhash 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH lhash 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -lh_new, lh_free, lh_insert, lh_delete, lh_retrieve, lh_doall, -lh_doall_arg, lh_error \- dynamic hash table +lh_new, lh_free, lh_insert, lh_delete, lh_retrieve, lh_doall, lh_doall_arg, lh_error \- dynamic hash table .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/lhash.h> .Ve -.Vb 3 -\& LHASH *lh_new(unsigned long (*hash)(/*void *a*/), -\& int (*compare)(/*void *a,void *b*/)); +.Vb 2 +\& LHASH *lh_new(LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE compare); \& void lh_free(LHASH *table); .Ve .Vb 3 @@ -159,29 +157,102 @@ lh_doall_arg, lh_error \- dynamic hash table \& void *lh_retrieve(LHASH *table, void *data); .Ve .Vb 3 -\& void lh_doall(LHASH *table, void (*func)(/*void *b*/)); -\& void lh_doall_arg(LHASH *table, void (*func)(/*void *a,void *b*/), +\& void lh_doall(LHASH *table, LHASH_DOALL_FN_TYPE func); +\& void lh_doall_arg(LHASH *table, LHASH_DOALL_ARG_FN_TYPE func, \& void *arg); .Ve .Vb 1 \& int lh_error(LHASH *table); .Ve +.Vb 4 +\& typedef int (*LHASH_COMP_FN_TYPE)(const void *, const void *); +\& typedef unsigned long (*LHASH_HASH_FN_TYPE)(const void *); +\& typedef void (*LHASH_DOALL_FN_TYPE)(const void *); +\& typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, const void *); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" This library implements dynamic hash tables. The hash table entries can be arbitrary structures. Usually they consist of key and value fields. .PP -\&\fIlh_new()\fR creates a new \fB\s-1LHASH\s0\fR structure. \fBhash\fR takes a pointer to -the structure and returns an unsigned long hash value of its key -field. The hash value is normally truncated to a power of 2, so make -sure that your hash function returns well mixed low order -bits. \fBcompare\fR takes two arguments, and returns 0 if their keys are -equal, non-zero otherwise. +\&\fIlh_new()\fR creates a new \fB\s-1LHASH\s0\fR structure to store arbitrary data +entries, and provides the 'hash' and 'compare' callbacks to be used in +organising the table's entries. The \fBhash\fR callback takes a pointer +to a table entry as its argument and returns an unsigned long hash +value for its key field. The hash value is normally truncated to a +power of 2, so make sure that your hash function returns well mixed +low order bits. The \fBcompare\fR callback takes two arguments (pointers +to two hash table entries), and returns 0 if their keys are equal, +non-zero otherwise. If your hash table will contain items of some +particular type and the \fBhash\fR and \fBcompare\fR callbacks hash/compare +these types, then the \fB\s-1DECLARE_LHASH_HASH_FN\s0\fR and +\&\fB\s-1IMPLEMENT_LHASH_COMP_FN\s0\fR macros can be used to create callback +wrappers of the prototypes required by \fIlh_new()\fR. These provide +per-variable casts before calling the type-specific callbacks written +by the application author. These macros, as well as those used for +the \*(L"doall\*(R" callbacks, are defined as; +.PP +.Vb 7 +\& #define DECLARE_LHASH_HASH_FN(f_name,o_type) \e +\& unsigned long f_name##_LHASH_HASH(const void *); +\& #define IMPLEMENT_LHASH_HASH_FN(f_name,o_type) \e +\& unsigned long f_name##_LHASH_HASH(const void *arg) { \e +\& o_type a = (o_type)arg; \e +\& return f_name(a); } +\& #define LHASH_HASH_FN(f_name) f_name##_LHASH_HASH +.Ve +.Vb 8 +\& #define DECLARE_LHASH_COMP_FN(f_name,o_type) \e +\& int f_name##_LHASH_COMP(const void *, const void *); +\& #define IMPLEMENT_LHASH_COMP_FN(f_name,o_type) \e +\& int f_name##_LHASH_COMP(const void *arg1, const void *arg2) { \e +\& o_type a = (o_type)arg1; \e +\& o_type b = (o_type)arg2; \e +\& return f_name(a,b); } +\& #define LHASH_COMP_FN(f_name) f_name##_LHASH_COMP +.Ve +.Vb 7 +\& #define DECLARE_LHASH_DOALL_FN(f_name,o_type) \e +\& void f_name##_LHASH_DOALL(const void *); +\& #define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \e +\& void f_name##_LHASH_DOALL(const void *arg) { \e +\& o_type a = (o_type)arg; \e +\& f_name(a); } +\& #define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL +.Ve +.Vb 8 +\& #define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \e +\& void f_name##_LHASH_DOALL_ARG(const void *, const void *); +\& #define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \e +\& void f_name##_LHASH_DOALL_ARG(const void *arg1, const void *arg2) { \e +\& o_type a = (o_type)arg1; \e +\& a_type b = (a_type)arg2; \e +\& f_name(a,b); } +\& #define LHASH_DOALL_ARG_FN(f_name) f_name##_LHASH_DOALL_ARG +.Ve +An example of a hash table storing (pointers to) structures of type '\s-1STUFF\s0' +could be defined as follows; .PP +.Vb 14 +\& /* Calculates the hash value of 'tohash' (implemented elsewhere) */ +\& unsigned long STUFF_hash(const STUFF *tohash); +\& /* Orders 'arg1' and 'arg2' (implemented elsewhere) */ +\& int STUFF_cmp(const STUFF *arg1, const STUFF *arg2); +\& /* Create the type-safe wrapper functions for use in the LHASH internals */ +\& static IMPLEMENT_LHASH_HASH_FN(STUFF_hash, const STUFF *) +\& static IMPLEMENT_LHASH_COMP_FN(STUFF_cmp, const STUFF *); +\& /* ... */ +\& int main(int argc, char *argv[]) { +\& /* Create the new hash table using the hash/compare wrappers */ +\& LHASH *hashtable = lh_new(LHASH_HASH_FN(STUFF_hash), +\& LHASH_COMP_FN(STUFF_cmp)); +\& /* ... */ +\& } +.Ve \&\fIlh_free()\fR frees the \fB\s-1LHASH\s0\fR structure \fBtable\fR. Allocated hash table entries will not be freed; consider using \fIlh_doall()\fR to deallocate any -remaining entries in the hash table. +remaining entries in the hash table (see below). .PP \&\fIlh_insert()\fR inserts the structure pointed to by \fBdata\fR into \fBtable\fR. If there already is an entry with the same key, the old value is @@ -195,23 +266,55 @@ a structure with the key \fIfield\fR\|(s) set; the function will return a pointer to a fully populated structure. .PP \&\fIlh_doall()\fR will, for every entry in the hash table, call \fBfunc\fR with -the data item as parameters. -This function can be quite useful when used as follows: - void cleanup(\s-1STUFF\s0 *a) - { \fISTUFF_free\fR\|(a); } - lh_doall(hash,cleanup); - lh_free(hash); -This can be used to free all the entries. \fIlh_free()\fR then cleans up the -\&'buckets' that point to nothing. When doing this, be careful if you -delete entries from the hash table in \fBfunc\fR: the table may decrease -in size, moving item that you are currently on down lower in the hash -table. This could cause some entries to be skipped. The best -solution to this problem is to set hash->down_load=0 before you -start. This will stop the hash table ever being decreased in size. +the data item as its parameter. For \fIlh_doall()\fR and \fIlh_doall_arg()\fR, +function pointer casting should be avoided in the callbacks (see +\&\fB\s-1NOTE\s0\fR) \- instead, either declare the callbacks to match the +prototype required in \fIlh_new()\fR or use the declare/implement macros to +create type-safe wrappers that cast variables prior to calling your +type-specific callbacks. An example of this is illustrated here where +the callback is used to cleanup resources for items in the hash table +prior to the hashtable itself being deallocated: .PP -\&\fIlh_doall_arg()\fR is the same as \fIlh_doall()\fR except that \fBfunc\fR will -be called with \fBarg\fR as the second argument. +.Vb 9 +\& /* Cleans up resources belonging to 'a' (this is implemented elsewhere) */ +\& void STUFF_cleanup(STUFF *a); +\& /* Implement a prototype-compatible wrapper for "STUFF_cleanup" */ +\& IMPLEMENT_LHASH_DOALL_FN(STUFF_cleanup, STUFF *) +\& /* ... then later in the code ... */ +\& /* So to run "STUFF_cleanup" against all items in a hash table ... */ +\& lh_doall(hashtable, LHASH_DOALL_FN(STUFF_cleanup)); +\& /* Then the hash table itself can be deallocated */ +\& lh_free(hashtable); +.Ve +When doing this, be careful if you delete entries from the hash table +in your callbacks: the table may decrease in size, moving the item +that you are currently on down lower in the hash table \- this could +cause some entries to be skipped during the iteration. The second +best solution to this problem is to set hash->down_load=0 before +you start (which will stop the hash table ever decreasing in size). +The best solution is probably to avoid deleting items from the hash +table inside a \*(L"doall\*(R" callback! +.PP +\&\fIlh_doall_arg()\fR is the same as \fIlh_doall()\fR except that \fBfunc\fR will be +called with \fBarg\fR as the second argument and \fBfunc\fR should be of +type \fB\s-1LHASH_DOALL_ARG_FN_TYPE\s0\fR (a callback prototype that is passed +both the table entry and an extra argument). As with \fIlh_doall()\fR, you +can instead choose to declare your callback with a prototype matching +the types you are dealing with and use the declare/implement macros to +create compatible wrappers that cast variables before calling your +type-specific callbacks. An example of this is demonstrated here +(printing all hash table entries to a \s-1BIO\s0 that is provided by the +caller): .PP +.Vb 7 +\& /* Prints item 'a' to 'output_bio' (this is implemented elsewhere) */ +\& void STUFF_print(const STUFF *a, BIO *output_bio); +\& /* Implement a prototype-compatible wrapper for "STUFF_print" */ +\& static IMPLEMENT_LHASH_DOALL_ARG_FN(STUFF_print, const STUFF *, BIO *) +\& /* ... then later in the code ... */ +\& /* Print out the entire hashtable to a particular BIO */ +\& lh_doall_arg(hashtable, LHASH_DOALL_ARG_FN(STUFF_print), logging_bio); +.Ve \&\fIlh_error()\fR can be used to determine if an error occurred in the last operation. \fIlh_error()\fR is a macro. .SH "RETURN VALUES" @@ -232,6 +335,44 @@ there is no such value in the hash table. otherwise. .PP \&\fIlh_free()\fR, \fIlh_doall()\fR and \fIlh_doall_arg()\fR return no values. +.SH "NOTE" +.IX Header "NOTE" +The various \s-1LHASH\s0 macros and callback types exist to make it possible +to write type-safe code without resorting to function-prototype +casting \- an evil that makes application code much harder to +audit/verify and also opens the window of opportunity for stack +corruption and other hard-to-find bugs. It also, apparently, violates +\&\s-1ANSI-C\s0. +.PP +The \s-1LHASH\s0 code regards table entries as constant data. As such, it +internally represents \fIlh_insert()\fR'd items with a \*(L"const void *\*(R" +pointer type. This is why callbacks such as those used by \fIlh_doall()\fR +and \fIlh_doall_arg()\fR declare their prototypes with \*(L"const\*(R", even for the +parameters that pass back the table items' data pointers \- for +consistency, user-provided data is \*(L"const\*(R" at all times as far as the +\&\s-1LHASH\s0 code is concerned. However, as callers are themselves providing +these pointers, they can choose whether they too should be treating +all such parameters as constant. +.PP +As an example, a hash table may be maintained by code that, for +reasons of encapsulation, has only \*(L"const\*(R" access to the data being +indexed in the hash table (ie. it is returned as \*(L"const\*(R" from +elsewhere in their code) \- in this case the \s-1LHASH\s0 prototypes are +appropriate as-is. Conversely, if the caller is responsible for the +life-time of the data in question, then they may well wish to make +modifications to table item passed back in the \fIlh_doall()\fR or +\&\fIlh_doall_arg()\fR callbacks (see the \*(L"STUFF_cleanup\*(R" example above). If +so, the caller can either cast the \*(L"const\*(R" away (if they're providing +the raw callbacks themselves) or use the macros to declare/implement +the wrapper functions without \*(L"const\*(R" types. +.PP +Callers that only have \*(L"const\*(R" access to data they're indexing in a +table, yet declare callbacks without constant types (or cast the +\&\*(L"const\*(R" away themselves), are therefore creating their own risks/bugs +without being encouraged to do so by the \s-1API\s0. On a related note, +those auditing code should pay special attention to any instances of +DECLARE/IMPLEMENT_LHASH_DOALL_[\s-1ARG_\s0]_FN macros that provide types +without any \*(L"const\*(R" qualifiers. .SH "BUGS" .IX Header "BUGS" \&\fIlh_insert()\fR returns \fB\s-1NULL\s0\fR both for success and error. @@ -271,7 +412,7 @@ generating hashes that are the same for different values. It is probably worth changing your hash function if this is the case because even if your hash table has 10 items in a 'bucket', it can be searched with 10 \fBunsigned long\fR compares and 10 linked list traverses. This -will be much less expensive that 10 calls to you compare function. +will be much less expensive that 10 calls to your compare function. .PP \&\fIlh_strhash()\fR is a demo string hashing function: .PP @@ -290,3 +431,8 @@ The \fBlhash\fR library is available in all versions of SSLeay and OpenSSL. \&\fIlh_error()\fR was added in SSLeay 0.9.1b. .PP This manpage is derived from the SSLeay documentation. +.PP +In OpenSSL 0.9.7, all lhash functions that were passed function pointers +were changed for better type safety, and the function types \s-1LHASH_COMP_FN_TYPE\s0, +\&\s-1LHASH_HASH_FN_TYPE\s0, \s-1LHASH_DOALL_FN_TYPE\s0 and \s-1LHASH_DOALL_ARG_FN_TYPE\s0 +became available. diff --git a/secure/lib/libcrypto/man/md5.3 b/secure/lib/libcrypto/man/md5.3 index c69001a49b2c..efa005305b6b 100644 --- a/secure/lib/libcrypto/man/md5.3 +++ b/secure/lib/libcrypto/man/md5.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:07 2002 +.\" Mon Jan 13 19:29:24 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "md5 3" -.TH md5 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH md5 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" \&\s-1MD2\s0, \s-1MD4\s0, \s-1MD5\s0, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update, diff --git a/secure/lib/libcrypto/man/mdc2.3 b/secure/lib/libcrypto/man/mdc2.3 index b55340370019..703af8068e55 100644 --- a/secure/lib/libcrypto/man/mdc2.3 +++ b/secure/lib/libcrypto/man/mdc2.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:08 2002 +.\" Mon Jan 13 19:29:26 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "mdc2 3" -.TH mdc2 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH mdc2 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" \&\s-1MDC2\s0, MDC2_Init, MDC2_Update, MDC2_Final \- \s-1MDC2\s0 hash function diff --git a/secure/lib/libcrypto/man/nseq.1 b/secure/lib/libcrypto/man/nseq.1 deleted file mode 100644 index 469dc98a8f24..000000000000 --- a/secure/lib/libcrypto/man/nseq.1 +++ /dev/null @@ -1,199 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:47 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "NSEQ 1" -.TH NSEQ 1 "0.9.6e" "2000-04-13" "OpenSSL" -.UC -.SH "NAME" -nseq \- create or examine a netscape certificate sequence -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBnseq\fR -[\fB\-in filename\fR] -[\fB\-out filename\fR] -[\fB\-toseq\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBnseq\fR command takes a file containing a Netscape certificate -sequence and prints out the certificates contained in it or takes a -file of certificates and converts it into a Netscape certificate -sequence. -.SH "COMMAND OPTIONS" -.IX Header "COMMAND OPTIONS" -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -This specifies the input filename to read or standard input if this -option is not specified. -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -specifies the output filename or standard output by default. -.Ip "\fB\-toseq\fR" 4 -.IX Item "-toseq" -normally a Netscape certificate sequence will be input and the output -is the certificates contained in it. With the \fB\-toseq\fR option the -situation is reversed: a Netscape certificate sequence is created from -a file of certificates. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Output the certificates in a Netscape certificate sequence -.PP -.Vb 1 -\& openssl nseq -in nseq.pem -out certs.pem -.Ve -Create a Netscape certificate sequence -.PP -.Vb 1 -\& openssl nseq -in certs.pem -toseq -out nseq.pem -.Ve -.SH "NOTES" -.IX Header "NOTES" -The \fB\s-1PEM\s0\fR encoded form uses the same headers and footers as a certificate: -.PP -.Vb 2 -\& -----BEGIN CERTIFICATE----- -\& -----END CERTIFICATE----- -.Ve -A Netscape certificate sequence is a Netscape specific form that can be sent -to browsers as an alternative to the standard PKCS#7 format when several -certificates are sent to the browser: for example during certificate enrollment. -It is used by Netscape certificate server for example. -.SH "BUGS" -.IX Header "BUGS" -This program needs a few more options: like allowing \s-1DER\s0 or \s-1PEM\s0 input and -output files and allowing multiple certificate files to be used. diff --git a/secure/lib/libcrypto/man/openssl.1 b/secure/lib/libcrypto/man/openssl.1 deleted file mode 100644 index 7511cb170078..000000000000 --- a/secure/lib/libcrypto/man/openssl.1 +++ /dev/null @@ -1,404 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:48 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "OPENSSL 1" -.TH OPENSSL 1 "0.9.6e" "2002-01-26" "OpenSSL" -.UC -.SH "NAME" -openssl \- OpenSSL command line tool -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR -\&\fIcommand\fR -[ \fIcommand_opts\fR ] -[ \fIcommand_args\fR ] -.PP -\&\fBopenssl\fR [ \fBlist-standard-commands\fR | \fBlist-message-digest-commands\fR | \fBlist-cipher-commands\fR ] -.PP -\&\fBopenssl\fR \fBno-\fR\fI\s-1XXX\s0\fR [ \fIarbitrary options\fR ] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (\s-1SSL\s0 -v2/v3) and Transport Layer Security (\s-1TLS\s0 v1) network protocols and related -cryptography standards required by them. -.PP -The \fBopenssl\fR program is a command line tool for using the various -cryptography functions of OpenSSL's \fBcrypto\fR library from the shell. -It can be used for -.PP -.Vb 6 -\& o Creation of RSA, DH and DSA key parameters -\& o Creation of X.509 certificates, CSRs and CRLs -\& o Calculation of Message Digests -\& o Encryption and Decryption with Ciphers -\& o SSL/TLS Client and Server Tests -\& o Handling of S/MIME signed or encrypted mail -.Ve -.SH "COMMAND SUMMARY" -.IX Header "COMMAND SUMMARY" -The \fBopenssl\fR program provides a rich variety of commands (\fIcommand\fR in the -\&\s-1SYNOPSIS\s0 above), each of which often has a wealth of options and arguments -(\fIcommand_opts\fR and \fIcommand_args\fR in the \s-1SYNOPSIS\s0). -.PP -The pseudo-commands \fBlist-standard-commands\fR, \fBlist-message-digest-commands\fR, -and \fBlist-cipher-commands\fR output a list (one entry per line) of the names -of all standard commands, message digest commands, or cipher commands, -respectively, that are available in the present \fBopenssl\fR utility. -.PP -The pseudo-command \fBno-\fR\fI\s-1XXX\s0\fR tests whether a command of the -specified name is available. If no command named \fI\s-1XXX\s0\fR exists, it -returns 0 (success) and prints \fBno-\fR\fI\s-1XXX\s0\fR; otherwise it returns 1 -and prints \fI\s-1XXX\s0\fR. In both cases, the output goes to \fBstdout\fR and -nothing is printed to \fBstderr\fR. Additional command line arguments -are always ignored. Since for each cipher there is a command of the -same name, this provides an easy way for shell scripts to test for the -availability of ciphers in the \fBopenssl\fR program. (\fBno-\fR\fI\s-1XXX\s0\fR is -not able to detect pseudo-commands such as \fBquit\fR, -\&\fBlist-\fR\fI...\fR\fB\-commands\fR, or \fBno-\fR\fI\s-1XXX\s0\fR itself.) -.Sh "\s-1STANDARD\s0 \s-1COMMANDS\s0" -.IX Subsection "STANDARD COMMANDS" -.Ip "\fBasn1parse\fR" 10 -.IX Item "asn1parse" -Parse an \s-1ASN\s0.1 sequence. -.Ip "\fBca\fR" 10 -.IX Item "ca" -Certificate Authority (\s-1CA\s0) Management. -.Ip "\fBciphers\fR" 10 -.IX Item "ciphers" -Cipher Suite Description Determination. -.Ip "\fBcrl\fR" 10 -.IX Item "crl" -Certificate Revocation List (\s-1CRL\s0) Management. -.Ip "\fBcrl2pkcs7\fR" 10 -.IX Item "crl2pkcs7" -\&\s-1CRL\s0 to PKCS#7 Conversion. -.Ip "\fBdgst\fR" 10 -.IX Item "dgst" -Message Digest Calculation. -.Ip "\fBdh\fR" 10 -.IX Item "dh" -Diffie-Hellman Parameter Management. -Obsoleted by \fBdhparam\fR. -.Ip "\fBdsa\fR" 10 -.IX Item "dsa" -\&\s-1DSA\s0 Data Management. -.Ip "\fBdsaparam\fR" 10 -.IX Item "dsaparam" -\&\s-1DSA\s0 Parameter Generation. -.Ip "\fBenc\fR" 10 -.IX Item "enc" -Encoding with Ciphers. -.Ip "\fBerrstr\fR" 10 -.IX Item "errstr" -Error Number to Error String Conversion. -.Ip "\fBdhparam\fR" 10 -.IX Item "dhparam" -Generation and Management of Diffie-Hellman Parameters. -.Ip "\fBgendh\fR" 10 -.IX Item "gendh" -Generation of Diffie-Hellman Parameters. -Obsoleted by \fBdhparam\fR. -.Ip "\fBgendsa\fR" 10 -.IX Item "gendsa" -Generation of \s-1DSA\s0 Parameters. -.Ip "\fBgenrsa\fR" 10 -.IX Item "genrsa" -Generation of \s-1RSA\s0 Parameters. -.Ip "\fBpasswd\fR" 10 -.IX Item "passwd" -Generation of hashed passwords. -.Ip "\fBpkcs12\fR" 10 -.IX Item "pkcs12" -PKCS#12 Data Management. -.Ip "\fBpkcs7\fR" 10 -.IX Item "pkcs7" -PKCS#7 Data Management. -.Ip "\fBrand\fR" 10 -.IX Item "rand" -Generate pseudo-random bytes. -.Ip "\fBreq\fR" 10 -.IX Item "req" -X.509 Certificate Signing Request (\s-1CSR\s0) Management. -.Ip "\fBrsa\fR" 10 -.IX Item "rsa" -\&\s-1RSA\s0 Data Management. -.Ip "\fBrsautl\fR" 10 -.IX Item "rsautl" -\&\s-1RSA\s0 utility for signing, verification, encryption, and decryption. -.Ip "\fBs_client\fR" 10 -.IX Item "s_client" -This implements a generic \s-1SSL/TLS\s0 client which can establish a transparent -connection to a remote server speaking \s-1SSL/TLS\s0. It's intended for testing -purposes only and provides only rudimentary interface functionality but -internally uses mostly all functionality of the OpenSSL \fBssl\fR library. -.Ip "\fBs_server\fR" 10 -.IX Item "s_server" -This implements a generic \s-1SSL/TLS\s0 server which accepts connections from remote -clients speaking \s-1SSL/TLS\s0. It's intended for testing purposes only and provides -only rudimentary interface functionality but internally uses mostly all -functionality of the OpenSSL \fBssl\fR library. It provides both an own command -line oriented protocol for testing \s-1SSL\s0 functions and a simple \s-1HTTP\s0 response -facility to emulate an SSL/TLS-aware webserver. -.Ip "\fBs_time\fR" 10 -.IX Item "s_time" -\&\s-1SSL\s0 Connection Timer. -.Ip "\fBsess_id\fR" 10 -.IX Item "sess_id" -\&\s-1SSL\s0 Session Data Management. -.Ip "\fBsmime\fR" 10 -.IX Item "smime" -S/MIME mail processing. -.Ip "\fBspeed\fR" 10 -.IX Item "speed" -Algorithm Speed Measurement. -.Ip "\fBverify\fR" 10 -.IX Item "verify" -X.509 Certificate Verification. -.Ip "\fBversion\fR" 10 -.IX Item "version" -OpenSSL Version Information. -.Ip "\fBx509\fR" 10 -.IX Item "x509" -X.509 Certificate Data Management. -.Sh "\s-1MESSAGE\s0 \s-1DIGEST\s0 \s-1COMMANDS\s0" -.IX Subsection "MESSAGE DIGEST COMMANDS" -.Ip "\fBmd2\fR" 10 -.IX Item "md2" -\&\s-1MD2\s0 Digest -.Ip "\fBmd5\fR" 10 -.IX Item "md5" -\&\s-1MD5\s0 Digest -.Ip "\fBmdc2\fR" 10 -.IX Item "mdc2" -\&\s-1MDC2\s0 Digest -.Ip "\fBrmd160\fR" 10 -.IX Item "rmd160" -\&\s-1RMD-160\s0 Digest -.Ip "\fBsha\fR" 10 -.IX Item "sha" -\&\s-1SHA\s0 Digest -.Ip "\fBsha1\fR" 10 -.IX Item "sha1" -\&\s-1SHA-1\s0 Digest -.Sh "\s-1ENCODING\s0 \s-1AND\s0 \s-1CIPHER\s0 \s-1COMMANDS\s0" -.IX Subsection "ENCODING AND CIPHER COMMANDS" -.Ip "\fBbase64\fR" 10 -.IX Item "base64" -Base64 Encoding -.Ip "\fBbf bf-cbc bf-cfb bf-ecb bf-ofb\fR" 10 -.IX Item "bf bf-cbc bf-cfb bf-ecb bf-ofb" -Blowfish Cipher -.Ip "\fBcast cast-cbc\fR" 10 -.IX Item "cast cast-cbc" -\&\s-1CAST\s0 Cipher -.Ip "\fBcast5\-cbc cast5\-cfb cast5\-ecb cast5\-ofb\fR" 10 -.IX Item "cast5-cbc cast5-cfb cast5-ecb cast5-ofb" -\&\s-1CAST5\s0 Cipher -.Ip "\fBdes des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ofb\fR" 10 -.IX Item "des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ofb" -\&\s-1DES\s0 Cipher -.Ip "\fBdes3 desx des-ede3 des-ede3\-cbc des-ede3\-cfb des-ede3\-ofb\fR" 10 -.IX Item "des3 desx des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb" -Triple-DES Cipher -.Ip "\fBidea idea-cbc idea-cfb idea-ecb idea-ofb\fR" 10 -.IX Item "idea idea-cbc idea-cfb idea-ecb idea-ofb" -\&\s-1IDEA\s0 Cipher -.Ip "\fBrc2 rc2\-cbc rc2\-cfb rc2\-ecb rc2\-ofb\fR" 10 -.IX Item "rc2 rc2-cbc rc2-cfb rc2-ecb rc2-ofb" -\&\s-1RC2\s0 Cipher -.Ip "\fBrc4\fR" 10 -.IX Item "rc4" -\&\s-1RC4\s0 Cipher -.Ip "\fBrc5 rc5\-cbc rc5\-cfb rc5\-ecb rc5\-ofb\fR" 10 -.IX Item "rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb" -\&\s-1RC5\s0 Cipher -.SH "PASS PHRASE ARGUMENTS" -.IX Header "PASS PHRASE ARGUMENTS" -Several commands accept password arguments, typically using \fB\-passin\fR -and \fB\-passout\fR for input and output passwords respectively. These allow -the password to be obtained from a variety of sources. Both of these -options take a single argument whose format is described below. If no -password argument is given and a password is required then the user is -prompted to enter one: this will typically be read from the current -terminal with echoing turned off. -.Ip "\fBpass:password\fR" 10 -.IX Item "pass:password" -the actual password is \fBpassword\fR. Since the password is visible -to utilities (like 'ps' under Unix) this form should only be used -where security is not important. -.Ip "\fBenv:var\fR" 10 -.IX Item "env:var" -obtain the password from the environment variable \fBvar\fR. Since -the environment of other processes is visible on certain platforms -(e.g. ps under certain Unix OSes) this option should be used with caution. -.Ip "\fBfile:pathname\fR" 10 -.IX Item "file:pathname" -the first line of \fBpathname\fR is the password. If the same \fBpathname\fR -argument is supplied to \fB\-passin\fR and \fB\-passout\fR arguments then the first -line will be used for the input password and the next line for the output -password. \fBpathname\fR need not refer to a regular file: it could for example -refer to a device or named pipe. -.Ip "\fBfd:number\fR" 10 -.IX Item "fd:number" -read the password from the file descriptor \fBnumber\fR. This can be used to -send the data via a pipe for example. -.Ip "\fBstdin\fR" 10 -.IX Item "stdin" -read the password from standard input. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -asn1parse(1), ca(1), config(5), -crl(1), crl2pkcs7(1), dgst(1), -dhparam(1), dsa(1), dsaparam(1), -enc(1), gendsa(1), -genrsa(1), nseq(1), openssl(1), -passwd(1), -pkcs12(1), pkcs7(1), pkcs8(1), -rand(1), req(1), rsa(1), -rsautl(1), s_client(1), -s_server(1), smime(1), spkac(1), -verify(1), version(1), x509(1), -crypto(3), ssl(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fIopenssl\fR\|(1) document appeared in OpenSSL 0.9.2. -The \fBlist-\fR\fI\s-1XXX\s0\fR\fB\-commands\fR pseudo-commands were added in OpenSSL 0.9.3; -the \fBno-\fR\fI\s-1XXX\s0\fR pseudo-commands were added in OpenSSL 0.9.5a. -For notes on the availability of other commands, see their individual -manual pages. diff --git a/secure/lib/libcrypto/man/passwd.1 b/secure/lib/libcrypto/man/passwd.1 deleted file mode 100644 index 1274f1779ce3..000000000000 --- a/secure/lib/libcrypto/man/passwd.1 +++ /dev/null @@ -1,198 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:49 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "PASSWD 1" -.TH PASSWD 1 "0.9.6e" "2000-11-12" "OpenSSL" -.UC -.SH "NAME" -passwd \- compute password hashes -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl passwd\fR -[\fB\-crypt\fR] -[\fB\-1\fR] -[\fB\-apr1\fR] -[\fB\-salt\fR \fIstring\fR] -[\fB\-in\fR \fIfile\fR] -[\fB\-stdin\fR] -[\fB\-quiet\fR] -[\fB\-table\fR] -{\fIpassword\fR} -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBpasswd\fR command computes the hash of a password typed at -run-time or the hash of each password in a list. The password list is -taken from the named file for option \fB\-in file\fR, from stdin for -option \fB\-stdin\fR, and from the command line otherwise. -The Unix standard algorithm \fBcrypt\fR and the MD5\-based \s-1BSD\s0 password -algorithm \fB1\fR and its Apache variant \fBapr1\fR are available. -.SH "OPTIONS" -.IX Header "OPTIONS" -.Ip "\fB\-crypt\fR" 4 -.IX Item "-crypt" -Use the \fBcrypt\fR algorithm (default). -.Ip "\fB\-1\fR" 4 -.IX Item "-1" -Use the \s-1MD5\s0 based \s-1BSD\s0 password algorithm \fB1\fR. -.Ip "\fB\-apr1\fR" 4 -.IX Item "-apr1" -Use the \fBapr1\fR algorithm (Apache variant of the \s-1BSD\s0 algorithm). -.Ip "\fB\-salt\fR \fIstring\fR" 4 -.IX Item "-salt string" -Use the specified salt. -.Ip "\fB\-in\fR \fIfile\fR" 4 -.IX Item "-in file" -Read passwords from \fIfile\fR. -.Ip "\fB\-stdin\fR" 4 -.IX Item "-stdin" -Read passwords from \fBstdin\fR. -.Ip "\fB\-quiet\fR" 4 -.IX Item "-quiet" -Don't output warnings when passwords given at the command line are truncated. -.Ip "\fB\-table\fR" 4 -.IX Item "-table" -In the output list, prepend the cleartext password and a \s-1TAB\s0 character -to each password hash. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -\&\fBopenssl passwd \-crypt \-salt xx password\fR prints \fBxxj31ZMTZzkVA\fR. -.PP -\&\fBopenssl passwd \-1 \-salt xxxxxxxx password\fR prints \fB$1$xxxxxxxx$8XJIcl6ZXqBMCK0qFevqT1\fR. -.PP -\&\fBopenssl passwd \-apr1 \-salt xxxxxxxx password\fR prints \fB$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0\fR. diff --git a/secure/lib/libcrypto/man/pem.3 b/secure/lib/libcrypto/man/pem.3 new file mode 100644 index 000000000000..6a616128b767 --- /dev/null +++ b/secure/lib/libcrypto/man/pem.3 @@ -0,0 +1,689 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:29:27 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "pem 3" +.TH pem 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +\&\s-1PEM\s0 \- \s-1PEM\s0 routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/pem.h> +.Ve +.Vb 2 +\& EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 2 +\& EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 2 +\& EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 2 +\& EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 2 +\& int PEM_write_bio_PUBKEY(BIO *bp, EVP_PKEY *x); +\& int PEM_write_PUBKEY(FILE *fp, EVP_PKEY *x); +.Ve +.Vb 2 +\& RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 2 +\& RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 2 +\& RSA *PEM_read_bio_RSAPublicKey(BIO *bp, RSA **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 2 +\& RSA *PEM_read_RSAPublicKey(FILE *fp, RSA **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& int PEM_write_bio_RSAPublicKey(BIO *bp, RSA *x); +.Ve +.Vb 1 +\& int PEM_write_RSAPublicKey(FILE *fp, RSA *x); +.Ve +.Vb 2 +\& RSA *PEM_read_bio_RSA_PUBKEY(BIO *bp, RSA **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 2 +\& RSA *PEM_read_RSA_PUBKEY(FILE *fp, RSA **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& int PEM_write_bio_RSA_PUBKEY(BIO *bp, RSA *x); +.Ve +.Vb 1 +\& int PEM_write_RSA_PUBKEY(FILE *fp, RSA *x); +.Ve +.Vb 2 +\& DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 2 +\& DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 2 +\& DSA *PEM_read_bio_DSA_PUBKEY(BIO *bp, DSA **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 2 +\& DSA *PEM_read_DSA_PUBKEY(FILE *fp, DSA **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& int PEM_write_bio_DSA_PUBKEY(BIO *bp, DSA *x); +.Ve +.Vb 1 +\& int PEM_write_DSA_PUBKEY(FILE *fp, DSA *x); +.Ve +.Vb 1 +\& DSA *PEM_read_bio_DSAparams(BIO *bp, DSA **x, pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& DSA *PEM_read_DSAparams(FILE *fp, DSA **x, pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& int PEM_write_bio_DSAparams(BIO *bp, DSA *x); +.Ve +.Vb 1 +\& int PEM_write_DSAparams(FILE *fp, DSA *x); +.Ve +.Vb 1 +\& DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& int PEM_write_bio_DHparams(BIO *bp, DH *x); +.Ve +.Vb 1 +\& int PEM_write_DHparams(FILE *fp, DH *x); +.Ve +.Vb 1 +\& X509 *PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& int PEM_write_bio_X509(BIO *bp, X509 *x); +.Ve +.Vb 1 +\& int PEM_write_X509(FILE *fp, X509 *x); +.Ve +.Vb 1 +\& X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& X509 *PEM_read_X509_AUX(FILE *fp, X509 **x, pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& int PEM_write_bio_X509_AUX(BIO *bp, X509 *x); +.Ve +.Vb 1 +\& int PEM_write_X509_AUX(FILE *fp, X509 *x); +.Ve +.Vb 2 +\& X509_REQ *PEM_read_bio_X509_REQ(BIO *bp, X509_REQ **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 2 +\& X509_REQ *PEM_read_X509_REQ(FILE *fp, X509_REQ **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& int PEM_write_bio_X509_REQ(BIO *bp, X509_REQ *x); +.Ve +.Vb 1 +\& int PEM_write_X509_REQ(FILE *fp, X509_REQ *x); +.Ve +.Vb 1 +\& int PEM_write_bio_X509_REQ_NEW(BIO *bp, X509_REQ *x); +.Ve +.Vb 1 +\& int PEM_write_X509_REQ_NEW(FILE *fp, X509_REQ *x); +.Ve +.Vb 6 +\& X509_CRL *PEM_read_bio_X509_CRL(BIO *bp, X509_CRL **x, +\& pem_password_cb *cb, void *u); +\& X509_CRL *PEM_read_X509_CRL(FILE *fp, X509_CRL **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_X509_CRL(BIO *bp, X509_CRL *x); +\& int PEM_write_X509_CRL(FILE *fp, X509_CRL *x); +.Ve +.Vb 1 +\& PKCS7 *PEM_read_bio_PKCS7(BIO *bp, PKCS7 **x, pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& PKCS7 *PEM_read_PKCS7(FILE *fp, PKCS7 **x, pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& int PEM_write_bio_PKCS7(BIO *bp, PKCS7 *x); +.Ve +.Vb 1 +\& int PEM_write_PKCS7(FILE *fp, PKCS7 *x); +.Ve +.Vb 3 +\& NETSCAPE_CERT_SEQUENCE *PEM_read_bio_NETSCAPE_CERT_SEQUENCE(BIO *bp, +\& NETSCAPE_CERT_SEQUENCE **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& NETSCAPE_CERT_SEQUENCE *PEM_read_NETSCAPE_CERT_SEQUENCE(FILE *fp, +\& NETSCAPE_CERT_SEQUENCE **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& int PEM_write_bio_NETSCAPE_CERT_SEQUENCE(BIO *bp, NETSCAPE_CERT_SEQUENCE *x); +.Ve +.Vb 1 +\& int PEM_write_NETSCAPE_CERT_SEQUENCE(FILE *fp, NETSCAPE_CERT_SEQUENCE *x); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1PEM\s0 functions read or write structures in \s-1PEM\s0 format. In +this sense \s-1PEM\s0 format is simply base64 encoded data surrounded +by header lines. +.PP +For more details about the meaning of arguments see the +\&\fB\s-1PEM\s0 \s-1FUNCTION\s0 \s-1ARGUMENTS\s0\fR section. +.PP +Each operation has four functions associated with it. For +clarity the term "\fBfoobar\fR functions" will be used to collectively +refer to the \fIPEM_read_bio_foobar()\fR, \fIPEM_read_foobar()\fR, +\&\fIPEM_write_bio_foobar()\fR and \fIPEM_write_foobar()\fR functions. +.PP +The \fBPrivateKey\fR functions read or write a private key in +\&\s-1PEM\s0 format using an \s-1EVP_PKEY\s0 structure. The write routines use +\&\*(L"traditional\*(R" private key format and can handle both \s-1RSA\s0 and \s-1DSA\s0 +private keys. The read functions can additionally transparently +handle PKCS#8 format encrypted and unencrypted keys too. +.PP +\&\fIPEM_write_bio_PKCS8PrivateKey()\fR and \fIPEM_write_PKCS8PrivateKey()\fR +write a private key in an \s-1EVP_PKEY\s0 structure in PKCS#8 +EncryptedPrivateKeyInfo format using PKCS#5 v2.0 password based encryption +algorithms. The \fBcipher\fR argument specifies the encryption algoritm to +use: unlike all other \s-1PEM\s0 routines the encryption is applied at the +PKCS#8 level and not in the \s-1PEM\s0 headers. If \fBcipher\fR is \s-1NULL\s0 then no +encryption is used and a PKCS#8 PrivateKeyInfo structure is used instead. +.PP +\&\fIPEM_write_bio_PKCS8PrivateKey_nid()\fR and \fIPEM_write_PKCS8PrivateKey_nid()\fR +also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however +it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm +to use is specified in the \fBnid\fR parameter and should be the \s-1NID\s0 of the +corresponding \s-1OBJECT\s0 \s-1IDENTIFIER\s0 (see \s-1NOTES\s0 section). +.PP +The \fB\s-1PUBKEY\s0\fR functions process a public key using an \s-1EVP_PKEY\s0 +structure. The public key is encoded as a SubjectPublicKeyInfo +structure. +.PP +The \fBRSAPrivateKey\fR functions process an \s-1RSA\s0 private key using an +\&\s-1RSA\s0 structure. It handles the same formats as the \fBPrivateKey\fR +functions but an error occurs if the private key is not \s-1RSA\s0. +.PP +The \fBRSAPublicKey\fR functions process an \s-1RSA\s0 public key using an +\&\s-1RSA\s0 structure. The public key is encoded using a PKCS#1 RSAPublicKey +structure. +.PP +The \fB\s-1RSA_PUBKEY\s0\fR functions also process an \s-1RSA\s0 public key using +an \s-1RSA\s0 structure. However the public key is encoded using a +SubjectPublicKeyInfo structure and an error occurs if the public +key is not \s-1RSA\s0. +.PP +The \fBDSAPrivateKey\fR functions process a \s-1DSA\s0 private key using a +\&\s-1DSA\s0 structure. It handles the same formats as the \fBPrivateKey\fR +functions but an error occurs if the private key is not \s-1DSA\s0. +.PP +The \fB\s-1DSA_PUBKEY\s0\fR functions process a \s-1DSA\s0 public key using +a \s-1DSA\s0 structure. The public key is encoded using a +SubjectPublicKeyInfo structure and an error occurs if the public +key is not \s-1DSA\s0. +.PP +The \fBDSAparams\fR functions process \s-1DSA\s0 parameters using a \s-1DSA\s0 +structure. The parameters are encoded using a foobar structure. +.PP +The \fBDHparams\fR functions process \s-1DH\s0 parameters using a \s-1DH\s0 +structure. The parameters are encoded using a PKCS#3 DHparameter +structure. +.PP +The \fBX509\fR functions process an X509 certificate using an X509 +structure. They will also process a trusted X509 certificate but +any trust settings are discarded. +.PP +The \fBX509_AUX\fR functions process a trusted X509 certificate using +an X509 structure. +.PP +The \fBX509_REQ\fR and \fBX509_REQ_NEW\fR functions process a PKCS#10 +certificate request using an X509_REQ structure. The \fBX509_REQ\fR +write functions use \fB\s-1CERTIFICATE\s0 \s-1REQUEST\s0\fR in the header whereas +the \fBX509_REQ_NEW\fR functions use \fB\s-1NEW\s0 \s-1CERTIFICATE\s0 \s-1REQUEST\s0\fR +(as required by some CAs). The \fBX509_REQ\fR read functions will +handle either form so there are no \fBX509_REQ_NEW\fR read functions. +.PP +The \fBX509_CRL\fR functions process an X509 \s-1CRL\s0 using an X509_CRL +structure. +.PP +The \fB\s-1PKCS7\s0\fR functions process a PKCS#7 ContentInfo using a \s-1PKCS7\s0 +structure. +.PP +The \fB\s-1NETSCAPE_CERT_SEQUENCE\s0\fR functions process a Netscape Certificate +Sequence using a \s-1NETSCAPE_CERT_SEQUENCE\s0 structure. +.SH "PEM FUNCTION ARGUMENTS" +.IX Header "PEM FUNCTION ARGUMENTS" +The \s-1PEM\s0 functions have many common arguments. +.PP +The \fBbp\fR \s-1BIO\s0 parameter (if present) specifies the \s-1BIO\s0 to read from +or write to. +.PP +The \fBfp\fR \s-1FILE\s0 parameter (if present) specifies the \s-1FILE\s0 pointer to +read from or write to. +.PP +The \s-1PEM\s0 read functions all take an argument \fB\s-1TYPE\s0 **x\fR and return +a \fB\s-1TYPE\s0 *\fR pointer. Where \fB\s-1TYPE\s0\fR is whatever structure the function +uses. If \fBx\fR is \s-1NULL\s0 then the parameter is ignored. If \fBx\fR is not +\&\s-1NULL\s0 but \fB*x\fR is \s-1NULL\s0 then the structure returned will be written +to \fB*x\fR. If neither \fBx\fR nor \fB*x\fR is \s-1NULL\s0 then an attempt is made +to reuse the structure at \fB*x\fR (but see \s-1BUGS\s0 and \s-1EXAMPLES\s0 sections). +Irrespective of the value of \fBx\fR a pointer to the structure is always +returned (or \s-1NULL\s0 if an error occurred). +.PP +The \s-1PEM\s0 functions which write private keys take an \fBenc\fR parameter +which specifies the encryption algorithm to use, encryption is done +at the \s-1PEM\s0 level. If this parameter is set to \s-1NULL\s0 then the private +key is written in unencrypted form. +.PP +The \fBcb\fR argument is the callback to use when querying for the pass +phrase used for encrypted \s-1PEM\s0 structures (normally only private keys). +.PP +For the \s-1PEM\s0 write routines if the \fBkstr\fR parameter is not \s-1NULL\s0 then +\&\fBklen\fR bytes at \fBkstr\fR are used as the passphrase and \fBcb\fR is +ignored. +.PP +If the \fBcb\fR parameters is set to \s-1NULL\s0 and the \fBu\fR parameter is not +\&\s-1NULL\s0 then the \fBu\fR parameter is interpreted as a null terminated string +to use as the passphrase. If both \fBcb\fR and \fBu\fR are \s-1NULL\s0 then the +default callback routine is used which will typically prompt for the +passphrase on the current terminal with echoing turned off. +.PP +The default passphrase callback is sometimes inappropriate (for example +in a \s-1GUI\s0 application) so an alternative can be supplied. The callback +routine has the following form: +.PP +.Vb 1 +\& int cb(char *buf, int size, int rwflag, void *u); +.Ve +\&\fBbuf\fR is the buffer to write the passphrase to. \fBsize\fR is the maximum +length of the passphrase (i.e. the size of buf). \fBrwflag\fR is a flag +which is set to 0 when reading and 1 when writing. A typical routine +will ask the user to verify the passphrase (for example by prompting +for it twice) if \fBrwflag\fR is 1. The \fBu\fR parameter has the same +value as the \fBu\fR parameter passed to the \s-1PEM\s0 routine. It allows +arbitrary data to be passed to the callback by the application +(for example a window handle in a \s-1GUI\s0 application). The callback +\&\fBmust\fR return the number of characters in the passphrase or 0 if +an error occurred. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Although the \s-1PEM\s0 routines take several arguments in almost all applications +most of them are set to 0 or \s-1NULL\s0. +.PP +Read a certificate in \s-1PEM\s0 format from a \s-1BIO:\s0 +.PP +.Vb 6 +\& X509 *x; +\& x = PEM_read_bio(bp, NULL, 0, NULL); +\& if (x == NULL) +\& { +\& /* Error */ +\& } +.Ve +Alternative method: +.PP +.Vb 5 +\& X509 *x = NULL; +\& if (!PEM_read_bio_X509(bp, &x, 0, NULL)) +\& { +\& /* Error */ +\& } +.Ve +Write a certificate to a \s-1BIO:\s0 +.PP +.Vb 4 +\& if (!PEM_write_bio_X509(bp, x)) +\& { +\& /* Error */ +\& } +.Ve +Write an unencrypted private key to a \s-1FILE\s0 pointer: +.PP +.Vb 4 +\& if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL)) +\& { +\& /* Error */ +\& } +.Ve +Write a private key (using traditional format) to a \s-1BIO\s0 using +triple \s-1DES\s0 encryption, the pass phrase is prompted for: +.PP +.Vb 4 +\& if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL)) +\& { +\& /* Error */ +\& } +.Ve +Write a private key (using PKCS#8 format) to a \s-1BIO\s0 using triple +\&\s-1DES\s0 encryption, using the pass phrase \*(L"hello\*(R": +.PP +.Vb 4 +\& if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, "hello")) +\& { +\& /* Error */ +\& } +.Ve +Read a private key from a \s-1BIO\s0 using the pass phrase \*(L"hello\*(R": +.PP +.Vb 5 +\& key = PEM_read_bio_PrivateKey(bp, NULL, 0, "hello"); +\& if (key == NULL) +\& { +\& /* Error */ +\& } +.Ve +Read a private key from a \s-1BIO\s0 using a pass phrase callback: +.PP +.Vb 5 +\& key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key"); +\& if (key == NULL) +\& { +\& /* Error */ +\& } +.Ve +Skeleton pass phrase callback: +.PP +.Vb 6 +\& int pass_cb(char *buf, int size, int rwflag, void *u); +\& { +\& int len; +\& char *tmp; +\& /* We'd probably do something else if 'rwflag' is 1 */ +\& printf("Enter pass phrase for \e"%s\e"\en", u); +.Ve +.Vb 3 +\& /* get pass phrase, length 'len' into 'tmp' */ +\& tmp = "hello"; +\& len = strlen(tmp); +.Ve +.Vb 6 +\& if (len <= 0) return 0; +\& /* if too long, truncate */ +\& if (len > size) len = size; +\& memcpy(buf, tmp, len); +\& return len; +\& } +.Ve +.SH "NOTES" +.IX Header "NOTES" +The old \fBPrivateKey\fR write routines are retained for compatibility. +New applications should write private keys using the +\&\fIPEM_write_bio_PKCS8PrivateKey()\fR or \fIPEM_write_PKCS8PrivateKey()\fR routines +because they are more secure (they use an iteration count of 2048 whereas +the traditional routines use a count of 1) unless compatibility with older +versions of OpenSSL is important. +.PP +The \fBPrivateKey\fR read routines can be used in all applications because +they handle all formats transparently. +.PP +A frequent cause of problems is attempting to use the \s-1PEM\s0 routines like +this: +.PP +.Vb 2 +\& X509 *x; +\& PEM_read_bio_X509(bp, &x, 0, NULL); +.Ve +this is a bug because an attempt will be made to reuse the data at \fBx\fR +which is an uninitialised pointer. +.SH "PEM ENCRYPTION FORMAT" +.IX Header "PEM ENCRYPTION FORMAT" +This old \fBPrivateKey\fR routines use a non standard technique for encryption. +.PP +The private key (or other data) takes the following form: +.PP +.Vb 3 +\& -----BEGIN RSA PRIVATE KEY----- +\& Proc-Type: 4,ENCRYPTED +\& DEK-Info: DES-EDE3-CBC,3F17F5316E2BAC89 +.Ve +.Vb 2 +\& ...base64 encoded data... +\& -----END RSA PRIVATE KEY----- +.Ve +The line beginning DEK-Info contains two comma separated pieces of information: +the encryption algorithm name as used by \fIEVP_get_cipherbyname()\fR and an 8 +byte \fBsalt\fR encoded as a set of hexadecimal digits. +.PP +After this is the base64 encoded encrypted data. +.PP +The encryption key is determined using \fIEVP_bytestokey()\fR, using \fBsalt\fR and an +iteration count of 1. The \s-1IV\s0 used is the value of \fBsalt\fR and *not* the \s-1IV\s0 +returned by \fIEVP_bytestokey()\fR. +.SH "BUGS" +.IX Header "BUGS" +The \s-1PEM\s0 read routines in some versions of OpenSSL will not correctly reuse +an existing structure. Therefore the following: +.PP +.Vb 1 +\& PEM_read_bio(bp, &x, 0, NULL); +.Ve +where \fBx\fR already contains a valid certificate, may not work, whereas: +.PP +.Vb 2 +\& X509_free(x); +\& x = PEM_read_bio(bp, NULL, 0, NULL); +.Ve +is guaranteed to work. +.SH "RETURN CODES" +.IX Header "RETURN CODES" +The read routines return either a pointer to the structure read or \s-1NULL\s0 +is an error occurred. +.PP +The write routines return 1 for success or 0 for failure. diff --git a/secure/lib/libcrypto/man/pkcs12.1 b/secure/lib/libcrypto/man/pkcs12.1 deleted file mode 100644 index 4c5b81fd08cf..000000000000 --- a/secure/lib/libcrypto/man/pkcs12.1 +++ /dev/null @@ -1,429 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:50 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "PKCS12 1" -.TH PKCS12 1 "0.9.6e" "2001-05-19" "OpenSSL" -.UC -.SH "NAME" -pkcs12 \- PKCS#12 file utility -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBpkcs12\fR -[\fB\-export\fR] -[\fB\-chain\fR] -[\fB\-inkey filename\fR] -[\fB\-certfile filename\fR] -[\fB\-name name\fR] -[\fB\-caname name\fR] -[\fB\-in filename\fR] -[\fB\-out filename\fR] -[\fB\-noout\fR] -[\fB\-nomacver\fR] -[\fB\-nocerts\fR] -[\fB\-clcerts\fR] -[\fB\-cacerts\fR] -[\fB\-nokeys\fR] -[\fB\-info\fR] -[\fB\-des\fR] -[\fB\-des3\fR] -[\fB\-idea\fR] -[\fB\-nodes\fR] -[\fB\-noiter\fR] -[\fB\-maciter\fR] -[\fB\-twopass\fR] -[\fB\-descert\fR] -[\fB\-certpbe\fR] -[\fB\-keypbe\fR] -[\fB\-keyex\fR] -[\fB\-keysig\fR] -[\fB\-password arg\fR] -[\fB\-passin arg\fR] -[\fB\-passout arg\fR] -[\fB\-rand \f(BIfile\fB\|(s)\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBpkcs12\fR command allows PKCS#12 files (sometimes referred to as -\&\s-1PFX\s0 files) to be created and parsed. PKCS#12 files are used by several -programs including Netscape, \s-1MSIE\s0 and \s-1MS\s0 Outlook. -.SH "COMMAND OPTIONS" -.IX Header "COMMAND OPTIONS" -There are a lot of options the meaning of some depends of whether a PKCS#12 file -is being created or parsed. By default a PKCS#12 file is parsed a PKCS#12 -file can be created by using the \fB\-export\fR option (see below). -.SH "PARSING OPTIONS" -.IX Header "PARSING OPTIONS" -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -This specifies filename of the PKCS#12 file to be parsed. Standard input is used -by default. -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -The filename to write certificates and private keys to, standard output by default. -They are all written in \s-1PEM\s0 format. -.Ip "\fB\-pass arg\fR, \fB\-passin arg\fR" 4 -.IX Item "-pass arg, -passin arg" -the PKCS#12 file (i.e. input file) password source. For more information about the -format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in -openssl(1). -.Ip "\fB\-passout arg\fR" 4 -.IX Item "-passout arg" -pass phrase source to encrypt any outputed private keys with. For more information -about the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in -openssl(1). -.Ip "\fB\-noout\fR" 4 -.IX Item "-noout" -this option inhibits output of the keys and certificates to the output file version -of the PKCS#12 file. -.Ip "\fB\-clcerts\fR" 4 -.IX Item "-clcerts" -only output client certificates (not \s-1CA\s0 certificates). -.Ip "\fB\-cacerts\fR" 4 -.IX Item "-cacerts" -only output \s-1CA\s0 certificates (not client certificates). -.Ip "\fB\-nocerts\fR" 4 -.IX Item "-nocerts" -no certificates at all will be output. -.Ip "\fB\-nokeys\fR" 4 -.IX Item "-nokeys" -no private keys will be output. -.Ip "\fB\-info\fR" 4 -.IX Item "-info" -output additional information about the PKCS#12 file structure, algorithms used and -iteration counts. -.Ip "\fB\-des\fR" 4 -.IX Item "-des" -use \s-1DES\s0 to encrypt private keys before outputting. -.Ip "\fB\-des3\fR" 4 -.IX Item "-des3" -use triple \s-1DES\s0 to encrypt private keys before outputting, this is the default. -.Ip "\fB\-idea\fR" 4 -.IX Item "-idea" -use \s-1IDEA\s0 to encrypt private keys before outputting. -.Ip "\fB\-nodes\fR" 4 -.IX Item "-nodes" -don't encrypt the private keys at all. -.Ip "\fB\-nomacver\fR" 4 -.IX Item "-nomacver" -don't attempt to verify the integrity \s-1MAC\s0 before reading the file. -.Ip "\fB\-twopass\fR" 4 -.IX Item "-twopass" -prompt for separate integrity and encryption passwords: most software -always assumes these are the same so this option will render such -PKCS#12 files unreadable. -.SH "FILE CREATION OPTIONS" -.IX Header "FILE CREATION OPTIONS" -.Ip "\fB\-export\fR" 4 -.IX Item "-export" -This option specifies that a PKCS#12 file will be created rather than -parsed. -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -This specifies filename to write the PKCS#12 file to. Standard output is used -by default. -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -The filename to read certificates and private keys from, standard input by default. -They must all be in \s-1PEM\s0 format. The order doesn't matter but one private key and -its corresponding certificate should be present. If additional certificates are -present they will also be included in the PKCS#12 file. -.Ip "\fB\-inkey filename\fR" 4 -.IX Item "-inkey filename" -file to read private key from. If not present then a private key must be present -in the input file. -.Ip "\fB\-name friendlyname\fR" 4 -.IX Item "-name friendlyname" -This specifies the \*(L"friendly name\*(R" for the certificate and private key. This name -is typically displayed in list boxes by software importing the file. -.Ip "\fB\-certfile filename\fR" 4 -.IX Item "-certfile filename" -A filename to read additional certificates from. -.Ip "\fB\-caname friendlyname\fR" 4 -.IX Item "-caname friendlyname" -This specifies the \*(L"friendly name\*(R" for other certificates. This option may be -used multiple times to specify names for all certificates in the order they -appear. Netscape ignores friendly names on other certificates whereas \s-1MSIE\s0 -displays them. -.Ip "\fB\-pass arg\fR, \fB\-passout arg\fR" 4 -.IX Item "-pass arg, -passout arg" -the PKCS#12 file (i.e. output file) password source. For more information about -the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in -openssl(1). -.Ip "\fB\-passin password\fR" 4 -.IX Item "-passin password" -pass phrase source to decrypt any input private keys with. For more information -about the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in -openssl(1). -.Ip "\fB\-chain\fR" 4 -.IX Item "-chain" -if this option is present then an attempt is made to include the entire -certificate chain of the user certificate. The standard \s-1CA\s0 store is used -for this search. If the search fails it is considered a fatal error. -.Ip "\fB\-descert\fR" 4 -.IX Item "-descert" -encrypt the certificate using triple \s-1DES\s0, this may render the PKCS#12 -file unreadable by some \*(L"export grade\*(R" software. By default the private -key is encrypted using triple \s-1DES\s0 and the certificate using 40 bit \s-1RC2\s0. -.Ip "\fB\-keypbe alg\fR, \fB\-certpbe alg\fR" 4 -.IX Item "-keypbe alg, -certpbe alg" -these options allow the algorithm used to encrypt the private key and -certificates to be selected. Although any PKCS#5 v1.5 or PKCS#12 algorithms -can be selected it is advisable only to use PKCS#12 algorithms. See the list -in the \fB\s-1NOTES\s0\fR section for more information. -.Ip "\fB\-keyex|\-keysig\fR" 4 -.IX Item "-keyex|-keysig" -specifies that the private key is to be used for key exchange or just signing. -This option is only interpreted by \s-1MSIE\s0 and similar \s-1MS\s0 software. Normally -\&\*(L"export grade\*(R" software will only allow 512 bit \s-1RSA\s0 keys to be used for -encryption purposes but arbitrary length keys for signing. The \fB\-keysig\fR -option marks the key for signing only. Signing only keys can be used for -S/MIME signing, authenticode (ActiveX control signing) and \s-1SSL\s0 client -authentication, however due to a bug only \s-1MSIE\s0 5.0 and later support -the use of signing only keys for \s-1SSL\s0 client authentication. -.Ip "\fB\-nomaciter\fR, \fB\-noiter\fR" 4 -.IX Item "-nomaciter, -noiter" -these options affect the iteration counts on the \s-1MAC\s0 and key algorithms. -Unless you wish to produce files compatible with \s-1MSIE\s0 4.0 you should leave -these options alone. -.Sp -To discourage attacks by using large dictionaries of common passwords the -algorithm that derives keys from passwords can have an iteration count applied -to it: this causes a certain part of the algorithm to be repeated and slows it -down. The \s-1MAC\s0 is used to check the file integrity but since it will normally -have the same password as the keys and certificates it could also be attacked. -By default both \s-1MAC\s0 and encryption iteration counts are set to 2048, using -these options the \s-1MAC\s0 and encryption iteration counts can be set to 1, since -this reduces the file security you should not use these options unless you -really have to. Most software supports both \s-1MAC\s0 and key iteration counts. -\&\s-1MSIE\s0 4.0 doesn't support \s-1MAC\s0 iteration counts so it needs the \fB\-nomaciter\fR -option. -.Ip "\fB\-maciter\fR" 4 -.IX Item "-maciter" -This option is included for compatibility with previous versions, it used -to be needed to use \s-1MAC\s0 iterations counts but they are now used by default. -.Ip "\fB\-rand \f(BIfile\fB\|(s)\fR" 4 -.IX Item "-rand file" -a file or files containing random data used to seed the random number -generator, or an \s-1EGD\s0 socket (see RAND_egd(3)). -Multiple files can be specified separated by a OS-dependent character. -The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for -all others. -.SH "NOTES" -.IX Header "NOTES" -Although there are a large number of options most of them are very rarely -used. For PKCS#12 file parsing only \fB\-in\fR and \fB\-out\fR need to be used -for PKCS#12 file creation \fB\-export\fR and \fB\-name\fR are also used. -.PP -If none of the \fB\-clcerts\fR, \fB\-cacerts\fR or \fB\-nocerts\fR options are present -then all certificates will be output in the order they appear in the input -PKCS#12 files. There is no guarantee that the first certificate present is -the one corresponding to the private key. Certain software which requires -a private key and certificate and assumes the first certificate in the -file is the one corresponding to the private key: this may not always -be the case. Using the \fB\-clcerts\fR option will solve this problem by only -outputing the certificate corresponding to the private key. If the \s-1CA\s0 -certificates are required then they can be output to a separate file using -the \fB\-nokeys \-cacerts\fR options to just output \s-1CA\s0 certificates. -.PP -The \fB\-keypbe\fR and \fB\-certpbe\fR algorithms allow the precise encryption -algorithms for private keys and certificates to be specified. Normally -the defaults are fine but occasionally software can't handle triple \s-1DES\s0 -encrypted private keys, then the option \fB\-keypbe \s-1PBE-SHA1\-RC2\-40\s0\fR can -be used to reduce the private key encryption to 40 bit \s-1RC2\s0. A complete -description of all algorithms is contained in the \fBpkcs8\fR manual page. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Parse a PKCS#12 file and output it to a file: -.PP -.Vb 1 -\& openssl pkcs12 -in file.p12 -out file.pem -.Ve -Output only client certificates to a file: -.PP -.Vb 1 -\& openssl pkcs12 -in file.p12 -clcerts -out file.pem -.Ve -Don't encrypt the private key: -.PP -.Vb 1 -\& openssl pkcs12 -in file.p12 -out file.pem -nodes -.Ve -Print some info about a PKCS#12 file: -.PP -.Vb 1 -\& openssl pkcs12 -in file.p12 -info -noout -.Ve -Create a PKCS#12 file: -.PP -.Vb 1 -\& openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate" -.Ve -Include some extra certificates: -.PP -.Vb 2 -\& openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate" \e -\& -certfile othercerts.pem -.Ve -.SH "BUGS" -.IX Header "BUGS" -Some would argue that the PKCS#12 standard is one big bug :\-) -.PP -Versions of OpenSSL before 0.9.6a had a bug in the PKCS#12 key generation -routines. Under rare circumstances this could produce a PKCS#12 file encrypted -with an invalid key. As a result some PKCS#12 files which triggered this bug -from other implementations (\s-1MSIE\s0 or Netscape) could not be decrypted -by OpenSSL and similarly OpenSSL could produce PKCS#12 files which could -not be decrypted by other implementations. The chances of producing such -a file are relatively small: less than 1 in 256. -.PP -A side effect of fixing this bug is that any old invalidly encrypted PKCS#12 -files cannot no longer be parsed by the fixed version. Under such circumstances -the \fBpkcs12\fR utility will report that the \s-1MAC\s0 is \s-1OK\s0 but fail with a decryption -error when extracting private keys. -.PP -This problem can be resolved by extracting the private keys and certificates -from the PKCS#12 file using an older version of OpenSSL and recreating the PKCS#12 -file from the keys and certificates using a newer version of OpenSSL. For example: -.PP -.Vb 2 -\& old-openssl -in bad.p12 -out keycerts.pem -\& openssl -in keycerts.pem -export -name "My PKCS#12 file" -out fixed.p12 -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -pkcs8(1) diff --git a/secure/lib/libcrypto/man/pkcs7.1 b/secure/lib/libcrypto/man/pkcs7.1 deleted file mode 100644 index e7a89ad50511..000000000000 --- a/secure/lib/libcrypto/man/pkcs7.1 +++ /dev/null @@ -1,223 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:50 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "PKCS7 1" -.TH PKCS7 1 "0.9.6e" "2000-04-13" "OpenSSL" -.UC -.SH "NAME" -pkcs7 \- PKCS#7 utility -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBpkcs7\fR -[\fB\-inform PEM|DER\fR] -[\fB\-outform PEM|DER\fR] -[\fB\-in filename\fR] -[\fB\-out filename\fR] -[\fB\-print_certs\fR] -[\fB\-text\fR] -[\fB\-noout\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBpkcs7\fR command processes PKCS#7 files in \s-1DER\s0 or \s-1PEM\s0 format. -.SH "COMMAND OPTIONS" -.IX Header "COMMAND OPTIONS" -.Ip "\fB\-inform DER|PEM\fR" 4 -.IX Item "-inform DER|PEM" -This specifies the input format. \fB\s-1DER\s0\fR format is \s-1DER\s0 encoded PKCS#7 -v1.5 structure.\fB\s-1PEM\s0\fR (the default) is a base64 encoded version of -the \s-1DER\s0 form with header and footer lines. -.Ip "\fB\-outform DER|PEM\fR" 4 -.IX Item "-outform DER|PEM" -This specifies the output format, the options have the same meaning as the -\&\fB\-inform\fR option. -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -This specifies the input filename to read from or standard input if this -option is not specified. -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -specifies the output filename to write to or standard output by -default. -.Ip "\fB\-print_certs\fR" 4 -.IX Item "-print_certs" -prints out any certificates or CRLs contained in the file. They are -preceded by their subject and issuer names in one line format. -.Ip "\fB\-text\fR" 4 -.IX Item "-text" -prints out certificates details in full rather than just subject and -issuer names. -.Ip "\fB\-noout\fR" 4 -.IX Item "-noout" -don't output the encoded version of the PKCS#7 structure (or certificates -is \fB\-print_certs\fR is set). -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Convert a PKCS#7 file from \s-1PEM\s0 to \s-1DER:\s0 -.PP -.Vb 1 -\& openssl pkcs7 -in file.pem -outform DER -out file.der -.Ve -Output all certificates in a file: -.PP -.Vb 1 -\& openssl pkcs7 -in file.pem -print_certs -out certs.pem -.Ve -.SH "NOTES" -.IX Header "NOTES" -The \s-1PEM\s0 PKCS#7 format uses the header and footer lines: -.PP -.Vb 2 -\& -----BEGIN PKCS7----- -\& -----END PKCS7----- -.Ve -For compatability with some CAs it will also accept: -.PP -.Vb 2 -\& -----BEGIN CERTIFICATE----- -\& -----END CERTIFICATE----- -.Ve -.SH "RESTRICTIONS" -.IX Header "RESTRICTIONS" -There is no option to print out all the fields of a PKCS#7 file. -.PP -This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in \s-1RFC2315\s0 they -cannot currently parse, for example, the new \s-1CMS\s0 as described in \s-1RFC2630\s0. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -crl2pkcs7(1) diff --git a/secure/lib/libcrypto/man/pkcs8.1 b/secure/lib/libcrypto/man/pkcs8.1 deleted file mode 100644 index 110df1aa8936..000000000000 --- a/secure/lib/libcrypto/man/pkcs8.1 +++ /dev/null @@ -1,348 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:51 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "PKCS8 1" -.TH PKCS8 1 "0.9.6e" "2000-04-13" "OpenSSL" -.UC -.SH "NAME" -pkcs8 \- PKCS#8 format private key conversion tool -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBpkcs8\fR -[\fB\-topk8\fR] -[\fB\-inform PEM|DER\fR] -[\fB\-outform PEM|DER\fR] -[\fB\-in filename\fR] -[\fB\-passin arg\fR] -[\fB\-out filename\fR] -[\fB\-passout arg\fR] -[\fB\-noiter\fR] -[\fB\-nocrypt\fR] -[\fB\-nooct\fR] -[\fB\-embed\fR] -[\fB\-nsdb\fR] -[\fB\-v2 alg\fR] -[\fB\-v1 alg\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBpkcs8\fR command processes private keys in PKCS#8 format. It can handle -both unencrypted PKCS#8 PrivateKeyInfo format and EncryptedPrivateKeyInfo -format with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms. -.SH "COMMAND OPTIONS" -.IX Header "COMMAND OPTIONS" -.Ip "\fB\-topk8\fR" 4 -.IX Item "-topk8" -Normally a PKCS#8 private key is expected on input and a traditional format -private key will be written. With the \fB\-topk8\fR option the situation is -reversed: it reads a traditional format private key and writes a PKCS#8 -format key. -.Ip "\fB\-inform DER|PEM\fR" 4 -.IX Item "-inform DER|PEM" -This specifies the input format. If a PKCS#8 format key is expected on input -then either a \fB\s-1DER\s0\fR or \fB\s-1PEM\s0\fR encoded version of a PKCS#8 key will be -expected. Otherwise the \fB\s-1DER\s0\fR or \fB\s-1PEM\s0\fR format of the traditional format -private key is used. -.Ip "\fB\-outform DER|PEM\fR" 4 -.IX Item "-outform DER|PEM" -This specifies the output format, the options have the same meaning as the -\&\fB\-inform\fR option. -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -This specifies the input filename to read a key from or standard input if this -option is not specified. If the key is encrypted a pass phrase will be -prompted for. -.Ip "\fB\-passin arg\fR" 4 -.IX Item "-passin arg" -the input file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -This specifies the output filename to write a key to or standard output by -default. If any encryption options are set then a pass phrase will be -prompted for. The output filename should \fBnot\fR be the same as the input -filename. -.Ip "\fB\-passout arg\fR" 4 -.IX Item "-passout arg" -the output file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). -.Ip "\fB\-nocrypt\fR" 4 -.IX Item "-nocrypt" -PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo -structures using an appropriate password based encryption algorithm. With -this option an unencrypted PrivateKeyInfo structure is expected or output. -This option does not encrypt private keys at all and should only be used -when absolutely necessary. Certain software such as some versions of Java -code signing software used unencrypted private keys. -.Ip "\fB\-nooct\fR" 4 -.IX Item "-nooct" -This option generates \s-1RSA\s0 private keys in a broken format that some software -uses. Specifically the private key should be enclosed in a \s-1OCTET\s0 \s-1STRING\s0 -but some software just includes the structure itself without the -surrounding \s-1OCTET\s0 \s-1STRING\s0. -.Ip "\fB\-embed\fR" 4 -.IX Item "-embed" -This option generates \s-1DSA\s0 keys in a broken format. The \s-1DSA\s0 parameters are -embedded inside the PrivateKey structure. In this form the \s-1OCTET\s0 \s-1STRING\s0 -contains an \s-1ASN1\s0 \s-1SEQUENCE\s0 consisting of two structures: a \s-1SEQUENCE\s0 containing -the parameters and an \s-1ASN1\s0 \s-1INTEGER\s0 containing the private key. -.Ip "\fB\-nsdb\fR" 4 -.IX Item "-nsdb" -This option generates \s-1DSA\s0 keys in a broken format compatible with Netscape -private key databases. The PrivateKey contains a \s-1SEQUENCE\s0 consisting of -the public and private keys respectively. -.Ip "\fB\-v2 alg\fR" 4 -.IX Item "-v2 alg" -This option enables the use of PKCS#5 v2.0 algorithms. Normally PKCS#8 -private keys are encrypted with the password based encryption algorithm -called \fBpbeWithMD5AndDES-CBC\fR this uses 56 bit \s-1DES\s0 encryption but it -was the strongest encryption algorithm supported in PKCS#5 v1.5. Using -the \fB\-v2\fR option PKCS#5 v2.0 algorithms are used which can use any -encryption algorithm such as 168 bit triple \s-1DES\s0 or 128 bit \s-1RC2\s0 however -not many implementations support PKCS#5 v2.0 yet. If you are just using -private keys with OpenSSL then this doesn't matter. -.Sp -The \fBalg\fR argument is the encryption algorithm to use, valid values include -\&\fBdes\fR, \fBdes3\fR and \fBrc2\fR. It is recommended that \fBdes3\fR is used. -.Ip "\fB\-v1 alg\fR" 4 -.IX Item "-v1 alg" -This option specifies a PKCS#5 v1.5 or PKCS#12 algorithm to use. A complete -list of possible algorithms is included below. -.SH "NOTES" -.IX Header "NOTES" -The encrypted form of a \s-1PEM\s0 encode PKCS#8 files uses the following -headers and footers: -.PP -.Vb 2 -\& -----BEGIN ENCRYPTED PRIVATE KEY----- -\& -----END ENCRYPTED PRIVATE KEY----- -.Ve -The unencrypted form uses: -.PP -.Vb 2 -\& -----BEGIN PRIVATE KEY----- -\& -----END PRIVATE KEY----- -.Ve -Private keys encrypted using PKCS#5 v2.0 algorithms and high iteration -counts are more secure that those encrypted using the traditional -SSLeay compatible formats. So if additional security is considered -important the keys should be converted. -.PP -The default encryption is only 56 bits because this is the encryption -that most current implementations of PKCS#8 will support. -.PP -Some software may use PKCS#12 password based encryption algorithms -with PKCS#8 format private keys: these are handled automatically -but there is no option to produce them. -.PP -It is possible to write out \s-1DER\s0 encoded encrypted private keys in -PKCS#8 format because the encryption details are included at an \s-1ASN1\s0 -level whereas the traditional format includes them at a \s-1PEM\s0 level. -.SH "PKCS#5 v1.5 and PKCS#12 algorithms." -.IX Header "PKCS#5 v1.5 and PKCS#12 algorithms." -Various algorithms can be used with the \fB\-v1\fR command line option, -including PKCS#5 v1.5 and PKCS#12. These are described in more detail -below. -.Ip "\fB\s-1PBE-MD2\-DES\s0 \s-1PBE-MD5\-DES\s0\fR" 4 -.IX Item "PBE-MD2-DES PBE-MD5-DES" -These algorithms were included in the original PKCS#5 v1.5 specification. -They only offer 56 bits of protection since they both use \s-1DES\s0. -.Ip "\fB\s-1PBE-SHA1\-RC2\-64\s0 \s-1PBE-MD2\-RC2\-64\s0 \s-1PBE-MD5\-RC2\-64\s0 \s-1PBE-SHA1\-DES\s0\fR" 4 -.IX Item "PBE-SHA1-RC2-64 PBE-MD2-RC2-64 PBE-MD5-RC2-64 PBE-SHA1-DES" -These algorithms are not mentioned in the original PKCS#5 v1.5 specification -but they use the same key derivation algorithm and are supported by some -software. They are mentioned in PKCS#5 v2.0. They use either 64 bit \s-1RC2\s0 or -56 bit \s-1DES\s0. -.Ip "\fB\s-1PBE-SHA1\-RC4\-128\s0 \s-1PBE-SHA1\-RC4\-40\s0 \s-1PBE-SHA1\-3DES\s0 \s-1PBE-SHA1\-2DES\s0 \s-1PBE-SHA1\-RC2\-128\s0 \s-1PBE-SHA1\-RC2\-40\s0\fR" 4 -.IX Item "PBE-SHA1-RC4-128 PBE-SHA1-RC4-40 PBE-SHA1-3DES PBE-SHA1-2DES PBE-SHA1-RC2-128 PBE-SHA1-RC2-40" -These algorithms use the PKCS#12 password based encryption algorithm and -allow strong encryption algorithms like triple \s-1DES\s0 or 128 bit \s-1RC2\s0 to be used. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Convert a private from traditional to PKCS#5 v2.0 format using triple -\&\s-1DES:\s0 -.PP -.Vb 1 -\& openssl pkcs8 -in key.pem -topk8 -v2 des3 -out enckey.pem -.Ve -Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm -(\s-1DES\s0): -.PP -.Vb 1 -\& openssl pkcs8 -in key.pem -topk8 -out enckey.pem -.Ve -Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm -(3DES): -.PP -.Vb 1 -\& openssl pkcs8 -in key.pem -topk8 -out enckey.pem -v1 PBE-SHA1-3DES -.Ve -Read a \s-1DER\s0 unencrypted PKCS#8 format private key: -.PP -.Vb 1 -\& openssl pkcs8 -inform DER -nocrypt -in key.der -out key.pem -.Ve -Convert a private key from any PKCS#8 format to traditional format: -.PP -.Vb 1 -\& openssl pkcs8 -in pk8.pem -out key.pem -.Ve -.SH "STANDARDS" -.IX Header "STANDARDS" -Test vectors from this PKCS#5 v2.0 implementation were posted to the -pkcs-tng mailing list using triple \s-1DES\s0, \s-1DES\s0 and \s-1RC2\s0 with high iteration -counts, several people confirmed that they could decrypt the private -keys produced and Therefore it can be assumed that the PKCS#5 v2.0 -implementation is reasonably accurate at least as far as these -algorithms are concerned. -.PP -The format of PKCS#8 \s-1DSA\s0 (and other) private keys is not well documented: -it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default \s-1DSA\s0 -PKCS#8 private key format complies with this standard. -.SH "BUGS" -.IX Header "BUGS" -There should be an option that prints out the encryption algorithm -in use and other details such as the iteration count. -.PP -PKCS#8 using triple \s-1DES\s0 and PKCS#5 v2.0 should be the default private -key format for OpenSSL: for compatibility several of the utilities use -the old format at present. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -dsa(1), rsa(1), genrsa(1), -gendsa(1) diff --git a/secure/lib/libcrypto/man/rand.1 b/secure/lib/libcrypto/man/rand.1 deleted file mode 100644 index b9f16e5610fc..000000000000 --- a/secure/lib/libcrypto/man/rand.1 +++ /dev/null @@ -1,177 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:52 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "RAND 1" -.TH RAND 1 "0.9.6e" "2000-11-12" "OpenSSL" -.UC -.SH "NAME" -rand \- generate pseudo-random bytes -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl rand\fR -[\fB\-out\fR \fIfile\fR] -[\fB\-rand\fR \fI\fIfile\fI\|(s)\fR] -[\fB\-base64\fR] -\&\fInum\fR -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBrand\fR command outputs \fInum\fR pseudo-random bytes after seeding -the random number generater once. As in other \fBopenssl\fR command -line tools, \s-1PRNG\s0 seeding uses the file \fI$HOME/\fR\fB.rnd\fR or \fB.rnd\fR -in addition to the files given in the \fB\-rand\fR option. A new -\&\fI$HOME\fR/\fB.rnd\fR or \fB.rnd\fR file will be written back if enough -seeding was obtained from these sources. -.SH "OPTIONS" -.IX Header "OPTIONS" -.Ip "\fB\-out\fR \fIfile\fR" 4 -.IX Item "-out file" -Write to \fIfile\fR instead of standard output. -.Ip "\fB\-rand\fR \fI\fIfile\fI\|(s)\fR" 4 -.IX Item "-rand file" -Use specified file or files or \s-1EGD\s0 socket (see RAND_egd(3)) -for seeding the random number generator. -Multiple files can be specified separated by a OS-dependent character. -The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for -all others. -.Ip "\fB\-base64\fR" 4 -.IX Item "-base64" -Perform base64 encoding on the output. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -RAND_bytes(3) diff --git a/secure/lib/libcrypto/man/rand.3 b/secure/lib/libcrypto/man/rand.3 index 6f211bf23c76..8010fbb28540 100644 --- a/secure/lib/libcrypto/man/rand.3 +++ b/secure/lib/libcrypto/man/rand.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:09 2002 +.\" Mon Jan 13 19:29:28 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "rand 3" -.TH rand 3 "0.9.6e" "2001-07-19" "OpenSSL" +.TH rand 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" rand \- pseudo-random number generator @@ -147,15 +147,17 @@ rand \- pseudo-random number generator .Vb 1 \& #include <openssl/rand.h> .Ve +.Vb 1 +\& int RAND_set_rand_engine(ENGINE *engine); +.Ve .Vb 2 \& int RAND_bytes(unsigned char *buf, int num); \& int RAND_pseudo_bytes(unsigned char *buf, int num); .Ve -.Vb 4 +.Vb 3 \& void RAND_seed(const void *buf, int num); \& void RAND_add(const void *buf, int num, int entropy); \& int RAND_status(void); -\& void RAND_screen(void); .Ve .Vb 3 \& int RAND_load_file(const char *file, long max_bytes); @@ -166,15 +168,33 @@ rand \- pseudo-random number generator \& int RAND_egd(const char *path); .Ve .Vb 3 -\& void RAND_set_rand_method(RAND_METHOD *meth); -\& RAND_METHOD *RAND_get_rand_method(void); +\& void RAND_set_rand_method(const RAND_METHOD *meth); +\& const RAND_METHOD *RAND_get_rand_method(void); \& RAND_METHOD *RAND_SSLeay(void); .Ve .Vb 1 \& void RAND_cleanup(void); .Ve +.Vb 3 +\& /* For Win32 only */ +\& void RAND_screen(void); +\& int RAND_event(UINT, WPARAM, LPARAM); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +Since the introduction of the \s-1ENGINE\s0 \s-1API\s0, the recommended way of controlling +default implementations is by using the \s-1ENGINE\s0 \s-1API\s0 functions. The default +\&\fB\s-1RAND_METHOD\s0\fR, as set by \fIRAND_set_rand_method()\fR and returned by +\&\fIRAND_get_rand_method()\fR, is only used if no \s-1ENGINE\s0 has been set as the default +\&\*(L"rand\*(R" implementation. Hence, these two functions are no longer the recommened +way to control defaults. +.PP +If an alternative \fB\s-1RAND_METHOD\s0\fR implementation is being used (either set +directly or as provided by an \s-1ENGINE\s0 module), then it is entirely responsible +for the generation and management of a cryptographically secure \s-1PRNG\s0 stream. The +mechanisms described below relate solely to the software \s-1PRNG\s0 implementation +built in to OpenSSL and used by default. +.PP These functions implement a cryptographically secure pseudo-random number generator (\s-1PRNG\s0). It is used by other library functions for example to generate random keys, and applications can use it when they diff --git a/secure/lib/libcrypto/man/rc4.3 b/secure/lib/libcrypto/man/rc4.3 index 8ff53479d184..6f9c5223b3a0 100644 --- a/secure/lib/libcrypto/man/rc4.3 +++ b/secure/lib/libcrypto/man/rc4.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:09 2002 +.\" Mon Jan 13 19:29:29 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "rc4 3" -.TH rc4 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH rc4 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RC4_set_key, \s-1RC4\s0 \- \s-1RC4\s0 encryption diff --git a/secure/lib/libcrypto/man/req.1 b/secure/lib/libcrypto/man/req.1 deleted file mode 100644 index 9915eeaa253e..000000000000 --- a/secure/lib/libcrypto/man/req.1 +++ /dev/null @@ -1,646 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:52 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "REQ 1" -.TH REQ 1 "0.9.6e" "2000-11-12" "OpenSSL" -.UC -.SH "NAME" -req \- PKCS#10 certificate and certificate generating utility. -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBreq\fR -[\fB\-inform PEM|DER\fR] -[\fB\-outform PEM|DER\fR] -[\fB\-in filename\fR] -[\fB\-passin arg\fR] -[\fB\-out filename\fR] -[\fB\-passout arg\fR] -[\fB\-text\fR] -[\fB\-noout\fR] -[\fB\-verify\fR] -[\fB\-modulus\fR] -[\fB\-new\fR] -[\fB\-rand \f(BIfile\fB\|(s)\fR] -[\fB\-newkey rsa:bits\fR] -[\fB\-newkey dsa:file\fR] -[\fB\-nodes\fR] -[\fB\-key filename\fR] -[\fB\-keyform PEM|DER\fR] -[\fB\-keyout filename\fR] -[\fB\-[md5|sha1|md2|mdc2]\fR] -[\fB\-config filename\fR] -[\fB\-x509\fR] -[\fB\-days n\fR] -[\fB\-asn1\-kludge\fR] -[\fB\-newhdr\fR] -[\fB\-extensions section\fR] -[\fB\-reqexts section\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBreq\fR command primarily creates and processes certificate requests -in PKCS#10 format. It can additionally create self signed certificates -for use as root CAs for example. -.SH "COMMAND OPTIONS" -.IX Header "COMMAND OPTIONS" -.Ip "\fB\-inform DER|PEM\fR" 4 -.IX Item "-inform DER|PEM" -This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded -form compatible with the PKCS#10. The \fB\s-1PEM\s0\fR form is the default format: it -consists of the \fB\s-1DER\s0\fR format base64 encoded with additional header and -footer lines. -.Ip "\fB\-outform DER|PEM\fR" 4 -.IX Item "-outform DER|PEM" -This specifies the output format, the options have the same meaning as the -\&\fB\-inform\fR option. -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -This specifies the input filename to read a request from or standard input -if this option is not specified. A request is only read if the creation -options (\fB\-new\fR and \fB\-newkey\fR) are not specified. -.Ip "\fB\-passin arg\fR" 4 -.IX Item "-passin arg" -the input file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -This specifies the output filename to write to or standard output by -default. -.Ip "\fB\-passout arg\fR" 4 -.IX Item "-passout arg" -the output file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). -.Ip "\fB\-text\fR" 4 -.IX Item "-text" -prints out the certificate request in text form. -.Ip "\fB\-noout\fR" 4 -.IX Item "-noout" -this option prevents output of the encoded version of the request. -.Ip "\fB\-modulus\fR" 4 -.IX Item "-modulus" -this option prints out the value of the modulus of the public key -contained in the request. -.Ip "\fB\-verify\fR" 4 -.IX Item "-verify" -verifies the signature on the request. -.Ip "\fB\-new\fR" 4 -.IX Item "-new" -this option generates a new certificate request. It will prompt -the user for the relevant field values. The actual fields -prompted for and their maximum and minimum sizes are specified -in the configuration file and any requested extensions. -.Sp -If the \fB\-key\fR option is not used it will generate a new \s-1RSA\s0 private -key using information specified in the configuration file. -.Ip "\fB\-rand \f(BIfile\fB\|(s)\fR" 4 -.IX Item "-rand file" -a file or files containing random data used to seed the random number -generator, or an \s-1EGD\s0 socket (see RAND_egd(3)). -Multiple files can be specified separated by a OS-dependent character. -The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for -all others. -.Ip "\fB\-newkey arg\fR" 4 -.IX Item "-newkey arg" -this option creates a new certificate request and a new private -key. The argument takes one of two forms. \fBrsa:nbits\fR, where -\&\fBnbits\fR is the number of bits, generates an \s-1RSA\s0 key \fBnbits\fR -in size. \fBdsa:filename\fR generates a \s-1DSA\s0 key using the parameters -in the file \fBfilename\fR. -.Ip "\fB\-key filename\fR" 4 -.IX Item "-key filename" -This specifies the file to read the private key from. It also -accepts PKCS#8 format private keys for \s-1PEM\s0 format files. -.Ip "\fB\-keyform PEM|DER\fR" 4 -.IX Item "-keyform PEM|DER" -the format of the private key file specified in the \fB\-key\fR -argument. \s-1PEM\s0 is the default. -.Ip "\fB\-keyout filename\fR" 4 -.IX Item "-keyout filename" -this gives the filename to write the newly created private key to. -If this option is not specified then the filename present in the -configuration file is used. -.Ip "\fB\-nodes\fR" 4 -.IX Item "-nodes" -if this option is specified then if a private key is created it -will not be encrypted. -.Ip "\fB\-[md5|sha1|md2|mdc2]\fR" 4 -.IX Item "-[md5|sha1|md2|mdc2]" -this specifies the message digest to sign the request with. This -overrides the digest algorithm specified in the configuration file. -This option is ignored for \s-1DSA\s0 requests: they always use \s-1SHA1\s0. -.Ip "\fB\-config filename\fR" 4 -.IX Item "-config filename" -this allows an alternative configuration file to be specified, -this overrides the compile time filename or any specified in -the \fB\s-1OPENSSL_CONF\s0\fR environment variable. -.Ip "\fB\-x509\fR" 4 -.IX Item "-x509" -this option outputs a self signed certificate instead of a certificate -request. This is typically used to generate a test certificate or -a self signed root \s-1CA\s0. The extensions added to the certificate -(if any) are specified in the configuration file. -.Ip "\fB\-days n\fR" 4 -.IX Item "-days n" -when the \fB\-x509\fR option is being used this specifies the number of -days to certify the certificate for. The default is 30 days. -.Ip "\fB\-extensions section\fR" 4 -.IX Item "-extensions section" -.PD 0 -.Ip "\fB\-reqexts section\fR" 4 -.IX Item "-reqexts section" -.PD -these options specify alternative sections to include certificate -extensions (if the \fB\-x509\fR option is present) or certificate -request extensions. This allows several different sections to -be used in the same configuration file to specify requests for -a variety of purposes. -.Ip "\fB\-asn1\-kludge\fR" 4 -.IX Item "-asn1-kludge" -by default the \fBreq\fR command outputs certificate requests containing -no attributes in the correct PKCS#10 format. However certain CAs will only -accept requests containing no attributes in an invalid form: this -option produces this invalid format. -.Sp -More precisely the \fBAttributes\fR in a PKCS#10 certificate request -are defined as a \fB\s-1SET\s0 \s-1OF\s0 Attribute\fR. They are \fBnot \s-1OPTIONAL\s0\fR so -if no attributes are present then they should be encoded as an -empty \fB\s-1SET\s0 \s-1OF\s0\fR. The invalid form does not include the empty -\&\fB\s-1SET\s0 \s-1OF\s0\fR whereas the correct form does. -.Sp -It should be noted that very few CAs still require the use of this option. -.Ip "\fB\-newhdr\fR" 4 -.IX Item "-newhdr" -Adds the word \fB\s-1NEW\s0\fR to the \s-1PEM\s0 file header and footer lines on the outputed -request. Some software (Netscape certificate server) and some CAs need this. -.SH "CONFIGURATION FILE FORMAT" -.IX Header "CONFIGURATION FILE FORMAT" -The configuration options are specified in the \fBreq\fR section of -the configuration file. As with all configuration files if no -value is specified in the specific section (i.e. \fBreq\fR) then -the initial unnamed or \fBdefault\fR section is searched too. -.PP -The options available are described in detail below. -.Ip "\fBinput_password output_password\fR" 4 -.IX Item "input_password output_password" -The passwords for the input private key file (if present) and -the output private key file (if one will be created). The -command line options \fBpassin\fR and \fBpassout\fR override the -configuration file values. -.Ip "\fBdefault_bits\fR" 4 -.IX Item "default_bits" -This specifies the default key size in bits. If not specified then -512 is used. It is used if the \fB\-new\fR option is used. It can be -overridden by using the \fB\-newkey\fR option. -.Ip "\fBdefault_keyfile\fR" 4 -.IX Item "default_keyfile" -This is the default filename to write a private key to. If not -specified the key is written to standard output. This can be -overridden by the \fB\-keyout\fR option. -.Ip "\fBoid_file\fR" 4 -.IX Item "oid_file" -This specifies a file containing additional \fB\s-1OBJECT\s0 \s-1IDENTIFIERS\s0\fR. -Each line of the file should consist of the numerical form of the -object identifier followed by white space then the short name followed -by white space and finally the long name. -.Ip "\fBoid_section\fR" 4 -.IX Item "oid_section" -This specifies a section in the configuration file containing extra -object identifiers. Each line should consist of the short name of the -object identifier followed by \fB=\fR and the numerical form. The short -and long names are the same when this option is used. -.Ip "\fB\s-1RANDFILE\s0\fR" 4 -.IX Item "RANDFILE" -This specifies a filename in which random number seed information is -placed and read from, or an \s-1EGD\s0 socket (see RAND_egd(3)). -It is used for private key generation. -.Ip "\fBencrypt_key\fR" 4 -.IX Item "encrypt_key" -If this is set to \fBno\fR then if a private key is generated it is -\&\fBnot\fR encrypted. This is equivalent to the \fB\-nodes\fR command line -option. For compatibility \fBencrypt_rsa_key\fR is an equivalent option. -.Ip "\fBdefault_md\fR" 4 -.IX Item "default_md" -This option specifies the digest algorithm to use. Possible values -include \fBmd5 sha1 mdc2\fR. If not present then \s-1MD5\s0 is used. This -option can be overridden on the command line. -.Ip "\fBstring_mask\fR" 4 -.IX Item "string_mask" -This option masks out the use of certain string types in certain -fields. Most users will not need to change this option. -.Sp -It can be set to several values \fBdefault\fR which is also the default -option uses PrintableStrings, T61Strings and BMPStrings if the -\&\fBpkix\fR value is used then only PrintableStrings and BMPStrings will -be used. This follows the \s-1PKIX\s0 recommendation in \s-1RFC2459\s0. If the -\&\fButf8only\fR option is used then only UTF8Strings will be used: this -is the \s-1PKIX\s0 recommendation in \s-1RFC2459\s0 after 2003. Finally the \fBnombstr\fR -option just uses PrintableStrings and T61Strings: certain software has -problems with BMPStrings and UTF8Strings: in particular Netscape. -.Ip "\fBreq_extensions\fR" 4 -.IX Item "req_extensions" -this specifies the configuration file section containing a list of -extensions to add to the certificate request. It can be overridden -by the \fB\-reqexts\fR command line switch. -.Ip "\fBx509_extensions\fR" 4 -.IX Item "x509_extensions" -this specifies the configuration file section containing a list of -extensions to add to certificate generated when the \fB\-x509\fR switch -is used. It can be overridden by the \fB\-extensions\fR command line switch. -.Ip "\fBprompt\fR" 4 -.IX Item "prompt" -if set to the value \fBno\fR this disables prompting of certificate fields -and just takes values from the config file directly. It also changes the -expected format of the \fBdistinguished_name\fR and \fBattributes\fR sections. -.Ip "\fBattributes\fR" 4 -.IX Item "attributes" -this specifies the section containing any request attributes: its format -is the same as \fBdistinguished_name\fR. Typically these may contain the -challengePassword or unstructuredName types. They are currently ignored -by OpenSSL's request signing utilities but some CAs might want them. -.Ip "\fBdistinguished_name\fR" 4 -.IX Item "distinguished_name" -This specifies the section containing the distinguished name fields to -prompt for when generating a certificate or certificate request. The format -is described in the next section. -.SH "DISTINGUISHED NAME AND ATTRIBUTE SECTION FORMAT" -.IX Header "DISTINGUISHED NAME AND ATTRIBUTE SECTION FORMAT" -There are two separate formats for the distinguished name and attribute -sections. If the \fBprompt\fR option is set to \fBno\fR then these sections -just consist of field names and values: for example, -.PP -.Vb 3 -\& CN=My Name -\& OU=My Organization -\& emailAddress=someone@somewhere.org -.Ve -This allows external programs (e.g. \s-1GUI\s0 based) to generate a template file -with all the field names and values and just pass it to \fBreq\fR. An example -of this kind of configuration file is contained in the \fB\s-1EXAMPLES\s0\fR section. -.PP -Alternatively if the \fBprompt\fR option is absent or not set to \fBno\fR then the -file contains field prompting information. It consists of lines of the form: -.PP -.Vb 4 -\& fieldName="prompt" -\& fieldName_default="default field value" -\& fieldName_min= 2 -\& fieldName_max= 4 -.Ve -\&\*(L"fieldName\*(R" is the field name being used, for example commonName (or \s-1CN\s0). -The \*(L"prompt\*(R" string is used to ask the user to enter the relevant -details. If the user enters nothing then the default value is used if no -default value is present then the field is omitted. A field can -still be omitted if a default value is present if the user just -enters the '.' character. -.PP -The number of characters entered must be between the fieldName_min and -fieldName_max limits: there may be additional restrictions based -on the field being used (for example countryName can only ever be -two characters long and must fit in a PrintableString). -.PP -Some fields (such as organizationName) can be used more than once -in a \s-1DN\s0. This presents a problem because configuration files will -not recognize the same name occurring twice. To avoid this problem -if the fieldName contains some characters followed by a full stop -they will be ignored. So for example a second organizationName can -be input by calling it \*(L"1.organizationName\*(R". -.PP -The actual permitted field names are any object identifier short or -long names. These are compiled into OpenSSL and include the usual -values such as commonName, countryName, localityName, organizationName, -organizationUnitName, stateOrPrivinceName. Additionally emailAddress -is include as well as name, surname, givenName initials and dnQualifier. -.PP -Additional object identifiers can be defined with the \fBoid_file\fR or -\&\fBoid_section\fR options in the configuration file. Any additional fields -will be treated as though they were a DirectoryString. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Examine and verify certificate request: -.PP -.Vb 1 -\& openssl req -in req.pem -text -verify -noout -.Ve -Create a private key and then generate a certificate request from it: -.PP -.Vb 2 -\& openssl genrsa -out key.pem 1024 -\& openssl req -new -key key.pem -out req.pem -.Ve -The same but just using req: -.PP -.Vb 1 -\& openssl req -newkey rsa:1024 -keyout key.pem -out req.pem -.Ve -Generate a self signed root certificate: -.PP -.Vb 1 -\& openssl req -x509 -newkey rsa:1024 -keyout key.pem -out req.pem -.Ve -Example of a file pointed to by the \fBoid_file\fR option: -.PP -.Vb 2 -\& 1.2.3.4 shortName A longer Name -\& 1.2.3.6 otherName Other longer Name -.Ve -Example of a section pointed to by \fBoid_section\fR making use of variable -expansion: -.PP -.Vb 2 -\& testoid1=1.2.3.5 -\& testoid2=${testoid1}.6 -.Ve -Sample configuration file prompting for field values: -.PP -.Vb 6 -\& [ req ] -\& default_bits = 1024 -\& default_keyfile = privkey.pem -\& distinguished_name = req_distinguished_name -\& attributes = req_attributes -\& x509_extensions = v3_ca -.Ve -.Vb 1 -\& dirstring_type = nobmp -.Ve -.Vb 5 -\& [ req_distinguished_name ] -\& countryName = Country Name (2 letter code) -\& countryName_default = AU -\& countryName_min = 2 -\& countryName_max = 2 -.Ve -.Vb 1 -\& localityName = Locality Name (eg, city) -.Ve -.Vb 1 -\& organizationalUnitName = Organizational Unit Name (eg, section) -.Ve -.Vb 2 -\& commonName = Common Name (eg, YOUR name) -\& commonName_max = 64 -.Ve -.Vb 2 -\& emailAddress = Email Address -\& emailAddress_max = 40 -.Ve -.Vb 4 -\& [ req_attributes ] -\& challengePassword = A challenge password -\& challengePassword_min = 4 -\& challengePassword_max = 20 -.Ve -.Vb 1 -\& [ v3_ca ] -.Ve -.Vb 3 -\& subjectKeyIdentifier=hash -\& authorityKeyIdentifier=keyid:always,issuer:always -\& basicConstraints = CA:true -.Ve -Sample configuration containing all field values: -.PP -.Vb 1 -\& RANDFILE = $ENV::HOME/.rnd -.Ve -.Vb 7 -\& [ req ] -\& default_bits = 1024 -\& default_keyfile = keyfile.pem -\& distinguished_name = req_distinguished_name -\& attributes = req_attributes -\& prompt = no -\& output_password = mypass -.Ve -.Vb 8 -\& [ req_distinguished_name ] -\& C = GB -\& ST = Test State or Province -\& L = Test Locality -\& O = Organization Name -\& OU = Organizational Unit Name -\& CN = Common Name -\& emailAddress = test@email.address -.Ve -.Vb 2 -\& [ req_attributes ] -\& challengePassword = A challenge password -.Ve -.SH "NOTES" -.IX Header "NOTES" -The header and footer lines in the \fB\s-1PEM\s0\fR format are normally: -.PP -.Vb 2 -\& -----BEGIN CERTIFICATE REQUEST---- -\& -----END CERTIFICATE REQUEST---- -.Ve -some software (some versions of Netscape certificate server) instead needs: -.PP -.Vb 2 -\& -----BEGIN NEW CERTIFICATE REQUEST---- -\& -----END NEW CERTIFICATE REQUEST---- -.Ve -which is produced with the \fB\-newhdr\fR option but is otherwise compatible. -Either form is accepted transparently on input. -.PP -The certificate requests generated by \fBXenroll\fR with \s-1MSIE\s0 have extensions -added. It includes the \fBkeyUsage\fR extension which determines the type of -key (signature only or general purpose) and any additional OIDs entered -by the script in an extendedKeyUsage extension. -.SH "DIAGNOSTICS" -.IX Header "DIAGNOSTICS" -The following messages are frequently asked about: -.PP -.Vb 2 -\& Using configuration from /some/path/openssl.cnf -\& Unable to load config info -.Ve -This is followed some time later by... -.PP -.Vb 2 -\& unable to find 'distinguished_name' in config -\& problems making Certificate Request -.Ve -The first error message is the clue: it can't find the configuration -file! Certain operations (like examining a certificate request) don't -need a configuration file so its use isn't enforced. Generation of -certificates or requests however does need a configuration file. This -could be regarded as a bug. -.PP -Another puzzling message is this: -.PP -.Vb 2 -\& Attributes: -\& a0:00 -.Ve -this is displayed when no attributes are present and the request includes -the correct empty \fB\s-1SET\s0 \s-1OF\s0\fR structure (the \s-1DER\s0 encoding of which is 0xa0 -0x00). If you just see: -.PP -.Vb 1 -\& Attributes: -.Ve -then the \fB\s-1SET\s0 \s-1OF\s0\fR is missing and the encoding is technically invalid (but -it is tolerated). See the description of the command line option \fB\-asn1\-kludge\fR -for more information. -.SH "ENVIRONMENT VARIABLES" -.IX Header "ENVIRONMENT VARIABLES" -The variable \fB\s-1OPENSSL_CONF\s0\fR if defined allows an alternative configuration -file location to be specified, it will be overridden by the \fB\-config\fR command -line switch if it is present. For compatibility reasons the \fB\s-1SSLEAY_CONF\s0\fR -environment variable serves the same purpose but its use is discouraged. -.SH "BUGS" -.IX Header "BUGS" -OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively -treats them as \s-1ISO-8859\-1\s0 (Latin 1), Netscape and \s-1MSIE\s0 have similar behaviour. -This can cause problems if you need characters that aren't available in -PrintableStrings and you don't want to or can't use BMPStrings. -.PP -As a consequence of the T61String handling the only correct way to represent -accented characters in OpenSSL is to use a BMPString: unfortunately Netscape -currently chokes on these. If you have to use accented characters with Netscape -and \s-1MSIE\s0 then you currently need to use the invalid T61String form. -.PP -The current prompting is not very friendly. It doesn't allow you to confirm what -you've just entered. Other things like extensions in certificate requests are -statically defined in the configuration file. Some of these: like an email -address in subjectAltName should be input by the user. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -x509(1), ca(1), genrsa(1), -gendsa(1), config(5) diff --git a/secure/lib/libcrypto/man/ripemd.3 b/secure/lib/libcrypto/man/ripemd.3 index a8ba8e266c93..507da0c34a16 100644 --- a/secure/lib/libcrypto/man/ripemd.3 +++ b/secure/lib/libcrypto/man/ripemd.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:10 2002 +.\" Mon Jan 13 19:29:31 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "ripemd 3" -.TH ripemd 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH ripemd 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" \&\s-1RIPEMD160\s0, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final \- diff --git a/secure/lib/libcrypto/man/rsa.1 b/secure/lib/libcrypto/man/rsa.1 deleted file mode 100644 index 560c1448fefe..000000000000 --- a/secure/lib/libcrypto/man/rsa.1 +++ /dev/null @@ -1,301 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:53 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "RSA 1" -.TH RSA 1 "0.9.6e" "2000-11-12" "OpenSSL" -.UC -.SH "NAME" -rsa \- \s-1RSA\s0 key processing tool -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBrsa\fR -[\fB\-inform PEM|NET|DER\fR] -[\fB\-outform PEM|NET|DER\fR] -[\fB\-in filename\fR] -[\fB\-passin arg\fR] -[\fB\-out filename\fR] -[\fB\-passout arg\fR] -[\fB\-sgckey\fR] -[\fB\-des\fR] -[\fB\-des3\fR] -[\fB\-idea\fR] -[\fB\-text\fR] -[\fB\-noout\fR] -[\fB\-modulus\fR] -[\fB\-check\fR] -[\fB\-pubin\fR] -[\fB\-pubout\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBrsa\fR command processes \s-1RSA\s0 keys. They can be converted between various -forms and their components printed out. \fBNote\fR this command uses the -traditional SSLeay compatible format for private key encryption: newer -applications should use the more secure PKCS#8 format using the \fBpkcs8\fR -utility. -.SH "COMMAND OPTIONS" -.IX Header "COMMAND OPTIONS" -.Ip "\fB\-inform DER|NET|PEM\fR" 4 -.IX Item "-inform DER|NET|PEM" -This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded -form compatible with the PKCS#1 RSAPrivateKey or SubjectPublicKeyInfo format. -The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR format base64 -encoded with additional header and footer lines. On input PKCS#8 format private -keys are also accepted. The \fB\s-1NET\s0\fR form is a format is described in the \fB\s-1NOTES\s0\fR -section. -.Ip "\fB\-outform DER|NET|PEM\fR" 4 -.IX Item "-outform DER|NET|PEM" -This specifies the output format, the options have the same meaning as the -\&\fB\-inform\fR option. -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -This specifies the input filename to read a key from or standard input if this -option is not specified. If the key is encrypted a pass phrase will be -prompted for. -.Ip "\fB\-passin arg\fR" 4 -.IX Item "-passin arg" -the input file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -This specifies the output filename to write a key to or standard output if this -option is not specified. If any encryption options are set then a pass phrase -will be prompted for. The output filename should \fBnot\fR be the same as the input -filename. -.Ip "\fB\-passout password\fR" 4 -.IX Item "-passout password" -the output file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). -.Ip "\fB\-sgckey\fR" 4 -.IX Item "-sgckey" -use the modified \s-1NET\s0 algorithm used with some versions of Microsoft \s-1IIS\s0 and \s-1SGC\s0 -keys. -.Ip "\fB\-des|\-des3|\-idea\fR" 4 -.IX Item "-des|-des3|-idea" -These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, or the -\&\s-1IDEA\s0 ciphers respectively before outputting it. A pass phrase is prompted for. -If none of these options is specified the key is written in plain text. This -means that using the \fBrsa\fR utility to read in an encrypted key with no -encryption option can be used to remove the pass phrase from a key, or by -setting the encryption options it can be use to add or change the pass phrase. -These options can only be used with \s-1PEM\s0 format output files. -.Ip "\fB\-text\fR" 4 -.IX Item "-text" -prints out the various public or private key components in -plain text in addition to the encoded version. -.Ip "\fB\-noout\fR" 4 -.IX Item "-noout" -this option prevents output of the encoded version of the key. -.Ip "\fB\-modulus\fR" 4 -.IX Item "-modulus" -this option prints out the value of the modulus of the key. -.Ip "\fB\-check\fR" 4 -.IX Item "-check" -this option checks the consistency of an \s-1RSA\s0 private key. -.Ip "\fB\-pubin\fR" 4 -.IX Item "-pubin" -by default a private key is read from the input file: with this -option a public key is read instead. -.Ip "\fB\-pubout\fR" 4 -.IX Item "-pubout" -by default a private key is output: with this option a public -key will be output instead. This option is automatically set if -the input is a public key. -.SH "NOTES" -.IX Header "NOTES" -The \s-1PEM\s0 private key format uses the header and footer lines: -.PP -.Vb 2 -\& -----BEGIN RSA PRIVATE KEY----- -\& -----END RSA PRIVATE KEY----- -.Ve -The \s-1PEM\s0 public key format uses the header and footer lines: -.PP -.Vb 2 -\& -----BEGIN PUBLIC KEY----- -\& -----END PUBLIC KEY----- -.Ve -The \fB\s-1NET\s0\fR form is a format compatible with older Netscape servers -and Microsoft \s-1IIS\s0 .key files, this uses unsalted \s-1RC4\s0 for its encryption. -It is not very secure and so should only be used when necessary. -.PP -Some newer version of \s-1IIS\s0 have additional data in the exported .key -files. To use thse with the utility view the file with a binary editor -and look for the string \*(L"private-key\*(R", then trace back to the byte -sequence 0x30, 0x82 (this is an \s-1ASN1\s0 \s-1SEQUENCE\s0). Copy all the data -from this point onwards to another file and use that as the input -to the \fBrsa\fR utility with the \fB\-inform \s-1NET\s0\fR option. If you get -an error after entering the password try the \fB\-sgckey\fR option. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -To remove the pass phrase on an \s-1RSA\s0 private key: -.PP -.Vb 1 -\& openssl rsa -in key.pem -out keyout.pem -.Ve -To encrypt a private key using triple \s-1DES:\s0 -.PP -.Vb 1 -\& openssl rsa -in key.pem -des3 -out keyout.pem -.Ve -To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format: -.PP -.Vb 1 -\& openssl rsa -in key.pem -outform DER -out keyout.der -.Ve -To print out the components of a private key to standard output: -.PP -.Vb 1 -\& openssl rsa -in key.pem -text -noout -.Ve -To just output the public part of a private key: -.PP -.Vb 1 -\& openssl rsa -in key.pem -pubout -out pubkey.pem -.Ve -.SH "BUGS" -.IX Header "BUGS" -The command line password arguments don't currently work with -\&\fB\s-1NET\s0\fR format. -.PP -There should be an option that automatically handles .key files, -without having to manually edit them. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -pkcs8(1), dsa(1), genrsa(1), -gendsa(1) diff --git a/secure/lib/libcrypto/man/rsa.3 b/secure/lib/libcrypto/man/rsa.3 index 1667d446c4df..4cb1a276d769 100644 --- a/secure/lib/libcrypto/man/rsa.3 +++ b/secure/lib/libcrypto/man/rsa.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:10 2002 +.\" Mon Jan 13 19:29:32 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,24 +138,29 @@ .\" ====================================================================== .\" .IX Title "rsa 3" -.TH rsa 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH rsa 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" rsa \- \s-1RSA\s0 public key cryptosystem .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 1 +.Vb 2 \& #include <openssl/rsa.h> +\& #include <openssl/engine.h> .Ve .Vb 2 \& RSA * RSA_new(void); \& void RSA_free(RSA *rsa); .Ve -.Vb 4 +.Vb 8 \& int RSA_public_encrypt(int flen, unsigned char *from, \& unsigned char *to, RSA *rsa, int padding); \& int RSA_private_decrypt(int flen, unsigned char *from, \& unsigned char *to, RSA *rsa, int padding); +\& int RSA_private_encrypt(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa,int padding); +\& int RSA_public_decrypt(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa,int padding); .Ve .Vb 4 \& int RSA_sign(int type, unsigned char *m, unsigned int m_len, @@ -164,7 +169,7 @@ rsa \- \s-1RSA\s0 public key cryptosystem \& unsigned char *sigbuf, unsigned int siglen, RSA *rsa); .Ve .Vb 1 -\& int RSA_size(RSA *rsa); +\& int RSA_size(const RSA *rsa); .Ve .Vb 2 \& RSA *RSA_generate_key(int num, unsigned long e, @@ -177,16 +182,15 @@ rsa \- \s-1RSA\s0 public key cryptosystem \& int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); \& void RSA_blinding_off(RSA *rsa); .Ve -.Vb 9 -\& void RSA_set_default_method(RSA_METHOD *meth); -\& RSA_METHOD *RSA_get_default_method(void); -\& RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth); -\& RSA_METHOD *RSA_get_method(RSA *rsa); +.Vb 8 +\& void RSA_set_default_method(const RSA_METHOD *meth); +\& const RSA_METHOD *RSA_get_default_method(void); +\& int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); +\& const RSA_METHOD *RSA_get_method(const RSA *rsa); \& RSA_METHOD *RSA_PKCS1_SSLeay(void); -\& RSA_METHOD *RSA_PKCS1_RSAref(void); \& RSA_METHOD *RSA_null_method(void); -\& int RSA_flags(RSA *rsa); -\& RSA *RSA_new_method(RSA_METHOD *method); +\& int RSA_flags(const RSA *rsa); +\& RSA *RSA_new_method(ENGINE *engine); .Ve .Vb 2 \& int RSA_print(BIO *bp, RSA *x, int offset); @@ -198,12 +202,6 @@ rsa \- \s-1RSA\s0 public key cryptosystem \& int RSA_set_ex_data(RSA *r,int idx,char *arg); \& char *RSA_get_ex_data(RSA *r, int idx); .Ve -.Vb 4 -\& int RSA_private_encrypt(int flen, unsigned char *from, -\& unsigned char *to, RSA *rsa,int padding); -\& int RSA_public_decrypt(int flen, unsigned char *from, -\& unsigned char *to, RSA *rsa,int padding); -.Ve .Vb 6 \& int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m, \& unsigned int m_len, unsigned char *sigret, unsigned int *siglen, @@ -241,6 +239,14 @@ In public keys, the private exponent and the related secret values are \&\fBp\fR, \fBq\fR, \fBdmp1\fR, \fBdmq1\fR and \fBiqmp\fR may be \fB\s-1NULL\s0\fR in private keys, but the \s-1RSA\s0 operations are much faster when these values are available. +.PP +Note that \s-1RSA\s0 keys may use non-standard \fB\s-1RSA_METHOD\s0\fR implementations, +either directly or by the use of \fB\s-1ENGINE\s0\fR modules. In some cases (eg. an +\&\s-1ENGINE\s0 providing support for hardware-embedded keys), these \s-1BIGNUM\s0 values +will not be used by the implementation or may be used for alternative data +storage. For this reason, applications should generally avoid using \s-1RSA\s0 +structure elements directly and instead use \s-1API\s0 functions to query or +modify keys. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0 @@ -250,7 +256,7 @@ available. .SH "SEE ALSO" .IX Header "SEE ALSO" rsa(1), bn(3), dsa(3), dh(3), -rand(3), RSA_new(3), +rand(3), engine(3), RSA_new(3), RSA_public_encrypt(3), RSA_sign(3), RSA_size(3), RSA_generate_key(3), diff --git a/secure/lib/libcrypto/man/rsautl.1 b/secure/lib/libcrypto/man/rsautl.1 deleted file mode 100644 index 62b755240f9e..000000000000 --- a/secure/lib/libcrypto/man/rsautl.1 +++ /dev/null @@ -1,312 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:54 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "RSAUTL 1" -.TH RSAUTL 1 "0.9.6e" "2001-07-19" "OpenSSL" -.UC -.SH "NAME" -rsautl \- \s-1RSA\s0 utility -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBrsautl\fR -[\fB\-in file\fR] -[\fB\-out file\fR] -[\fB\-inkey file\fR] -[\fB\-pubin\fR] -[\fB\-certin\fR] -[\fB\-sign\fR] -[\fB\-verify\fR] -[\fB\-encrypt\fR] -[\fB\-decrypt\fR] -[\fB\-pkcs\fR] -[\fB\-ssl\fR] -[\fB\-raw\fR] -[\fB\-hexdump\fR] -[\fB\-asn1parse\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBrsautl\fR command can be used to sign, verify, encrypt and decrypt -data using the \s-1RSA\s0 algorithm. -.SH "COMMAND OPTIONS" -.IX Header "COMMAND OPTIONS" -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -This specifies the input filename to read data from or standard input -if this option is not specified. -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -specifies the output filename to write to or standard output by -default. -.Ip "\fB\-inkey file\fR" 4 -.IX Item "-inkey file" -the input key file, by default it should be an \s-1RSA\s0 private key. -.Ip "\fB\-pubin\fR" 4 -.IX Item "-pubin" -the input file is an \s-1RSA\s0 public key. -.Ip "\fB\-certin\fR" 4 -.IX Item "-certin" -the input is a certificate containing an \s-1RSA\s0 public key. -.Ip "\fB\-sign\fR" 4 -.IX Item "-sign" -sign the input data and output the signed result. This requires -and \s-1RSA\s0 private key. -.Ip "\fB\-verify\fR" 4 -.IX Item "-verify" -verify the input data and output the recovered data. -.Ip "\fB\-encrypt\fR" 4 -.IX Item "-encrypt" -encrypt the input data using an \s-1RSA\s0 public key. -.Ip "\fB\-decrypt\fR" 4 -.IX Item "-decrypt" -decrypt the input data using an \s-1RSA\s0 private key. -.Ip "\fB\-pkcs, \-oaep, \-ssl, \-raw\fR" 4 -.IX Item "-pkcs, -oaep, -ssl, -raw" -the padding to use: PKCS#1 v1.5 (the default), PKCS#1 \s-1OAEP\s0, -special padding used in \s-1SSL\s0 v2 backwards compatible handshakes, -or no padding, respectively. -For signatures, only \fB\-pkcs\fR and \fB\-raw\fR can be used. -.Ip "\fB\-hexdump\fR" 4 -.IX Item "-hexdump" -hex dump the output data. -.Ip "\fB\-asn1parse\fR" 4 -.IX Item "-asn1parse" -asn1parse the output data, this is useful when combined with the -\&\fB\-verify\fR option. -.SH "NOTES" -.IX Header "NOTES" -\&\fBrsautl\fR because it uses the \s-1RSA\s0 algorithm directly can only be -used to sign or verify small pieces of data. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Sign some data using a private key: -.PP -.Vb 1 -\& openssl rsautl -sign -in file -inkey key.pem -out sig -.Ve -Recover the signed data -.PP -.Vb 1 -\& openssl rsautl -verify -in sig -inkey key.pem -.Ve -Examine the raw signed data: -.PP -.Vb 1 -\& openssl rsautl -verify -in file -inkey key.pem -raw -hexdump -.Ve -.Vb 8 -\& 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ -\& 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ -\& 0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ -\& 0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ -\& 0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ -\& 0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ -\& 0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ -\& 0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64 .....hello world -.Ve -The PKCS#1 block formatting is evident from this. If this was done using -encrypt and decrypt the block would have been of type 2 (the second byte) -and random padding data visible instead of the 0xff bytes. -.PP -It is possible to analyse the signature of certificates using this -utility in conjunction with \fBasn1parse\fR. Consider the self signed -example in certs/pca-cert.pem . Running \fBasn1parse\fR as follows yields: -.PP -.Vb 1 -\& openssl asn1parse -in pca-cert.pem -.Ve -.Vb 18 -\& 0:d=0 hl=4 l= 742 cons: SEQUENCE -\& 4:d=1 hl=4 l= 591 cons: SEQUENCE -\& 8:d=2 hl=2 l= 3 cons: cont [ 0 ] -\& 10:d=3 hl=2 l= 1 prim: INTEGER :02 -\& 13:d=2 hl=2 l= 1 prim: INTEGER :00 -\& 16:d=2 hl=2 l= 13 cons: SEQUENCE -\& 18:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption -\& 29:d=3 hl=2 l= 0 prim: NULL -\& 31:d=2 hl=2 l= 92 cons: SEQUENCE -\& 33:d=3 hl=2 l= 11 cons: SET -\& 35:d=4 hl=2 l= 9 cons: SEQUENCE -\& 37:d=5 hl=2 l= 3 prim: OBJECT :countryName -\& 42:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU -\& .... -\& 599:d=1 hl=2 l= 13 cons: SEQUENCE -\& 601:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption -\& 612:d=2 hl=2 l= 0 prim: NULL -\& 614:d=1 hl=3 l= 129 prim: BIT STRING -.Ve -The final \s-1BIT\s0 \s-1STRING\s0 contains the actual signature. It can be extracted with: -.PP -.Vb 1 -\& openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614 -.Ve -The certificate public key can be extracted with: -.PP -.Vb 1 -\& openssl x509 -in test/testx509.pem -pubout -noout >pubkey.pem -.Ve -The signature can be analysed with: -.PP -.Vb 1 -\& openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin -.Ve -.Vb 6 -\& 0:d=0 hl=2 l= 32 cons: SEQUENCE -\& 2:d=1 hl=2 l= 12 cons: SEQUENCE -\& 4:d=2 hl=2 l= 8 prim: OBJECT :md5 -\& 14:d=2 hl=2 l= 0 prim: NULL -\& 16:d=1 hl=2 l= 16 prim: OCTET STRING -\& 0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5 .F...Js.7...H%.. -.Ve -This is the parsed version of an \s-1ASN1\s0 DigestInfo structure. It can be seen that -the digest used was md5. The actual part of the certificate that was signed can -be extracted with: -.PP -.Vb 1 -\& openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4 -.Ve -and its digest computed with: -.PP -.Vb 2 -\& openssl md5 -c tbs -\& MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5 -.Ve -which it can be seen agrees with the recovered value above. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -dgst(1), rsa(1), genrsa(1) diff --git a/secure/lib/libcrypto/man/s_client.1 b/secure/lib/libcrypto/man/s_client.1 deleted file mode 100644 index e7c3665925da..000000000000 --- a/secure/lib/libcrypto/man/s_client.1 +++ /dev/null @@ -1,336 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:54 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "S_CLIENT 1" -.TH S_CLIENT 1 "0.9.6e" "2001-05-19" "OpenSSL" -.UC -.SH "NAME" -s_client \- \s-1SSL/TLS\s0 client program -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBs_client\fR -[\fB\-connect\fR host:port>] -[\fB\-verify depth\fR] -[\fB\-cert filename\fR] -[\fB\-key filename\fR] -[\fB\-CApath directory\fR] -[\fB\-CAfile filename\fR] -[\fB\-reconnect\fR] -[\fB\-pause\fR] -[\fB\-showcerts\fR] -[\fB\-debug\fR] -[\fB\-nbio_test\fR] -[\fB\-state\fR] -[\fB\-nbio\fR] -[\fB\-crlf\fR] -[\fB\-ign_eof\fR] -[\fB\-quiet\fR] -[\fB\-ssl2\fR] -[\fB\-ssl3\fR] -[\fB\-tls1\fR] -[\fB\-no_ssl2\fR] -[\fB\-no_ssl3\fR] -[\fB\-no_tls1\fR] -[\fB\-bugs\fR] -[\fB\-cipher cipherlist\fR] -[\fB\-rand \f(BIfile\fB\|(s)\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBs_client\fR command implements a generic \s-1SSL/TLS\s0 client which connects -to a remote host using \s-1SSL/TLS\s0. It is a \fIvery\fR useful diagnostic tool for -\&\s-1SSL\s0 servers. -.SH "OPTIONS" -.IX Header "OPTIONS" -.Ip "\fB\-connect host:port\fR" 4 -.IX Item "-connect host:port" -This specifies the host and optional port to connect to. If not specified -then an attempt is made to connect to the local host on port 4433. -.Ip "\fB\-cert certname\fR" 4 -.IX Item "-cert certname" -The certificate to use, if one is requested by the server. The default is -not to use a certificate. -.Ip "\fB\-key keyfile\fR" 4 -.IX Item "-key keyfile" -The private key to use. If not specified then the certificate file will -be used. -.Ip "\fB\-verify depth\fR" 4 -.IX Item "-verify depth" -The verify depth to use. This specifies the maximum length of the -server certificate chain and turns on server certificate verification. -Currently the verify operation continues after errors so all the problems -with a certificate chain can be seen. As a side effect the connection -will never fail due to a server certificate verify failure. -.Ip "\fB\-CApath directory\fR" 4 -.IX Item "-CApath directory" -The directory to use for server certificate verification. This directory -must be in \*(L"hash format\*(R", see \fBverify\fR for more information. These are -also used when building the client certificate chain. -.Ip "\fB\-CAfile file\fR" 4 -.IX Item "-CAfile file" -A file containing trusted certificates to use during server authentication -and to use when attempting to build the client certificate chain. -.Ip "\fB\-reconnect\fR" 4 -.IX Item "-reconnect" -reconnects to the same server 5 times using the same session \s-1ID\s0, this can -be used as a test that session caching is working. -.Ip "\fB\-pause\fR" 4 -.IX Item "-pause" -pauses 1 second between each read and write call. -.Ip "\fB\-showcerts\fR" 4 -.IX Item "-showcerts" -display the whole server certificate chain: normally only the server -certificate itself is displayed. -.Ip "\fB\-prexit\fR" 4 -.IX Item "-prexit" -print session information when the program exits. This will always attempt -to print out information even if the connection fails. Normally information -will only be printed out once if the connection succeeds. This option is useful -because the cipher in use may be renegotiated or the connection may fail -because a client certificate is required or is requested only after an -attempt is made to access a certain \s-1URL\s0. Note: the output produced by this -option is not always accurate because a connection might never have been -established. -.Ip "\fB\-state\fR" 4 -.IX Item "-state" -prints out the \s-1SSL\s0 session states. -.Ip "\fB\-debug\fR" 4 -.IX Item "-debug" -print extensive debugging information including a hex dump of all traffic. -.Ip "\fB\-nbio_test\fR" 4 -.IX Item "-nbio_test" -tests non-blocking I/O -.Ip "\fB\-nbio\fR" 4 -.IX Item "-nbio" -turns on non-blocking I/O -.Ip "\fB\-crlf\fR" 4 -.IX Item "-crlf" -this option translated a line feed from the terminal into \s-1CR+LF\s0 as required -by some servers. -.Ip "\fB\-ign_eof\fR" 4 -.IX Item "-ign_eof" -inhibit shutting down the connection when end of file is reached in the -input. -.Ip "\fB\-quiet\fR" 4 -.IX Item "-quiet" -inhibit printing of session and certificate information. This implicitely -turns on \fB\-ign_eof\fR as well. -.Ip "\fB\-ssl2\fR, \fB\-ssl3\fR, \fB\-tls1\fR, \fB\-no_ssl2\fR, \fB\-no_ssl3\fR, \fB\-no_tls1\fR" 4 -.IX Item "-ssl2, -ssl3, -tls1, -no_ssl2, -no_ssl3, -no_tls1" -these options disable the use of certain \s-1SSL\s0 or \s-1TLS\s0 protocols. By default -the initial handshake uses a method which should be compatible with all -servers and permit them to use \s-1SSL\s0 v3, \s-1SSL\s0 v2 or \s-1TLS\s0 as appropriate. -.Sp -Unfortunately there are a lot of ancient and broken servers in use which -cannot handle this technique and will fail to connect. Some servers only -work if \s-1TLS\s0 is turned off with the \fB\-no_tls\fR option others will only -support \s-1SSL\s0 v2 and may need the \fB\-ssl2\fR option. -.Ip "\fB\-bugs\fR" 4 -.IX Item "-bugs" -there are several known bug in \s-1SSL\s0 and \s-1TLS\s0 implementations. Adding this -option enables various workarounds. -.Ip "\fB\-cipher cipherlist\fR" 4 -.IX Item "-cipher cipherlist" -this allows the cipher list sent by the client to be modified. Although -the server determines which cipher suite is used it should take the first -supported cipher in the list sent by the client. See the \fBciphers\fR -command for more information. -.Ip "\fB\-rand \f(BIfile\fB\|(s)\fR" 4 -.IX Item "-rand file" -a file or files containing random data used to seed the random number -generator, or an \s-1EGD\s0 socket (see RAND_egd(3)). -Multiple files can be specified separated by a OS-dependent character. -The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for -all others. -.SH "CONNECTED COMMANDS" -.IX Header "CONNECTED COMMANDS" -If a connection is established with an \s-1SSL\s0 server then any data received -from the server is displayed and any key presses will be sent to the -server. When used interactively (which means neither \fB\-quiet\fR nor \fB\-ign_eof\fR -have been given), the session will be renegociated if the line begins with an -\&\fBR\fR, and if the line begins with a \fBQ\fR or if end of file is reached, the -connection will be closed down. -.SH "NOTES" -.IX Header "NOTES" -\&\fBs_client\fR can be used to debug \s-1SSL\s0 servers. To connect to an \s-1SSL\s0 \s-1HTTP\s0 -server the command: -.PP -.Vb 1 -\& openssl s_client -connect servername:443 -.Ve -would typically be used (https uses port 443). If the connection succeeds -then an \s-1HTTP\s0 command can be given such as \*(L"\s-1GET\s0 /\*(R" to retrieve a web page. -.PP -If the handshake fails then there are several possible causes, if it is -nothing obvious like no client certificate then the \fB\-bugs\fR, \fB\-ssl2\fR, -\&\fB\-ssl3\fR, \fB\-tls1\fR, \fB\-no_ssl2\fR, \fB\-no_ssl3\fR, \fB\-no_tls1\fR can be tried -in case it is a buggy server. In particular you should play with these -options \fBbefore\fR submitting a bug report to an OpenSSL mailing list. -.PP -A frequent problem when attempting to get client certificates working -is that a web client complains it has no certificates or gives an empty -list to choose from. This is normally because the server is not sending -the clients certificate authority in its \*(L"acceptable \s-1CA\s0 list\*(R" when it -requests a certificate. By using \fBs_client\fR the \s-1CA\s0 list can be viewed -and checked. However some servers only request client authentication -after a specific \s-1URL\s0 is requested. To obtain the list in this case it -is necessary to use the \fB\-prexit\fR command and send an \s-1HTTP\s0 request -for an appropriate page. -.PP -If a certificate is specified on the command line using the \fB\-cert\fR -option it will not be used unless the server specifically requests -a client certificate. Therefor merely including a client certificate -on the command line is no guarantee that the certificate works. -.PP -If there are problems verifying a server certificate then the -\&\fB\-showcerts\fR option can be used to show the whole chain. -.SH "BUGS" -.IX Header "BUGS" -Because this program has a lot of options and also because some of -the techniques used are rather old, the C source of s_client is rather -hard to read and not a model of how things should be done. A typical -\&\s-1SSL\s0 client program would be much simpler. -.PP -The \fB\-verify\fR option should really exit if the server verification -fails. -.PP -The \fB\-prexit\fR option is a bit of a hack. We should really report -information whenever a session is renegotiated. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -sess_id(1), s_server(1), ciphers(1) diff --git a/secure/lib/libcrypto/man/s_server.1 b/secure/lib/libcrypto/man/s_server.1 deleted file mode 100644 index a0217466d31a..000000000000 --- a/secure/lib/libcrypto/man/s_server.1 +++ /dev/null @@ -1,366 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:55 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "S_SERVER 1" -.TH S_SERVER 1 "0.9.6e" "2001-07-19" "OpenSSL" -.UC -.SH "NAME" -s_server \- \s-1SSL/TLS\s0 server program -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBs_server\fR -[\fB\-accept port\fR] -[\fB\-context id\fR] -[\fB\-verify depth\fR] -[\fB\-Verify depth\fR] -[\fB\-cert filename\fR] -[\fB\-key keyfile\fR] -[\fB\-dcert filename\fR] -[\fB\-dkey keyfile\fR] -[\fB\-dhparam filename\fR] -[\fB\-nbio\fR] -[\fB\-nbio_test\fR] -[\fB\-crlf\fR] -[\fB\-debug\fR] -[\fB\-state\fR] -[\fB\-CApath directory\fR] -[\fB\-CAfile filename\fR] -[\fB\-nocert\fR] -[\fB\-cipher cipherlist\fR] -[\fB\-quiet\fR] -[\fB\-no_tmp_rsa\fR] -[\fB\-ssl2\fR] -[\fB\-ssl3\fR] -[\fB\-tls1\fR] -[\fB\-no_ssl2\fR] -[\fB\-no_ssl3\fR] -[\fB\-no_tls1\fR] -[\fB\-no_dhe\fR] -[\fB\-bugs\fR] -[\fB\-hack\fR] -[\fB\-www\fR] -[\fB\-WWW\fR] -[\fB\-rand \f(BIfile\fB\|(s)\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBs_server\fR command implements a generic \s-1SSL/TLS\s0 server which listens -for connections on a given port using \s-1SSL/TLS\s0. -.SH "OPTIONS" -.IX Header "OPTIONS" -.Ip "\fB\-accept port\fR" 4 -.IX Item "-accept port" -the \s-1TCP\s0 port to listen on for connections. If not specified 4433 is used. -.Ip "\fB\-context id\fR" 4 -.IX Item "-context id" -sets the \s-1SSL\s0 context id. It can be given any string value. If this option -is not present a default value will be used. -.Ip "\fB\-cert certname\fR" 4 -.IX Item "-cert certname" -The certificate to use, most servers cipher suites require the use of a -certificate and some require a certificate with a certain public key type: -for example the \s-1DSS\s0 cipher suites require a certificate containing a \s-1DSS\s0 -(\s-1DSA\s0) key. If not specified then the filename \*(L"server.pem\*(R" will be used. -.Ip "\fB\-key keyfile\fR" 4 -.IX Item "-key keyfile" -The private key to use. If not specified then the certificate file will -be used. -.Ip "\fB\-dcert filename\fR, \fB\-dkey keyname\fR" 4 -.IX Item "-dcert filename, -dkey keyname" -specify an additional certificate and private key, these behave in the -same manner as the \fB\-cert\fR and \fB\-key\fR options except there is no default -if they are not specified (no additional certificate and key is used). As -noted above some cipher suites require a certificate containing a key of -a certain type. Some cipher suites need a certificate carrying an \s-1RSA\s0 key -and some a \s-1DSS\s0 (\s-1DSA\s0) key. By using \s-1RSA\s0 and \s-1DSS\s0 certificates and keys -a server can support clients which only support \s-1RSA\s0 or \s-1DSS\s0 cipher suites -by using an appropriate certificate. -.Ip "\fB\-nocert\fR" 4 -.IX Item "-nocert" -if this option is set then no certificate is used. This restricts the -cipher suites available to the anonymous ones (currently just anonymous -\&\s-1DH\s0). -.Ip "\fB\-dhparam filename\fR" 4 -.IX Item "-dhparam filename" -the \s-1DH\s0 parameter file to use. The ephemeral \s-1DH\s0 cipher suites generate keys -using a set of \s-1DH\s0 parameters. If not specified then an attempt is made to -load the parameters from the server certificate file. If this fails then -a static set of parameters hard coded into the s_server program will be used. -.Ip "\fB\-no_dhe\fR" 4 -.IX Item "-no_dhe" -if this option is set then no \s-1DH\s0 parameters will be loaded effectively -disabling the ephemeral \s-1DH\s0 cipher suites. -.Ip "\fB\-no_tmp_rsa\fR" 4 -.IX Item "-no_tmp_rsa" -certain export cipher suites sometimes use a temporary \s-1RSA\s0 key, this option -disables temporary \s-1RSA\s0 key generation. -.Ip "\fB\-verify depth\fR, \fB\-Verify depth\fR" 4 -.IX Item "-verify depth, -Verify depth" -The verify depth to use. This specifies the maximum length of the -client certificate chain and makes the server request a certificate from -the client. With the \fB\-verify\fR option a certificate is requested but the -client does not have to send one, with the \fB\-Verify\fR option the client -must supply a certificate or an error occurs. -.Ip "\fB\-CApath directory\fR" 4 -.IX Item "-CApath directory" -The directory to use for client certificate verification. This directory -must be in \*(L"hash format\*(R", see \fBverify\fR for more information. These are -also used when building the server certificate chain. -.Ip "\fB\-CAfile file\fR" 4 -.IX Item "-CAfile file" -A file containing trusted certificates to use during client authentication -and to use when attempting to build the server certificate chain. The list -is also used in the list of acceptable client CAs passed to the client when -a certificate is requested. -.Ip "\fB\-state\fR" 4 -.IX Item "-state" -prints out the \s-1SSL\s0 session states. -.Ip "\fB\-debug\fR" 4 -.IX Item "-debug" -print extensive debugging information including a hex dump of all traffic. -.Ip "\fB\-nbio_test\fR" 4 -.IX Item "-nbio_test" -tests non blocking I/O -.Ip "\fB\-nbio\fR" 4 -.IX Item "-nbio" -turns on non blocking I/O -.Ip "\fB\-crlf\fR" 4 -.IX Item "-crlf" -this option translated a line feed from the terminal into \s-1CR+LF\s0. -.Ip "\fB\-quiet\fR" 4 -.IX Item "-quiet" -inhibit printing of session and certificate information. -.Ip "\fB\-ssl2\fR, \fB\-ssl3\fR, \fB\-tls1\fR, \fB\-no_ssl2\fR, \fB\-no_ssl3\fR, \fB\-no_tls1\fR" 4 -.IX Item "-ssl2, -ssl3, -tls1, -no_ssl2, -no_ssl3, -no_tls1" -these options disable the use of certain \s-1SSL\s0 or \s-1TLS\s0 protocols. By default -the initial handshake uses a method which should be compatible with all -servers and permit them to use \s-1SSL\s0 v3, \s-1SSL\s0 v2 or \s-1TLS\s0 as appropriate. -.Ip "\fB\-bugs\fR" 4 -.IX Item "-bugs" -there are several known bug in \s-1SSL\s0 and \s-1TLS\s0 implementations. Adding this -option enables various workarounds. -.Ip "\fB\-hack\fR" 4 -.IX Item "-hack" -this option enables a further workaround for some some early Netscape -\&\s-1SSL\s0 code (?). -.Ip "\fB\-cipher cipherlist\fR" 4 -.IX Item "-cipher cipherlist" -this allows the cipher list used by the server to be modified. When -the client sends a list of supported ciphers the first client cipher -also included in the server list is used. Because the client specifies -the preference order, the order of the server cipherlist irrelevant. See -the \fBciphers\fR command for more information. -.Ip "\fB\-www\fR" 4 -.IX Item "-www" -sends a status message back to the client when it connects. This includes -lots of information about the ciphers used and various session parameters. -The output is in \s-1HTML\s0 format so this option will normally be used with a -web browser. -.Ip "\fB\-WWW\fR" 4 -.IX Item "-WWW" -emulates a simple web server. Pages will be resolved relative to the -current directory, for example if the \s-1URL\s0 https://myhost/page.html is -requested the file ./page.html will be loaded. -.Ip "\fB\-rand \f(BIfile\fB\|(s)\fR" 4 -.IX Item "-rand file" -a file or files containing random data used to seed the random number -generator, or an \s-1EGD\s0 socket (see RAND_egd(3)). -Multiple files can be specified separated by a OS-dependent character. -The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for -all others. -.SH "CONNECTED COMMANDS" -.IX Header "CONNECTED COMMANDS" -If a connection request is established with an \s-1SSL\s0 client and neither the -\&\fB\-www\fR nor the \fB\-WWW\fR option has been used then normally any data received -from the client is displayed and any key presses will be sent to the client. -.PP -Certain single letter commands are also recognized which perform special -operations: these are listed below. -.Ip "\fBq\fR" 4 -.IX Item "q" -end the current \s-1SSL\s0 connection but still accept new connections. -.Ip "\fBQ\fR" 4 -.IX Item "Q" -end the current \s-1SSL\s0 connection and exit. -.Ip "\fBr\fR" 4 -.IX Item "r" -renegotiate the \s-1SSL\s0 session. -.Ip "\fBR\fR" 4 -.IX Item "R" -renegotiate the \s-1SSL\s0 session and request a client certificate. -.Ip "\fBP\fR" 4 -.IX Item "P" -send some plain text down the underlying \s-1TCP\s0 connection: this should -cause the client to disconnect due to a protocol violation. -.Ip "\fBS\fR" 4 -.IX Item "S" -print out some session cache status information. -.SH "NOTES" -.IX Header "NOTES" -\&\fBs_server\fR can be used to debug \s-1SSL\s0 clients. To accept connections from -a web browser the command: -.PP -.Vb 1 -\& openssl s_server -accept 443 -www -.Ve -can be used for example. -.PP -Most web browsers (in particular Netscape and \s-1MSIE\s0) only support \s-1RSA\s0 cipher -suites, so they cannot connect to servers which don't use a certificate -carrying an \s-1RSA\s0 key or a version of OpenSSL with \s-1RSA\s0 disabled. -.PP -Although specifying an empty list of CAs when requesting a client certificate -is strictly speaking a protocol violation, some \s-1SSL\s0 clients interpret this to -mean any \s-1CA\s0 is acceptable. This is useful for debugging purposes. -.PP -The session parameters can printed out using the \fBsess_id\fR program. -.SH "BUGS" -.IX Header "BUGS" -Because this program has a lot of options and also because some of -the techniques used are rather old, the C source of s_server is rather -hard to read and not a model of how things should be done. A typical -\&\s-1SSL\s0 server program would be much simpler. -.PP -The output of common ciphers is wrong: it just gives the list of ciphers that -OpenSSL recognizes and the client supports. -.PP -There should be a way for the \fBs_server\fR program to print out details of any -unknown cipher suites a client says it supports. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -sess_id(1), s_client(1), ciphers(1) diff --git a/secure/lib/libcrypto/man/sess_id.1 b/secure/lib/libcrypto/man/sess_id.1 deleted file mode 100644 index 9a9c5575c96f..000000000000 --- a/secure/lib/libcrypto/man/sess_id.1 +++ /dev/null @@ -1,258 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:56 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SESS_ID 1" -.TH SESS_ID 1 "0.9.6e" "2000-04-13" "OpenSSL" -.UC -.SH "NAME" -sess_id \- \s-1SSL/TLS\s0 session handling utility -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBsess_id\fR -[\fB\-inform PEM|DER\fR] -[\fB\-outform PEM|DER\fR] -[\fB\-in filename\fR] -[\fB\-out filename\fR] -[\fB\-text\fR] -[\fB\-noout\fR] -[\fB\-context \s-1ID\s0\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBsess_id\fR process the encoded version of the \s-1SSL\s0 session structure -and optionally prints out \s-1SSL\s0 session details (for example the \s-1SSL\s0 session -master key) in human readable format. Since this is a diagnostic tool that -needs some knowledge of the \s-1SSL\s0 protocol to use properly, most users will -not need to use it. -.Ip "\fB\-inform DER|PEM\fR" 4 -.IX Item "-inform DER|PEM" -This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded -format containing session details. The precise format can vary from one version -to the next. The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR -format base64 encoded with additional header and footer lines. -.Ip "\fB\-outform DER|PEM\fR" 4 -.IX Item "-outform DER|PEM" -This specifies the output format, the options have the same meaning as the -\&\fB\-inform\fR option. -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -This specifies the input filename to read session information from or standard -input by default. -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -This specifies the output filename to write session information to or standard -output if this option is not specified. -.Ip "\fB\-text\fR" 4 -.IX Item "-text" -prints out the various public or private key components in -plain text in addition to the encoded version. -.Ip "\fB\-cert\fR" 4 -.IX Item "-cert" -if a certificate is present in the session it will be output using this option, -if the \fB\-text\fR option is also present then it will be printed out in text form. -.Ip "\fB\-noout\fR" 4 -.IX Item "-noout" -this option prevents output of the encoded version of the session. -.Ip "\fB\-context \s-1ID\s0\fR" 4 -.IX Item "-context ID" -this option can set the session id so the output session information uses the -supplied \s-1ID\s0. The \s-1ID\s0 can be any string of characters. This option wont normally -be used. -.SH "OUTPUT" -.IX Header "OUTPUT" -Typical output: -.PP -.Vb 10 -\& SSL-Session: -\& Protocol : TLSv1 -\& Cipher : 0016 -\& Session-ID: 871E62626C554CE95488823752CBD5F3673A3EF3DCE9C67BD916C809914B40ED -\& Session-ID-ctx: 01000000 -\& Master-Key: A7CEFC571974BE02CAC305269DC59F76EA9F0B180CB6642697A68251F2D2BB57E51DBBB4C7885573192AE9AEE220FACD -\& Key-Arg : None -\& Start Time: 948459261 -\& Timeout : 300 (sec) -\& Verify return code 0 (ok) -.Ve -Theses are described below in more detail. -.Ip "\fBProtocol\fR" 4 -.IX Item "Protocol" -this is the protocol in use TLSv1, SSLv3 or SSLv2. -.Ip "\fBCipher\fR" 4 -.IX Item "Cipher" -the cipher used this is the actual raw \s-1SSL\s0 or \s-1TLS\s0 cipher code, see the \s-1SSL\s0 -or \s-1TLS\s0 specifications for more information. -.Ip "\fBSession-ID\fR" 4 -.IX Item "Session-ID" -the \s-1SSL\s0 session \s-1ID\s0 in hex format. -.Ip "\fBSession-ID-ctx\fR" 4 -.IX Item "Session-ID-ctx" -the session \s-1ID\s0 context in hex format. -.Ip "\fBMaster-Key\fR" 4 -.IX Item "Master-Key" -this is the \s-1SSL\s0 session master key. -.Ip "\fBKey-Arg\fR" 4 -.IX Item "Key-Arg" -the key argument, this is only used in \s-1SSL\s0 v2. -.Ip "\fBStart Time\fR" 4 -.IX Item "Start Time" -this is the session start time represented as an integer in standard Unix format. -.Ip "\fBTimeout\fR" 4 -.IX Item "Timeout" -the timeout in seconds. -.Ip "\fBVerify return code\fR" 4 -.IX Item "Verify return code" -this is the return code when an \s-1SSL\s0 client certificate is verified. -.SH "NOTES" -.IX Header "NOTES" -The \s-1PEM\s0 encoded session format uses the header and footer lines: -.PP -.Vb 2 -\& -----BEGIN SSL SESSION PARAMETERS----- -\& -----END SSL SESSION PARAMETERS----- -.Ve -Since the \s-1SSL\s0 session output contains the master key it is possible to read the contents -of an encrypted session using this information. Therefore appropriate security precautions -should be taken if the information is being output by a \*(L"real\*(R" application. This is -however strongly discouraged and should only be used for debugging purposes. -.SH "BUGS" -.IX Header "BUGS" -The cipher and start time should be printed out in human readable form. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ciphers(1), s_server(1) diff --git a/secure/lib/libcrypto/man/sha.3 b/secure/lib/libcrypto/man/sha.3 index 332f583c9ed0..349f228dc439 100644 --- a/secure/lib/libcrypto/man/sha.3 +++ b/secure/lib/libcrypto/man/sha.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:11 2002 +.\" Mon Jan 13 19:29:33 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "sha 3" -.TH sha 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH sha 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" \&\s-1SHA1\s0, SHA1_Init, SHA1_Update, SHA1_Final \- Secure Hash Algorithm diff --git a/secure/lib/libcrypto/man/smime.1 b/secure/lib/libcrypto/man/smime.1 deleted file mode 100644 index a04e8359b818..000000000000 --- a/secure/lib/libcrypto/man/smime.1 +++ /dev/null @@ -1,473 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:57 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SMIME 1" -.TH SMIME 1 "0.9.6e" "2002-07-30" "OpenSSL" -.UC -.SH "NAME" -smime \- S/MIME utility -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBsmime\fR -[\fB\-encrypt\fR] -[\fB\-decrypt\fR] -[\fB\-sign\fR] -[\fB\-verify\fR] -[\fB\-pk7out\fR] -[\fB\-des\fR] -[\fB\-des3\fR] -[\fB\-rc2\-40\fR] -[\fB\-rc2\-64\fR] -[\fB\-rc2\-128\fR] -[\fB\-in file\fR] -[\fB\-certfile file\fR] -[\fB\-signer file\fR] -[\fB\-recip file\fR] -[\fB\-inform SMIME|PEM|DER\fR] -[\fB\-passin arg\fR] -[\fB\-inkey file\fR] -[\fB\-out file\fR] -[\fB\-outform SMIME|PEM|DER\fR] -[\fB\-content file\fR] -[\fB\-to addr\fR] -[\fB\-from ad\fR] -[\fB\-subject s\fR] -[\fB\-text\fR] -[\fB\-rand \f(BIfile\fB\|(s)\fR] -[cert.pem]... -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBsmime\fR command handles S/MIME mail. It can encrypt, decrypt, sign and -verify S/MIME messages. -.SH "COMMAND OPTIONS" -.IX Header "COMMAND OPTIONS" -There are five operation options that set the type of operation to be performed. -The meaning of the other options varies according to the operation type. -.Ip "\fB\-encrypt\fR" 4 -.IX Item "-encrypt" -encrypt mail for the given recipient certificates. Input file is the message -to be encrypted. The output file is the encrypted mail in \s-1MIME\s0 format. -.Ip "\fB\-decrypt\fR" 4 -.IX Item "-decrypt" -decrypt mail using the supplied certificate and private key. Expects an -encrypted mail message in \s-1MIME\s0 format for the input file. The decrypted mail -is written to the output file. -.Ip "\fB\-sign\fR" 4 -.IX Item "-sign" -sign mail using the supplied certificate and private key. Input file is -the message to be signed. The signed message in \s-1MIME\s0 format is written -to the output file. -.Ip "\fB\-verify\fR" 4 -.IX Item "-verify" -verify signed mail. Expects a signed mail message on input and outputs -the signed data. Both clear text and opaque signing is supported. -.Ip "\fB\-pk7out\fR" 4 -.IX Item "-pk7out" -takes an input message and writes out a \s-1PEM\s0 encoded PKCS#7 structure. -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -the input message to be encrypted or signed or the \s-1MIME\s0 message to -be decrypted or verified. -.Ip "\fB\-inform SMIME|PEM|DER\fR" 4 -.IX Item "-inform SMIME|PEM|DER" -this specifies the input format for the PKCS#7 structure. The default -is \fB\s-1SMIME\s0\fR which reads an S/MIME format message. \fB\s-1PEM\s0\fR and \fB\s-1DER\s0\fR -format change this to expect \s-1PEM\s0 and \s-1DER\s0 format PKCS#7 structures -instead. This currently only affects the input format of the PKCS#7 -structure, if no PKCS#7 structure is being input (for example with -\&\fB\-encrypt\fR or \fB\-sign\fR) this option has no effect. -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -the message text that has been decrypted or verified or the output \s-1MIME\s0 -format message that has been signed or verified. -.Ip "\fB\-outform SMIME|PEM|DER\fR" 4 -.IX Item "-outform SMIME|PEM|DER" -this specifies the output format for the PKCS#7 structure. The default -is \fB\s-1SMIME\s0\fR which write an S/MIME format message. \fB\s-1PEM\s0\fR and \fB\s-1DER\s0\fR -format change this to write \s-1PEM\s0 and \s-1DER\s0 format PKCS#7 structures -instead. This currently only affects the output format of the PKCS#7 -structure, if no PKCS#7 structure is being output (for example with -\&\fB\-verify\fR or \fB\-decrypt\fR) this option has no effect. -.Ip "\fB\-content filename\fR" 4 -.IX Item "-content filename" -This specifies a file containing the detached content, this is only -useful with the \fB\-verify\fR command. This is only usable if the PKCS#7 -structure is using the detached signature form where the content is -not included. This option will override any content if the input format -is S/MIME and it uses the multipart/signed \s-1MIME\s0 content type. -.Ip "\fB\-text\fR" 4 -.IX Item "-text" -this option adds plain text (text/plain) \s-1MIME\s0 headers to the supplied -message if encrypting or signing. If decrypting or verifying it strips -off text headers: if the decrypted or verified message is not of \s-1MIME\s0 -type text/plain then an error occurs. -.Ip "\fB\-CAfile file\fR" 4 -.IX Item "-CAfile file" -a file containing trusted \s-1CA\s0 certificates, only used with \fB\-verify\fR. -.Ip "\fB\-CApath dir\fR" 4 -.IX Item "-CApath dir" -a directory containing trusted \s-1CA\s0 certificates, only used with -\&\fB\-verify\fR. This directory must be a standard certificate directory: that -is a hash of each subject name (using \fBx509 \-hash\fR) should be linked -to each certificate. -.Ip "\fB\-des \-des3 \-rc2\-40 \-rc2\-64 \-rc2\-128\fR" 4 -.IX Item "-des -des3 -rc2-40 -rc2-64 -rc2-128" -the encryption algorithm to use. \s-1DES\s0 (56 bits), triple \s-1DES\s0 (168 bits) -or 40, 64 or 128 bit \s-1RC2\s0 respectively if not specified 40 bit \s-1RC2\s0 is -used. Only used with \fB\-encrypt\fR. -.Ip "\fB\-nointern\fR" 4 -.IX Item "-nointern" -when verifying a message normally certificates (if any) included in -the message are searched for the signing certificate. With this option -only the certificates specified in the \fB\-certfile\fR option are used. -The supplied certificates can still be used as untrusted CAs however. -.Ip "\fB\-noverify\fR" 4 -.IX Item "-noverify" -do not verify the signers certificate of a signed message. -.Ip "\fB\-nochain\fR" 4 -.IX Item "-nochain" -do not do chain verification of signers certificates: that is don't -use the certificates in the signed message as untrusted CAs. -.Ip "\fB\-nosigs\fR" 4 -.IX Item "-nosigs" -don't try to verify the signatures on the message. -.Ip "\fB\-nocerts\fR" 4 -.IX Item "-nocerts" -when signing a message the signer's certificate is normally included -with this option it is excluded. This will reduce the size of the -signed message but the verifier must have a copy of the signers certificate -available locally (passed using the \fB\-certfile\fR option for example). -.Ip "\fB\-noattr\fR" 4 -.IX Item "-noattr" -normally when a message is signed a set of attributes are included which -include the signing time and supported symmetric algorithms. With this -option they are not included. -.Ip "\fB\-binary\fR" 4 -.IX Item "-binary" -normally the input message is converted to \*(L"canonical\*(R" format which is -effectively using \s-1CR\s0 and \s-1LF\s0 as end of line: as required by the S/MIME -specification. When this option is present no translation occurs. This -is useful when handling binary data which may not be in \s-1MIME\s0 format. -.Ip "\fB\-nodetach\fR" 4 -.IX Item "-nodetach" -when signing a message use opaque signing: this form is more resistant -to translation by mail relays but it cannot be read by mail agents that -do not support S/MIME. Without this option cleartext signing with -the \s-1MIME\s0 type multipart/signed is used. -.Ip "\fB\-certfile file\fR" 4 -.IX Item "-certfile file" -allows additional certificates to be specified. When signing these will -be included with the message. When verifying these will be searched for -the signers certificates. The certificates should be in \s-1PEM\s0 format. -.Ip "\fB\-signer file\fR" 4 -.IX Item "-signer file" -the signers certificate when signing a message. If a message is -being verified then the signers certificates will be written to this -file if the verification was successful. -.Ip "\fB\-recip file\fR" 4 -.IX Item "-recip file" -the recipients certificate when decrypting a message. This certificate -must match one of the recipients of the message or an error occurs. -.Ip "\fB\-inkey file\fR" 4 -.IX Item "-inkey file" -the private key to use when signing or decrypting. This must match the -corresponding certificate. If this option is not specified then the -private key must be included in the certificate file specified with -the \fB\-recip\fR or \fB\-signer\fR file. -.Ip "\fB\-passin arg\fR" 4 -.IX Item "-passin arg" -the private key password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). -.Ip "\fB\-rand \f(BIfile\fB\|(s)\fR" 4 -.IX Item "-rand file" -a file or files containing random data used to seed the random number -generator, or an \s-1EGD\s0 socket (see RAND_egd(3)). -Multiple files can be specified separated by a OS-dependent character. -The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for -all others. -.Ip "\fBcert.pem...\fR" 4 -.IX Item "cert.pem..." -one or more certificates of message recipients: used when encrypting -a message. -.Ip "\fB\-to, \-from, \-subject\fR" 4 -.IX Item "-to, -from, -subject" -the relevant mail headers. These are included outside the signed -portion of a message so they may be included manually. If signing -then many S/MIME mail clients check the signers certificate's email -address matches that specified in the From: address. -.SH "NOTES" -.IX Header "NOTES" -The \s-1MIME\s0 message must be sent without any blank lines between the -headers and the output. Some mail programs will automatically add -a blank line. Piping the mail directly to sendmail is one way to -achieve the correct format. -.PP -The supplied message to be signed or encrypted must include the -necessary \s-1MIME\s0 headers or many S/MIME clients wont display it -properly (if at all). You can use the \fB\-text\fR option to automatically -add plain text headers. -.PP -A \*(L"signed and encrypted\*(R" message is one where a signed message is -then encrypted. This can be produced by encrypting an already signed -message: see the examples section. -.PP -This version of the program only allows one signer per message but it -will verify multiple signers on received messages. Some S/MIME clients -choke if a message contains multiple signers. It is possible to sign -messages \*(L"in parallel\*(R" by signing an already signed message. -.PP -The options \fB\-encrypt\fR and \fB\-decrypt\fR reflect common usage in S/MIME -clients. Strictly speaking these process PKCS#7 enveloped data: PKCS#7 -encrypted data is used for other purposes. -.SH "EXIT CODES" -.IX Header "EXIT CODES" -.Ip "0" 4 -the operation was completely successfully. -.Ip "1" 4 -.IX Item "1" -an error occurred parsing the command options. -.Ip "2" 4 -.IX Item "2" -one of the input files could not be read. -.Ip "3" 4 -.IX Item "3" -an error occurred creating the PKCS#7 file or when reading the \s-1MIME\s0 -message. -.Ip "4" 4 -.IX Item "4" -an error occurred decrypting or verifying the message. -.Ip "5" 4 -.IX Item "5" -the message was verified correctly but an error occurred writing out -the signers certificates. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Create a cleartext signed message: -.PP -.Vb 2 -\& openssl smime -sign -in message.txt -text -out mail.msg \e -\& -signer mycert.pem -.Ve -Create and opaque signed message -.PP -.Vb 2 -\& openssl smime -sign -in message.txt -text -out mail.msg -nodetach \e -\& -signer mycert.pem -.Ve -Create a signed message, include some additional certificates and -read the private key from another file: -.PP -.Vb 2 -\& openssl smime -sign -in in.txt -text -out mail.msg \e -\& -signer mycert.pem -inkey mykey.pem -certfile mycerts.pem -.Ve -Send a signed message under Unix directly to sendmail, including headers: -.PP -.Vb 3 -\& openssl smime -sign -in in.txt -text -signer mycert.pem \e -\& -from steve@openssl.org -to someone@somewhere \e -\& -subject "Signed message" | sendmail someone@somewhere -.Ve -Verify a message and extract the signer's certificate if successful: -.PP -.Vb 1 -\& openssl smime -verify -in mail.msg -signer user.pem -out signedtext.txt -.Ve -Send encrypted mail using triple \s-1DES:\s0 -.PP -.Vb 3 -\& openssl smime -encrypt -in in.txt -from steve@openssl.org \e -\& -to someone@somewhere -subject "Encrypted message" \e -\& -des3 user.pem -out mail.msg -.Ve -Sign and encrypt mail: -.PP -.Vb 4 -\& openssl smime -sign -in ml.txt -signer my.pem -text \e -\& | openssl smime -encrypt -out mail.msg \e -\& -from steve@openssl.org -to someone@somewhere \e -\& -subject "Signed and Encrypted message" -des3 user.pem -.Ve -Note: the encryption command does not include the \fB\-text\fR option because the message -being encrypted already has \s-1MIME\s0 headers. -.PP -Decrypt mail: -.PP -.Vb 1 -\& openssl smime -decrypt -in mail.msg -recip mycert.pem -inkey key.pem -.Ve -The output from Netscape form signing is a PKCS#7 structure with the -detached signature format. You can use this program to verify the -signature by line wrapping the base64 encoded structure and surrounding -it with: -.PP -.Vb 2 -\& -----BEGIN PKCS7---- -\& -----END PKCS7---- -.Ve -and using the command, -.PP -.Vb 1 -\& openssl smime -verify -inform PEM -in signature.pem -content content.txt -.Ve -alternatively you can base64 decode the signature and use -.PP -.Vb 1 -\& openssl smime -verify -inform DER -in signature.der -content content.txt -.Ve -.SH "BUGS" -.IX Header "BUGS" -The \s-1MIME\s0 parser isn't very clever: it seems to handle most messages that I've thrown -at it but it may choke on others. -.PP -The code currently will only write out the signer's certificate to a file: if the -signer has a separate encryption certificate this must be manually extracted. There -should be some heuristic that determines the correct encryption certificate. -.PP -Ideally a database should be maintained of a certificates for each email address. -.PP -The code doesn't currently take note of the permitted symmetric encryption -algorithms as supplied in the SMIMECapabilities signed attribute. this means the -user has to manually include the correct encryption algorithm. It should store -the list of permitted ciphers in a database and only use those. -.PP -No revocation checking is done on the signer's certificate. -.PP -The current code can only handle S/MIME v2 messages, the more complex S/MIME v3 -structures may cause parsing errors. diff --git a/secure/lib/libcrypto/man/spkac.1 b/secure/lib/libcrypto/man/spkac.1 deleted file mode 100644 index 2a7df5a66bba..000000000000 --- a/secure/lib/libcrypto/man/spkac.1 +++ /dev/null @@ -1,248 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:58 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SPKAC 1" -.TH SPKAC 1 "0.9.6e" "2000-04-13" "OpenSSL" -.UC -.SH "NAME" -spkac \- \s-1SPKAC\s0 printing and generating utility -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBspkac\fR -[\fB\-in filename\fR] -[\fB\-out filename\fR] -[\fB\-key keyfile\fR] -[\fB\-passin arg\fR] -[\fB\-challenge string\fR] -[\fB\-pubkey\fR] -[\fB\-spkac spkacname\fR] -[\fB\-spksect section\fR] -[\fB\-noout\fR] -[\fB\-verify\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBspkac\fR command processes Netscape signed public key and challenge -(\s-1SPKAC\s0) files. It can print out their contents, verify the signature and -produce its own SPKACs from a supplied private key. -.SH "COMMAND OPTIONS" -.IX Header "COMMAND OPTIONS" -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -This specifies the input filename to read from or standard input if this -option is not specified. Ignored if the \fB\-key\fR option is used. -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -specifies the output filename to write to or standard output by -default. -.Ip "\fB\-key keyfile\fR" 4 -.IX Item "-key keyfile" -create an \s-1SPKAC\s0 file using the private key in \fBkeyfile\fR. The -\&\fB\-in\fR, \fB\-noout\fR, \fB\-spksect\fR and \fB\-verify\fR options are ignored if -present. -.Ip "\fB\-passin password\fR" 4 -.IX Item "-passin password" -the input file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). -.Ip "\fB\-challenge string\fR" 4 -.IX Item "-challenge string" -specifies the challenge string if an \s-1SPKAC\s0 is being created. -.Ip "\fB\-spkac spkacname\fR" 4 -.IX Item "-spkac spkacname" -allows an alternative name form the variable containing the -\&\s-1SPKAC\s0. The default is \*(L"\s-1SPKAC\s0\*(R". This option affects both -generated and input \s-1SPKAC\s0 files. -.Ip "\fB\-spksect section\fR" 4 -.IX Item "-spksect section" -allows an alternative name form the section containing the -\&\s-1SPKAC\s0. The default is the default section. -.Ip "\fB\-noout\fR" 4 -.IX Item "-noout" -don't output the text version of the \s-1SPKAC\s0 (not used if an -\&\s-1SPKAC\s0 is being created). -.Ip "\fB\-pubkey\fR" 4 -.IX Item "-pubkey" -output the public key of an \s-1SPKAC\s0 (not used if an \s-1SPKAC\s0 is -being created). -.Ip "\fB\-verify\fR" 4 -.IX Item "-verify" -verifies the digital signature on the supplied \s-1SPKAC\s0. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Print out the contents of an \s-1SPKAC:\s0 -.PP -.Vb 1 -\& openssl spkac -in spkac.cnf -.Ve -Verify the signature of an \s-1SPKAC:\s0 -.PP -.Vb 1 -\& openssl spkac -in spkac.cnf -noout -verify -.Ve -Create an \s-1SPKAC\s0 using the challenge string \*(L"hello\*(R": -.PP -.Vb 1 -\& openssl spkac -key key.pem -challenge hello -out spkac.cnf -.Ve -Example of an \s-1SPKAC\s0, (long lines split up for clarity): -.PP -.Vb 5 -\& SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1cCoq2Wa3Ixs47uI7F\e -\& PVwHVIPDx5yso105Y6zpozam135a8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03u\e -\& PFoQIDAQABFgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJh1bEIYuc\e -\& 2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnDdq+NQ3F+X4deMx9AaEglZtULwV\e -\& 4= -.Ve -.SH "NOTES" -.IX Header "NOTES" -A created \s-1SPKAC\s0 with suitable \s-1DN\s0 components appended can be fed into -the \fBca\fR utility. -.PP -SPKACs are typically generated by Netscape when a form is submitted -containing the \fB\s-1KEYGEN\s0\fR tag as part of the certificate enrollment -process. -.PP -The challenge string permits a primitive form of proof of possession -of private key. By checking the \s-1SPKAC\s0 signature and a random challenge -string some guarantee is given that the user knows the private key -corresponding to the public key being certified. This is important in -some applications. Without this it is possible for a previous \s-1SPKAC\s0 -to be used in a \*(L"replay attack\*(R". -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ca(1) diff --git a/secure/lib/libcrypto/man/ssl.3 b/secure/lib/libcrypto/man/ssl.3 deleted file mode 100644 index 1964f5e937c9..000000000000 --- a/secure/lib/libcrypto/man/ssl.3 +++ /dev/null @@ -1,803 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:58 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "ssl 3" -.TH ssl 3 "0.9.6e" "2002-07-30" "OpenSSL" -.UC -.SH "NAME" -\&\s-1SSL\s0 \- OpenSSL \s-1SSL/TLS\s0 library -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The OpenSSL \fBssl\fR library implements the Secure Sockets Layer (\s-1SSL\s0 v2/v3) and -Transport Layer Security (\s-1TLS\s0 v1) protocols. It provides a rich \s-1API\s0 which is -documented here. -.PP -At first the library must be initialized; see -SSL_library_init(3). -.PP -Then an \fB\s-1SSL_CTX\s0\fR object is created as a framework to establish -\&\s-1TLS/SSL\s0 enabled connections (see SSL_CTX_new(3)). -Various options regarding certificates, algorithms etc. can be set -in this object. -.PP -When a network connection has been created, it can be assigned to an -\&\fB\s-1SSL\s0\fR object. After the \fB\s-1SSL\s0\fR object has been created using -SSL_new(3), SSL_set_fd(3) or -SSL_set_bio(3) can be used to associate the network -connection with the object. -.PP -Then the \s-1TLS/SSL\s0 handshake is performed using -SSL_accept(3) or SSL_connect(3) -respectively. -SSL_read(3) and SSL_write(3) are used -to read and write data on the \s-1TLS/SSL\s0 connection. -SSL_shutdown(3) can be used to shut down the -\&\s-1TLS/SSL\s0 connection. -.SH "DATA STRUCTURES" -.IX Header "DATA STRUCTURES" -Currently the OpenSSL \fBssl\fR library functions deals with the following data -structures: -.Ip "\fB\s-1SSL_METHOD\s0\fR (\s-1SSL\s0 Method)" 4 -.IX Item "SSL_METHOD (SSL Method)" -That's a dispatch structure describing the internal \fBssl\fR library -methods/functions which implement the various protocol versions (SSLv1, SSLv2 -and TLSv1). It's needed to create an \fB\s-1SSL_CTX\s0\fR. -.Ip "\fB\s-1SSL_CIPHER\s0\fR (\s-1SSL\s0 Cipher)" 4 -.IX Item "SSL_CIPHER (SSL Cipher)" -This structure holds the algorithm information for a particular cipher which -are a core part of the \s-1SSL/TLS\s0 protocol. The available ciphers are configured -on a \fB\s-1SSL_CTX\s0\fR basis and the actually used ones are then part of the -\&\fB\s-1SSL_SESSION\s0\fR. -.Ip "\fB\s-1SSL_CTX\s0\fR (\s-1SSL\s0 Context)" 4 -.IX Item "SSL_CTX (SSL Context)" -That's the global context structure which is created by a server or client -once per program life-time and which holds mainly default values for the -\&\fB\s-1SSL\s0\fR structures which are later created for the connections. -.Ip "\fB\s-1SSL_SESSION\s0\fR (\s-1SSL\s0 Session)" 4 -.IX Item "SSL_SESSION (SSL Session)" -This is a structure containing the current \s-1TLS/SSL\s0 session details for a -connection: \fB\s-1SSL_CIPHER\s0\fRs, client and server certificates, keys, etc. -.Ip "\fB\s-1SSL\s0\fR (\s-1SSL\s0 Connection)" 4 -.IX Item "SSL (SSL Connection)" -That's the main \s-1SSL/TLS\s0 structure which is created by a server or client per -established connection. This actually is the core structure in the \s-1SSL\s0 \s-1API\s0. -Under run-time the application usually deals with this structure which has -links to mostly all other structures. -.SH "HEADER FILES" -.IX Header "HEADER FILES" -Currently the OpenSSL \fBssl\fR library provides the following C header files -containing the prototypes for the data structures and and functions: -.Ip "\fBssl.h\fR" 4 -.IX Item "ssl.h" -That's the common header file for the \s-1SSL/TLS\s0 \s-1API\s0. Include it into your -program to make the \s-1API\s0 of the \fBssl\fR library available. It internally -includes both more private \s-1SSL\s0 headers and headers from the \fBcrypto\fR library. -Whenever you need hard-core details on the internals of the \s-1SSL\s0 \s-1API\s0, look -inside this header file. -.Ip "\fBssl2.h\fR" 4 -.IX Item "ssl2.h" -That's the sub header file dealing with the SSLv2 protocol only. -\&\fIUsually you don't have to include it explicitly because -it's already included by ssl.h\fR. -.Ip "\fBssl3.h\fR" 4 -.IX Item "ssl3.h" -That's the sub header file dealing with the SSLv3 protocol only. -\&\fIUsually you don't have to include it explicitly because -it's already included by ssl.h\fR. -.Ip "\fBssl23.h\fR" 4 -.IX Item "ssl23.h" -That's the sub header file dealing with the combined use of the SSLv2 and -SSLv3 protocols. -\&\fIUsually you don't have to include it explicitly because -it's already included by ssl.h\fR. -.Ip "\fBtls1.h\fR" 4 -.IX Item "tls1.h" -That's the sub header file dealing with the TLSv1 protocol only. -\&\fIUsually you don't have to include it explicitly because -it's already included by ssl.h\fR. -.SH "API FUNCTIONS" -.IX Header "API FUNCTIONS" -Currently the OpenSSL \fBssl\fR library exports 214 \s-1API\s0 functions. -They are documented in the following: -.Sh "\s-1DEALING\s0 \s-1WITH\s0 \s-1PROTOCOL\s0 \s-1METHODS\s0" -.IX Subsection "DEALING WITH PROTOCOL METHODS" -Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 -protocol methods defined in \fB\s-1SSL_METHOD\s0\fR structures. -.Ip "\s-1SSL_METHOD\s0 *\fBSSLv2_client_method\fR(void);" 4 -.IX Item "SSL_METHOD *SSLv2_client_method(void);" -Constructor for the SSLv2 \s-1SSL_METHOD\s0 structure for a dedicated client. -.Ip "\s-1SSL_METHOD\s0 *\fBSSLv2_server_method\fR(void);" 4 -.IX Item "SSL_METHOD *SSLv2_server_method(void);" -Constructor for the SSLv2 \s-1SSL_METHOD\s0 structure for a dedicated server. -.Ip "\s-1SSL_METHOD\s0 *\fBSSLv2_method\fR(void);" 4 -.IX Item "SSL_METHOD *SSLv2_method(void);" -Constructor for the SSLv2 \s-1SSL_METHOD\s0 structure for combined client and server. -.Ip "\s-1SSL_METHOD\s0 *\fBSSLv3_client_method\fR(void);" 4 -.IX Item "SSL_METHOD *SSLv3_client_method(void);" -Constructor for the SSLv3 \s-1SSL_METHOD\s0 structure for a dedicated client. -.Ip "\s-1SSL_METHOD\s0 *\fBSSLv3_server_method\fR(void);" 4 -.IX Item "SSL_METHOD *SSLv3_server_method(void);" -Constructor for the SSLv3 \s-1SSL_METHOD\s0 structure for a dedicated server. -.Ip "\s-1SSL_METHOD\s0 *\fBSSLv3_method\fR(void);" 4 -.IX Item "SSL_METHOD *SSLv3_method(void);" -Constructor for the SSLv3 \s-1SSL_METHOD\s0 structure for combined client and server. -.Ip "\s-1SSL_METHOD\s0 *\fBTLSv1_client_method\fR(void);" 4 -.IX Item "SSL_METHOD *TLSv1_client_method(void);" -Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for a dedicated client. -.Ip "\s-1SSL_METHOD\s0 *\fBTLSv1_server_method\fR(void);" 4 -.IX Item "SSL_METHOD *TLSv1_server_method(void);" -Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for a dedicated server. -.Ip "\s-1SSL_METHOD\s0 *\fBTLSv1_method\fR(void);" 4 -.IX Item "SSL_METHOD *TLSv1_method(void);" -Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for combined client and server. -.Sh "\s-1DEALING\s0 \s-1WITH\s0 \s-1CIPHERS\s0" -.IX Subsection "DEALING WITH CIPHERS" -Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 -ciphers defined in \fB\s-1SSL_CIPHER\s0\fR structures. -.Ip "char *\fBSSL_CIPHER_description\fR(\s-1SSL_CIPHER\s0 *cipher, char *buf, int len);" 4 -.IX Item "char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len);" -Write a string to \fIbuf\fR (with a maximum size of \fIlen\fR) containing a human -readable description of \fIcipher\fR. Returns \fIbuf\fR. -.Ip "int \fBSSL_CIPHER_get_bits\fR(\s-1SSL_CIPHER\s0 *cipher, int *alg_bits);" 4 -.IX Item "int SSL_CIPHER_get_bits(SSL_CIPHER *cipher, int *alg_bits);" -Determine the number of bits in \fIcipher\fR. Because of export crippled ciphers -there are two bits: The bits the algorithm supports in general (stored to -\&\fIalg_bits\fR) and the bits which are actually used (the return value). -.Ip "const char *\fBSSL_CIPHER_get_name\fR(\s-1SSL_CIPHER\s0 *cipher);" 4 -.IX Item "const char *SSL_CIPHER_get_name(SSL_CIPHER *cipher);" -Return the internal name of \fIcipher\fR as a string. These are the various -strings defined by the \fISSL2_TXT_xxx\fR, \fISSL3_TXT_xxx\fR and \fITLS1_TXT_xxx\fR -definitions in the header files. -.Ip "char *\fBSSL_CIPHER_get_version\fR(\s-1SSL_CIPHER\s0 *cipher);" 4 -.IX Item "char *SSL_CIPHER_get_version(SSL_CIPHER *cipher);" -Returns a string like "\f(CW\*(C`TLSv1/SSLv3\*(C'\fR\*(L" or \*(R"\f(CW\*(C`SSLv2\*(C'\fR" which indicates the -\&\s-1SSL/TLS\s0 protocol version to which \fIcipher\fR belongs (i.e. where it was defined -in the specification the first time). -.Sh "\s-1DEALING\s0 \s-1WITH\s0 \s-1PROTOCOL\s0 \s-1CONTEXTS\s0" -.IX Subsection "DEALING WITH PROTOCOL CONTEXTS" -Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 -protocol context defined in the \fB\s-1SSL_CTX\s0\fR structure. -.Ip "int \fBSSL_CTX_add_client_CA\fR(\s-1SSL_CTX\s0 *ctx, X509 *x);" 4 -.IX Item "int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);" -.PD 0 -.Ip "long \fBSSL_CTX_add_extra_chain_cert\fR(\s-1SSL_CTX\s0 *ctx, X509 *x509);" 4 -.IX Item "long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);" -.Ip "int \fBSSL_CTX_add_session\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *c);" 4 -.IX Item "int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c);" -.Ip "int \fBSSL_CTX_check_private_key\fR(\s-1SSL_CTX\s0 *ctx);" 4 -.IX Item "int SSL_CTX_check_private_key(SSL_CTX *ctx);" -.Ip "long \fBSSL_CTX_ctrl\fR(\s-1SSL_CTX\s0 *ctx, int cmd, long larg, char *parg);" 4 -.IX Item "long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg);" -.Ip "void \fBSSL_CTX_flush_sessions\fR(\s-1SSL_CTX\s0 *s, long t);" 4 -.IX Item "void SSL_CTX_flush_sessions(SSL_CTX *s, long t);" -.Ip "void \fBSSL_CTX_free\fR(\s-1SSL_CTX\s0 *a);" 4 -.IX Item "void SSL_CTX_free(SSL_CTX *a);" -.Ip "char *\fBSSL_CTX_get_app_data\fR(\s-1SSL_CTX\s0 *ctx);" 4 -.IX Item "char *SSL_CTX_get_app_data(SSL_CTX *ctx);" -.Ip "X509_STORE *\fBSSL_CTX_get_cert_store\fR(\s-1SSL_CTX\s0 *ctx);" 4 -.IX Item "X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx);" -.Ip "\s-1STACK\s0 *\fBSSL_CTX_get_client_CA_list\fR(\s-1SSL_CTX\s0 *ctx);" 4 -.IX Item "STACK *SSL_CTX_get_client_CA_list(SSL_CTX *ctx);" -.Ip "int (*\fBSSL_CTX_get_client_cert_cb\fR(\s-1SSL_CTX\s0 *ctx))(\s-1SSL\s0 *ssl, X509 **x509, \s-1EVP_PKEY\s0 **pkey);" 4 -.IX Item "int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);" -.Ip "char *\fBSSL_CTX_get_ex_data\fR(\s-1SSL_CTX\s0 *s, int idx);" 4 -.IX Item "char *SSL_CTX_get_ex_data(SSL_CTX *s, int idx);" -.Ip "int \fBSSL_CTX_get_ex_new_index\fR(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" 4 -.IX Item "int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" -.Ip "void (*\fBSSL_CTX_get_info_callback\fR(\s-1SSL_CTX\s0 *ctx))(\s-1SSL\s0 *ssl, int cb, int ret);" 4 -.IX Item "void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(SSL *ssl, int cb, int ret);" -.Ip "int \fBSSL_CTX_get_quiet_shutdown\fR(\s-1SSL_CTX\s0 *ctx);" 4 -.IX Item "int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_get_session_cache_mode\fR(\s-1SSL_CTX\s0 *ctx);" 4 -.IX Item "int SSL_CTX_get_session_cache_mode(SSL_CTX *ctx);" -.Ip "long \fBSSL_CTX_get_timeout\fR(\s-1SSL_CTX\s0 *ctx);" 4 -.IX Item "long SSL_CTX_get_timeout(SSL_CTX *ctx);" -.Ip "int (*\fBSSL_CTX_get_verify_callback\fR(\s-1SSL_CTX\s0 *ctx))(int ok, X509_STORE_CTX *ctx);" 4 -.IX Item "int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx);" -.Ip "int \fBSSL_CTX_get_verify_mode\fR(\s-1SSL_CTX\s0 *ctx);" 4 -.IX Item "int SSL_CTX_get_verify_mode(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_load_verify_locations\fR(\s-1SSL_CTX\s0 *ctx, char *CAfile, char *CApath);" 4 -.IX Item "int SSL_CTX_load_verify_locations(SSL_CTX *ctx, char *CAfile, char *CApath);" -.Ip "long \fBSSL_CTX_need_tmp_RSA\fR(\s-1SSL_CTX\s0 *ctx);" 4 -.IX Item "long SSL_CTX_need_tmp_RSA(SSL_CTX *ctx);" -.Ip "\s-1SSL_CTX\s0 *\fBSSL_CTX_new\fR(\s-1SSL_METHOD\s0 *meth);" 4 -.IX Item "SSL_CTX *SSL_CTX_new(SSL_METHOD *meth);" -.Ip "int \fBSSL_CTX_remove_session\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *c);" 4 -.IX Item "int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c);" -.Ip "int \fBSSL_CTX_sess_accept\fR(\s-1SSL_CTX\s0 *ctx);" 4 -.IX Item "int SSL_CTX_sess_accept(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_sess_accept_good\fR(\s-1SSL_CTX\s0 *ctx);" 4 -.IX Item "int SSL_CTX_sess_accept_good(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_sess_accept_renegotiate\fR(\s-1SSL_CTX\s0 *ctx);" 4 -.IX Item "int SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_sess_cache_full\fR(\s-1SSL_CTX\s0 *ctx);" 4 -.IX Item "int SSL_CTX_sess_cache_full(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_sess_cb_hits\fR(\s-1SSL_CTX\s0 *ctx);" 4 -.IX Item "int SSL_CTX_sess_cb_hits(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_sess_connect\fR(\s-1SSL_CTX\s0 *ctx);" 4 -.IX Item "int SSL_CTX_sess_connect(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_sess_connect_good\fR(\s-1SSL_CTX\s0 *ctx);" 4 -.IX Item "int SSL_CTX_sess_connect_good(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_sess_connect_renegotiate\fR(\s-1SSL_CTX\s0 *ctx);" 4 -.IX Item "int SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_sess_get_cache_size\fR(\s-1SSL_CTX\s0 *ctx);" 4 -.IX Item "int SSL_CTX_sess_get_cache_size(SSL_CTX *ctx);" -.Ip "\s-1SSL_SESSION\s0 *(*\fBSSL_CTX_sess_get_get_cb\fR(\s-1SSL_CTX\s0 *ctx))(\s-1SSL\s0 *ssl, unsigned char *data, int len, int *copy);" 4 -.IX Item "SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, unsigned char *data, int len, int *copy);" -.Ip "int (*\fBSSL_CTX_sess_get_new_cb\fR(\s-1SSL_CTX\s0 *ctx)(\s-1SSL\s0 *ssl, \s-1SSL_SESSION\s0 *sess);" 4 -.IX Item "int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)(SSL *ssl, SSL_SESSION *sess);" -.Ip "void (*\fBSSL_CTX_sess_get_remove_cb\fR(\s-1SSL_CTX\s0 *ctx)(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *sess);" 4 -.IX Item "void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)(SSL_CTX *ctx, SSL_SESSION *sess);" -.Ip "int \fBSSL_CTX_sess_hits\fR(\s-1SSL_CTX\s0 *ctx);" 4 -.IX Item "int SSL_CTX_sess_hits(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_sess_misses\fR(\s-1SSL_CTX\s0 *ctx);" 4 -.IX Item "int SSL_CTX_sess_misses(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_sess_number\fR(\s-1SSL_CTX\s0 *ctx);" 4 -.IX Item "int SSL_CTX_sess_number(SSL_CTX *ctx);" -.Ip "void \fBSSL_CTX_sess_set_cache_size\fR(\s-1SSL_CTX\s0 *ctx,t);" 4 -.IX Item "void SSL_CTX_sess_set_cache_size(SSL_CTX *ctx,t);" -.Ip "void \fBSSL_CTX_sess_set_get_cb\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *(*cb)(\s-1SSL\s0 *ssl, unsigned char *data, int len, int *copy));" 4 -.IX Item "void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy));" -.Ip "void \fBSSL_CTX_sess_set_new_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb)(\s-1SSL\s0 *ssl, \s-1SSL_SESSION\s0 *sess));" 4 -.IX Item "void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, SSL_SESSION *sess));" -.Ip "void \fBSSL_CTX_sess_set_remove_cb\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *sess));" 4 -.IX Item "void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess));" -.Ip "int \fBSSL_CTX_sess_timeouts\fR(\s-1SSL_CTX\s0 *ctx);" 4 -.IX Item "int SSL_CTX_sess_timeouts(SSL_CTX *ctx);" -.Ip "\s-1LHASH\s0 *\fBSSL_CTX_sessions\fR(\s-1SSL_CTX\s0 *ctx);" 4 -.IX Item "LHASH *SSL_CTX_sessions(SSL_CTX *ctx);" -.Ip "void \fBSSL_CTX_set_app_data\fR(\s-1SSL_CTX\s0 *ctx, void *arg);" 4 -.IX Item "void SSL_CTX_set_app_data(SSL_CTX *ctx, void *arg);" -.Ip "void \fBSSL_CTX_set_cert_store\fR(\s-1SSL_CTX\s0 *ctx, X509_STORE *cs);" 4 -.IX Item "void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *cs);" -.Ip "void \fBSSL_CTX_set_cert_verify_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb)(), char *arg)" 4 -.IX Item "void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(), char *arg)" -.Ip "int \fBSSL_CTX_set_cipher_list\fR(\s-1SSL_CTX\s0 *ctx, char *str);" 4 -.IX Item "int SSL_CTX_set_cipher_list(SSL_CTX *ctx, char *str);" -.Ip "void \fBSSL_CTX_set_client_CA_list\fR(\s-1SSL_CTX\s0 *ctx, \s-1STACK\s0 *list);" 4 -.IX Item "void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK *list);" -.Ip "void \fBSSL_CTX_set_client_cert_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb)(\s-1SSL\s0 *ssl, X509 **x509, \s-1EVP_PKEY\s0 **pkey));" 4 -.IX Item "void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));" -.Ip "void \fBSSL_CTX_set_default_passwd_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb);(void))" 4 -.IX Item "void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, int (*cb);(void))" -.Ip "void \fBSSL_CTX_set_default_read_ahead\fR(\s-1SSL_CTX\s0 *ctx, int m);" 4 -.IX Item "void SSL_CTX_set_default_read_ahead(SSL_CTX *ctx, int m);" -.Ip "int \fBSSL_CTX_set_default_verify_paths\fR(\s-1SSL_CTX\s0 *ctx);" 4 -.IX Item "int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_set_ex_data\fR(\s-1SSL_CTX\s0 *s, int idx, char *arg);" 4 -.IX Item "int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, char *arg);" -.Ip "void \fBSSL_CTX_set_info_callback\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(\s-1SSL\s0 *ssl, int cb, int ret));" 4 -.IX Item "void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(SSL *ssl, int cb, int ret));" -.Ip "void \fBSSL_CTX_set_options\fR(\s-1SSL_CTX\s0 *ctx, unsigned long op);" 4 -.IX Item "void SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);" -.Ip "void \fBSSL_CTX_set_quiet_shutdown\fR(\s-1SSL_CTX\s0 *ctx, int mode);" 4 -.IX Item "void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);" -.Ip "void \fBSSL_CTX_set_session_cache_mode\fR(\s-1SSL_CTX\s0 *ctx, int mode);" 4 -.IX Item "void SSL_CTX_set_session_cache_mode(SSL_CTX *ctx, int mode);" -.Ip "int \fBSSL_CTX_set_ssl_version\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_METHOD\s0 *meth);" 4 -.IX Item "int SSL_CTX_set_ssl_version(SSL_CTX *ctx, SSL_METHOD *meth);" -.Ip "void \fBSSL_CTX_set_timeout\fR(\s-1SSL_CTX\s0 *ctx, long t);" 4 -.IX Item "void SSL_CTX_set_timeout(SSL_CTX *ctx, long t);" -.Ip "long \fBSSL_CTX_set_tmp_dh\fR(SSL_CTX* ctx, \s-1DH\s0 *dh);" 4 -.IX Item "long SSL_CTX_set_tmp_dh(SSL_CTX* ctx, DH *dh);" -.Ip "long \fBSSL_CTX_set_tmp_dh_callback\fR(\s-1SSL_CTX\s0 *ctx, \s-1DH\s0 *(*cb)(void));" 4 -.IX Item "long SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*cb)(void));" -.Ip "long \fBSSL_CTX_set_tmp_rsa\fR(\s-1SSL_CTX\s0 *ctx, \s-1RSA\s0 *rsa);" 4 -.IX Item "long SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, RSA *rsa);" -.Ip "SSL_CTX_set_tmp_rsa_callback" 4 -.IX Item "SSL_CTX_set_tmp_rsa_callback" -.PD -\&\f(CW\*(C`long \f(CBSSL_CTX_set_tmp_rsa_callback\f(CW(SSL_CTX *\f(CBctx\f(CW, RSA *(*\f(CBcb\f(CW)(SSL *\f(CBssl\f(CW, int \f(CBexport\f(CW, int \f(CBkeylength\f(CW));\*(C'\fR -.Sp -Sets the callback which will be called when a temporary private key is -required. The \fB\f(CB\*(C`export\*(C'\fB\fR flag will be set if the reason for needing -a temp key is that an export ciphersuite is in use, in which case, -\&\fB\f(CB\*(C`keylength\*(C'\fB\fR will contain the required keylength in bits. Generate a key of -appropriate size (using ???) and return it. -.Ip "SSL_set_tmp_rsa_callback" 4 -.IX Item "SSL_set_tmp_rsa_callback" -long \fBSSL_set_tmp_rsa_callback\fR(\s-1SSL\s0 *ssl, \s-1RSA\s0 *(*cb)(\s-1SSL\s0 *ssl, int export, int keylength)); -.Sp -The same as the section on "SSL_CTX_set_tmp_rsa_callback", except it operates on an \s-1SSL\s0 -session instead of a context. -.Ip "void \fBSSL_CTX_set_verify\fR(\s-1SSL_CTX\s0 *ctx, int mode, int (*cb);(void))" 4 -.IX Item "void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb);(void))" -.PD 0 -.Ip "int \fBSSL_CTX_use_PrivateKey\fR(\s-1SSL_CTX\s0 *ctx, \s-1EVP_PKEY\s0 *pkey);" 4 -.IX Item "int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);" -.Ip "int \fBSSL_CTX_use_PrivateKey_ASN1\fR(int type, \s-1SSL_CTX\s0 *ctx, unsigned char *d, long len);" 4 -.IX Item "int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d, long len);" -.Ip "int \fBSSL_CTX_use_PrivateKey_file\fR(\s-1SSL_CTX\s0 *ctx, char *file, int type);" 4 -.IX Item "int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, char *file, int type);" -.Ip "int \fBSSL_CTX_use_RSAPrivateKey\fR(\s-1SSL_CTX\s0 *ctx, \s-1RSA\s0 *rsa);" 4 -.IX Item "int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);" -.Ip "int \fBSSL_CTX_use_RSAPrivateKey_ASN1\fR(\s-1SSL_CTX\s0 *ctx, unsigned char *d, long len);" 4 -.IX Item "int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);" -.Ip "int \fBSSL_CTX_use_RSAPrivateKey_file\fR(\s-1SSL_CTX\s0 *ctx, char *file, int type);" 4 -.IX Item "int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, char *file, int type);" -.Ip "int \fBSSL_CTX_use_certificate\fR(\s-1SSL_CTX\s0 *ctx, X509 *x);" 4 -.IX Item "int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);" -.Ip "int \fBSSL_CTX_use_certificate_ASN1\fR(\s-1SSL_CTX\s0 *ctx, int len, unsigned char *d);" 4 -.IX Item "int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);" -.Ip "int \fBSSL_CTX_use_certificate_file\fR(\s-1SSL_CTX\s0 *ctx, char *file, int type);" 4 -.IX Item "int SSL_CTX_use_certificate_file(SSL_CTX *ctx, char *file, int type);" -.PD -.Sh "\s-1DEALING\s0 \s-1WITH\s0 \s-1SESSIONS\s0" -.IX Subsection "DEALING WITH SESSIONS" -Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 -sessions defined in the \fB\s-1SSL_SESSION\s0\fR structures. -.Ip "int \fBSSL_SESSION_cmp\fR(\s-1SSL_SESSION\s0 *a, \s-1SSL_SESSION\s0 *b);" 4 -.IX Item "int SSL_SESSION_cmp(SSL_SESSION *a, SSL_SESSION *b);" -.PD 0 -.Ip "void \fBSSL_SESSION_free\fR(\s-1SSL_SESSION\s0 *ss);" 4 -.IX Item "void SSL_SESSION_free(SSL_SESSION *ss);" -.Ip "char *\fBSSL_SESSION_get_app_data\fR(\s-1SSL_SESSION\s0 *s);" 4 -.IX Item "char *SSL_SESSION_get_app_data(SSL_SESSION *s);" -.Ip "char *\fBSSL_SESSION_get_ex_data\fR(\s-1SSL_SESSION\s0 *s, int idx);" 4 -.IX Item "char *SSL_SESSION_get_ex_data(SSL_SESSION *s, int idx);" -.Ip "int \fBSSL_SESSION_get_ex_new_index\fR(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" 4 -.IX Item "int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" -.Ip "long \fBSSL_SESSION_get_time\fR(\s-1SSL_SESSION\s0 *s);" 4 -.IX Item "long SSL_SESSION_get_time(SSL_SESSION *s);" -.Ip "long \fBSSL_SESSION_get_timeout\fR(\s-1SSL_SESSION\s0 *s);" 4 -.IX Item "long SSL_SESSION_get_timeout(SSL_SESSION *s);" -.Ip "unsigned long \fBSSL_SESSION_hash\fR(\s-1SSL_SESSION\s0 *a);" 4 -.IX Item "unsigned long SSL_SESSION_hash(SSL_SESSION *a);" -.Ip "\s-1SSL_SESSION\s0 *\fBSSL_SESSION_new\fR(void);" 4 -.IX Item "SSL_SESSION *SSL_SESSION_new(void);" -.Ip "int \fBSSL_SESSION_print\fR(\s-1BIO\s0 *bp, \s-1SSL_SESSION\s0 *x);" 4 -.IX Item "int SSL_SESSION_print(BIO *bp, SSL_SESSION *x);" -.Ip "int \fBSSL_SESSION_print_fp\fR(\s-1FILE\s0 *fp, \s-1SSL_SESSION\s0 *x);" 4 -.IX Item "int SSL_SESSION_print_fp(FILE *fp, SSL_SESSION *x);" -.Ip "void \fBSSL_SESSION_set_app_data\fR(\s-1SSL_SESSION\s0 *s, char *a);" 4 -.IX Item "void SSL_SESSION_set_app_data(SSL_SESSION *s, char *a);" -.Ip "int \fBSSL_SESSION_set_ex_data\fR(\s-1SSL_SESSION\s0 *s, int idx, char *arg);" 4 -.IX Item "int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, char *arg);" -.Ip "long \fBSSL_SESSION_set_time\fR(\s-1SSL_SESSION\s0 *s, long t);" 4 -.IX Item "long SSL_SESSION_set_time(SSL_SESSION *s, long t);" -.Ip "long \fBSSL_SESSION_set_timeout\fR(\s-1SSL_SESSION\s0 *s, long t);" 4 -.IX Item "long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);" -.PD -.Sh "\s-1DEALING\s0 \s-1WITH\s0 \s-1CONNECTIONS\s0" -.IX Subsection "DEALING WITH CONNECTIONS" -Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 -connection defined in the \fB\s-1SSL\s0\fR structure. -.Ip "int \fBSSL_accept\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_accept(SSL *ssl);" -.PD 0 -.Ip "int \fBSSL_add_dir_cert_subjects_to_stack\fR(\s-1STACK\s0 *stack, const char *dir);" 4 -.IX Item "int SSL_add_dir_cert_subjects_to_stack(STACK *stack, const char *dir);" -.Ip "int \fBSSL_add_file_cert_subjects_to_stack\fR(\s-1STACK\s0 *stack, const char *file);" 4 -.IX Item "int SSL_add_file_cert_subjects_to_stack(STACK *stack, const char *file);" -.Ip "int \fBSSL_add_client_CA\fR(\s-1SSL\s0 *ssl, X509 *x);" 4 -.IX Item "int SSL_add_client_CA(SSL *ssl, X509 *x);" -.Ip "char *\fBSSL_alert_desc_string\fR(int value);" 4 -.IX Item "char *SSL_alert_desc_string(int value);" -.Ip "char *\fBSSL_alert_desc_string_long\fR(int value);" 4 -.IX Item "char *SSL_alert_desc_string_long(int value);" -.Ip "char *\fBSSL_alert_type_string\fR(int value);" 4 -.IX Item "char *SSL_alert_type_string(int value);" -.Ip "char *\fBSSL_alert_type_string_long\fR(int value);" 4 -.IX Item "char *SSL_alert_type_string_long(int value);" -.Ip "int \fBSSL_check_private_key\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_check_private_key(SSL *ssl);" -.Ip "void \fBSSL_clear\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "void SSL_clear(SSL *ssl);" -.Ip "long \fBSSL_clear_num_renegotiations\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "long SSL_clear_num_renegotiations(SSL *ssl);" -.Ip "int \fBSSL_connect\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_connect(SSL *ssl);" -.Ip "void \fBSSL_copy_session_id\fR(\s-1SSL\s0 *t, \s-1SSL\s0 *f);" 4 -.IX Item "void SSL_copy_session_id(SSL *t, SSL *f);" -.Ip "long \fBSSL_ctrl\fR(\s-1SSL\s0 *ssl, int cmd, long larg, char *parg);" 4 -.IX Item "long SSL_ctrl(SSL *ssl, int cmd, long larg, char *parg);" -.Ip "int \fBSSL_do_handshake\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_do_handshake(SSL *ssl);" -.Ip "\s-1SSL\s0 *\fBSSL_dup\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "SSL *SSL_dup(SSL *ssl);" -.Ip "\s-1STACK\s0 *\fBSSL_dup_CA_list\fR(\s-1STACK\s0 *sk);" 4 -.IX Item "STACK *SSL_dup_CA_list(STACK *sk);" -.Ip "void \fBSSL_free\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "void SSL_free(SSL *ssl);" -.Ip "\s-1SSL_CTX\s0 *\fBSSL_get_SSL_CTX\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "SSL_CTX *SSL_get_SSL_CTX(SSL *ssl);" -.Ip "char *\fBSSL_get_app_data\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "char *SSL_get_app_data(SSL *ssl);" -.Ip "X509 *\fBSSL_get_certificate\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "X509 *SSL_get_certificate(SSL *ssl);" -.Ip "const char *\fBSSL_get_cipher\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "const char *SSL_get_cipher(SSL *ssl);" -.Ip "int \fBSSL_get_cipher_bits\fR(\s-1SSL\s0 *ssl, int *alg_bits);" 4 -.IX Item "int SSL_get_cipher_bits(SSL *ssl, int *alg_bits);" -.Ip "char *\fBSSL_get_cipher_list\fR(\s-1SSL\s0 *ssl, int n);" 4 -.IX Item "char *SSL_get_cipher_list(SSL *ssl, int n);" -.Ip "char *\fBSSL_get_cipher_name\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "char *SSL_get_cipher_name(SSL *ssl);" -.Ip "char *\fBSSL_get_cipher_version\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "char *SSL_get_cipher_version(SSL *ssl);" -.Ip "\s-1STACK\s0 *\fBSSL_get_ciphers\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "STACK *SSL_get_ciphers(SSL *ssl);" -.Ip "\s-1STACK\s0 *\fBSSL_get_client_CA_list\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "STACK *SSL_get_client_CA_list(SSL *ssl);" -.Ip "\s-1SSL_CIPHER\s0 *\fBSSL_get_current_cipher\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "SSL_CIPHER *SSL_get_current_cipher(SSL *ssl);" -.Ip "long \fBSSL_get_default_timeout\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "long SSL_get_default_timeout(SSL *ssl);" -.Ip "int \fBSSL_get_error\fR(\s-1SSL\s0 *ssl, int i);" 4 -.IX Item "int SSL_get_error(SSL *ssl, int i);" -.Ip "char *\fBSSL_get_ex_data\fR(\s-1SSL\s0 *ssl, int idx);" 4 -.IX Item "char *SSL_get_ex_data(SSL *ssl, int idx);" -.Ip "int \fBSSL_get_ex_data_X509_STORE_CTX_idx\fR(void);" 4 -.IX Item "int SSL_get_ex_data_X509_STORE_CTX_idx(void);" -.Ip "int \fBSSL_get_ex_new_index\fR(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" 4 -.IX Item "int SSL_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" -.Ip "int \fBSSL_get_fd\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_get_fd(SSL *ssl);" -.Ip "void (*\fBSSL_get_info_callback\fR(\s-1SSL\s0 *ssl);)(void)" 4 -.IX Item "void (*SSL_get_info_callback(SSL *ssl);)(void)" -.Ip "\s-1STACK\s0 *\fBSSL_get_peer_cert_chain\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "STACK *SSL_get_peer_cert_chain(SSL *ssl);" -.Ip "X509 *\fBSSL_get_peer_certificate\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "X509 *SSL_get_peer_certificate(SSL *ssl);" -.Ip "\s-1EVP_PKEY\s0 *\fBSSL_get_privatekey\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "EVP_PKEY *SSL_get_privatekey(SSL *ssl);" -.Ip "int \fBSSL_get_quiet_shutdown\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_get_quiet_shutdown(SSL *ssl);" -.Ip "\s-1BIO\s0 *\fBSSL_get_rbio\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "BIO *SSL_get_rbio(SSL *ssl);" -.Ip "int \fBSSL_get_read_ahead\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_get_read_ahead(SSL *ssl);" -.Ip "\s-1SSL_SESSION\s0 *\fBSSL_get_session\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "SSL_SESSION *SSL_get_session(SSL *ssl);" -.Ip "char *\fBSSL_get_shared_ciphers\fR(\s-1SSL\s0 *ssl, char *buf, int len);" 4 -.IX Item "char *SSL_get_shared_ciphers(SSL *ssl, char *buf, int len);" -.Ip "int \fBSSL_get_shutdown\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_get_shutdown(SSL *ssl);" -.Ip "\s-1SSL_METHOD\s0 *\fBSSL_get_ssl_method\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "SSL_METHOD *SSL_get_ssl_method(SSL *ssl);" -.Ip "int \fBSSL_get_state\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_get_state(SSL *ssl);" -.Ip "long \fBSSL_get_time\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "long SSL_get_time(SSL *ssl);" -.Ip "long \fBSSL_get_timeout\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "long SSL_get_timeout(SSL *ssl);" -.Ip "int (*\fBSSL_get_verify_callback\fR(\s-1SSL\s0 *ssl);)(void)" 4 -.IX Item "int (*SSL_get_verify_callback(SSL *ssl);)(void)" -.Ip "int \fBSSL_get_verify_mode\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_get_verify_mode(SSL *ssl);" -.Ip "long \fBSSL_get_verify_result\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "long SSL_get_verify_result(SSL *ssl);" -.Ip "char *\fBSSL_get_version\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "char *SSL_get_version(SSL *ssl);" -.Ip "\s-1BIO\s0 *\fBSSL_get_wbio\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "BIO *SSL_get_wbio(SSL *ssl);" -.Ip "int \fBSSL_in_accept_init\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_in_accept_init(SSL *ssl);" -.Ip "int \fBSSL_in_before\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_in_before(SSL *ssl);" -.Ip "int \fBSSL_in_connect_init\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_in_connect_init(SSL *ssl);" -.Ip "int \fBSSL_in_init\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_in_init(SSL *ssl);" -.Ip "int \fBSSL_is_init_finished\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_is_init_finished(SSL *ssl);" -.Ip "\s-1STACK\s0 *\fBSSL_load_client_CA_file\fR(char *file);" 4 -.IX Item "STACK *SSL_load_client_CA_file(char *file);" -.Ip "void \fBSSL_load_error_strings\fR(void);" 4 -.IX Item "void SSL_load_error_strings(void);" -.Ip "\s-1SSL\s0 *\fBSSL_new\fR(\s-1SSL_CTX\s0 *ctx);" 4 -.IX Item "SSL *SSL_new(SSL_CTX *ctx);" -.Ip "long \fBSSL_num_renegotiations\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "long SSL_num_renegotiations(SSL *ssl);" -.Ip "int \fBSSL_peek\fR(\s-1SSL\s0 *ssl, void *buf, int num);" 4 -.IX Item "int SSL_peek(SSL *ssl, void *buf, int num);" -.Ip "int \fBSSL_pending\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_pending(SSL *ssl);" -.Ip "int \fBSSL_read\fR(\s-1SSL\s0 *ssl, void *buf, int num);" 4 -.IX Item "int SSL_read(SSL *ssl, void *buf, int num);" -.Ip "int \fBSSL_renegotiate\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_renegotiate(SSL *ssl);" -.Ip "char *\fBSSL_rstate_string\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "char *SSL_rstate_string(SSL *ssl);" -.Ip "char *\fBSSL_rstate_string_long\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "char *SSL_rstate_string_long(SSL *ssl);" -.Ip "long \fBSSL_session_reused\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "long SSL_session_reused(SSL *ssl);" -.Ip "void \fBSSL_set_accept_state\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "void SSL_set_accept_state(SSL *ssl);" -.Ip "void \fBSSL_set_app_data\fR(\s-1SSL\s0 *ssl, char *arg);" 4 -.IX Item "void SSL_set_app_data(SSL *ssl, char *arg);" -.Ip "void \fBSSL_set_bio\fR(\s-1SSL\s0 *ssl, \s-1BIO\s0 *rbio, \s-1BIO\s0 *wbio);" 4 -.IX Item "void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio);" -.Ip "int \fBSSL_set_cipher_list\fR(\s-1SSL\s0 *ssl, char *str);" 4 -.IX Item "int SSL_set_cipher_list(SSL *ssl, char *str);" -.Ip "void \fBSSL_set_client_CA_list\fR(\s-1SSL\s0 *ssl, \s-1STACK\s0 *list);" 4 -.IX Item "void SSL_set_client_CA_list(SSL *ssl, STACK *list);" -.Ip "void \fBSSL_set_connect_state\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "void SSL_set_connect_state(SSL *ssl);" -.Ip "int \fBSSL_set_ex_data\fR(\s-1SSL\s0 *ssl, int idx, char *arg);" 4 -.IX Item "int SSL_set_ex_data(SSL *ssl, int idx, char *arg);" -.Ip "int \fBSSL_set_fd\fR(\s-1SSL\s0 *ssl, int fd);" 4 -.IX Item "int SSL_set_fd(SSL *ssl, int fd);" -.Ip "void \fBSSL_set_info_callback\fR(\s-1SSL\s0 *ssl, void (*cb);(void))" 4 -.IX Item "void SSL_set_info_callback(SSL *ssl, void (*cb);(void))" -.Ip "void \fBSSL_set_options\fR(\s-1SSL\s0 *ssl, unsigned long op);" 4 -.IX Item "void SSL_set_options(SSL *ssl, unsigned long op);" -.Ip "void \fBSSL_set_quiet_shutdown\fR(\s-1SSL\s0 *ssl, int mode);" 4 -.IX Item "void SSL_set_quiet_shutdown(SSL *ssl, int mode);" -.Ip "void \fBSSL_set_read_ahead\fR(\s-1SSL\s0 *ssl, int yes);" 4 -.IX Item "void SSL_set_read_ahead(SSL *ssl, int yes);" -.Ip "int \fBSSL_set_rfd\fR(\s-1SSL\s0 *ssl, int fd);" 4 -.IX Item "int SSL_set_rfd(SSL *ssl, int fd);" -.Ip "int \fBSSL_set_session\fR(\s-1SSL\s0 *ssl, \s-1SSL_SESSION\s0 *session);" 4 -.IX Item "int SSL_set_session(SSL *ssl, SSL_SESSION *session);" -.Ip "void \fBSSL_set_shutdown\fR(\s-1SSL\s0 *ssl, int mode);" 4 -.IX Item "void SSL_set_shutdown(SSL *ssl, int mode);" -.Ip "int \fBSSL_set_ssl_method\fR(\s-1SSL\s0 *ssl, \s-1SSL_METHOD\s0 *meth);" 4 -.IX Item "int SSL_set_ssl_method(SSL *ssl, SSL_METHOD *meth);" -.Ip "void \fBSSL_set_time\fR(\s-1SSL\s0 *ssl, long t);" 4 -.IX Item "void SSL_set_time(SSL *ssl, long t);" -.Ip "void \fBSSL_set_timeout\fR(\s-1SSL\s0 *ssl, long t);" 4 -.IX Item "void SSL_set_timeout(SSL *ssl, long t);" -.Ip "void \fBSSL_set_verify\fR(\s-1SSL\s0 *ssl, int mode, int (*callback);(void))" 4 -.IX Item "void SSL_set_verify(SSL *ssl, int mode, int (*callback);(void))" -.Ip "void \fBSSL_set_verify_result\fR(\s-1SSL\s0 *ssl, long arg);" 4 -.IX Item "void SSL_set_verify_result(SSL *ssl, long arg);" -.Ip "int \fBSSL_set_wfd\fR(\s-1SSL\s0 *ssl, int fd);" 4 -.IX Item "int SSL_set_wfd(SSL *ssl, int fd);" -.Ip "int \fBSSL_shutdown\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_shutdown(SSL *ssl);" -.Ip "int \fBSSL_state\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_state(SSL *ssl);" -.Ip "char *\fBSSL_state_string\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "char *SSL_state_string(SSL *ssl);" -.Ip "char *\fBSSL_state_string_long\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "char *SSL_state_string_long(SSL *ssl);" -.Ip "long \fBSSL_total_renegotiations\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "long SSL_total_renegotiations(SSL *ssl);" -.Ip "int \fBSSL_use_PrivateKey\fR(\s-1SSL\s0 *ssl, \s-1EVP_PKEY\s0 *pkey);" 4 -.IX Item "int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);" -.Ip "int \fBSSL_use_PrivateKey_ASN1\fR(int type, \s-1SSL\s0 *ssl, unsigned char *d, long len);" 4 -.IX Item "int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len);" -.Ip "int \fBSSL_use_PrivateKey_file\fR(\s-1SSL\s0 *ssl, char *file, int type);" 4 -.IX Item "int SSL_use_PrivateKey_file(SSL *ssl, char *file, int type);" -.Ip "int \fBSSL_use_RSAPrivateKey\fR(\s-1SSL\s0 *ssl, \s-1RSA\s0 *rsa);" 4 -.IX Item "int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);" -.Ip "int \fBSSL_use_RSAPrivateKey_ASN1\fR(\s-1SSL\s0 *ssl, unsigned char *d, long len);" 4 -.IX Item "int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);" -.Ip "int \fBSSL_use_RSAPrivateKey_file\fR(\s-1SSL\s0 *ssl, char *file, int type);" 4 -.IX Item "int SSL_use_RSAPrivateKey_file(SSL *ssl, char *file, int type);" -.Ip "int \fBSSL_use_certificate\fR(\s-1SSL\s0 *ssl, X509 *x);" 4 -.IX Item "int SSL_use_certificate(SSL *ssl, X509 *x);" -.Ip "int \fBSSL_use_certificate_ASN1\fR(\s-1SSL\s0 *ssl, int len, unsigned char *d);" 4 -.IX Item "int SSL_use_certificate_ASN1(SSL *ssl, int len, unsigned char *d);" -.Ip "int \fBSSL_use_certificate_file\fR(\s-1SSL\s0 *ssl, char *file, int type);" 4 -.IX Item "int SSL_use_certificate_file(SSL *ssl, char *file, int type);" -.Ip "int \fBSSL_version\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_version(SSL *ssl);" -.Ip "int \fBSSL_want\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_want(SSL *ssl);" -.Ip "int \fBSSL_want_nothing\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_want_nothing(SSL *ssl);" -.Ip "int \fBSSL_want_read\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_want_read(SSL *ssl);" -.Ip "int \fBSSL_want_write\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_want_write(SSL *ssl);" -.Ip "int \fBSSL_want_x509_lookup\fR(s);" 4 -.IX Item "int SSL_want_x509_lookup(s);" -.Ip "int \fBSSL_write\fR(\s-1SSL\s0 *ssl, const void *buf, int num);" 4 -.IX Item "int SSL_write(SSL *ssl, const void *buf, int num);" -.PD -.SH "SEE ALSO" -.IX Header "SEE ALSO" -openssl(1), crypto(3), -SSL_accept(3), SSL_clear(3), -SSL_connect(3), -SSL_CIPHER_get_name(3), -SSL_COMP_add_compression_method(3), -SSL_CTX_add_extra_chain_cert(3), -SSL_CTX_add_session(3), -SSL_CTX_ctrl(3), -SSL_CTX_flush_sessions(3), -SSL_CTX_get_ex_new_index(3), -SSL_CTX_get_verify_mode(3), -SSL_CTX_load_verify_locations(3) -SSL_CTX_new(3), -SSL_CTX_sess_number(3), -SSL_CTX_sess_set_cache_size(3), -SSL_CTX_sess_set_get_cb(3), -SSL_CTX_sessions(3), -SSL_CTX_set_cert_store(3), -SSL_CTX_set_cert_verify_callback(3), -SSL_CTX_set_cipher_list(3), -SSL_CTX_set_client_CA_list(3), -SSL_CTX_set_client_cert_cb(3), -SSL_CTX_set_default_passwd_cb(3), -SSL_CTX_set_info_callback(3), -SSL_CTX_set_mode(3), -SSL_CTX_set_options(3), -SSL_CTX_set_quiet_shutdown(3), -SSL_CTX_set_session_cache_mode(3), -SSL_CTX_set_session_id_context(3), -SSL_CTX_set_ssl_version(3), -SSL_CTX_set_timeout(3), -SSL_CTX_set_tmp_rsa_callback(3), -SSL_CTX_set_tmp_dh_callback(3), -SSL_CTX_set_verify(3), -SSL_CTX_use_certificate(3), -SSL_alert_type_string(3), -SSL_do_handshake(3), -SSL_get_SSL_CTX(3), -SSL_get_ciphers(3), -SSL_get_client_CA_list(3), -SSL_get_default_timeout(3), -SSL_get_error(3), -SSL_get_ex_data_X509_STORE_CTX_idx(3), -SSL_get_ex_new_index(3), -SSL_get_fd(3), -SSL_get_peer_cert_chain(3), -SSL_get_rbio(3), -SSL_get_session(3), -SSL_get_verify_result(3), -SSL_get_version(3), -SSL_library_init(3), -SSL_load_client_CA_file(3), -SSL_new(3), -SSL_pending(3), -SSL_read(3), -SSL_rstate_string(3), -SSL_session_reused(3), -SSL_set_bio(3), -SSL_set_connect_state(3), -SSL_set_fd(3), -SSL_set_session(3), -SSL_set_shutdown(3), -SSL_shutdown(3), -SSL_state_string(3), -SSL_want(3), -SSL_write(3), -SSL_SESSION_free(3), -SSL_SESSION_get_ex_new_index(3), -SSL_SESSION_get_time(3), -d2i_SSL_SESSION(3) -.SH "HISTORY" -.IX Header "HISTORY" -The ssl(3) document appeared in OpenSSL 0.9.2 diff --git a/secure/lib/libcrypto/man/threads.3 b/secure/lib/libcrypto/man/threads.3 index e3c28bca12a1..8f9f3d055647 100644 --- a/secure/lib/libcrypto/man/threads.3 +++ b/secure/lib/libcrypto/man/threads.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:12 2002 +.\" Mon Jan 13 19:29:34 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "threads 3" -.TH threads 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH threads 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" CRYPTO_set_locking_callback, CRYPTO_set_id_callback, CRYPTO_num_locks, @@ -200,7 +200,7 @@ OpenSSL can safely be used in multi-threaded applications provided that at least two callback functions are set. .PP locking_function(int mode, int n, const char *file, int line) is -needed to perform locking on shared data structures. +needed to perform locking on shared data structures. (Note that OpenSSL uses a number of global data structures that will be implicitly shared whenever multiple threads use OpenSSL.) Multi-threaded applications will crash at random if it is not set. diff --git a/secure/lib/libcrypto/man/ui.3 b/secure/lib/libcrypto/man/ui.3 new file mode 100644 index 000000000000..3acf313d0d3f --- /dev/null +++ b/secure/lib/libcrypto/man/ui.3 @@ -0,0 +1,339 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:29:35 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "ui 3" +.TH ui 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string, +UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean, +UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string, +UI_add_error_string, UI_dup_error_string, UI_construct_prompt +UI_add_user_data, UI_get0_user_data, UI_get0_result, UI_process, +UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method, +UI_set_method, UI_OpenSSL, ERR_load_UI_strings \- New User Interface +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ui.h> +.Ve +.Vb 2 +\& typedef struct ui_st UI; +\& typedef struct ui_method_st UI_METHOD; +.Ve +.Vb 3 +\& UI *UI_new(void); +\& UI *UI_new_method(const UI_METHOD *method); +\& void UI_free(UI *ui); +.Ve +.Vb 18 +\& int UI_add_input_string(UI *ui, const char *prompt, int flags, +\& char *result_buf, int minsize, int maxsize); +\& int UI_dup_input_string(UI *ui, const char *prompt, int flags, +\& char *result_buf, int minsize, int maxsize); +\& int UI_add_verify_string(UI *ui, const char *prompt, int flags, +\& char *result_buf, int minsize, int maxsize, const char *test_buf); +\& int UI_dup_verify_string(UI *ui, const char *prompt, int flags, +\& char *result_buf, int minsize, int maxsize, const char *test_buf); +\& int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc, +\& const char *ok_chars, const char *cancel_chars, +\& int flags, char *result_buf); +\& int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc, +\& const char *ok_chars, const char *cancel_chars, +\& int flags, char *result_buf); +\& int UI_add_info_string(UI *ui, const char *text); +\& int UI_dup_info_string(UI *ui, const char *text); +\& int UI_add_error_string(UI *ui, const char *text); +\& int UI_dup_error_string(UI *ui, const char *text); +.Ve +.Vb 3 +\& /* These are the possible flags. They can be or'ed together. */ +\& #define UI_INPUT_FLAG_ECHO 0x01 +\& #define UI_INPUT_FLAG_DEFAULT_PWD 0x02 +.Ve +.Vb 2 +\& char *UI_construct_prompt(UI *ui_method, +\& const char *object_desc, const char *object_name); +.Ve +.Vb 2 +\& void *UI_add_user_data(UI *ui, void *user_data); +\& void *UI_get0_user_data(UI *ui); +.Ve +.Vb 1 +\& const char *UI_get0_result(UI *ui, int i); +.Ve +.Vb 1 +\& int UI_process(UI *ui); +.Ve +.Vb 3 +\& int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)()); +\& #define UI_CTRL_PRINT_ERRORS 1 +\& #define UI_CTRL_IS_REDOABLE 2 +.Ve +.Vb 4 +\& void UI_set_default_method(const UI_METHOD *meth); +\& const UI_METHOD *UI_get_default_method(void); +\& const UI_METHOD *UI_get_method(UI *ui); +\& const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth); +.Ve +.Vb 1 +\& UI_METHOD *UI_OpenSSL(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1UI\s0 stands for User Interface, and is general purpose set of routines to +prompt the user for text-based information. Through user-written methods +(see ui_create(3)), prompting can be done in any way +imaginable, be it plain text prompting, through dialog boxes or from a +cell phone. +.PP +All the functions work through a context of the type \s-1UI\s0. This context +contains all the information needed to prompt correctly as well as a +reference to a \s-1UI_METHOD\s0, which is an ordered vector of functions that +carry out the actual prompting. +.PP +The first thing to do is to create a \s-1UI\s0 with \fIUI_new()\fR or \fIUI_new_method()\fR, +then add information to it with the UI_add or UI_dup functions. Also, +user-defined random data can be passed down to the underlying method +through calls to UI_add_user_data. The default \s-1UI\s0 method doesn't care +about these data, but other methods might. Finally, use \fIUI_process()\fR +to actually perform the prompting and \fIUI_get0_result()\fR to find the result +to the prompt. +.PP +A \s-1UI\s0 can contain more than one prompt, which are performed in the given +sequence. Each prompt gets an index number which is returned by the +UI_add and UI_dup functions, and has to be used to get the corresponding +result with \fIUI_get0_result()\fR. +.PP +The functions are as follows: +.PP +\&\fIUI_new()\fR creates a new \s-1UI\s0 using the default \s-1UI\s0 method. When done with +this \s-1UI\s0, it should be freed using \fIUI_free()\fR. +.PP +\&\fIUI_new_method()\fR creates a new \s-1UI\s0 using the given \s-1UI\s0 method. When done with +this \s-1UI\s0, it should be freed using \fIUI_free()\fR. +.PP +\&\fIUI_OpenSSL()\fR returns the built-in \s-1UI\s0 method (note: not the default one, +since the default can be changed. See further on). This method is the +most machine/OS dependent part of OpenSSL and normally generates the +most problems when porting. +.PP +\&\fIUI_free()\fR removes a \s-1UI\s0 from memory, along with all other pieces of memory +that's connected to it, like duplicated input strings, results and others. +.PP +\&\fIUI_add_input_string()\fR and \fIUI_add_verify_string()\fR add a prompt to the \s-1UI\s0, +as well as flags and a result buffer and the desired minimum and maximum +sizes of the result. The given information is used to prompt for +information, for example a password, and to verify a password (i.e. having +the user enter it twice and check that the same string was entered twice). +\&\fIUI_add_verify_string()\fR takes and extra argument that should be a pointer +to the result buffer of the input string that it's supposed to verify, or +verification will fail. +.PP +\&\fIUI_add_input_boolean()\fR adds a prompt to the \s-1UI\s0 that's supposed to be answered +in a boolean way, with a single character for yes and a different character +for no. A set of characters that can be used to cancel the prompt is given +as well. The prompt itself is really divided in two, one part being the +descriptive text (given through the \fIprompt\fR argument) and one describing +the possible answers (given through the \fIaction_desc\fR argument). +.PP +\&\fIUI_add_info_string()\fR and \fIUI_add_error_string()\fR add strings that are shown at +the same time as the prompt for extra information or to show an error string. +The difference between the two is only conceptual. With the builtin method, +there's no technical difference between them. Other methods may make a +difference between them, however. +.PP +The flags currently supported are \s-1UI_INPUT_FLAG_ECHO\s0, which is relevant for +\&\fIUI_add_input_string()\fR and will have the users response be echoed (when +prompting for a password, this flag should obviously not be used, and +\&\s-1UI_INPUT_FLAG_DEFAULT_PWD\s0, which means that a default password of some +sort will be used (completely depending on the application and the \s-1UI\s0 +method). +.PP +\&\fIUI_dup_input_string()\fR, \fIUI_dup_verify_string()\fR, \fIUI_dup_input_boolean()\fR, +\&\fIUI_dup_info_string()\fR and \fIUI_dup_error_string()\fR are basically the same +as their UI_add counterparts, except that they make their own copies +of all strings. +.PP +\&\fIUI_construct_prompt()\fR is a helper function that can be used to create +a prompt from two pieces of information: an description and a name. +The default constructor (if there is none provided by the method used) +creates a string "Enter \fIdescription\fR for \fIname\fR:\*(L". With the +description \*(R"pass phrase\*(L" and the file name \*(R"foo.key\*(L", that becomes +\&\*(R"Enter pass phrase for foo.key:". Other methods may create whatever +string and may include encodings that will be processed by the other +method functions. +.PP +\&\fIUI_add_user_data()\fR adds a piece of memory for the method to use at any +time. The builtin \s-1UI\s0 method doesn't care about this info. Note that several +calls to this function doesn't add data, it replaces the previous blob +with the one given as argument. +.PP +\&\fIUI_get0_user_data()\fR retrieves the data that has last been given to the +\&\s-1UI\s0 with \fIUI_add_user_data()\fR. +.PP +\&\fIUI_get0_result()\fR returns a pointer to the result buffer associated with +the information indexed by \fIi\fR. +.PP +\&\fIUI_process()\fR goes through the information given so far, does all the printing +and prompting and returns. +.PP +\&\fIUI_ctrl()\fR adds extra control for the application author. For now, it +understands two commands: \s-1UI_CTRL_PRINT_ERRORS\s0, which makes \fIUI_process()\fR +print the OpenSSL error stack as part of processing the \s-1UI\s0, and +\&\s-1UI_CTRL_IS_REDOABLE\s0, which returns a flag saying if the used \s-1UI\s0 can +be used again or not. +.PP +\&\fIUI_set_default_method()\fR changes the default \s-1UI\s0 method to the one given. +.PP +\&\fIUI_get_default_method()\fR returns a pointer to the current default \s-1UI\s0 method. +.PP +\&\fIUI_get_method()\fR returns the \s-1UI\s0 method associated with a given \s-1UI\s0. +.PP +\&\fIUI_set_method()\fR changes the \s-1UI\s0 method associated with a given \s-1UI\s0. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ui_create(3), ui_compat(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1UI\s0 section was first introduced in OpenSSL 0.9.7. +.SH "AUTHOR" +.IX Header "AUTHOR" +Richard Levitte (richard@levitte.org) for the OpenSSL project +(http://www.openssl.org). diff --git a/secure/lib/libcrypto/man/SSL_CTX_add_session.3 b/secure/lib/libcrypto/man/ui_compat.3 index 8e2bea203ac1..aafe7e4868e8 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_add_session.3 +++ b/secure/lib/libcrypto/man/ui_compat.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:14 2002 +.\" Mon Jan 13 19:29:36 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,61 +137,54 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "SSL_CTX_add_session 3" -.TH SSL_CTX_add_session 3 "0.9.6e" "2001-02-17" "OpenSSL" +.IX Title "ui_compat 3" +.TH ui_compat 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -SSL_CTX_add_session, SSL_add_session, SSL_CTX_remove_session, SSL_remove_session \- manipulate session cache +des_read_password, des_read_2passwords, des_read_pw_string, des_read_pw \- +Compatibility user interface functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -.Ve -.Vb 2 -\& int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c); -\& int SSL_add_session(SSL_CTX *ctx, SSL_SESSION *c); +.Vb 3 +\& int des_read_password(DES_cblock *key,const char *prompt,int verify); +\& int des_read_2passwords(DES_cblock *key1,DES_cblock *key2, +\& const char *prompt,int verify); .Ve .Vb 2 -\& int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c); -\& int SSL_remove_session(SSL_CTX *ctx, SSL_SESSION *c); +\& int des_read_pw_string(char *buf,int length,const char *prompt,int verify); +\& int des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_add_session()\fR adds the session \fBc\fR to the context \fBctx\fR. The -reference count for session \fBc\fR is incremented by 1. If a session with -the same session id already exists, the old session is removed by calling -SSL_SESSION_free(3). +The \s-1DES\s0 library contained a few routines to prompt for passwords. These +aren't necessarely dependent on \s-1DES\s0, and have therefore become part of the +\&\s-1UI\s0 compatibility library. +.PP +\&\fIdes_read_pw()\fR writes the string specified by \fIprompt\fR to standard output +turns echo off and reads an input string from the terminal. The string is +returned in \fIbuf\fR, which must have spac for at least \fIsize\fR bytes. +If \fIverify\fR is set, the user is asked for the password twice and unless +the two copies match, an error is returned. The second password is stored +in \fIbuff\fR, which must therefore also be at least \fIsize\fR bytes. A return +code of \-1 indicates a system error, 1 failure due to use interaction, and +0 is success. All other functions described here use \fIdes_read_pw()\fR to do +the work. .PP -\&\fISSL_CTX_remove_session()\fR removes the session \fBc\fR from the context \fBctx\fR. -SSL_SESSION_free(3) is called once for \fBc\fR. +\&\fIdes_read_pw_string()\fR is a variant of \fIdes_read_pw()\fR that provides a buffer +for you if \fIverify\fR is set. .PP -\&\fISSL_add_session()\fR and \fISSL_remove_session()\fR are synonyms for their -SSL_CTX_*() counterparts. +\&\fIdes_read_password()\fR calls \fIdes_read_pw()\fR and converts the password to a +\&\s-1DES\s0 key by calling \fIDES_string_to_key()\fR; \fIdes_read_2password()\fR operates in +the same way as \fIdes_read_password()\fR except that it generates two keys +by using the \fIDES_string_to_2key()\fR function. .SH "NOTES" .IX Header "NOTES" -When adding a new session to the internal session cache, it is examined -whether a session with the same session id already exists. In this case -it is assumed that both sessions are identical. If the same session is -stored in a different \s-1SSL_SESSION\s0 object, The old session is -removed and replaced by the new session. If the session is actually -identical (the \s-1SSL_SESSION\s0 object is identical), \fISSL_CTX_add_session()\fR -is a no-op, and the return value is 0. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following values are returned by all functions: -.Ip "0" 4 -.Vb 3 -\& The operation failed. In case of the add operation, it was tried to add -\& the same (identical) session twice. In case of the remove operation, the -\& session was not found in the cache. -.Ve -.Ip "1" 4 -.IX Item "1" -.Vb 1 -\& The operation succeeded. -.Ve +\&\fIdes_read_pw_string()\fR is available in the \s-1MIT\s0 Kerberos library as well, and +is also available under the name \fIEVP_read_pw_string()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -SSL_CTX_set_session_cache_mode(3), -SSL_SESSION_free(3) +ui(3), ui_create(3) +.SH "AUTHOR" +.IX Header "AUTHOR" +Richard Levitte (richard@levitte.org) for the OpenSSL project +(http://www.openssl.org). diff --git a/secure/lib/libcrypto/man/verify.1 b/secure/lib/libcrypto/man/verify.1 deleted file mode 100644 index 190105cb8618..000000000000 --- a/secure/lib/libcrypto/man/verify.1 +++ /dev/null @@ -1,408 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:59 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "VERIFY 1" -.TH VERIFY 1 "0.9.6e" "2002-01-26" "OpenSSL" -.UC -.SH "NAME" -verify \- Utility to verify certificates. -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBverify\fR -[\fB\-CApath directory\fR] -[\fB\-CAfile file\fR] -[\fB\-purpose purpose\fR] -[\fB\-untrusted file\fR] -[\fB\-help\fR] -[\fB\-issuer_checks\fR] -[\fB\-verbose\fR] -[\fB-\fR] -[certificates] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBverify\fR command verifies certificate chains. -.SH "COMMAND OPTIONS" -.IX Header "COMMAND OPTIONS" -.Ip "\fB\-CApath directory\fR" 4 -.IX Item "-CApath directory" -A directory of trusted certificates. The certificates should have names -of the form: hash.0 or have symbolic links to them of this -form (\*(L"hash\*(R" is the hashed certificate subject name: see the \fB\-hash\fR option -of the \fBx509\fR utility). Under Unix the \fBc_rehash\fR script will automatically -create symbolic links to a directory of certificates. -.Ip "\fB\-CAfile file\fR" 4 -.IX Item "-CAfile file" -A file of trusted certificates. The file should contain multiple certificates -in \s-1PEM\s0 format concatenated together. -.Ip "\fB\-untrusted file\fR" 4 -.IX Item "-untrusted file" -A file of untrusted certificates. The file should contain multiple certificates -.Ip "\fB\-purpose purpose\fR" 4 -.IX Item "-purpose purpose" -the intended use for the certificate. Without this option no chain verification -will be done. Currently accepted uses are \fBsslclient\fR, \fBsslserver\fR, -\&\fBnssslserver\fR, \fBsmimesign\fR, \fBsmimeencrypt\fR. See the \fB\s-1VERIFY\s0 \s-1OPERATION\s0\fR -section for more information. -.Ip "\fB\-help\fR" 4 -.IX Item "-help" -prints out a usage message. -.Ip "\fB\-verbose\fR" 4 -.IX Item "-verbose" -print extra information about the operations being performed. -.Ip "\fB\-issuer_checks\fR" 4 -.IX Item "-issuer_checks" -print out diagnostics relating to searches for the issuer certificate -of the current certificate. This shows why each candidate issuer -certificate was rejected. However the presence of rejection messages -does not itself imply that anything is wrong: during the normal -verify process several rejections may take place. -.Ip "\fB-\fR" 4 -.IX Item "-" -marks the last option. All arguments following this are assumed to be -certificate files. This is useful if the first certificate filename begins -with a \fB-\fR. -.Ip "\fBcertificates\fR" 4 -.IX Item "certificates" -one or more certificates to verify. If no certificate filenames are included -then an attempt is made to read a certificate from standard input. They should -all be in \s-1PEM\s0 format. -.SH "VERIFY OPERATION" -.IX Header "VERIFY OPERATION" -The \fBverify\fR program uses the same functions as the internal \s-1SSL\s0 and S/MIME -verification, therefore this description applies to these verify operations -too. -.PP -There is one crucial difference between the verify operations performed -by the \fBverify\fR program: wherever possible an attempt is made to continue -after an error whereas normally the verify operation would halt on the -first error. This allows all the problems with a certificate chain to be -determined. -.PP -The verify operation consists of a number of separate steps. -.PP -Firstly a certificate chain is built up starting from the supplied certificate -and ending in the root \s-1CA\s0. It is an error if the whole chain cannot be built -up. The chain is built up by looking up the issuers certificate of the current -certificate. If a certificate is found which is its own issuer it is assumed -to be the root \s-1CA\s0. -.PP -The process of 'looking up the issuers certificate' itself involves a number -of steps. In versions of OpenSSL before 0.9.5a the first certificate whose -subject name matched the issuer of the current certificate was assumed to be -the issuers certificate. In OpenSSL 0.9.6 and later all certificates -whose subject name matches the issuer name of the current certificate are -subject to further tests. The relevant authority key identifier components -of the current certificate (if present) must match the subject key identifier -(if present) and issuer and serial number of the candidate issuer, in addition -the keyUsage extension of the candidate issuer (if present) must permit -certificate signing. -.PP -The lookup first looks in the list of untrusted certificates and if no match -is found the remaining lookups are from the trusted certificates. The root \s-1CA\s0 -is always looked up in the trusted certificate list: if the certificate to -verify is a root certificate then an exact match must be found in the trusted -list. -.PP -The second operation is to check every untrusted certificate's extensions for -consistency with the supplied purpose. If the \fB\-purpose\fR option is not included -then no checks are done. The supplied or \*(L"leaf\*(R" certificate must have extensions -compatible with the supplied purpose and all other certificates must also be valid -\&\s-1CA\s0 certificates. The precise extensions required are described in more detail in -the \fB\s-1CERTIFICATE\s0 \s-1EXTENSIONS\s0\fR section of the \fBx509\fR utility. -.PP -The third operation is to check the trust settings on the root \s-1CA\s0. The root -\&\s-1CA\s0 should be trusted for the supplied purpose. For compatibility with previous -versions of SSLeay and OpenSSL a certificate with no trust settings is considered -to be valid for all purposes. -.PP -The final operation is to check the validity of the certificate chain. The validity -period is checked against the current system time and the notBefore and notAfter -dates in the certificate. The certificate signatures are also checked at this -point. -.PP -If all operations complete successfully then certificate is considered valid. If -any operation fails then the certificate is not valid. -.SH "DIAGNOSTICS" -.IX Header "DIAGNOSTICS" -When a verify operation fails the output messages can be somewhat cryptic. The -general form of the error message is: -.PP -.Vb 2 -\& server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit) -\& error 24 at 1 depth lookup:invalid CA certificate -.Ve -The first line contains the name of the certificate being verified followed by -the subject name of the certificate. The second line contains the error number -and the depth. The depth is number of the certificate being verified when a -problem was detected starting with zero for the certificate being verified itself -then 1 for the \s-1CA\s0 that signed the certificate and so on. Finally a text version -of the error number is presented. -.PP -An exhaustive list of the error codes and messages is shown below, this also -includes the name of the error code as defined in the header file x509_vfy.h -Some of the error codes are defined but never returned: these are described -as \*(L"unused\*(R". -.Ip "\fB0 X509_V_OK: ok\fR" 4 -.IX Item "0 X509_V_OK: ok" -the operation was successful. -.Ip "\fB2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate\fR" 4 -.IX Item "2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate" -the issuer certificate could not be found: this occurs if the issuer certificate -of an untrusted certificate cannot be found. -.Ip "\fB3 X509_V_ERR_UNABLE_TO_GET_CRL unable to get certificate \s-1CRL\s0\fR" 4 -.IX Item "3 X509_V_ERR_UNABLE_TO_GET_CRL unable to get certificate CRL" -the \s-1CRL\s0 of a certificate could not be found. Unused. -.Ip "\fB4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature\fR" 4 -.IX Item "4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature" -the certificate signature could not be decrypted. This means that the actual signature value -could not be determined rather than it not matching the expected value, this is only -meaningful for \s-1RSA\s0 keys. -.Ip "\fB5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt \s-1CRL\s0's signature\fR" 4 -.IX Item "5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature" -the \s-1CRL\s0 signature could not be decrypted: this means that the actual signature value -could not be determined rather than it not matching the expected value. Unused. -.Ip "\fB6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key\fR" 4 -.IX Item "6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key" -the public key in the certificate SubjectPublicKeyInfo could not be read. -.Ip "\fB7 X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure\fR" 4 -.IX Item "7 X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure" -the signature of the certificate is invalid. -.Ip "\fB8 X509_V_ERR_CRL_SIGNATURE_FAILURE: \s-1CRL\s0 signature failure\fR" 4 -.IX Item "8 X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure" -the signature of the certificate is invalid. Unused. -.Ip "\fB9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid\fR" 4 -.IX Item "9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid" -the certificate is not yet valid: the notBefore date is after the current time. -.Ip "\fB10 X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired\fR" 4 -.IX Item "10 X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired" -the certificate has expired: that is the notAfter date is before the current time. -.Ip "\fB11 X509_V_ERR_CRL_NOT_YET_VALID: \s-1CRL\s0 is not yet valid\fR" 4 -.IX Item "11 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid" -the \s-1CRL\s0 is not yet valid. Unused. -.Ip "\fB12 X509_V_ERR_CRL_HAS_EXPIRED: \s-1CRL\s0 has expired\fR" 4 -.IX Item "12 X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired" -the \s-1CRL\s0 has expired. Unused. -.Ip "\fB13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field\fR" 4 -.IX Item "13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field" -the certificate notBefore field contains an invalid time. -.Ip "\fB14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field\fR" 4 -.IX Item "14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field" -the certificate notAfter field contains an invalid time. -.Ip "\fB15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in \s-1CRL\s0's lastUpdate field\fR" 4 -.IX Item "15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field" -the \s-1CRL\s0 lastUpdate field contains an invalid time. Unused. -.Ip "\fB16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in \s-1CRL\s0's nextUpdate field\fR" 4 -.IX Item "16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field" -the \s-1CRL\s0 nextUpdate field contains an invalid time. Unused. -.Ip "\fB17 X509_V_ERR_OUT_OF_MEM: out of memory\fR" 4 -.IX Item "17 X509_V_ERR_OUT_OF_MEM: out of memory" -an error occurred trying to allocate memory. This should never happen. -.Ip "\fB18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate\fR" 4 -.IX Item "18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate" -the passed certificate is self signed and the same certificate cannot be found in the list of -trusted certificates. -.Ip "\fB19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain\fR" 4 -.IX Item "19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain" -the certificate chain could be built up using the untrusted certificates but the root could not -be found locally. -.Ip "\fB20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate\fR" 4 -.IX Item "20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate" -the issuer certificate of a locally looked up certificate could not be found. This normally means -the list of trusted certificates is not complete. -.Ip "\fB21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate\fR" 4 -.IX Item "21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate" -no signatures could be verified because the chain contains only one certificate and it is not -self signed. -.Ip "\fB22 X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long\fR" 4 -.IX Item "22 X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long" -the certificate chain length is greater than the supplied maximum depth. Unused. -.Ip "\fB23 X509_V_ERR_CERT_REVOKED: certificate revoked\fR" 4 -.IX Item "23 X509_V_ERR_CERT_REVOKED: certificate revoked" -the certificate has been revoked. Unused. -.Ip "\fB24 X509_V_ERR_INVALID_CA: invalid \s-1CA\s0 certificate\fR" 4 -.IX Item "24 X509_V_ERR_INVALID_CA: invalid CA certificate" -a \s-1CA\s0 certificate is invalid. Either it is not a \s-1CA\s0 or its extensions are not consistent -with the supplied purpose. -.Ip "\fB25 X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded\fR" 4 -.IX Item "25 X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded" -the basicConstraints pathlength parameter has been exceeded. -.Ip "\fB26 X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose\fR" 4 -.IX Item "26 X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose" -the supplied certificate cannot be used for the specified purpose. -.Ip "\fB27 X509_V_ERR_CERT_UNTRUSTED: certificate not trusted\fR" 4 -.IX Item "27 X509_V_ERR_CERT_UNTRUSTED: certificate not trusted" -the root \s-1CA\s0 is not marked as trusted for the specified purpose. -.Ip "\fB28 X509_V_ERR_CERT_REJECTED: certificate rejected\fR" 4 -.IX Item "28 X509_V_ERR_CERT_REJECTED: certificate rejected" -the root \s-1CA\s0 is marked to reject the specified purpose. -.Ip "\fB29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch\fR" 4 -.IX Item "29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch" -the current candidate issuer certificate was rejected because its subject name -did not match the issuer name of the current certificate. Only displayed when -the \fB\-issuer_checks\fR option is set. -.Ip "\fB30 X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch\fR" 4 -.IX Item "30 X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch" -the current candidate issuer certificate was rejected because its subject key -identifier was present and did not match the authority key identifier current -certificate. Only displayed when the \fB\-issuer_checks\fR option is set. -.Ip "\fB31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch\fR" 4 -.IX Item "31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch" -the current candidate issuer certificate was rejected because its issuer name -and serial number was present and did not match the authority key identifier -of the current certificate. Only displayed when the \fB\-issuer_checks\fR option is set. -.Ip "\fB32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing\fR" 4 -.IX Item "32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing" -the current candidate issuer certificate was rejected because its keyUsage extension -does not permit certificate signing. -.Ip "\fB50 X509_V_ERR_APPLICATION_VERIFICATION: application verification failure\fR" 4 -.IX Item "50 X509_V_ERR_APPLICATION_VERIFICATION: application verification failure" -an application specific error. Unused. -.SH "BUGS" -.IX Header "BUGS" -Although the issuer checks are a considerably improvement over the old technique they still -suffer from limitations in the underlying X509_LOOKUP \s-1API\s0. One consequence of this is that -trusted certificates with matching subject name must either appear in a file (as specified by the -\&\fB\-CAfile\fR option) or a directory (as specified by \fB\-CApath\fR. If they occur in both then only -the certificates in the file will be recognised. -.PP -Previous versions of OpenSSL assume certificates with matching subject name are identical and -mishandled them. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -x509(1) diff --git a/secure/lib/libcrypto/man/version.1 b/secure/lib/libcrypto/man/version.1 deleted file mode 100644 index 9d2112d6004b..000000000000 --- a/secure/lib/libcrypto/man/version.1 +++ /dev/null @@ -1,180 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:59 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "VERSION 1" -.TH VERSION 1 "0.9.6e" "2000-04-13" "OpenSSL" -.UC -.SH "NAME" -version \- print OpenSSL version information -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl version\fR -[\fB\-a\fR] -[\fB\-v\fR] -[\fB\-b\fR] -[\fB\-o\fR] -[\fB\-f\fR] -[\fB\-p\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -This command is used to print out version information about OpenSSL. -.SH "OPTIONS" -.IX Header "OPTIONS" -.Ip "\fB\-a\fR" 4 -.IX Item "-a" -all information, this is the same as setting all the other flags. -.Ip "\fB\-v\fR" 4 -.IX Item "-v" -the current OpenSSL version. -.Ip "\fB\-b\fR" 4 -.IX Item "-b" -the date the current version of OpenSSL was built. -.Ip "\fB\-o\fR" 4 -.IX Item "-o" -option information: various options set when the library was built. -.Ip "\fB\-c\fR" 4 -.IX Item "-c" -compilation flags. -.Ip "\fB\-p\fR" 4 -.IX Item "-p" -platform setting. -.SH "NOTES" -.IX Header "NOTES" -The output of \fBopenssl version \-a\fR would typically be used when sending -in a bug report. diff --git a/secure/lib/libcrypto/man/x509.1 b/secure/lib/libcrypto/man/x509.1 deleted file mode 100644 index 4b76ee1c5666..000000000000 --- a/secure/lib/libcrypto/man/x509.1 +++ /dev/null @@ -1,748 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:00 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "X509 1" -.TH X509 1 "0.9.6e" "2000-11-12" "OpenSSL" -.UC -.SH "NAME" -x509 \- Certificate display and signing utility -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBx509\fR -[\fB\-inform DER|PEM|NET\fR] -[\fB\-outform DER|PEM|NET\fR] -[\fB\-keyform DER|PEM\fR] -[\fB\-CAform DER|PEM\fR] -[\fB\-CAkeyform DER|PEM\fR] -[\fB\-in filename\fR] -[\fB\-out filename\fR] -[\fB\-serial\fR] -[\fB\-hash\fR] -[\fB\-subject\fR] -[\fB\-issuer\fR] -[\fB\-nameopt option\fR] -[\fB\-email\fR] -[\fB\-startdate\fR] -[\fB\-enddate\fR] -[\fB\-purpose\fR] -[\fB\-dates\fR] -[\fB\-modulus\fR] -[\fB\-fingerprint\fR] -[\fB\-alias\fR] -[\fB\-noout\fR] -[\fB\-trustout\fR] -[\fB\-clrtrust\fR] -[\fB\-clrreject\fR] -[\fB\-addtrust arg\fR] -[\fB\-addreject arg\fR] -[\fB\-setalias arg\fR] -[\fB\-days arg\fR] -[\fB\-signkey filename\fR] -[\fB\-x509toreq\fR] -[\fB\-req\fR] -[\fB\-CA filename\fR] -[\fB\-CAkey filename\fR] -[\fB\-CAcreateserial\fR] -[\fB\-CAserial filename\fR] -[\fB\-text\fR] -[\fB\-C\fR] -[\fB\-md2|\-md5|\-sha1|\-mdc2\fR] -[\fB\-clrext\fR] -[\fB\-extfile filename\fR] -[\fB\-extensions section\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBx509\fR command is a multi purpose certificate utility. It can be -used to display certificate information, convert certificates to -various forms, sign certificate requests like a \*(L"mini \s-1CA\s0\*(R" or edit -certificate trust settings. -.PP -Since there are a large number of options they will split up into -various sections. -.SH "INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS" -.IX Header "INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS" -.Ip "\fB\-inform DER|PEM|NET\fR" 4 -.IX Item "-inform DER|PEM|NET" -This specifies the input format normally the command will expect an X509 -certificate but this can change if other options such as \fB\-req\fR are -present. The \s-1DER\s0 format is the \s-1DER\s0 encoding of the certificate and \s-1PEM\s0 -is the base64 encoding of the \s-1DER\s0 encoding with header and footer lines -added. The \s-1NET\s0 option is an obscure Netscape server format that is now -obsolete. -.Ip "\fB\-outform DER|PEM|NET\fR" 4 -.IX Item "-outform DER|PEM|NET" -This specifies the output format, the options have the same meaning as the -\&\fB\-inform\fR option. -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -This specifies the input filename to read a certificate from or standard input -if this option is not specified. -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -This specifies the output filename to write to or standard output by -default. -.Ip "\fB\-md2|\-md5|\-sha1|\-mdc2\fR" 4 -.IX Item "-md2|-md5|-sha1|-mdc2" -the digest to use. This affects any signing or display option that uses a message -digest, such as the \fB\-fingerprint\fR, \fB\-signkey\fR and \fB\-CA\fR options. If not -specified then \s-1MD5\s0 is used. If the key being used to sign with is a \s-1DSA\s0 key then -this option has no effect: \s-1SHA1\s0 is always used with \s-1DSA\s0 keys. -.SH "DISPLAY OPTIONS" -.IX Header "DISPLAY OPTIONS" -Note: the \fB\-alias\fR and \fB\-purpose\fR options are also display options -but are described in the \fB\s-1TRUST\s0 \s-1OPTIONS\s0\fR section. -.Ip "\fB\-text\fR" 4 -.IX Item "-text" -prints out the certificate in text form. Full details are output including the -public key, signature algorithms, issuer and subject names, serial number -any extensions present and any trust settings. -.Ip "\fB\-noout\fR" 4 -.IX Item "-noout" -this option prevents output of the encoded version of the request. -.Ip "\fB\-modulus\fR" 4 -.IX Item "-modulus" -this option prints out the value of the modulus of the public key -contained in the certificate. -.Ip "\fB\-serial\fR" 4 -.IX Item "-serial" -outputs the certificate serial number. -.Ip "\fB\-hash\fR" 4 -.IX Item "-hash" -outputs the \*(L"hash\*(R" of the certificate subject name. This is used in OpenSSL to -form an index to allow certificates in a directory to be looked up by subject -name. -.Ip "\fB\-subject\fR" 4 -.IX Item "-subject" -outputs the subject name. -.Ip "\fB\-issuer\fR" 4 -.IX Item "-issuer" -outputs the issuer name. -.Ip "\fB\-nameopt option\fR" 4 -.IX Item "-nameopt option" -option which determine how the subject or issuer names are displayed. This -option may be used more than once to set multiple options. See the \fB\s-1NAME\s0 -\&\s-1OPTIONS\s0\fR section for more information. -.Ip "\fB\-email\fR" 4 -.IX Item "-email" -outputs the email address(es) if any. -.Ip "\fB\-startdate\fR" 4 -.IX Item "-startdate" -prints out the start date of the certificate, that is the notBefore date. -.Ip "\fB\-enddate\fR" 4 -.IX Item "-enddate" -prints out the expiry date of the certificate, that is the notAfter date. -.Ip "\fB\-dates\fR" 4 -.IX Item "-dates" -prints out the start and expiry dates of a certificate. -.Ip "\fB\-fingerprint\fR" 4 -.IX Item "-fingerprint" -prints out the digest of the \s-1DER\s0 encoded version of the whole certificate. -.Ip "\fB\-C\fR" 4 -.IX Item "-C" -this outputs the certificate in the form of a C source file. -.SH "TRUST SETTINGS" -.IX Header "TRUST SETTINGS" -Please note these options are currently experimental and may well change. -.PP -A \fBtrusted certificate\fR is an ordinary certificate which has several -additional pieces of information attached to it such as the permitted -and prohibited uses of the certificate and an \*(L"alias\*(R". -.PP -Normally when a certificate is being verified at least one certificate -must be \*(L"trusted\*(R". By default a trusted certificate must be stored -locally and must be a root \s-1CA:\s0 any certificate chain ending in this \s-1CA\s0 -is then usable for any purpose. -.PP -Trust settings currently are only used with a root \s-1CA\s0. They allow a finer -control over the purposes the root \s-1CA\s0 can be used for. For example a \s-1CA\s0 -may be trusted for \s-1SSL\s0 client but not \s-1SSL\s0 server use. -.PP -See the description of the \fBverify\fR utility for more information on the -meaning of trust settings. -.PP -Future versions of OpenSSL will recognize trust settings on any -certificate: not just root CAs. -.Ip "\fB\-trustout\fR" 4 -.IX Item "-trustout" -this causes \fBx509\fR to output a \fBtrusted\fR certificate. An ordinary -or trusted certificate can be input but by default an ordinary -certificate is output and any trust settings are discarded. With the -\&\fB\-trustout\fR option a trusted certificate is output. A trusted -certificate is automatically output if any trust settings are modified. -.Ip "\fB\-setalias arg\fR" 4 -.IX Item "-setalias arg" -sets the alias of the certificate. This will allow the certificate -to be referred to using a nickname for example \*(L"Steve's Certificate\*(R". -.Ip "\fB\-alias\fR" 4 -.IX Item "-alias" -outputs the certificate alias, if any. -.Ip "\fB\-clrtrust\fR" 4 -.IX Item "-clrtrust" -clears all the permitted or trusted uses of the certificate. -.Ip "\fB\-clrreject\fR" 4 -.IX Item "-clrreject" -clears all the prohibited or rejected uses of the certificate. -.Ip "\fB\-addtrust arg\fR" 4 -.IX Item "-addtrust arg" -adds a trusted certificate use. Any object name can be used here -but currently only \fBclientAuth\fR (\s-1SSL\s0 client use), \fBserverAuth\fR -(\s-1SSL\s0 server use) and \fBemailProtection\fR (S/MIME email) are used. -Other OpenSSL applications may define additional uses. -.Ip "\fB\-addreject arg\fR" 4 -.IX Item "-addreject arg" -adds a prohibited use. It accepts the same values as the \fB\-addtrust\fR -option. -.Ip "\fB\-purpose\fR" 4 -.IX Item "-purpose" -this option performs tests on the certificate extensions and outputs -the results. For a more complete description see the \fB\s-1CERTIFICATE\s0 -\&\s-1EXTENSIONS\s0\fR section. -.SH "SIGNING OPTIONS" -.IX Header "SIGNING OPTIONS" -The \fBx509\fR utility can be used to sign certificates and requests: it -can thus behave like a \*(L"mini \s-1CA\s0\*(R". -.Ip "\fB\-signkey filename\fR" 4 -.IX Item "-signkey filename" -this option causes the input file to be self signed using the supplied -private key. -.Sp -If the input file is a certificate it sets the issuer name to the -subject name (i.e. makes it self signed) changes the public key to the -supplied value and changes the start and end dates. The start date is -set to the current time and the end date is set to a value determined -by the \fB\-days\fR option. Any certificate extensions are retained unless -the \fB\-clrext\fR option is supplied. -.Sp -If the input is a certificate request then a self signed certificate -is created using the supplied private key using the subject name in -the request. -.Ip "\fB\-clrext\fR" 4 -.IX Item "-clrext" -delete any extensions from a certificate. This option is used when a -certificate is being created from another certificate (for example with -the \fB\-signkey\fR or the \fB\-CA\fR options). Normally all extensions are -retained. -.Ip "\fB\-keyform PEM|DER\fR" 4 -.IX Item "-keyform PEM|DER" -specifies the format (\s-1DER\s0 or \s-1PEM\s0) of the private key file used in the -\&\fB\-signkey\fR option. -.Ip "\fB\-days arg\fR" 4 -.IX Item "-days arg" -specifies the number of days to make a certificate valid for. The default -is 30 days. -.Ip "\fB\-x509toreq\fR" 4 -.IX Item "-x509toreq" -converts a certificate into a certificate request. The \fB\-signkey\fR option -is used to pass the required private key. -.Ip "\fB\-req\fR" 4 -.IX Item "-req" -by default a certificate is expected on input. With this option a -certificate request is expected instead. -.Ip "\fB\-CA filename\fR" 4 -.IX Item "-CA filename" -specifies the \s-1CA\s0 certificate to be used for signing. When this option is -present \fBx509\fR behaves like a \*(L"mini \s-1CA\s0\*(R". The input file is signed by this -\&\s-1CA\s0 using this option: that is its issuer name is set to the subject name -of the \s-1CA\s0 and it is digitally signed using the CAs private key. -.Sp -This option is normally combined with the \fB\-req\fR option. Without the -\&\fB\-req\fR option the input is a certificate which must be self signed. -.Ip "\fB\-CAkey filename\fR" 4 -.IX Item "-CAkey filename" -sets the \s-1CA\s0 private key to sign a certificate with. If this option is -not specified then it is assumed that the \s-1CA\s0 private key is present in -the \s-1CA\s0 certificate file. -.Ip "\fB\-CAserial filename\fR" 4 -.IX Item "-CAserial filename" -sets the \s-1CA\s0 serial number file to use. -.Sp -When the \fB\-CA\fR option is used to sign a certificate it uses a serial -number specified in a file. This file consist of one line containing -an even number of hex digits with the serial number to use. After each -use the serial number is incremented and written out to the file again. -.Sp -The default filename consists of the \s-1CA\s0 certificate file base name with -\&\*(L".srl\*(R" appended. For example if the \s-1CA\s0 certificate file is called -\&\*(L"mycacert.pem\*(R" it expects to find a serial number file called \*(L"mycacert.srl\*(R". -.Ip "\fB\-CAcreateserial filename\fR" 4 -.IX Item "-CAcreateserial filename" -with this option the \s-1CA\s0 serial number file is created if it does not exist: -it will contain the serial number \*(L"02\*(R" and the certificate being signed will -have the 1 as its serial number. Normally if the \fB\-CA\fR option is specified -and the serial number file does not exist it is an error. -.Ip "\fB\-extfile filename\fR" 4 -.IX Item "-extfile filename" -file containing certificate extensions to use. If not specified then -no extensions are added to the certificate. -.Ip "\fB\-extensions section\fR" 4 -.IX Item "-extensions section" -the section to add certificate extensions from. If this option is not -specified then the extensions should either be contained in the unnamed -(default) section or the default section should contain a variable called -\&\*(L"extensions\*(R" which contains the section to use. -.SH "NAME OPTIONS" -.IX Header "NAME OPTIONS" -The \fBnameopt\fR command line switch determines how the subject and issuer -names are displayed. If no \fBnameopt\fR switch is present the default \*(L"oneline\*(R" -format is used which is compatible with previous versions of OpenSSL. -Each option is described in detail below, all options can be preceded by -a \fB-\fR to turn the option off. Only the first four will normally be used. -.Ip "\fBcompat\fR" 4 -.IX Item "compat" -use the old format. This is equivalent to specifying no name options at all. -.Ip "\fB\s-1RFC2253\s0\fR" 4 -.IX Item "RFC2253" -displays names compatible with \s-1RFC2253\s0 equivalent to \fBesc_2253\fR, \fBesc_ctrl\fR, -\&\fBesc_msb\fR, \fButf8\fR, \fBdump_nostr\fR, \fBdump_unknown\fR, \fBdump_der\fR, -\&\fBsep_comma_plus\fR, \fBdn_rev\fR and \fBsname\fR. -.Ip "\fBoneline\fR" 4 -.IX Item "oneline" -a oneline format which is more readable than \s-1RFC2253\s0. It is equivalent to -specifying the \fBesc_2253\fR, \fBesc_ctrl\fR, \fBesc_msb\fR, \fButf8\fR, \fBdump_nostr\fR, -\&\fBdump_der\fR, \fBuse_quote\fR, \fBsep_comma_plus_spc\fR, \fBspc_eq\fR and \fBsname\fR -options. -.Ip "\fBmultiline\fR" 4 -.IX Item "multiline" -a multiline format. It is equivalent \fBesc_ctrl\fR, \fBesc_msb\fR, \fBsep_multiline\fR, -\&\fBspc_eq\fR and \fBlname\fR. -.Ip "\fBesc_2253\fR" 4 -.IX Item "esc_2253" -escape the \*(L"special\*(R" characters required by \s-1RFC2253\s0 in a field That is -\&\fB,+"<>;\fR. Additionally \fB#\fR is escaped at the beginnging of a string -and a space character at the beginning or end of a string. -.Ip "\fBesc_ctrl\fR" 4 -.IX Item "esc_ctrl" -escape control characters. That is those with \s-1ASCII\s0 values less than -0x20 (space) and the delete (0x7f) character. They are escaped using the -\&\s-1RFC2253\s0 \eXX notation (where \s-1XX\s0 are two hex digits representing the -character value). -.Ip "\fBesc_msb\fR" 4 -.IX Item "esc_msb" -escape characters with the \s-1MSB\s0 set, that is with \s-1ASCII\s0 values larger than -127. -.Ip "\fBuse_quote\fR" 4 -.IX Item "use_quote" -escapes some characters by surrounding the whole string with \fB"\fR characters, -without the option all escaping is done with the \fB\e\fR character. -.Ip "\fButf8\fR" 4 -.IX Item "utf8" -convert all strings to \s-1UTF8\s0 format first. This is required by \s-1RFC2253\s0. If -you are lucky enough to have a \s-1UTF8\s0 compatible terminal then the use -of this option (and \fBnot\fR setting \fBesc_msb\fR) may result in the correct -display of multibyte (international) characters. Is this option is not -present then multibyte characters larger than 0xff will be represented -using the format \eUXXXX for 16 bits and \eWXXXXXXXX for 32 bits. -Also if this option is off any UTF8Strings will be converted to their -character form first. -.Ip "\fBno_type\fR" 4 -.IX Item "no_type" -this option does not attempt to interpret multibyte characters in any -way. That is their content octets are merely dumped as though one octet -represents each character. This is useful for diagnostic purposes but -will result in rather odd looking output. -.Ip "\fBshow_type\fR" 4 -.IX Item "show_type" -show the type of the \s-1ASN1\s0 character string. The type precedes the -field contents. For example \*(L"\s-1BMPSTRING:\s0 Hello World\*(R". -.Ip "\fBdump_der\fR" 4 -.IX Item "dump_der" -when this option is set any fields that need to be hexdumped will -be dumped using the \s-1DER\s0 encoding of the field. Otherwise just the -content octets will be displayed. Both options use the \s-1RFC2253\s0 -\&\fB#XXXX...\fR format. -.Ip "\fBdump_nostr\fR" 4 -.IX Item "dump_nostr" -dump non character string types (for example \s-1OCTET\s0 \s-1STRING\s0) if this -option is not set then non character string types will be displayed -as though each content octet repesents a single character. -.Ip "\fBdump_all\fR" 4 -.IX Item "dump_all" -dump all fields. This option when used with \fBdump_der\fR allows the -\&\s-1DER\s0 encoding of the structure to be unambiguously determined. -.Ip "\fBdump_unknown\fR" 4 -.IX Item "dump_unknown" -dump any field whose \s-1OID\s0 is not recognised by OpenSSL. -.Ip "\fBsep_comma_plus\fR, \fBsep_comma_plus_space\fR, \fBsep_semi_plus_space\fR, \fBsep_multiline\fR" 4 -.IX Item "sep_comma_plus, sep_comma_plus_space, sep_semi_plus_space, sep_multiline" -these options determine the field separators. The first character is -between RDNs and the second between multiple AVAs (multiple AVAs are -very rare and their use is discouraged). The options ending in -\&\*(L"space\*(R" additionally place a space after the separator to make it -more readable. The \fBsep_multiline\fR uses a linefeed character for -the \s-1RDN\s0 separator and a spaced \fB+\fR for the \s-1AVA\s0 separator. It also -indents the fields by four characters. -.Ip "\fBdn_rev\fR" 4 -.IX Item "dn_rev" -reverse the fields of the \s-1DN\s0. This is required by \s-1RFC2253\s0. As a side -effect this also reverses the order of multiple AVAs but this is -permissible. -.Ip "\fBnofname\fR, \fBsname\fR, \fBlname\fR, \fBoid\fR" 4 -.IX Item "nofname, sname, lname, oid" -these options alter how the field name is displayed. \fBnofname\fR does -not display the field at all. \fBsname\fR uses the \*(L"short name\*(R" form -(\s-1CN\s0 for commonName for example). \fBlname\fR uses the long form. -\&\fBoid\fR represents the \s-1OID\s0 in numerical form and is useful for -diagnostic purpose. -.Ip "\fBspc_eq\fR" 4 -.IX Item "spc_eq" -places spaces round the \fB=\fR character which follows the field -name. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Note: in these examples the '\e' means the example should be all on one -line. -.PP -Display the contents of a certificate: -.PP -.Vb 1 -\& openssl x509 -in cert.pem -noout -text -.Ve -Display the certificate serial number: -.PP -.Vb 1 -\& openssl x509 -in cert.pem -noout -serial -.Ve -Display the certificate subject name: -.PP -.Vb 1 -\& openssl x509 -in cert.pem -noout -subject -.Ve -Display the certificate subject name in \s-1RFC2253\s0 form: -.PP -.Vb 1 -\& openssl x509 -in cert.pem -noout -subject -nameopt RFC2253 -.Ve -Display the certificate subject name in oneline form on a terminal -supporting \s-1UTF8:\s0 -.PP -.Vb 1 -\& openssl x509 -in cert.pem -noout -subject -nameopt oneline -nameopt -escmsb -.Ve -Display the certificate \s-1MD5\s0 fingerprint: -.PP -.Vb 1 -\& openssl x509 -in cert.pem -noout -fingerprint -.Ve -Display the certificate \s-1SHA1\s0 fingerprint: -.PP -.Vb 1 -\& openssl x509 -sha1 -in cert.pem -noout -fingerprint -.Ve -Convert a certificate from \s-1PEM\s0 to \s-1DER\s0 format: -.PP -.Vb 1 -\& openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER -.Ve -Convert a certificate to a certificate request: -.PP -.Vb 1 -\& openssl x509 -x509toreq -in cert.pem -out req.pem -signkey key.pem -.Ve -Convert a certificate request into a self signed certificate using -extensions for a \s-1CA:\s0 -.PP -.Vb 2 -\& openssl x509 -req -in careq.pem -extfile openssl.cnf -extensions v3_ca \e -\& -signkey key.pem -out cacert.pem -.Ve -Sign a certificate request using the \s-1CA\s0 certificate above and add user -certificate extensions: -.PP -.Vb 2 -\& openssl x509 -req -in req.pem -extfile openssl.cnf -extensions v3_usr \e -\& -CA cacert.pem -CAkey key.pem -CAcreateserial -.Ve -Set a certificate to be trusted for \s-1SSL\s0 client use and change set its alias to -\&\*(L"Steve's Class 1 \s-1CA\s0\*(R" -.PP -.Vb 2 -\& openssl x509 -in cert.pem -addtrust sslclient \e -\& -alias "Steve's Class 1 CA" -out trust.pem -.Ve -.SH "NOTES" -.IX Header "NOTES" -The \s-1PEM\s0 format uses the header and footer lines: -.PP -.Vb 2 -\& -----BEGIN CERTIFICATE---- -\& -----END CERTIFICATE---- -.Ve -it will also handle files containing: -.PP -.Vb 2 -\& -----BEGIN X509 CERTIFICATE---- -\& -----END X509 CERTIFICATE---- -.Ve -Trusted certificates have the lines -.PP -.Vb 2 -\& -----BEGIN TRUSTED CERTIFICATE---- -\& -----END TRUSTED CERTIFICATE---- -.Ve -The conversion to \s-1UTF8\s0 format used with the name options assumes that -T61Strings use the \s-1ISO8859\-1\s0 character set. This is wrong but Netscape -and \s-1MSIE\s0 do this as do many certificates. So although this is incorrect -it is more likely to display the majority of certificates correctly. -.PP -The \fB\-fingerprint\fR option takes the digest of the \s-1DER\s0 encoded certificate. -This is commonly called a \*(L"fingerprint\*(R". Because of the nature of message -digests the fingerprint of a certificate is unique to that certificate and -two certificates with the same fingerprint can be considered to be the same. -.PP -The Netscape fingerprint uses \s-1MD5\s0 whereas \s-1MSIE\s0 uses \s-1SHA1\s0. -.PP -The \fB\-email\fR option searches the subject name and the subject alternative -name extension. Only unique email addresses will be printed out: it will -not print the same address more than once. -.SH "CERTIFICATE EXTENSIONS" -.IX Header "CERTIFICATE EXTENSIONS" -The \fB\-purpose\fR option checks the certificate extensions and determines -what the certificate can be used for. The actual checks done are rather -complex and include various hacks and workarounds to handle broken -certificates and software. -.PP -The same code is used when verifying untrusted certificates in chains -so this section is useful if a chain is rejected by the verify code. -.PP -The basicConstraints extension \s-1CA\s0 flag is used to determine whether the -certificate can be used as a \s-1CA\s0. If the \s-1CA\s0 flag is true then it is a \s-1CA\s0, -if the \s-1CA\s0 flag is false then it is not a \s-1CA\s0. \fBAll\fR CAs should have the -\&\s-1CA\s0 flag set to true. -.PP -If the basicConstraints extension is absent then the certificate is -considered to be a \*(L"possible \s-1CA\s0\*(R" other extensions are checked according -to the intended use of the certificate. A warning is given in this case -because the certificate should really not be regarded as a \s-1CA:\s0 however -it is allowed to be a \s-1CA\s0 to work around some broken software. -.PP -If the certificate is a V1 certificate (and thus has no extensions) and -it is self signed it is also assumed to be a \s-1CA\s0 but a warning is again -given: this is to work around the problem of Verisign roots which are V1 -self signed certificates. -.PP -If the keyUsage extension is present then additional restraints are -made on the uses of the certificate. A \s-1CA\s0 certificate \fBmust\fR have the -keyCertSign bit set if the keyUsage extension is present. -.PP -The extended key usage extension places additional restrictions on the -certificate uses. If this extension is present (whether critical or not) -the key can only be used for the purposes specified. -.PP -A complete description of each test is given below. The comments about -basicConstraints and keyUsage and V1 certificates above apply to \fBall\fR -\&\s-1CA\s0 certificates. -.Ip "\fB\s-1SSL\s0 Client\fR" 4 -.IX Item "SSL Client" -The extended key usage extension must be absent or include the \*(L"web client -authentication\*(R" \s-1OID\s0. keyUsage must be absent or it must have the -digitalSignature bit set. Netscape certificate type must be absent or it must -have the \s-1SSL\s0 client bit set. -.Ip "\fB\s-1SSL\s0 Client \s-1CA\s0\fR" 4 -.IX Item "SSL Client CA" -The extended key usage extension must be absent or include the \*(L"web client -authentication\*(R" \s-1OID\s0. Netscape certificate type must be absent or it must have -the \s-1SSL\s0 \s-1CA\s0 bit set: this is used as a work around if the basicConstraints -extension is absent. -.Ip "\fB\s-1SSL\s0 Server\fR" 4 -.IX Item "SSL Server" -The extended key usage extension must be absent or include the \*(L"web server -authentication\*(R" and/or one of the \s-1SGC\s0 OIDs. keyUsage must be absent or it -must have the digitalSignature, the keyEncipherment set or both bits set. -Netscape certificate type must be absent or have the \s-1SSL\s0 server bit set. -.Ip "\fB\s-1SSL\s0 Server \s-1CA\s0\fR" 4 -.IX Item "SSL Server CA" -The extended key usage extension must be absent or include the \*(L"web server -authentication\*(R" and/or one of the \s-1SGC\s0 OIDs. Netscape certificate type must -be absent or the \s-1SSL\s0 \s-1CA\s0 bit must be set: this is used as a work around if the -basicConstraints extension is absent. -.Ip "\fBNetscape \s-1SSL\s0 Server\fR" 4 -.IX Item "Netscape SSL Server" -For Netscape \s-1SSL\s0 clients to connect to an \s-1SSL\s0 server it must have the -keyEncipherment bit set if the keyUsage extension is present. This isn't -always valid because some cipher suites use the key for digital signing. -Otherwise it is the same as a normal \s-1SSL\s0 server. -.Ip "\fBCommon S/MIME Client Tests\fR" 4 -.IX Item "Common S/MIME Client Tests" -The extended key usage extension must be absent or include the \*(L"email -protection\*(R" \s-1OID\s0. Netscape certificate type must be absent or should have the -S/MIME bit set. If the S/MIME bit is not set in netscape certificate type -then the \s-1SSL\s0 client bit is tolerated as an alternative but a warning is shown: -this is because some Verisign certificates don't set the S/MIME bit. -.Ip "\fBS/MIME Signing\fR" 4 -.IX Item "S/MIME Signing" -In addition to the common S/MIME client tests the digitalSignature bit must -be set if the keyUsage extension is present. -.Ip "\fBS/MIME Encryption\fR" 4 -.IX Item "S/MIME Encryption" -In addition to the common S/MIME tests the keyEncipherment bit must be set -if the keyUsage extension is present. -.Ip "\fBS/MIME \s-1CA\s0\fR" 4 -.IX Item "S/MIME CA" -The extended key usage extension must be absent or include the \*(L"email -protection\*(R" \s-1OID\s0. Netscape certificate type must be absent or must have the -S/MIME \s-1CA\s0 bit set: this is used as a work around if the basicConstraints -extension is absent. -.Ip "\fB\s-1CRL\s0 Signing\fR" 4 -.IX Item "CRL Signing" -The keyUsage extension must be absent or it must have the \s-1CRL\s0 signing bit -set. -.Ip "\fB\s-1CRL\s0 Signing \s-1CA\s0\fR" 4 -.IX Item "CRL Signing CA" -The normal \s-1CA\s0 tests apply. Except in this case the basicConstraints extension -must be present. -.SH "BUGS" -.IX Header "BUGS" -Extensions in certificates are not transferred to certificate requests and -vice versa. -.PP -It is possible to produce invalid certificates or requests by specifying the -wrong private key or using inconsistent options in some cases: these should -be checked. -.PP -There should be options to explicitly set such things as start and end -dates rather than an offset from the current time. -.PP -The code to implement the verify behaviour described in the \fB\s-1TRUST\s0 \s-1SETTINGS\s0\fR -is currently being developed. It thus describes the intended behaviour rather -than the current behaviour. It is hoped that it will represent reality in -OpenSSL 0.9.5 and later. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -req(1), ca(1), genrsa(1), -gendsa(1), verify(1) |