diff options
831 files changed, 19816 insertions, 15557 deletions
diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES index 4b68f4832909..67a6bd233816 100644 --- a/crypto/openssl/CHANGES +++ b/crypto/openssl/CHANGES @@ -7,6 +7,44 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. + Changes between 1.1.1a and 1.1.1b [26 Feb 2019] + + *) Added SCA hardening for modular field inversion in EC_GROUP through + a new dedicated field_inv() pointer in EC_METHOD. + This also addresses a leakage affecting conversions from projective + to affine coordinates. + [Billy Bob Brumley, Nicola Tuveri] + + *) Change the info callback signals for the start and end of a post-handshake + message exchange in TLSv1.3. In 1.1.1/1.1.1a we used SSL_CB_HANDSHAKE_START + and SSL_CB_HANDSHAKE_DONE. Experience has shown that many applications get + confused by this and assume that a TLSv1.2 renegotiation has started. This + can break KeyUpdate handling. Instead we no longer signal the start and end + of a post handshake message exchange (although the messages themselves are + still signalled). This could break some applications that were expecting + the old signals. However without this KeyUpdate is not usable for many + applications. + [Matt Caswell] + + *) Fix a bug in the computation of the endpoint-pair shared secret used + by DTLS over SCTP. This breaks interoperability with older versions + of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2. There is a runtime + switch SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG (off by default) enabling + interoperability with such broken implementations. However, enabling + this switch breaks interoperability with correct implementations. + + *) Fix a use after free bug in d2i_X509_PUBKEY when overwriting a + re-used X509_PUBKEY object if the second PUBKEY is malformed. + [Bernd Edlinger] + + *) Move strictness check from EVP_PKEY_asn1_new() to EVP_PKEY_asn1_add0(). + [Richard Levitte] + + *) Remove the 'dist' target and add a tarball building script. The + 'dist' target has fallen out of use, and it shouldn't be + necessary to configure just to create a source distribution. + [Richard Levitte] + Changes between 1.1.1 and 1.1.1a [20 Nov 2018] *) Timing vulnerability in DSA signature generation diff --git a/crypto/openssl/CONTRIBUTING b/crypto/openssl/CONTRIBUTING index c0eed39e34b2..5d717763d51e 100644 --- a/crypto/openssl/CONTRIBUTING +++ b/crypto/openssl/CONTRIBUTING @@ -57,7 +57,7 @@ guidelines: 7. For user visible changes (API changes, behaviour changes, ...), consider adding a note in CHANGES. This could be a summarising description of the change, and could explain the grander details. - Have a look through existing entries for inspiration. + Have a look through existing entries for inspiration. Please note that this is NOT simply a copy of git-log oneliners. Also note that security fixes get an entry in CHANGES. This file helps users get more in depth information of what comes diff --git a/crypto/openssl/Configure b/crypto/openssl/Configure index d5dc36c285ba..608012225cc9 100755 --- a/crypto/openssl/Configure +++ b/crypto/openssl/Configure @@ -1,6 +1,6 @@ #! /usr/bin/env perl # -*- mode: perl; -*- -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -144,6 +144,8 @@ my $gcc_devteam_warn = "-DDEBUG_UNUSED" # -Wlanguage-extension-token -- no, we use asm() # -Wunused-macros -- no, too tricky for BN and _XOPEN_SOURCE etc # -Wextended-offsetof -- no, needed in CMS ASN1 code +# -Wunused-function -- no, it forces header use of safestack et al +# DEFINE macros my $clang_devteam_warn = "" . " -Wswitch-default" . " -Wno-parentheses-equality" @@ -153,6 +155,7 @@ my $clang_devteam_warn = "" . " -Wincompatible-pointer-types-discards-qualifiers" . " -Wmissing-variable-declarations" . " -Wno-unknown-warning-option" + . " -Wno-unused-function" ; # This adds backtrace information to the memory leak info. Is only used @@ -374,6 +377,7 @@ my @disablables = ( "msan", "multiblock", "nextprotoneg", + "pinshared", "ocb", "ocsp", "pic", @@ -1110,13 +1114,13 @@ foreach my $feature (@{$target{disable}}) { $disabled{$feature} = 'config'; } foreach my $feature (@{$target{enable}}) { - if ("default" eq ($disabled{$_} // "")) { + if ("default" eq ($disabled{$feature} // "")) { if (exists $deprecated_disablables{$feature}) { warn "***** config $target enables deprecated feature $feature\n"; } elsif (!grep { $feature eq $_ } @disablables) { die "***** config $target enables unknown feature $feature\n"; } - delete $disabled{$_}; + delete $disabled{$feature}; } } @@ -1370,6 +1374,7 @@ unless ($disabled{asm}) { push @{$config{lib_defines}}, "OPENSSL_BN_ASM_MONT" if ($target{bn_asm_src} =~ /-mont/); push @{$config{lib_defines}}, "OPENSSL_BN_ASM_MONT5" if ($target{bn_asm_src} =~ /-mont5/); push @{$config{lib_defines}}, "OPENSSL_BN_ASM_GF2m" if ($target{bn_asm_src} =~ /-gf2m/); + push @{$config{lib_defines}}, "BN_DIV3W" if ($target{bn_asm_src} =~ /-div3w/); if ($target{sha1_asm_src}) { push @{$config{lib_defines}}, "SHA1_ASM" if ($target{sha1_asm_src} =~ /sx86/ || $target{sha1_asm_src} =~ /sha1/); diff --git a/crypto/openssl/INSTALL b/crypto/openssl/INSTALL index 4ce6651b6b34..7fe55d428f2f 100644 --- a/crypto/openssl/INSTALL +++ b/crypto/openssl/INSTALL @@ -326,6 +326,11 @@ Don't build support for datagram based BIOs. Selecting this option will also force the disabling of DTLS. + enable-devcryptoeng + Build the /dev/crypto engine. It is automatically selected + on BSD implementations, in which case it can be disabled with + no-devcryptoeng. + no-dso Don't build support for loading Dynamic Shared Objects. @@ -402,6 +407,24 @@ no-pic Don't build with support for Position Independent Code. + no-pinshared By default OpenSSL will attempt to stay in memory until the + process exits. This is so that libcrypto and libssl can be + properly cleaned up automatically via an "atexit()" handler. + The handler is registered by libcrypto and cleans up both + libraries. On some platforms the atexit() handler will run on + unload of libcrypto (if it has been dynamically loaded) + rather than at process exit. This option can be used to stop + OpenSSL from attempting to stay in memory until the process + exits. This could lead to crashes if either libcrypto or + libssl have already been unloaded at the point + that the atexit handler is invoked, e.g. on a platform which + calls atexit() on unload of the library, and libssl is + unloaded before libcrypto then a crash is likely to happen. + Applications can suppress running of the atexit() handler at + run time by using the OPENSSL_INIT_NO_ATEXIT option to + OPENSSL_init_crypto(). See the man page for it for further + details. + no-posix-io Don't use POSIX IO capabilities. @@ -941,10 +964,10 @@ * COMPILING existing applications - OpenSSL 1.1.0 hides a number of structures that were previously - open. This includes all internal libssl structures and a number - of EVP types. Accessor functions have been added to allow - controlled access to the structures' data. + Starting with version 1.1.0, OpenSSL hides a number of structures + that were previously open. This includes all internal libssl + structures and a number of EVP types. Accessor functions have + been added to allow controlled access to the structures' data. This means that some software needs to be rewritten to adapt to the new ways of doing things. This often amounts to allocating @@ -1047,7 +1070,7 @@ depend Rebuild the dependencies in the Makefiles. This is a legacy - option that no longer needs to be used in OpenSSL 1.1.0. + option that no longer needs to be used since OpenSSL 1.1.0. install Install all OpenSSL components. diff --git a/crypto/openssl/LICENSE b/crypto/openssl/LICENSE index e953f590cb76..9601ab43575f 100644 --- a/crypto/openssl/LICENSE +++ b/crypto/openssl/LICENSE @@ -10,14 +10,14 @@ --------------- /* ==================================================================== - * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -72,21 +72,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -101,10 +101,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -116,7 +116,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS index b95e93027f83..aa104ddc053e 100644 --- a/crypto/openssl/NEWS +++ b/crypto/openssl/NEWS @@ -5,6 +5,13 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.1.1a and OpenSSL 1.1.1b [26 Feb 2019] + + o Change the info callback signals for the start and end of a post-handshake + message exchange in TLSv1.3. + o Fix a bug in DTLS over SCTP. This breaks interoperability with older versions + of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2. + Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018] o Timing vulnerability in DSA signature generation (CVE-2018-0734) diff --git a/crypto/openssl/README b/crypto/openssl/README index affb172e8ba8..d0023229572f 100644 --- a/crypto/openssl/README +++ b/crypto/openssl/README @@ -1,5 +1,5 @@ - OpenSSL 1.1.1a 20 Nov 2018 + OpenSSL 1.1.1b 26 Feb 2019 Copyright (c) 1998-2018 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/crypto/openssl/apps/apps.c b/crypto/openssl/apps/apps.c index 653e3973e04d..36cb0b278337 100644 --- a/crypto/openssl/apps/apps.c +++ b/crypto/openssl/apps/apps.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1561,7 +1561,7 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr) #else BIO_snprintf(buf, sizeof(buf), "%s-attr", dbfile); #endif - dbattr_conf = app_load_config(buf); + dbattr_conf = app_load_config_quiet(buf); retdb = app_malloc(sizeof(*retdb), "new DB"); retdb->db = tmpdb; @@ -2196,7 +2196,7 @@ double app_tminterval(int stop, int usertime) return ret; } -#elif defined(OPENSSL_SYSTEM_VXWORKS) +#elif defined(OPENSSL_SYS_VXWORKS) # include <time.h> double app_tminterval(int stop, int usertime) diff --git a/crypto/openssl/apps/ct_log_list.cnf b/crypto/openssl/apps/ct_log_list.cnf index 650aa22da59c..e643cfdbdf3f 100644 --- a/crypto/openssl/apps/ct_log_list.cnf +++ b/crypto/openssl/apps/ct_log_list.cnf @@ -2,8 +2,8 @@ # that are to be trusted. # Google's list of logs can be found here: -# www.certificate-transparency.org/known-logs +# www.certificate-transparency.org/known-logs # A Python program to convert the log list to OpenSSL's format can be # found here: -# https://github.com/google/certificate-transparency/blob/master/python/utilities/log_list/print_log_list.py +# https://github.com/google/certificate-transparency/blob/master/python/utilities/log_list/print_log_list.py # Use the "--openssl_output" flag. diff --git a/crypto/openssl/apps/dh1024.pem b/crypto/openssl/apps/dh1024.pem index f1a5e180aa95..813e8a4a4822 100644 --- a/crypto/openssl/apps/dh1024.pem +++ b/crypto/openssl/apps/dh1024.pem @@ -4,7 +4,7 @@ Sgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL /1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgEC -----END DH PARAMETERS----- -These are the 1024-bit DH parameters from "Internet Key Exchange +These are the 1024-bit DH parameters from "Internet Key Exchange Protocol Version 2 (IKEv2)": https://tools.ietf.org/html/rfc5996 See https://tools.ietf.org/html/rfc2412 for how they were generated. diff --git a/crypto/openssl/apps/dh2048.pem b/crypto/openssl/apps/dh2048.pem index e899f2e0296d..288a20997e5a 100644 --- a/crypto/openssl/apps/dh2048.pem +++ b/crypto/openssl/apps/dh2048.pem @@ -7,8 +7,8 @@ fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq 5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAg== -----END DH PARAMETERS----- -These are the 2048-bit DH parameters from "More Modular Exponential -(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)": +These are the 2048-bit DH parameters from "More Modular Exponential +(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)": https://tools.ietf.org/html/rfc3526 See https://tools.ietf.org/html/rfc2412 for how they were generated. diff --git a/crypto/openssl/apps/dh4096.pem b/crypto/openssl/apps/dh4096.pem index adada2b55815..08560e1284e2 100644 --- a/crypto/openssl/apps/dh4096.pem +++ b/crypto/openssl/apps/dh4096.pem @@ -12,8 +12,8 @@ ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0BjGZ//////////8CAQI= -----END DH PARAMETERS----- -These are the 4096-bit DH parameters from "More Modular Exponential -(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)": +These are the 4096-bit DH parameters from "More Modular Exponential +(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)": https://tools.ietf.org/html/rfc3526 See https://tools.ietf.org/html/rfc2412 for how they were generated. diff --git a/crypto/openssl/apps/ocsp.c b/crypto/openssl/apps/ocsp.c index 7fd78624bbcc..e8aeb11cc51d 100644 --- a/crypto/openssl/apps/ocsp.c +++ b/crypto/openssl/apps/ocsp.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -36,7 +36,21 @@ NON_EMPTY_TRANSLATION_UNIT # include <openssl/x509v3.h> # include <openssl/rand.h> -# if defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_NO_SOCK) \ +#ifndef HAVE_FORK +# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) +# define HAVE_FORK 0 +# else +# define HAVE_FORK 1 +# endif +#endif + +#if HAVE_FORK +# undef NO_FORK +#else +# define NO_FORK +#endif + +# if !defined(NO_FORK) && !defined(OPENSSL_NO_SOCK) \ && !defined(OPENSSL_NO_POSIX_IO) # define OCSP_DAEMON # include <sys/types.h> @@ -53,6 +67,20 @@ NON_EMPTY_TRANSLATION_UNIT # define LOG_ERR 2 # endif +# if defined(OPENSSL_SYS_VXWORKS) +/* not supported */ +int setpgid(pid_t pid, pid_t pgid) +{ + errno = ENOSYS; + return 0; +} +/* not supported */ +pid_t fork(void) +{ + errno = ENOSYS; + return (pid_t) -1; +} +# endif /* Maximum leeway in validity period: default 5 minutes */ # define MAX_VALIDITY_PERIOD (5 * 60) @@ -863,6 +891,7 @@ static void killall(int ret, pid_t *kidpids) for (i = 0; i < multi; ++i) if (kidpids[i] != 0) (void)kill(kidpids[i], SIGTERM); + OPENSSL_free(kidpids); sleep(1); exit(ret); } @@ -977,7 +1006,6 @@ static void spawn_loop(void) } /* The loop above can only break on termsig */ - OPENSSL_free(kidpids); syslog(LOG_INFO, "terminating on signal: %d", termsig); killall(0, kidpids); } diff --git a/crypto/openssl/apps/openssl.cnf b/crypto/openssl/apps/openssl.cnf index 24538651ebb7..d67a4241af78 100644 --- a/crypto/openssl/apps/openssl.cnf +++ b/crypto/openssl/apps/openssl.cnf @@ -19,7 +19,7 @@ oid_section = new_oids # To use this configuration file with the "-extfile" option of the # "openssl x509" utility, name here the section containing the # X.509v3 extensions to use: -# extensions = +# extensions = # (Alternatively, use a configuration file that has only # X.509v3 extensions in its main [= default] section.) @@ -116,7 +116,7 @@ x509_extensions = v3_ca # The extensions to add to the self signed cert # input_password = secret # output_password = secret -# This sets a mask for permitted string types. There are several options. +# This sets a mask for permitted string types. There are several options. # default: PrintableString, T61String, BMPString. # pkix : PrintableString, BMPString (PKIX recommendation before 2004) # utf8only: only UTF8Strings (PKIX recommendation after 2004). diff --git a/crypto/openssl/apps/pkcs12.c b/crypto/openssl/apps/pkcs12.c index c8fc452ec6d2..719a309a860c 100644 --- a/crypto/openssl/apps/pkcs12.c +++ b/crypto/openssl/apps/pkcs12.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -311,6 +311,13 @@ int pkcs12_main(int argc, char **argv) if (cpass != NULL) { mpass = cpass; noprompt = 1; + if (twopass) { + if (export_cert) + BIO_printf(bio_err, "Option -twopass cannot be used with -passout or -password\n"); + else + BIO_printf(bio_err, "Option -twopass cannot be used with -passin or -password\n"); + goto end; + } } else { cpass = pass; mpass = macpass; diff --git a/crypto/openssl/apps/rehash.c b/crypto/openssl/apps/rehash.c index bb41d3129f9c..2b769fbceb87 100644 --- a/crypto/openssl/apps/rehash.c +++ b/crypto/openssl/apps/rehash.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2013-2014 Timo Teräs <timo.teras@gmail.com> * * Licensed under the OpenSSL license (the "License"). You may not use @@ -51,6 +51,26 @@ # endif # define MAX_COLLISIONS 256 +# if defined(OPENSSL_SYS_VXWORKS) +/* + * VxWorks has no symbolic links + */ + +# define lstat(path, buf) stat(path, buf) + +int symlink(const char *target, const char *linkpath) +{ + errno = ENOSYS; + return -1; +} + +ssize_t readlink(const char *pathname, char *buf, size_t bufsiz) +{ + errno = ENOSYS; + return -1; +} +# endif + typedef struct hentry_st { struct hentry_st *next; char *filename; diff --git a/crypto/openssl/apps/s_cb.c b/crypto/openssl/apps/s_cb.c index 2d4568f40ccb..d0e332a7088a 100644 --- a/crypto/openssl/apps/s_cb.c +++ b/crypto/openssl/apps/s_cb.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -24,7 +24,7 @@ #define COOKIE_SECRET_LENGTH 16 -VERIFY_CB_ARGS verify_args = { 0, 0, X509_V_OK, 0 }; +VERIFY_CB_ARGS verify_args = { -1, 0, X509_V_OK, 0 }; #ifndef OPENSSL_NO_SOCK static unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; @@ -63,7 +63,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) if (!ok) { BIO_printf(bio_err, "verify error:num=%d:%s\n", err, X509_verify_cert_error_string(err)); - if (verify_args.depth >= depth) { + if (verify_args.depth < 0 || verify_args.depth >= depth) { if (!verify_args.return_error) ok = 1; verify_args.error = err; diff --git a/crypto/openssl/apps/s_client.c b/crypto/openssl/apps/s_client.c index dcaa10cf44eb..4dd6e2fef4e4 100644 --- a/crypto/openssl/apps/s_client.c +++ b/crypto/openssl/apps/s_client.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -74,6 +74,7 @@ static void print_stuff(BIO *berr, SSL *con, int full); static int ocsp_resp_cb(SSL *s, void *arg); #endif static int ldap_ExtendedResponse_parse(const char *buf, long rem); +static int is_dNS_name(const char *host); static int saved_errno; @@ -596,6 +597,7 @@ typedef enum OPTION_choice { #endif OPT_DANE_TLSA_RRDATA, OPT_DANE_EE_NO_NAME, OPT_ENABLE_PHA, + OPT_SCTP_LABEL_BUG, OPT_R_ENUM } OPTION_CHOICE; @@ -750,6 +752,7 @@ const OPTIONS s_client_options[] = { #endif #ifndef OPENSSL_NO_SCTP {"sctp", OPT_SCTP, '-', "Use SCTP"}, + {"sctp_label_bug", OPT_SCTP_LABEL_BUG, '-', "Enable SCTP label length bug"}, #endif #ifndef OPENSSL_NO_SSL_TRACE {"trace", OPT_TRACE, '-', "Show trace output of protocol messages"}, @@ -976,6 +979,9 @@ int s_client_main(int argc, char **argv) #endif char *psksessf = NULL; int enable_pha = 0; +#ifndef OPENSSL_NO_SCTP + int sctp_label_bug = 0; +#endif FD_ZERO(&readfds); FD_ZERO(&writefds); @@ -1121,6 +1127,7 @@ int s_client_main(int argc, char **argv) goto opthelp; break; case OPT_VERIFY_RET_ERROR: + verify = SSL_VERIFY_PEER; verify_args.return_error = 1; break; case OPT_VERIFY_QUIET: @@ -1323,6 +1330,11 @@ int s_client_main(int argc, char **argv) protocol = IPPROTO_SCTP; #endif break; + case OPT_SCTP_LABEL_BUG: +#ifndef OPENSSL_NO_SCTP + sctp_label_bug = 1; +#endif + break; case OPT_TIMEOUT: #ifndef OPENSSL_NO_DTLS enable_timeouts = 1; @@ -1707,6 +1719,11 @@ int s_client_main(int argc, char **argv) } } +#ifndef OPENSSL_NO_SCTP + if (protocol == IPPROTO_SCTP && sctp_label_bug == 1) + SSL_CTX_set_mode(ctx, SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG); +#endif + if (min_version != 0 && SSL_CTX_set_min_proto_version(ctx, min_version) == 0) goto end; @@ -1975,9 +1992,11 @@ int s_client_main(int argc, char **argv) SSL_set_mode(con, SSL_MODE_SEND_FALLBACK_SCSV); if (!noservername && (servername != NULL || dane_tlsa_domain == NULL)) { - if (servername == NULL) - servername = (host == NULL) ? "localhost" : host; - if (!SSL_set_tlsext_host_name(con, servername)) { + if (servername == NULL) { + if(host == NULL || is_dNS_name(host)) + servername = (host == NULL) ? "localhost" : host; + } + if (servername != NULL && !SSL_set_tlsext_host_name(con, servername)) { BIO_printf(bio_err, "Unable to set TLS servername extension.\n"); ERR_print_errors(bio_err); goto end; @@ -3031,9 +3050,7 @@ int s_client_main(int argc, char **argv) BIO_printf(bio_err, "RENEGOTIATING\n"); SSL_renegotiate(con); cbuf_len = 0; - } - - if (!c_ign_eof && (cbuf[0] == 'K' || cbuf[0] == 'k' ) + } else if (!c_ign_eof && (cbuf[0] == 'K' || cbuf[0] == 'k' ) && cmdletters) { BIO_printf(bio_err, "KEYUPDATE\n"); SSL_key_update(con, @@ -3459,4 +3476,69 @@ static int ldap_ExtendedResponse_parse(const char *buf, long rem) return ret; } +/* + * Host dNS Name verifier: used for checking that the hostname is in dNS format + * before setting it as SNI + */ +static int is_dNS_name(const char *host) +{ + const size_t MAX_LABEL_LENGTH = 63; + size_t i; + int isdnsname = 0; + size_t length = strlen(host); + size_t label_length = 0; + int all_numeric = 1; + + /* + * Deviation from strict DNS name syntax, also check names with '_' + * Check DNS name syntax, any '-' or '.' must be internal, + * and on either side of each '.' we can't have a '-' or '.'. + * + * If the name has just one label, we don't consider it a DNS name. + */ + for (i = 0; i < length && label_length < MAX_LABEL_LENGTH; ++i) { + char c = host[i]; + + if ((c >= 'a' && c <= 'z') + || (c >= 'A' && c <= 'Z') + || c == '_') { + label_length += 1; + all_numeric = 0; + continue; + } + + if (c >= '0' && c <= '9') { + label_length += 1; + continue; + } + + /* Dot and hyphen cannot be first or last. */ + if (i > 0 && i < length - 1) { + if (c == '-') { + label_length += 1; + continue; + } + /* + * Next to a dot the preceding and following characters must not be + * another dot or a hyphen. Otherwise, record that the name is + * plausible, since it has two or more labels. + */ + if (c == '.' + && host[i + 1] != '.' + && host[i - 1] != '-' + && host[i + 1] != '-') { + label_length = 0; + isdnsname = 1; + continue; + } + } + isdnsname = 0; + break; + } + + /* dNS name must not be all numeric and labels must be shorter than 64 characters. */ + isdnsname &= !all_numeric && !(label_length == MAX_LABEL_LENGTH); + + return isdnsname; +} #endif /* OPENSSL_NO_SOCK */ diff --git a/crypto/openssl/apps/s_server.c b/crypto/openssl/apps/s_server.c index ac7dca607ba4..929a08bd85b0 100644 --- a/crypto/openssl/apps/s_server.c +++ b/crypto/openssl/apps/s_server.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -751,7 +751,7 @@ typedef enum OPTION_choice { OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN, OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_RECV_MAX_EARLY, OPT_EARLY_DATA, - OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY, + OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY, OPT_SCTP_LABEL_BUG, OPT_R_ENUM, OPT_S_ENUM, OPT_V_ENUM, @@ -938,6 +938,7 @@ const OPTIONS s_server_options[] = { #endif #ifndef OPENSSL_NO_SCTP {"sctp", OPT_SCTP, '-', "Use SCTP"}, + {"sctp_label_bug", OPT_SCTP_LABEL_BUG, '-', "Enable SCTP label length bug"}, #endif #ifndef OPENSSL_NO_DH {"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"}, @@ -1047,6 +1048,9 @@ int s_server_main(int argc, char *argv[]) const char *keylog_file = NULL; int max_early_data = -1, recv_max_early_data = -1; char *psksessf = NULL; +#ifndef OPENSSL_NO_SCTP + int sctp_label_bug = 0; +#endif /* Init of few remaining global variables */ local_argc = argc; @@ -1407,7 +1411,7 @@ int s_server_main(int argc, char *argv[]) for (p = psk_key = opt_arg(); *p; p++) { if (isxdigit(_UC(*p))) continue; - BIO_printf(bio_err, "Not a hex number '%s'\n", *argv); + BIO_printf(bio_err, "Not a hex number '%s'\n", psk_key); goto end; } break; @@ -1490,6 +1494,11 @@ int s_server_main(int argc, char *argv[]) protocol = IPPROTO_SCTP; #endif break; + case OPT_SCTP_LABEL_BUG: +#ifndef OPENSSL_NO_SCTP + sctp_label_bug = 1; +#endif + break; case OPT_TIMEOUT: #ifndef OPENSSL_NO_DTLS enable_timeouts = 1; @@ -1792,6 +1801,12 @@ int s_server_main(int argc, char *argv[]) goto end; } } + +#ifndef OPENSSL_NO_SCTP + if (protocol == IPPROTO_SCTP && sctp_label_bug == 1) + SSL_CTX_set_mode(ctx, SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG); +#endif + if (min_version != 0 && SSL_CTX_set_min_proto_version(ctx, min_version) == 0) goto end; @@ -2754,6 +2769,8 @@ static int init_ssl_connection(SSL *con) BIO_ADDR_free(client); return 0; } + + (void)BIO_ctrl_set_connected(wbio, client); BIO_ADDR_free(client); dtlslisten = 0; } else { diff --git a/crypto/openssl/apps/speed.c b/crypto/openssl/apps/speed.c index 40e990408ab9..506737d05fc6 100644 --- a/crypto/openssl/apps/speed.c +++ b/crypto/openssl/apps/speed.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -100,7 +100,7 @@ #include <openssl/modes.h> #ifndef HAVE_FORK -# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) +# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VXWORKS) # define HAVE_FORK 0 # else # define HAVE_FORK 1 @@ -1499,11 +1499,11 @@ int speed_main(int argc, char **argv) {"nistp192", NID_X9_62_prime192v1, 192}, {"nistp224", NID_secp224r1, 224}, {"nistp256", NID_X9_62_prime256v1, 256}, - {"nistp384", NID_secp384r1, 384}, + {"nistp384", NID_secp384r1, 384}, {"nistp521", NID_secp521r1, 521}, /* Binary Curves */ {"nistk163", NID_sect163k1, 163}, - {"nistk233", NID_sect233k1, 233}, + {"nistk233", NID_sect233k1, 233}, {"nistk283", NID_sect283k1, 283}, {"nistk409", NID_sect409k1, 409}, {"nistk571", NID_sect571k1, 571}, diff --git a/crypto/openssl/apps/verify.c b/crypto/openssl/apps/verify.c index 38377a57e4a9..1f9385606046 100644 --- a/crypto/openssl/apps/verify.c +++ b/crypto/openssl/apps/verify.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -286,16 +286,19 @@ static int cb(int ok, X509_STORE_CTX *ctx) cert_error, X509_STORE_CTX_get_error_depth(ctx), X509_verify_cert_error_string(cert_error)); + + /* + * Pretend that some errors are ok, so they don't stop further + * processing of the certificate chain. Setting ok = 1 does this. + * After X509_verify_cert() is done, we verify that there were + * no actual errors, even if the returned value was positive. + */ switch (cert_error) { case X509_V_ERR_NO_EXPLICIT_POLICY: policies_print(ctx); /* fall thru */ case X509_V_ERR_CERT_HAS_EXPIRED: - - /* - * since we are just checking the certificates, it is ok if they - * are self signed. But we should still warn the user. - */ + /* Continue even if the leaf is a self signed cert */ case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: /* Continue after extension errors too */ case X509_V_ERR_INVALID_CA: diff --git a/crypto/openssl/config b/crypto/openssl/config index b8adf3499953..d0e31b6512ef 100755 --- a/crypto/openssl/config +++ b/crypto/openssl/config @@ -1,5 +1,5 @@ #!/bin/sh -# Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -19,7 +19,7 @@ THERE=`dirname $0` # pick up any command line args to config for i do -case "$i" in +case "$i" in -d*) options=$options" --debug";; -t*) DRYRUN="true" VERBOSE="true";; -v*) VERBOSE="true";; @@ -59,7 +59,7 @@ __CNF_LDLIBS= # Now test for ISC and SCO, since it is has a braindamaged uname. # -# We need to work around FreeBSD 1.1.5.1 +# We need to work around FreeBSD 1.1.5.1 ( XREL=`uname -X 2>/dev/null | grep "^Release" | awk '{print $3}'` if [ "x$XREL" != "x" ]; then @@ -363,7 +363,7 @@ esac # At this point we gone through all the one's # we know of: Punt -echo "${MACHINE}-whatever-${SYSTEM}" +echo "${MACHINE}-whatever-${SYSTEM}" exit 0 ) 2>/dev/null | ( @@ -433,7 +433,7 @@ fi CCVER=${CCVER:-0} -# read the output of the embedded GuessOS +# read the output of the embedded GuessOS read GUESSOS echo Operating system: $GUESSOS @@ -732,7 +732,7 @@ case "$GUESSOS" in *-*-[Uu]nix[Ww]are7) if [ "$CC" = "gcc" ]; then OUT="unixware-7-gcc" ; options="$options no-sse2" - else + else OUT="unixware-7" ; options="$options no-sse2" __CNF_CPPFLAGS="$__CNF_CPPFLAGS -D__i386__" fi @@ -793,7 +793,7 @@ case "$GUESSOS" in OUT="aix64-gcc" fi elif [ $OBJECT_MODE -eq 64 ]; then - echo 'Your $OBJECT_MODE was found to be set to 64' + echo 'Your $OBJECT_MODE was found to be set to 64' OUT="aix64-cc" else OUT="aix-cc" @@ -897,7 +897,7 @@ if [ ".$PERL" = . ] ; then exit 1 fi -# run Configure to check to see if we need to specify the +# run Configure to check to see if we need to specify the # compiler for the platform ... in which case we add it on # the end ... otherwise we leave it off @@ -920,7 +920,7 @@ if [ $? = "0" ]; then __CNF_LDFLAGS="'$__CNF_LDFLAGS'" \ __CNF_LDLIBS="'$__CNF_LDLIBS'" \ $PERL $THERE/Configure $OUT $options - fi + fi if [ "$DRYRUN" = "false" ]; then # eval to make sure quoted options, possibly with spaces inside, # are treated right diff --git a/crypto/openssl/crypto/aes/asm/aes-x86_64.pl b/crypto/openssl/crypto/aes/asm/aes-x86_64.pl index 4d1dc9c70199..d87e20114771 100755 --- a/crypto/openssl/crypto/aes/asm/aes-x86_64.pl +++ b/crypto/openssl/crypto/aes/asm/aes-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -554,6 +554,7 @@ $code.=<<___; .type _x86_64_AES_encrypt_compact,\@abi-omnipotent .align 16 _x86_64_AES_encrypt_compact: +.cfi_startproc lea 128($sbox),$inp # size optimization mov 0-128($inp),$acc1 # prefetch Te4 mov 32-128($inp),$acc2 @@ -587,6 +588,7 @@ $code.=<<___; xor 8($key),$s2 xor 12($key),$s3 .byte 0xf3,0xc3 # rep ret +.cfi_endproc .size _x86_64_AES_encrypt_compact,.-_x86_64_AES_encrypt_compact ___ @@ -1161,6 +1163,7 @@ $code.=<<___; .type _x86_64_AES_decrypt_compact,\@abi-omnipotent .align 16 _x86_64_AES_decrypt_compact: +.cfi_startproc lea 128($sbox),$inp # size optimization mov 0-128($inp),$acc1 # prefetch Td4 mov 32-128($inp),$acc2 @@ -1203,6 +1206,7 @@ $code.=<<___; xor 8($key),$s2 xor 12($key),$s3 .byte 0xf3,0xc3 # rep ret +.cfi_endproc .size _x86_64_AES_decrypt_compact,.-_x86_64_AES_decrypt_compact ___ @@ -1365,6 +1369,7 @@ AES_set_encrypt_key: .type _x86_64_AES_set_encrypt_key,\@abi-omnipotent .align 16 _x86_64_AES_set_encrypt_key: +.cfi_startproc mov %esi,%ecx # %ecx=bits mov %rdi,%rsi # %rsi=userKey mov %rdx,%rdi # %rdi=key @@ -1546,6 +1551,7 @@ $code.=<<___; mov \$-1,%rax .Lexit: .byte 0xf3,0xc3 # rep ret +.cfi_endproc .size _x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key ___ @@ -1728,7 +1734,9 @@ AES_cbc_encrypt: cmp \$0,%rdx # check length je .Lcbc_epilogue pushfq -.cfi_push 49 # %rflags +# This could be .cfi_push 49, but libunwind fails on registers it does not +# recognize. See https://bugzilla.redhat.com/show_bug.cgi?id=217087. +.cfi_adjust_cfa_offset 8 push %rbx .cfi_push %rbx push %rbp @@ -1751,6 +1759,7 @@ AES_cbc_encrypt: cmp \$0,%r9 cmoveq %r10,$sbox +.cfi_remember_state mov OPENSSL_ia32cap_P(%rip),%r10d cmp \$$speed_limit,%rdx jb .Lcbc_slow_prologue @@ -1986,6 +1995,7 @@ AES_cbc_encrypt: #--------------------------- SLOW ROUTINE ---------------------------# .align 16 .Lcbc_slow_prologue: +.cfi_restore_state # allocate aligned stack frame... lea -88(%rsp),%rbp and \$-64,%rbp @@ -1997,8 +2007,10 @@ AES_cbc_encrypt: sub %r10,%rbp xchg %rsp,%rbp +.cfi_def_cfa_register %rbp #add \$8,%rsp # reserve for return address! mov %rbp,$_rsp # save %rsp +.cfi_cfa_expression $_rsp,deref,+64 .Lcbc_slow_body: #mov %rdi,$_inp # save copy of inp #mov %rsi,$_out # save copy of out @@ -2187,7 +2199,9 @@ AES_cbc_encrypt: .cfi_def_cfa %rsp,16 .Lcbc_popfq: popfq -.cfi_pop 49 # %rflags +# This could be .cfi_pop 49, but libunwind fails on registers it does not +# recognize. See https://bugzilla.redhat.com/show_bug.cgi?id=217087. +.cfi_adjust_cfa_offset -8 .Lcbc_epilogue: ret .cfi_endproc diff --git a/crypto/openssl/crypto/aes/asm/aesni-x86_64.pl b/crypto/openssl/crypto/aes/asm/aesni-x86_64.pl index 2a202c53e5f8..b68c14da60ca 100755 --- a/crypto/openssl/crypto/aes/asm/aesni-x86_64.pl +++ b/crypto/openssl/crypto/aes/asm/aesni-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -274,6 +274,7 @@ $code.=<<___; .type ${PREFIX}_encrypt,\@abi-omnipotent .align 16 ${PREFIX}_encrypt: +.cfi_startproc movups ($inp),$inout0 # load input mov 240($key),$rounds # key->rounds ___ @@ -284,12 +285,14 @@ $code.=<<___; movups $inout0,($out) # output pxor $inout0,$inout0 ret +.cfi_endproc .size ${PREFIX}_encrypt,.-${PREFIX}_encrypt .globl ${PREFIX}_decrypt .type ${PREFIX}_decrypt,\@abi-omnipotent .align 16 ${PREFIX}_decrypt: +.cfi_startproc movups ($inp),$inout0 # load input mov 240($key),$rounds # key->rounds ___ @@ -300,6 +303,7 @@ $code.=<<___; movups $inout0,($out) # output pxor $inout0,$inout0 ret +.cfi_endproc .size ${PREFIX}_decrypt, .-${PREFIX}_decrypt ___ } @@ -325,6 +329,7 @@ $code.=<<___; .type _aesni_${dir}rypt2,\@abi-omnipotent .align 16 _aesni_${dir}rypt2: +.cfi_startproc $movkey ($key),$rndkey0 shl \$4,$rounds $movkey 16($key),$rndkey1 @@ -350,6 +355,7 @@ _aesni_${dir}rypt2: aes${dir}last $rndkey0,$inout0 aes${dir}last $rndkey0,$inout1 ret +.cfi_endproc .size _aesni_${dir}rypt2,.-_aesni_${dir}rypt2 ___ } @@ -361,6 +367,7 @@ $code.=<<___; .type _aesni_${dir}rypt3,\@abi-omnipotent .align 16 _aesni_${dir}rypt3: +.cfi_startproc $movkey ($key),$rndkey0 shl \$4,$rounds $movkey 16($key),$rndkey1 @@ -391,6 +398,7 @@ _aesni_${dir}rypt3: aes${dir}last $rndkey0,$inout1 aes${dir}last $rndkey0,$inout2 ret +.cfi_endproc .size _aesni_${dir}rypt3,.-_aesni_${dir}rypt3 ___ } @@ -406,6 +414,7 @@ $code.=<<___; .type _aesni_${dir}rypt4,\@abi-omnipotent .align 16 _aesni_${dir}rypt4: +.cfi_startproc $movkey ($key),$rndkey0 shl \$4,$rounds $movkey 16($key),$rndkey1 @@ -442,6 +451,7 @@ _aesni_${dir}rypt4: aes${dir}last $rndkey0,$inout2 aes${dir}last $rndkey0,$inout3 ret +.cfi_endproc .size _aesni_${dir}rypt4,.-_aesni_${dir}rypt4 ___ } @@ -453,6 +463,7 @@ $code.=<<___; .type _aesni_${dir}rypt6,\@abi-omnipotent .align 16 _aesni_${dir}rypt6: +.cfi_startproc $movkey ($key),$rndkey0 shl \$4,$rounds $movkey 16($key),$rndkey1 @@ -503,6 +514,7 @@ _aesni_${dir}rypt6: aes${dir}last $rndkey0,$inout4 aes${dir}last $rndkey0,$inout5 ret +.cfi_endproc .size _aesni_${dir}rypt6,.-_aesni_${dir}rypt6 ___ } @@ -514,6 +526,7 @@ $code.=<<___; .type _aesni_${dir}rypt8,\@abi-omnipotent .align 16 _aesni_${dir}rypt8: +.cfi_startproc $movkey ($key),$rndkey0 shl \$4,$rounds $movkey 16($key),$rndkey1 @@ -574,6 +587,7 @@ _aesni_${dir}rypt8: aes${dir}last $rndkey0,$inout6 aes${dir}last $rndkey0,$inout7 ret +.cfi_endproc .size _aesni_${dir}rypt8,.-_aesni_${dir}rypt8 ___ } @@ -598,6 +612,7 @@ $code.=<<___; .type aesni_ecb_encrypt,\@function,5 .align 16 aesni_ecb_encrypt: +.cfi_startproc ___ $code.=<<___ if ($win64); lea -0x58(%rsp),%rsp @@ -943,6 +958,7 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .size aesni_ecb_encrypt,.-aesni_ecb_encrypt ___ diff --git a/crypto/openssl/crypto/aes/asm/aesv8-armx.pl b/crypto/openssl/crypto/aes/asm/aesv8-armx.pl index 8e88c189c05b..fe5bc0d4dcc7 100755 --- a/crypto/openssl/crypto/aes/asm/aesv8-armx.pl +++ b/crypto/openssl/crypto/aes/asm/aesv8-armx.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -262,6 +262,7 @@ $code.=<<___; ${prefix}_set_decrypt_key: ___ $code.=<<___ if ($flavour =~ /64/); + .inst 0xd503233f // paciasp stp x29,x30,[sp,#-16]! add x29,sp,#0 ___ @@ -305,6 +306,7 @@ $code.=<<___ if ($flavour !~ /64/); ___ $code.=<<___ if ($flavour =~ /64/); ldp x29,x30,[sp],#16 + .inst 0xd50323bf // autiasp ret ___ $code.=<<___; diff --git a/crypto/openssl/crypto/aes/asm/bsaes-x86_64.pl b/crypto/openssl/crypto/aes/asm/bsaes-x86_64.pl index 2c79c2b67c89..e62342729e7f 100755 --- a/crypto/openssl/crypto/aes/asm/bsaes-x86_64.pl +++ b/crypto/openssl/crypto/aes/asm/bsaes-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -816,6 +816,7 @@ $code.=<<___; .type _bsaes_encrypt8,\@abi-omnipotent .align 64 _bsaes_encrypt8: +.cfi_startproc lea .LBS0(%rip), $const # constants table movdqa ($key), @XMM[9] # round 0 key @@ -875,11 +876,13 @@ $code.=<<___; pxor @XMM[8], @XMM[0] pxor @XMM[8], @XMM[1] ret +.cfi_endproc .size _bsaes_encrypt8,.-_bsaes_encrypt8 .type _bsaes_decrypt8,\@abi-omnipotent .align 64 _bsaes_decrypt8: +.cfi_startproc lea .LBS0(%rip), $const # constants table movdqa ($key), @XMM[9] # round 0 key @@ -937,6 +940,7 @@ $code.=<<___; pxor @XMM[8], @XMM[0] pxor @XMM[8], @XMM[1] ret +.cfi_endproc .size _bsaes_decrypt8,.-_bsaes_decrypt8 ___ } @@ -971,6 +975,7 @@ $code.=<<___; .type _bsaes_key_convert,\@abi-omnipotent .align 16 _bsaes_key_convert: +.cfi_startproc lea .Lmasks(%rip), $const movdqu ($inp), %xmm7 # load round 0 key lea 0x10($inp), $inp @@ -1049,6 +1054,7 @@ _bsaes_key_convert: movdqa 0x50($const), %xmm7 # .L63 #movdqa %xmm6, ($out) # don't save last round key ret +.cfi_endproc .size _bsaes_key_convert,.-_bsaes_key_convert ___ } diff --git a/crypto/openssl/crypto/aes/asm/vpaes-armv8.pl b/crypto/openssl/crypto/aes/asm/vpaes-armv8.pl index 5131e13a09a2..e38288af5558 100755 --- a/crypto/openssl/crypto/aes/asm/vpaes-armv8.pl +++ b/crypto/openssl/crypto/aes/asm/vpaes-armv8.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -255,6 +255,7 @@ _vpaes_encrypt_core: .type vpaes_encrypt,%function .align 4 vpaes_encrypt: + .inst 0xd503233f // paciasp stp x29,x30,[sp,#-16]! add x29,sp,#0 @@ -264,6 +265,7 @@ vpaes_encrypt: st1 {v0.16b}, [$out] ldp x29,x30,[sp],#16 + .inst 0xd50323bf // autiasp ret .size vpaes_encrypt,.-vpaes_encrypt @@ -486,6 +488,7 @@ _vpaes_decrypt_core: .type vpaes_decrypt,%function .align 4 vpaes_decrypt: + .inst 0xd503233f // paciasp stp x29,x30,[sp,#-16]! add x29,sp,#0 @@ -495,6 +498,7 @@ vpaes_decrypt: st1 {v0.16b}, [$out] ldp x29,x30,[sp],#16 + .inst 0xd50323bf // autiasp ret .size vpaes_decrypt,.-vpaes_decrypt @@ -665,6 +669,7 @@ _vpaes_key_preheat: .type _vpaes_schedule_core,%function .align 4 _vpaes_schedule_core: + .inst 0xd503233f // paciasp stp x29, x30, [sp,#-16]! add x29,sp,#0 @@ -829,6 +834,7 @@ _vpaes_schedule_core: eor v6.16b, v6.16b, v6.16b // vpxor %xmm6, %xmm6, %xmm6 eor v7.16b, v7.16b, v7.16b // vpxor %xmm7, %xmm7, %xmm7 ldp x29, x30, [sp],#16 + .inst 0xd50323bf // autiasp ret .size _vpaes_schedule_core,.-_vpaes_schedule_core @@ -1041,6 +1047,7 @@ _vpaes_schedule_mangle: .type vpaes_set_encrypt_key,%function .align 4 vpaes_set_encrypt_key: + .inst 0xd503233f // paciasp stp x29,x30,[sp,#-16]! add x29,sp,#0 stp d8,d9,[sp,#-16]! // ABI spec says so @@ -1056,6 +1063,7 @@ vpaes_set_encrypt_key: ldp d8,d9,[sp],#16 ldp x29,x30,[sp],#16 + .inst 0xd50323bf // autiasp ret .size vpaes_set_encrypt_key,.-vpaes_set_encrypt_key @@ -1063,6 +1071,7 @@ vpaes_set_encrypt_key: .type vpaes_set_decrypt_key,%function .align 4 vpaes_set_decrypt_key: + .inst 0xd503233f // paciasp stp x29,x30,[sp,#-16]! add x29,sp,#0 stp d8,d9,[sp,#-16]! // ABI spec says so @@ -1082,6 +1091,7 @@ vpaes_set_decrypt_key: ldp d8,d9,[sp],#16 ldp x29,x30,[sp],#16 + .inst 0xd50323bf // autiasp ret .size vpaes_set_decrypt_key,.-vpaes_set_decrypt_key ___ @@ -1098,6 +1108,7 @@ vpaes_cbc_encrypt: cmp w5, #0 // check direction b.eq vpaes_cbc_decrypt + .inst 0xd503233f // paciasp stp x29,x30,[sp,#-16]! add x29,sp,#0 @@ -1120,6 +1131,7 @@ vpaes_cbc_encrypt: st1 {v0.16b}, [$ivec] // write ivec ldp x29,x30,[sp],#16 + .inst 0xd50323bf // autiasp .Lcbc_abort: ret .size vpaes_cbc_encrypt,.-vpaes_cbc_encrypt @@ -1127,6 +1139,7 @@ vpaes_cbc_encrypt: .type vpaes_cbc_decrypt,%function .align 4 vpaes_cbc_decrypt: + .inst 0xd503233f // paciasp stp x29,x30,[sp,#-16]! add x29,sp,#0 stp d8,d9,[sp,#-16]! // ABI spec says so @@ -1168,6 +1181,7 @@ vpaes_cbc_decrypt: ldp d10,d11,[sp],#16 ldp d8,d9,[sp],#16 ldp x29,x30,[sp],#16 + .inst 0xd50323bf // autiasp ret .size vpaes_cbc_decrypt,.-vpaes_cbc_decrypt ___ @@ -1177,6 +1191,7 @@ $code.=<<___; .type vpaes_ecb_encrypt,%function .align 4 vpaes_ecb_encrypt: + .inst 0xd503233f // paciasp stp x29,x30,[sp,#-16]! add x29,sp,#0 stp d8,d9,[sp,#-16]! // ABI spec says so @@ -1210,6 +1225,7 @@ vpaes_ecb_encrypt: ldp d10,d11,[sp],#16 ldp d8,d9,[sp],#16 ldp x29,x30,[sp],#16 + .inst 0xd50323bf // autiasp ret .size vpaes_ecb_encrypt,.-vpaes_ecb_encrypt @@ -1217,6 +1233,7 @@ vpaes_ecb_encrypt: .type vpaes_ecb_decrypt,%function .align 4 vpaes_ecb_decrypt: + .inst 0xd503233f // paciasp stp x29,x30,[sp,#-16]! add x29,sp,#0 stp d8,d9,[sp,#-16]! // ABI spec says so @@ -1250,6 +1267,7 @@ vpaes_ecb_decrypt: ldp d10,d11,[sp],#16 ldp d8,d9,[sp],#16 ldp x29,x30,[sp],#16 + .inst 0xd50323bf // autiasp ret .size vpaes_ecb_decrypt,.-vpaes_ecb_decrypt ___ diff --git a/crypto/openssl/crypto/aes/asm/vpaes-x86_64.pl b/crypto/openssl/crypto/aes/asm/vpaes-x86_64.pl index b715aca167d1..33d293e623d5 100755 --- a/crypto/openssl/crypto/aes/asm/vpaes-x86_64.pl +++ b/crypto/openssl/crypto/aes/asm/vpaes-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -91,6 +91,7 @@ $code.=<<___; .type _vpaes_encrypt_core,\@abi-omnipotent .align 16 _vpaes_encrypt_core: +.cfi_startproc mov %rdx, %r9 mov \$16, %r11 mov 240(%rdx),%eax @@ -171,6 +172,7 @@ _vpaes_encrypt_core: pxor %xmm4, %xmm0 # 0 = A pshufb %xmm1, %xmm0 ret +.cfi_endproc .size _vpaes_encrypt_core,.-_vpaes_encrypt_core ## @@ -181,6 +183,7 @@ _vpaes_encrypt_core: .type _vpaes_decrypt_core,\@abi-omnipotent .align 16 _vpaes_decrypt_core: +.cfi_startproc mov %rdx, %r9 # load key mov 240(%rdx),%eax movdqa %xmm9, %xmm1 @@ -277,6 +280,7 @@ _vpaes_decrypt_core: pxor %xmm4, %xmm0 # 0 = A pshufb %xmm2, %xmm0 ret +.cfi_endproc .size _vpaes_decrypt_core,.-_vpaes_decrypt_core ######################################################## @@ -287,6 +291,7 @@ _vpaes_decrypt_core: .type _vpaes_schedule_core,\@abi-omnipotent .align 16 _vpaes_schedule_core: +.cfi_startproc # rdi = key # rsi = size in bits # rdx = buffer @@ -453,6 +458,7 @@ _vpaes_schedule_core: pxor %xmm6, %xmm6 pxor %xmm7, %xmm7 ret +.cfi_endproc .size _vpaes_schedule_core,.-_vpaes_schedule_core ## @@ -472,6 +478,7 @@ _vpaes_schedule_core: .type _vpaes_schedule_192_smear,\@abi-omnipotent .align 16 _vpaes_schedule_192_smear: +.cfi_startproc pshufd \$0x80, %xmm6, %xmm1 # d c 0 0 -> c 0 0 0 pshufd \$0xFE, %xmm7, %xmm0 # b a _ _ -> b b b a pxor %xmm1, %xmm6 # -> c+d c 0 0 @@ -480,6 +487,7 @@ _vpaes_schedule_192_smear: movdqa %xmm6, %xmm0 movhlps %xmm1, %xmm6 # clobber low side with zeros ret +.cfi_endproc .size _vpaes_schedule_192_smear,.-_vpaes_schedule_192_smear ## @@ -503,6 +511,7 @@ _vpaes_schedule_192_smear: .type _vpaes_schedule_round,\@abi-omnipotent .align 16 _vpaes_schedule_round: +.cfi_startproc # extract rcon from xmm8 pxor %xmm1, %xmm1 palignr \$15, %xmm8, %xmm1 @@ -556,6 +565,7 @@ _vpaes_schedule_low_round: pxor %xmm7, %xmm0 movdqa %xmm0, %xmm7 ret +.cfi_endproc .size _vpaes_schedule_round,.-_vpaes_schedule_round ## @@ -570,6 +580,7 @@ _vpaes_schedule_low_round: .type _vpaes_schedule_transform,\@abi-omnipotent .align 16 _vpaes_schedule_transform: +.cfi_startproc movdqa %xmm9, %xmm1 pandn %xmm0, %xmm1 psrld \$4, %xmm1 @@ -580,6 +591,7 @@ _vpaes_schedule_transform: pshufb %xmm1, %xmm0 pxor %xmm2, %xmm0 ret +.cfi_endproc .size _vpaes_schedule_transform,.-_vpaes_schedule_transform ## @@ -608,6 +620,7 @@ _vpaes_schedule_transform: .type _vpaes_schedule_mangle,\@abi-omnipotent .align 16 _vpaes_schedule_mangle: +.cfi_startproc movdqa %xmm0, %xmm4 # save xmm0 for later movdqa .Lk_mc_forward(%rip),%xmm5 test %rcx, %rcx @@ -672,6 +685,7 @@ _vpaes_schedule_mangle: and \$0x30, %r8 movdqu %xmm3, (%rdx) ret +.cfi_endproc .size _vpaes_schedule_mangle,.-_vpaes_schedule_mangle # @@ -681,6 +695,7 @@ _vpaes_schedule_mangle: .type ${PREFIX}_set_encrypt_key,\@function,3 .align 16 ${PREFIX}_set_encrypt_key: +.cfi_startproc ___ $code.=<<___ if ($win64); lea -0xb8(%rsp),%rsp @@ -723,12 +738,14 @@ ___ $code.=<<___; xor %eax,%eax ret +.cfi_endproc .size ${PREFIX}_set_encrypt_key,.-${PREFIX}_set_encrypt_key .globl ${PREFIX}_set_decrypt_key .type ${PREFIX}_set_decrypt_key,\@function,3 .align 16 ${PREFIX}_set_decrypt_key: +.cfi_startproc ___ $code.=<<___ if ($win64); lea -0xb8(%rsp),%rsp @@ -776,12 +793,14 @@ ___ $code.=<<___; xor %eax,%eax ret +.cfi_endproc .size ${PREFIX}_set_decrypt_key,.-${PREFIX}_set_decrypt_key .globl ${PREFIX}_encrypt .type ${PREFIX}_encrypt,\@function,3 .align 16 ${PREFIX}_encrypt: +.cfi_startproc ___ $code.=<<___ if ($win64); lea -0xb8(%rsp),%rsp @@ -819,12 +838,14 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .size ${PREFIX}_encrypt,.-${PREFIX}_encrypt .globl ${PREFIX}_decrypt .type ${PREFIX}_decrypt,\@function,3 .align 16 ${PREFIX}_decrypt: +.cfi_startproc ___ $code.=<<___ if ($win64); lea -0xb8(%rsp),%rsp @@ -862,6 +883,7 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .size ${PREFIX}_decrypt,.-${PREFIX}_decrypt ___ { @@ -874,6 +896,7 @@ $code.=<<___; .type ${PREFIX}_cbc_encrypt,\@function,6 .align 16 ${PREFIX}_cbc_encrypt: +.cfi_startproc xchg $key,$len ___ ($len,$key)=($key,$len); @@ -944,6 +967,7 @@ ___ $code.=<<___; .Lcbc_abort: ret +.cfi_endproc .size ${PREFIX}_cbc_encrypt,.-${PREFIX}_cbc_encrypt ___ } @@ -957,6 +981,7 @@ $code.=<<___; .type _vpaes_preheat,\@abi-omnipotent .align 16 _vpaes_preheat: +.cfi_startproc lea .Lk_s0F(%rip), %r10 movdqa -0x20(%r10), %xmm10 # .Lk_inv movdqa -0x10(%r10), %xmm11 # .Lk_inv+16 @@ -966,6 +991,7 @@ _vpaes_preheat: movdqa 0x50(%r10), %xmm15 # .Lk_sb2 movdqa 0x60(%r10), %xmm14 # .Lk_sb2+16 ret +.cfi_endproc .size _vpaes_preheat,.-_vpaes_preheat ######################################################## ## ## diff --git a/crypto/openssl/crypto/armcap.c b/crypto/openssl/crypto/armcap.c index c9c584ff081e..872b6edf8090 100644 --- a/crypto/openssl/crypto/armcap.c +++ b/crypto/openssl/crypto/armcap.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -63,14 +63,12 @@ uint32_t OPENSSL_rdtsc(void) # if defined(__GNUC__) && __GNUC__>=2 void OPENSSL_cpuid_setup(void) __attribute__ ((constructor)); # endif -/* - * Use a weak reference to getauxval() so we can use it if it is available but - * don't break the build if it is not. - */ -# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) -extern unsigned long getauxval(unsigned long type) __attribute__ ((weak)); -# else -static unsigned long (*getauxval) (unsigned long) = NULL; + +# if defined(__GLIBC__) && defined(__GLIBC_PREREQ) +# if __GLIBC_PREREQ(2, 16) +# include <sys/auxv.h> +# define OSSL_IMPLEMENT_GETAUXVAL +# endif # endif /* @@ -135,6 +133,33 @@ void OPENSSL_cpuid_setup(void) */ # endif + OPENSSL_armcap_P = 0; + +# ifdef OSSL_IMPLEMENT_GETAUXVAL + if (getauxval(HWCAP) & HWCAP_NEON) { + unsigned long hwcap = getauxval(HWCAP_CE); + + OPENSSL_armcap_P |= ARMV7_NEON; + + if (hwcap & HWCAP_CE_AES) + OPENSSL_armcap_P |= ARMV8_AES; + + if (hwcap & HWCAP_CE_PMULL) + OPENSSL_armcap_P |= ARMV8_PMULL; + + if (hwcap & HWCAP_CE_SHA1) + OPENSSL_armcap_P |= ARMV8_SHA1; + + if (hwcap & HWCAP_CE_SHA256) + OPENSSL_armcap_P |= ARMV8_SHA256; + +# ifdef __aarch64__ + if (hwcap & HWCAP_CE_SHA512) + OPENSSL_armcap_P |= ARMV8_SHA512; +# endif + } +# endif + sigfillset(&all_masked); sigdelset(&all_masked, SIGILL); sigdelset(&all_masked, SIGTRAP); @@ -142,8 +167,6 @@ void OPENSSL_cpuid_setup(void) sigdelset(&all_masked, SIGBUS); sigdelset(&all_masked, SIGSEGV); - OPENSSL_armcap_P = 0; - memset(&ill_act, 0, sizeof(ill_act)); ill_act.sa_handler = ill_handler; ill_act.sa_mask = all_masked; @@ -151,30 +174,9 @@ void OPENSSL_cpuid_setup(void) sigprocmask(SIG_SETMASK, &ill_act.sa_mask, &oset); sigaction(SIGILL, &ill_act, &ill_oact); - if (getauxval != NULL) { - if (getauxval(HWCAP) & HWCAP_NEON) { - unsigned long hwcap = getauxval(HWCAP_CE); - - OPENSSL_armcap_P |= ARMV7_NEON; - - if (hwcap & HWCAP_CE_AES) - OPENSSL_armcap_P |= ARMV8_AES; - - if (hwcap & HWCAP_CE_PMULL) - OPENSSL_armcap_P |= ARMV8_PMULL; - - if (hwcap & HWCAP_CE_SHA1) - OPENSSL_armcap_P |= ARMV8_SHA1; - - if (hwcap & HWCAP_CE_SHA256) - OPENSSL_armcap_P |= ARMV8_SHA256; - -# ifdef __aarch64__ - if (hwcap & HWCAP_CE_SHA512) - OPENSSL_armcap_P |= ARMV8_SHA512; -# endif - } - } else if (sigsetjmp(ill_jmp, 1) == 0) { + /* If we used getauxval, we already have all the values */ +# ifndef OSSL_IMPLEMENT_GETAUXVAL + if (sigsetjmp(ill_jmp, 1) == 0) { _armv7_neon_probe(); OPENSSL_armcap_P |= ARMV7_NEON; if (sigsetjmp(ill_jmp, 1) == 0) { @@ -192,13 +194,16 @@ void OPENSSL_cpuid_setup(void) _armv8_sha256_probe(); OPENSSL_armcap_P |= ARMV8_SHA256; } -# if defined(__aarch64__) && !defined(__APPLE__) +# if defined(__aarch64__) && !defined(__APPLE__) if (sigsetjmp(ill_jmp, 1) == 0) { _armv8_sha512_probe(); OPENSSL_armcap_P |= ARMV8_SHA512; } -# endif +# endif } +# endif + + /* Things that getauxval didn't tell us */ if (sigsetjmp(ill_jmp, 1) == 0) { _armv7_tick(); OPENSSL_armcap_P |= ARMV7_TICK; diff --git a/crypto/openssl/crypto/asn1/a_digest.c b/crypto/openssl/crypto/asn1/a_digest.c index f4cc1f2e0eaa..cc3532ea7df2 100644 --- a/crypto/openssl/crypto/asn1/a_digest.c +++ b/crypto/openssl/crypto/asn1/a_digest.c @@ -23,18 +23,22 @@ int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, unsigned char *md, unsigned int *len) { - int i; + int inl; unsigned char *str, *p; - i = i2d(data, NULL); - if ((str = OPENSSL_malloc(i)) == NULL) { + inl = i2d(data, NULL); + if (inl <= 0) { + ASN1err(ASN1_F_ASN1_DIGEST, ERR_R_INTERNAL_ERROR); + return 0; + } + if ((str = OPENSSL_malloc(inl)) == NULL) { ASN1err(ASN1_F_ASN1_DIGEST, ERR_R_MALLOC_FAILURE); return 0; } p = str; i2d(data, &p); - if (!EVP_Digest(str, i, md, len, type, NULL)) { + if (!EVP_Digest(str, inl, md, len, type, NULL)) { OPENSSL_free(str); return 0; } diff --git a/crypto/openssl/crypto/asn1/a_sign.c b/crypto/openssl/crypto/asn1/a_sign.c index 130e23eaaa1e..146fdb962628 100644 --- a/crypto/openssl/crypto/asn1/a_sign.c +++ b/crypto/openssl/crypto/asn1/a_sign.c @@ -29,7 +29,8 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, { EVP_MD_CTX *ctx = EVP_MD_CTX_new(); unsigned char *p, *buf_in = NULL, *buf_out = NULL; - int i, inl = 0, outl = 0, outll = 0; + int i, inl = 0, outl = 0; + size_t inll = 0, outll = 0; X509_ALGOR *a; if (ctx == NULL) { @@ -70,10 +71,15 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, } } inl = i2d(data, NULL); - buf_in = OPENSSL_malloc((unsigned int)inl); + if (inl <= 0) { + ASN1err(ASN1_F_ASN1_SIGN, ERR_R_INTERNAL_ERROR); + goto err; + } + inll = (size_t)inl; + buf_in = OPENSSL_malloc(inll); outll = outl = EVP_PKEY_size(pkey); - buf_out = OPENSSL_malloc((unsigned int)outl); - if ((buf_in == NULL) || (buf_out == NULL)) { + buf_out = OPENSSL_malloc(outll); + if (buf_in == NULL || buf_out == NULL) { outl = 0; ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE); goto err; @@ -101,7 +107,7 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; err: EVP_MD_CTX_free(ctx); - OPENSSL_clear_free((char *)buf_in, (unsigned int)inl); + OPENSSL_clear_free((char *)buf_in, inll); OPENSSL_clear_free((char *)buf_out, outll); return outl; } @@ -138,7 +144,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, EVP_PKEY *pkey; unsigned char *buf_in = NULL, *buf_out = NULL; size_t inl = 0, outl = 0, outll = 0; - int signid, paramtype; + int signid, paramtype, buf_len = 0; int rv; type = EVP_MD_CTX_md(ctx); @@ -198,10 +204,16 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, } - inl = ASN1_item_i2d(asn, &buf_in, it); + buf_len = ASN1_item_i2d(asn, &buf_in, it); + if (buf_len <= 0) { + outl = 0; + ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_INTERNAL_ERROR); + goto err; + } + inl = buf_len; outll = outl = EVP_PKEY_size(pkey); - buf_out = OPENSSL_malloc((unsigned int)outl); - if ((buf_in == NULL) || (buf_out == NULL)) { + buf_out = OPENSSL_malloc(outll); + if (buf_in == NULL || buf_out == NULL) { outl = 0; ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_MALLOC_FAILURE); goto err; @@ -223,7 +235,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; err: - OPENSSL_clear_free((char *)buf_in, (unsigned int)inl); + OPENSSL_clear_free((char *)buf_in, inl); OPENSSL_clear_free((char *)buf_out, outll); return outl; } diff --git a/crypto/openssl/crypto/asn1/a_verify.c b/crypto/openssl/crypto/asn1/a_verify.c index 973d50d24de9..cdaf17c3cbc1 100644 --- a/crypto/openssl/crypto/asn1/a_verify.c +++ b/crypto/openssl/crypto/asn1/a_verify.c @@ -48,6 +48,10 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, } inl = i2d(data, NULL); + if (inl <= 0) { + ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_INTERNAL_ERROR); + goto err; + } buf_in = OPENSSL_malloc((unsigned int)inl); if (buf_in == NULL) { ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE); @@ -87,8 +91,8 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, EVP_MD_CTX *ctx = NULL; unsigned char *buf_in = NULL; int ret = -1, inl = 0; - int mdnid, pknid; + size_t inll = 0; if (!pkey) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER); @@ -127,8 +131,8 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, goto err; ret = -1; } else { - const EVP_MD *type; - type = EVP_get_digestbynid(mdnid); + const EVP_MD *type = EVP_get_digestbynid(mdnid); + if (type == NULL) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); @@ -150,11 +154,15 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, } inl = ASN1_item_i2d(asn, &buf_in, it); - + if (inl <= 0) { + ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_INTERNAL_ERROR); + goto err; + } if (buf_in == NULL) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE); goto err; } + inll = inl; ret = EVP_DigestVerify(ctx, signature->data, (size_t)signature->length, buf_in, inl); @@ -164,7 +172,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, } ret = 1; err: - OPENSSL_clear_free(buf_in, (unsigned int)inl); + OPENSSL_clear_free(buf_in, inll); EVP_MD_CTX_free(ctx); return ret; } diff --git a/crypto/openssl/crypto/asn1/ameth_lib.c b/crypto/openssl/crypto/asn1/ameth_lib.c index 9a1644148af5..d7d270dbb581 100644 --- a/crypto/openssl/crypto/asn1/ameth_lib.c +++ b/crypto/openssl/crypto/asn1/ameth_lib.c @@ -140,6 +140,22 @@ int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth) { EVP_PKEY_ASN1_METHOD tmp = { 0, }; + /* + * One of the following must be true: + * + * pem_str == NULL AND ASN1_PKEY_ALIAS is set + * pem_str != NULL AND ASN1_PKEY_ALIAS is clear + * + * Anything else is an error and may lead to a corrupt ASN1 method table + */ + if (!((ameth->pem_str == NULL + && (ameth->pkey_flags & ASN1_PKEY_ALIAS) != 0) + || (ameth->pem_str != NULL + && (ameth->pkey_flags & ASN1_PKEY_ALIAS) == 0))) { + EVPerr(EVP_F_EVP_PKEY_ASN1_ADD0, ERR_R_PASSED_INVALID_ARGUMENT); + return 0; + } + if (app_methods == NULL) { app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp); if (app_methods == NULL) @@ -216,18 +232,6 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, goto err; } - /* - * One of the following must be true: - * - * pem_str == NULL AND ASN1_PKEY_ALIAS is set - * pem_str != NULL AND ASN1_PKEY_ALIAS is clear - * - * Anything else is an error and may lead to a corrupt ASN1 method table - */ - if (!((pem_str == NULL && (flags & ASN1_PKEY_ALIAS) != 0) - || (pem_str != NULL && (flags & ASN1_PKEY_ALIAS) == 0))) - goto err; - if (pem_str) { ameth->pem_str = OPENSSL_strdup(pem_str); if (!ameth->pem_str) diff --git a/crypto/openssl/crypto/asn1/charmap.h b/crypto/openssl/crypto/asn1/charmap.h index bfccac2cb4e3..f15d72d73661 100644 --- a/crypto/openssl/crypto/asn1/charmap.h +++ b/crypto/openssl/crypto/asn1/charmap.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/asn1/charmap.pl * - * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/crypto/asn1/charmap.pl b/crypto/openssl/crypto/asn1/charmap.pl index fbab1f3b0ad7..dadd8df7749d 100644 --- a/crypto/openssl/crypto/asn1/charmap.pl +++ b/crypto/openssl/crypto/asn1/charmap.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/crypto/asn1/d2i_pu.c b/crypto/openssl/crypto/asn1/d2i_pu.c index 9452e08a5874..7bc16c7bceb4 100644 --- a/crypto/openssl/crypto/asn1/d2i_pu.c +++ b/crypto/openssl/crypto/asn1/d2i_pu.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -32,7 +32,7 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, } else ret = *a; - if (!EVP_PKEY_set_type(ret, type)) { + if (type != EVP_PKEY_id(ret) && !EVP_PKEY_set_type(ret, type)) { ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_EVP_LIB); goto err; } diff --git a/crypto/openssl/crypto/bio/b_addr.c b/crypto/openssl/crypto/bio/b_addr.c index abec7bb8dbba..4395ab7a0683 100644 --- a/crypto/openssl/crypto/bio/b_addr.c +++ b/crypto/openssl/crypto/bio/b_addr.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -782,7 +782,12 @@ int BIO_lookup_ex(const char *host, const char *service, int lookup_type, * anyway [above getaddrinfo/gai_strerror is]. We just let * system administrator figure this out... */ +# if defined(OPENSSL_SYS_VXWORKS) + /* h_errno doesn't exist on VxWorks */ + SYSerr(SYS_F_GETHOSTBYNAME, 1000 ); +# else SYSerr(SYS_F_GETHOSTBYNAME, 1000 + h_errno); +# endif #else SYSerr(SYS_F_GETHOSTBYNAME, WSAGetLastError()); #endif diff --git a/crypto/openssl/crypto/bio/bss_file.c b/crypto/openssl/crypto/bio/bss_file.c index 8de2391267af..057344783d61 100644 --- a/crypto/openssl/crypto/bio/bss_file.c +++ b/crypto/openssl/crypto/bio/bss_file.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -253,9 +253,7 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) } # elif defined(OPENSSL_SYS_WIN32_CYGWIN) int fd = fileno((FILE *)ptr); - if (num & BIO_FP_TEXT) - setmode(fd, O_TEXT); - else + if (!(num & BIO_FP_TEXT)) setmode(fd, O_BINARY); # endif } @@ -279,11 +277,14 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) ret = 0; break; } -# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32_CYGWIN) +# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) if (!(num & BIO_FP_TEXT)) OPENSSL_strlcat(p, "b", sizeof(p)); else OPENSSL_strlcat(p, "t", sizeof(p)); +# elif defined(OPENSSL_SYS_WIN32_CYGWIN) + if (!(num & BIO_FP_TEXT)) + OPENSSL_strlcat(p, "b", sizeof(p)); # endif fp = openssl_fopen(ptr, p); if (fp == NULL) { diff --git a/crypto/openssl/crypto/bio/bss_mem.c b/crypto/openssl/crypto/bio/bss_mem.c index e0a97c3b43e1..10fcbf7a7c4f 100644 --- a/crypto/openssl/crypto/bio/bss_mem.c +++ b/crypto/openssl/crypto/bio/bss_mem.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -20,7 +20,7 @@ static long mem_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int mem_new(BIO *h); static int secmem_new(BIO *h); static int mem_free(BIO *data); -static int mem_buf_free(BIO *data, int free_all); +static int mem_buf_free(BIO *data); static int mem_buf_sync(BIO *h); static const BIO_METHOD mem_method = { @@ -140,10 +140,20 @@ static int secmem_new(BIO *bi) static int mem_free(BIO *a) { - return mem_buf_free(a, 1); + BIO_BUF_MEM *bb; + + if (a == NULL) + return 0; + + bb = (BIO_BUF_MEM *)a->ptr; + if (!mem_buf_free(a)) + return 0; + OPENSSL_free(bb->readp); + OPENSSL_free(bb); + return 1; } -static int mem_buf_free(BIO *a, int free_all) +static int mem_buf_free(BIO *a) { if (a == NULL) return 0; @@ -155,11 +165,6 @@ static int mem_buf_free(BIO *a, int free_all) if (a->flags & BIO_FLAGS_MEM_RDONLY) b->data = NULL; BUF_MEM_free(b); - if (free_all) { - OPENSSL_free(bb->readp); - OPENSSL_free(bb); - } - a->ptr = NULL; } return 1; } @@ -266,11 +271,10 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr) } break; case BIO_C_SET_BUF_MEM: - mem_buf_free(b, 0); + mem_buf_free(b); b->shutdown = (int)num; bbm->buf = ptr; *bbm->readp = *bbm->buf; - b->ptr = bbm; break; case BIO_C_GET_BUF_MEM_PTR: if (ptr != NULL) { diff --git a/crypto/openssl/crypto/bn/asm/armv8-mont.pl b/crypto/openssl/crypto/bn/asm/armv8-mont.pl index 5d5af1b6be25..d8347bf93249 100755 --- a/crypto/openssl/crypto/bn/asm/armv8-mont.pl +++ b/crypto/openssl/crypto/bn/asm/armv8-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -287,6 +287,7 @@ __bn_sqr8x_mont: cmp $ap,$bp b.ne __bn_mul4x_mont .Lsqr8x_mont: + .inst 0xd503233f // paciasp stp x29,x30,[sp,#-128]! add x29,sp,#0 stp x19,x20,[sp,#16] @@ -1040,6 +1041,7 @@ $code.=<<___; ldp x25,x26,[x29,#64] ldp x27,x28,[x29,#80] ldr x29,[sp],#128 + .inst 0xd50323bf // autiasp ret .size __bn_sqr8x_mont,.-__bn_sqr8x_mont ___ @@ -1063,6 +1065,7 @@ $code.=<<___; .type __bn_mul4x_mont,%function .align 5 __bn_mul4x_mont: + .inst 0xd503233f // paciasp stp x29,x30,[sp,#-128]! add x29,sp,#0 stp x19,x20,[sp,#16] @@ -1496,6 +1499,7 @@ __bn_mul4x_mont: ldp x25,x26,[x29,#64] ldp x27,x28,[x29,#80] ldr x29,[sp],#128 + .inst 0xd50323bf // autiasp ret .size __bn_mul4x_mont,.-__bn_mul4x_mont ___ diff --git a/crypto/openssl/crypto/bn/asm/ia64.S b/crypto/openssl/crypto/bn/asm/ia64.S index d235c45e2d63..0a26735c6979 100644 --- a/crypto/openssl/crypto/bn/asm/ia64.S +++ b/crypto/openssl/crypto/bn/asm/ia64.S @@ -3,7 +3,7 @@ .ident "ia64.S, Version 2.1" .ident "IA-64 ISA artwork by Andy Polyakov <appro@openssl.org>" -// Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. +// Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. // // Licensed under the OpenSSL license (the "License"). You may not use // this file except in compliance with the License. You can obtain a copy @@ -48,7 +48,7 @@ // on Itanium2! What to do? Reschedule loops for Itanium2? But then // Itanium would exhibit anti-scalability. So I've chosen to reschedule // for worst latency for every instruction aiming for best *all-round* -// performance. +// performance. // Q. How much faster does it get? // A. Here is the output from 'openssl speed rsa dsa' for vanilla @@ -472,7 +472,7 @@ bn_mul_add_words: .global bn_sqr_words# .proc bn_sqr_words# .align 64 -.skip 32 // makes the loop body aligned at 64-byte boundary +.skip 32 // makes the loop body aligned at 64-byte boundary bn_sqr_words: .prologue .save ar.pfs,r2 diff --git a/crypto/openssl/crypto/bn/asm/mips.pl b/crypto/openssl/crypto/bn/asm/mips.pl index da35ec1b30ce..3875132bd25d 100755 --- a/crypto/openssl/crypto/bn/asm/mips.pl +++ b/crypto/openssl/crypto/bn/asm/mips.pl @@ -798,6 +798,11 @@ $code.=<<___; move $a0,$v0 .end bn_sub_words_internal +#if 0 +/* + * The bn_div_3_words entry point is re-used for constant-time interface. + * Implementation is retained as hystorical reference. + */ .align 5 .globl bn_div_3_words .ent bn_div_3_words @@ -877,6 +882,7 @@ $code.=<<___; jr $ra move $a0,$v0 .end bn_div_3_words_internal +#endif .align 5 .globl bn_div_words diff --git a/crypto/openssl/crypto/bn/asm/rsaz-avx2.pl b/crypto/openssl/crypto/bn/asm/rsaz-avx2.pl index f1292cc75cfb..85cd73c668bd 100755 --- a/crypto/openssl/crypto/bn/asm/rsaz-avx2.pl +++ b/crypto/openssl/crypto/bn/asm/rsaz-avx2.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2013-2019 The OpenSSL Project Authors. All Rights Reserved. # Copyright (c) 2012, Intel Corporation. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use @@ -1492,6 +1492,7 @@ $code.=<<___; .type rsaz_1024_red2norm_avx2,\@abi-omnipotent .align 32 rsaz_1024_red2norm_avx2: +.cfi_startproc sub \$-128,$inp # size optimization xor %rax,%rax ___ @@ -1525,12 +1526,14 @@ ___ } $code.=<<___; ret +.cfi_endproc .size rsaz_1024_red2norm_avx2,.-rsaz_1024_red2norm_avx2 .globl rsaz_1024_norm2red_avx2 .type rsaz_1024_norm2red_avx2,\@abi-omnipotent .align 32 rsaz_1024_norm2red_avx2: +.cfi_startproc sub \$-128,$out # size optimization mov ($inp),@T[0] mov \$0x1fffffff,%eax @@ -1562,6 +1565,7 @@ $code.=<<___; mov @T[0],`8*($j+2)-128`($out) mov @T[0],`8*($j+3)-128`($out) ret +.cfi_endproc .size rsaz_1024_norm2red_avx2,.-rsaz_1024_norm2red_avx2 ___ } @@ -1573,6 +1577,7 @@ $code.=<<___; .type rsaz_1024_scatter5_avx2,\@abi-omnipotent .align 32 rsaz_1024_scatter5_avx2: +.cfi_startproc vzeroupper vmovdqu .Lscatter_permd(%rip),%ymm5 shl \$4,$power @@ -1592,6 +1597,7 @@ rsaz_1024_scatter5_avx2: vzeroupper ret +.cfi_endproc .size rsaz_1024_scatter5_avx2,.-rsaz_1024_scatter5_avx2 .globl rsaz_1024_gather5_avx2 diff --git a/crypto/openssl/crypto/bn/asm/sparcv8plus.S b/crypto/openssl/crypto/bn/asm/sparcv8plus.S index fe4699b2bdd1..d520ffa7c248 100644 --- a/crypto/openssl/crypto/bn/asm/sparcv8plus.S +++ b/crypto/openssl/crypto/bn/asm/sparcv8plus.S @@ -3,7 +3,7 @@ /* * ==================================================================== - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -154,9 +154,9 @@ .register %g2,#scratch .register %g3,#scratch # define FRAME_SIZE -192 -#else +#else # define FRAME_SIZE -96 -#endif +#endif /* * GNU assembler can't stand stuw:-( */ diff --git a/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl b/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl index ad6e8ada3ce7..f43e13d11643 100755 --- a/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl +++ b/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -2910,6 +2910,7 @@ bn_powerx5: .align 32 bn_sqrx8x_internal: __bn_sqrx8x_internal: +.cfi_startproc ################################################################## # Squaring part: # @@ -3542,6 +3543,7 @@ __bn_sqrx8x_reduction: cmp 8+8(%rsp),%r8 # end of t[]? jb .Lsqrx8x_reduction_loop ret +.cfi_endproc .size bn_sqrx8x_internal,.-bn_sqrx8x_internal ___ } diff --git a/crypto/openssl/crypto/bn/bn_ctx.c b/crypto/openssl/crypto/bn/bn_ctx.c index aa08b31a34bb..54b799961aa4 100644 --- a/crypto/openssl/crypto/bn/bn_ctx.c +++ b/crypto/openssl/crypto/bn/bn_ctx.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -227,6 +227,8 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx) } /* OK, make sure the returned bignum is "zero" */ BN_zero(ret); + /* clear BN_FLG_CONSTTIME if leaked from previous frames */ + ret->flags &= (~BN_FLG_CONSTTIME); ctx->used++; CTXDBG_RET(ctx, ret); return ret; @@ -256,7 +258,7 @@ static int BN_STACK_push(BN_STACK *st, unsigned int idx) unsigned int newsize = st->size ? (st->size * 3 / 2) : BN_CTX_START_FRAMES; unsigned int *newitems; - + if ((newitems = OPENSSL_malloc(sizeof(*newitems) * newsize)) == NULL) { BNerr(BN_F_BN_STACK_PUSH, ERR_R_MALLOC_FAILURE); return 0; @@ -310,7 +312,7 @@ static BIGNUM *BN_POOL_get(BN_POOL *p, int flag) /* Full; allocate a new pool item and link it in. */ if (p->used == p->size) { BN_POOL_ITEM *item; - + if ((item = OPENSSL_malloc(sizeof(*item))) == NULL) { BNerr(BN_F_BN_POOL_GET, ERR_R_MALLOC_FAILURE); return NULL; diff --git a/crypto/openssl/crypto/bn/bn_depr.c b/crypto/openssl/crypto/bn/bn_depr.c index 7d89214b1c16..58bcf197a490 100644 --- a/crypto/openssl/crypto/bn/bn_depr.c +++ b/crypto/openssl/crypto/bn/bn_depr.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -40,7 +40,7 @@ BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, goto err; /* we have a prime :-) */ - return ret; + return rnd; err: BN_free(rnd); return NULL; diff --git a/crypto/openssl/crypto/bn/bn_div.c b/crypto/openssl/crypto/bn/bn_div.c index 70add10c7d6c..3a6fa0a1b194 100644 --- a/crypto/openssl/crypto/bn/bn_div.c +++ b/crypto/openssl/crypto/bn/bn_div.c @@ -7,6 +7,7 @@ * https://www.openssl.org/source/license.html */ +#include <assert.h> #include <openssl/bn.h> #include "internal/cryptlib.h" #include "bn_lcl.h" @@ -86,6 +87,77 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, #else +# if defined(BN_DIV3W) +BN_ULONG bn_div_3_words(const BN_ULONG *m, BN_ULONG d1, BN_ULONG d0); +# elif 0 +/* + * This is #if-ed away, because it's a reference for assembly implementations, + * where it can and should be made constant-time. But if you want to test it, + * just replace 0 with 1. + */ +# if BN_BITS2 == 64 && defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16 +# undef BN_ULLONG +# define BN_ULLONG __uint128_t +# define BN_LLONG +# endif + +# ifdef BN_LLONG +# define BN_DIV3W +/* + * Interface is somewhat quirky, |m| is pointer to most significant limb, + * and less significant limb is referred at |m[-1]|. This means that caller + * is responsible for ensuring that |m[-1]| is valid. Second condition that + * has to be met is that |d0|'s most significant bit has to be set. Or in + * other words divisor has to be "bit-aligned to the left." bn_div_fixed_top + * does all this. The subroutine considers four limbs, two of which are + * "overlapping," hence the name... + */ +static BN_ULONG bn_div_3_words(const BN_ULONG *m, BN_ULONG d1, BN_ULONG d0) +{ + BN_ULLONG R = ((BN_ULLONG)m[0] << BN_BITS2) | m[-1]; + BN_ULLONG D = ((BN_ULLONG)d0 << BN_BITS2) | d1; + BN_ULONG Q = 0, mask; + int i; + + for (i = 0; i < BN_BITS2; i++) { + Q <<= 1; + if (R >= D) { + Q |= 1; + R -= D; + } + D >>= 1; + } + + mask = 0 - (Q >> (BN_BITS2 - 1)); /* does it overflow? */ + + Q <<= 1; + Q |= (R >= D); + + return (Q | mask) & BN_MASK2; +} +# endif +# endif + +static int bn_left_align(BIGNUM *num) +{ + BN_ULONG *d = num->d, n, m, rmask; + int top = num->top; + int rshift = BN_num_bits_word(d[top - 1]), lshift, i; + + lshift = BN_BITS2 - rshift; + rshift %= BN_BITS2; /* say no to undefined behaviour */ + rmask = (BN_ULONG)0 - rshift; /* rmask = 0 - (rshift != 0) */ + rmask |= rmask >> 8; + + for (i = 0, m = 0; i < top; i++) { + n = d[i]; + d[i] = ((n << lshift) | m) & BN_MASK2; + m = (n >> rshift) & rmask; + } + + return lshift; +} + # if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) \ && !defined(PEDANTIC) && !defined(BN_DIV3W) # if defined(__GNUC__) && __GNUC__>=2 @@ -137,55 +209,73 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, BN_CTX *ctx) { - int norm_shift, i, loop; - BIGNUM *tmp, wnum, *snum, *sdiv, *res; - BN_ULONG *resp, *wnump; - BN_ULONG d0, d1; - int num_n, div_n; - int no_branch = 0; + int ret; + + if (BN_is_zero(divisor)) { + BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO); + return 0; + } /* * Invalid zero-padding would have particularly bad consequences so don't * just rely on bn_check_top() here (bn_check_top() works only for * BN_DEBUG builds) */ - if ((num->top > 0 && num->d[num->top - 1] == 0) || - (divisor->top > 0 && divisor->d[divisor->top - 1] == 0)) { + if (divisor->d[divisor->top - 1] == 0) { BNerr(BN_F_BN_DIV, BN_R_NOT_INITIALIZED); return 0; } - bn_check_top(num); - bn_check_top(divisor); + ret = bn_div_fixed_top(dv, rm, num, divisor, ctx); - if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) - || (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0)) { - no_branch = 1; + if (ret) { + if (dv != NULL) + bn_correct_top(dv); + if (rm != NULL) + bn_correct_top(rm); } - bn_check_top(dv); - bn_check_top(rm); - /*- bn_check_top(num); *//* - * 'num' has been checked already - */ - /*- bn_check_top(divisor); *//* - * 'divisor' has been checked already - */ + return ret; +} - if (BN_is_zero(divisor)) { - BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO); - return 0; - } +/* + * It's argued that *length* of *significant* part of divisor is public. + * Even if it's private modulus that is. Again, *length* is assumed + * public, but not *value*. Former is likely to be pre-defined by + * algorithm with bit granularity, though below subroutine is invariant + * of limb length. Thanks to this assumption we can require that |divisor| + * may not be zero-padded, yet claim this subroutine "constant-time"(*). + * This is because zero-padded dividend, |num|, is tolerated, so that + * caller can pass dividend of public length(*), but with smaller amount + * of significant limbs. This naturally means that quotient, |dv|, would + * contain correspongly less significant limbs as well, and will be zero- + * padded accordingly. Returned remainder, |rm|, will have same bit length + * as divisor, also zero-padded if needed. These actually leave sign bits + * in ambiguous state. In sense that we try to avoid negative zeros, while + * zero-padded zeros would retain sign. + * + * (*) "Constant-time-ness" has two pre-conditions: + * + * - availability of constant-time bn_div_3_words; + * - dividend is at least as "wide" as divisor, limb-wise, zero-padded + * if so requied, which shouldn't be a privacy problem, because + * divisor's length is considered public; + */ +int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, + const BIGNUM *divisor, BN_CTX *ctx) +{ + int norm_shift, i, j, loop; + BIGNUM *tmp, *snum, *sdiv, *res; + BN_ULONG *resp, *wnum, *wnumtop; + BN_ULONG d0, d1; + int num_n, div_n; - if (!no_branch && BN_ucmp(num, divisor) < 0) { - if (rm != NULL) { - if (BN_copy(rm, num) == NULL) - return 0; - } - if (dv != NULL) - BN_zero(dv); - return 1; - } + assert(divisor->top > 0 && divisor->d[divisor->top - 1] != 0); + + bn_check_top(num); + bn_check_top(divisor); + bn_check_top(dv); + bn_check_top(rm); BN_CTX_start(ctx); res = (dv == NULL) ? BN_CTX_get(ctx) : dv; @@ -196,113 +286,72 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, goto err; /* First we normalise the numbers */ - norm_shift = BN_BITS2 - ((BN_num_bits(divisor)) % BN_BITS2); - if (!(BN_lshift(sdiv, divisor, norm_shift))) + if (!BN_copy(sdiv, divisor)) goto err; + norm_shift = bn_left_align(sdiv); sdiv->neg = 0; - norm_shift += BN_BITS2; - if (!(BN_lshift(snum, num, norm_shift))) + /* + * Note that bn_lshift_fixed_top's output is always one limb longer + * than input, even when norm_shift is zero. This means that amount of + * inner loop iterations is invariant of dividend value, and that one + * doesn't need to compare dividend and divisor if they were originally + * of the same bit length. + */ + if (!(bn_lshift_fixed_top(snum, num, norm_shift))) goto err; - snum->neg = 0; - - if (no_branch) { - /* - * Since we don't know whether snum is larger than sdiv, we pad snum - * with enough zeroes without changing its value. - */ - if (snum->top <= sdiv->top + 1) { - if (bn_wexpand(snum, sdiv->top + 2) == NULL) - goto err; - for (i = snum->top; i < sdiv->top + 2; i++) - snum->d[i] = 0; - snum->top = sdiv->top + 2; - } else { - if (bn_wexpand(snum, snum->top + 1) == NULL) - goto err; - snum->d[snum->top] = 0; - snum->top++; - } - } div_n = sdiv->top; num_n = snum->top; + + if (num_n <= div_n) { + /* caller didn't pad dividend -> no constant-time guarantee... */ + if (bn_wexpand(snum, div_n + 1) == NULL) + goto err; + memset(&(snum->d[num_n]), 0, (div_n - num_n + 1) * sizeof(BN_ULONG)); + snum->top = num_n = div_n + 1; + } + loop = num_n - div_n; /* * Lets setup a 'window' into snum This is the part that corresponds to * the current 'area' being divided */ - wnum.neg = 0; - wnum.d = &(snum->d[loop]); - wnum.top = div_n; - wnum.flags = BN_FLG_STATIC_DATA; - /* - * only needed when BN_ucmp messes up the values between top and max - */ - wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */ + wnum = &(snum->d[loop]); + wnumtop = &(snum->d[num_n - 1]); /* Get the top 2 words of sdiv */ - /* div_n=sdiv->top; */ d0 = sdiv->d[div_n - 1]; d1 = (div_n == 1) ? 0 : sdiv->d[div_n - 2]; - /* pointer to the 'top' of snum */ - wnump = &(snum->d[num_n - 1]); - - /* Setup to 'res' */ - if (!bn_wexpand(res, (loop + 1))) + /* Setup quotient */ + if (!bn_wexpand(res, loop)) goto err; res->neg = (num->neg ^ divisor->neg); - res->top = loop - no_branch; - resp = &(res->d[loop - 1]); + res->top = loop; + res->flags |= BN_FLG_FIXED_TOP; + resp = &(res->d[loop]); /* space for temp */ if (!bn_wexpand(tmp, (div_n + 1))) goto err; - if (!no_branch) { - if (BN_ucmp(&wnum, sdiv) >= 0) { - /* - * If BN_DEBUG_RAND is defined BN_ucmp changes (via bn_pollute) - * the const bignum arguments => clean the values between top and - * max again - */ - bn_clear_top2max(&wnum); - bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n); - *resp = 1; - } else - res->top--; - } - - /* Increase the resp pointer so that we never create an invalid pointer. */ - resp++; - - /* - * if res->top == 0 then clear the neg value otherwise decrease the resp - * pointer - */ - if (res->top == 0) - res->neg = 0; - else - resp--; - - for (i = 0; i < loop - 1; i++, wnump--) { + for (i = 0; i < loop; i++, wnumtop--) { BN_ULONG q, l0; /* * the first part of the loop uses the top two words of snum and sdiv * to calculate a BN_ULONG q such that | wnum - sdiv * q | < sdiv */ -# if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM) - BN_ULONG bn_div_3_words(BN_ULONG *, BN_ULONG, BN_ULONG); - q = bn_div_3_words(wnump, d1, d0); +# if defined(BN_DIV3W) + q = bn_div_3_words(wnumtop, d1, d0); # else BN_ULONG n0, n1, rem = 0; - n0 = wnump[0]; - n1 = wnump[-1]; + n0 = wnumtop[0]; + n1 = wnumtop[-1]; if (n0 == d0) q = BN_MASK2; else { /* n0 < d0 */ - + BN_ULONG n2 = (wnumtop == wnum) ? 0 : wnumtop[-2]; # ifdef BN_LLONG BN_ULLONG t2; @@ -322,7 +371,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, t2 = (BN_ULLONG) d1 *q; for (;;) { - if (t2 <= ((((BN_ULLONG) rem) << BN_BITS2) | wnump[-2])) + if (t2 <= ((((BN_ULLONG) rem) << BN_BITS2) | n2)) break; q--; rem += d0; @@ -355,7 +404,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, # endif for (;;) { - if ((t2h < rem) || ((t2h == rem) && (t2l <= wnump[-2]))) + if ((t2h < rem) || ((t2h == rem) && (t2l <= n2))) break; q--; rem += d0; @@ -371,43 +420,33 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, l0 = bn_mul_words(tmp->d, sdiv->d, div_n, q); tmp->d[div_n] = l0; - wnum.d--; + wnum--; /* - * ingore top values of the bignums just sub the two BN_ULONG arrays + * ignore top values of the bignums just sub the two BN_ULONG arrays * with bn_sub_words */ - if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n + 1)) { - /* - * Note: As we have considered only the leading two BN_ULONGs in - * the calculation of q, sdiv * q might be greater than wnum (but - * then (q-1) * sdiv is less or equal than wnum) - */ - q--; - if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n)) - /* - * we can't have an overflow here (assuming that q != 0, but - * if q == 0 then tmp is zero anyway) - */ - (*wnump)++; - } - /* store part of the result */ - resp--; - *resp = q; - } - bn_correct_top(snum); - if (rm != NULL) { + l0 = bn_sub_words(wnum, wnum, tmp->d, div_n + 1); + q -= l0; /* - * Keep a copy of the neg flag in num because if rm==num BN_rshift() - * will overwrite it. + * Note: As we have considered only the leading two BN_ULONGs in + * the calculation of q, sdiv * q might be greater than wnum (but + * then (q-1) * sdiv is less or equal than wnum) */ - int neg = num->neg; - BN_rshift(rm, snum, norm_shift); - if (!BN_is_zero(rm)) - rm->neg = neg; - bn_check_top(rm); + for (l0 = 0 - l0, j = 0; j < div_n; j++) + tmp->d[j] = sdiv->d[j] & l0; + l0 = bn_add_words(wnum, wnum, tmp->d, div_n); + (*wnumtop) += l0; + assert((*wnumtop) == 0); + + /* store part of the result */ + *--resp = q; } - if (no_branch) - bn_correct_top(res); + /* snum holds remainder, it's as wide as divisor */ + snum->neg = num->neg; + snum->top = div_n; + snum->flags |= BN_FLG_FIXED_TOP; + if (rm != NULL) + bn_rshift_fixed_top(rm, snum, norm_shift); BN_CTX_end(ctx); return 1; err: diff --git a/crypto/openssl/crypto/bn/bn_exp.c b/crypto/openssl/crypto/bn/bn_exp.c index c026ffcb339c..88f2baf0e553 100644 --- a/crypto/openssl/crypto/bn/bn_exp.c +++ b/crypto/openssl/crypto/bn/bn_exp.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -648,34 +648,41 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, goto err; } + if (a->neg || BN_ucmp(a, m) >= 0) { + BIGNUM *reduced = BN_CTX_get(ctx); + if (reduced == NULL + || !BN_nnmod(reduced, a, m, ctx)) { + goto err; + } + a = reduced; + } + #ifdef RSAZ_ENABLED - if (!a->neg) { - /* - * If the size of the operands allow it, perform the optimized - * RSAZ exponentiation. For further information see - * crypto/bn/rsaz_exp.c and accompanying assembly modules. - */ - if ((16 == a->top) && (16 == p->top) && (BN_num_bits(m) == 1024) - && rsaz_avx2_eligible()) { - if (NULL == bn_wexpand(rr, 16)) - goto err; - RSAZ_1024_mod_exp_avx2(rr->d, a->d, p->d, m->d, mont->RR.d, - mont->n0[0]); - rr->top = 16; - rr->neg = 0; - bn_correct_top(rr); - ret = 1; + /* + * If the size of the operands allow it, perform the optimized + * RSAZ exponentiation. For further information see + * crypto/bn/rsaz_exp.c and accompanying assembly modules. + */ + if ((16 == a->top) && (16 == p->top) && (BN_num_bits(m) == 1024) + && rsaz_avx2_eligible()) { + if (NULL == bn_wexpand(rr, 16)) goto err; - } else if ((8 == a->top) && (8 == p->top) && (BN_num_bits(m) == 512)) { - if (NULL == bn_wexpand(rr, 8)) - goto err; - RSAZ_512_mod_exp(rr->d, a->d, p->d, m->d, mont->n0[0], mont->RR.d); - rr->top = 8; - rr->neg = 0; - bn_correct_top(rr); - ret = 1; + RSAZ_1024_mod_exp_avx2(rr->d, a->d, p->d, m->d, mont->RR.d, + mont->n0[0]); + rr->top = 16; + rr->neg = 0; + bn_correct_top(rr); + ret = 1; + goto err; + } else if ((8 == a->top) && (8 == p->top) && (BN_num_bits(m) == 512)) { + if (NULL == bn_wexpand(rr, 8)) goto err; - } + RSAZ_512_mod_exp(rr->d, a->d, p->d, m->d, mont->n0[0], mont->RR.d); + rr->top = 8; + rr->neg = 0; + bn_correct_top(rr); + ret = 1; + goto err; } #endif @@ -747,12 +754,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, goto err; /* prepare a^1 in Montgomery domain */ - if (a->neg || BN_ucmp(a, m) >= 0) { - if (!BN_nnmod(&am, a, m, ctx)) - goto err; - if (!bn_to_mont_fixed_top(&am, &am, mont, ctx)) - goto err; - } else if (!bn_to_mont_fixed_top(&am, a, mont, ctx)) + if (!bn_to_mont_fixed_top(&am, a, mont, ctx)) goto err; #if defined(SPARC_T4_MONT) diff --git a/crypto/openssl/crypto/bn/bn_lib.c b/crypto/openssl/crypto/bn/bn_lib.c index 80f910c80779..8286b3855a2c 100644 --- a/crypto/openssl/crypto/bn/bn_lib.c +++ b/crypto/openssl/crypto/bn/bn_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -695,6 +695,9 @@ int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n) int i; BN_ULONG aa, bb; + if (n == 0) + return 0; + aa = a[n - 1]; bb = b[n - 1]; if (aa != bb) @@ -737,26 +740,25 @@ int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, int cl, int dl) return bn_cmp_words(a, b, cl); } -/* +/*- * Constant-time conditional swap of a and b. - * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. - * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, - * and that no more than nwords are used by either a or b. - * a and b cannot be the same number + * a and b are swapped if condition is not 0. + * nwords is the number of words to swap. + * Assumes that at least nwords are allocated in both a and b. + * Assumes that no more than nwords are used by either a or b. */ void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) { BN_ULONG t; int i; + if (a == b) + return; + bn_wcheck_size(a, nwords); bn_wcheck_size(b, nwords); - assert(a != b); - assert((condition & (condition - 1)) == 0); - assert(sizeof(BN_ULONG) >= sizeof(int)); - - condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; + condition = ((~condition & ((condition - 1))) >> (BN_BITS2 - 1)) - 1; t = (a->top ^ b->top) & condition; a->top ^= t; @@ -794,42 +796,16 @@ void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) a->flags ^= t; b->flags ^= t; -#define BN_CONSTTIME_SWAP(ind) \ - do { \ - t = (a->d[ind] ^ b->d[ind]) & condition; \ - a->d[ind] ^= t; \ - b->d[ind] ^= t; \ - } while (0) - - switch (nwords) { - default: - for (i = 10; i < nwords; i++) - BN_CONSTTIME_SWAP(i); - /* Fallthrough */ - case 10: - BN_CONSTTIME_SWAP(9); /* Fallthrough */ - case 9: - BN_CONSTTIME_SWAP(8); /* Fallthrough */ - case 8: - BN_CONSTTIME_SWAP(7); /* Fallthrough */ - case 7: - BN_CONSTTIME_SWAP(6); /* Fallthrough */ - case 6: - BN_CONSTTIME_SWAP(5); /* Fallthrough */ - case 5: - BN_CONSTTIME_SWAP(4); /* Fallthrough */ - case 4: - BN_CONSTTIME_SWAP(3); /* Fallthrough */ - case 3: - BN_CONSTTIME_SWAP(2); /* Fallthrough */ - case 2: - BN_CONSTTIME_SWAP(1); /* Fallthrough */ - case 1: - BN_CONSTTIME_SWAP(0); - } -#undef BN_CONSTTIME_SWAP + /* conditionally swap the data */ + for (i = 0; i < nwords; i++) { + t = (a->d[i] ^ b->d[i]) & condition; + a->d[i] ^= t; + b->d[i] ^= t; + } } +#undef BN_CONSTTIME_SWAP_FLAGS + /* Bits of security, see SP800-57 */ int BN_security_bits(int L, int N) diff --git a/crypto/openssl/crypto/bn/bn_prime.h b/crypto/openssl/crypto/bn/bn_prime.h index a64c9630f3b0..2eb7b52f76f9 100644 --- a/crypto/openssl/crypto/bn/bn_prime.h +++ b/crypto/openssl/crypto/bn/bn_prime.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/bn/bn_prime.pl * - * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/crypto/bn/bn_prime.pl b/crypto/openssl/crypto/bn/bn_prime.pl index eeca475b9366..b0b16087429b 100644 --- a/crypto/openssl/crypto/bn/bn_prime.pl +++ b/crypto/openssl/crypto/bn/bn_prime.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/crypto/bn/bn_shift.c b/crypto/openssl/crypto/bn/bn_shift.c index 15d4b321ba26..b7a1e0ff9ae3 100644 --- a/crypto/openssl/crypto/bn/bn_shift.c +++ b/crypto/openssl/crypto/bn/bn_shift.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,6 +7,7 @@ * https://www.openssl.org/source/license.html */ +#include <assert.h> #include "internal/cryptlib.h" #include "bn_lcl.h" @@ -82,40 +83,70 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a) int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) { - int i, nw, lb, rb; - BN_ULONG *t, *f; - BN_ULONG l; - - bn_check_top(r); - bn_check_top(a); + int ret; if (n < 0) { BNerr(BN_F_BN_LSHIFT, BN_R_INVALID_SHIFT); return 0; } + ret = bn_lshift_fixed_top(r, a, n); + + bn_correct_top(r); + bn_check_top(r); + + return ret; +} + +/* + * In respect to shift factor the execution time is invariant of + * |n % BN_BITS2|, but not |n / BN_BITS2|. Or in other words pre-condition + * for constant-time-ness is |n < BN_BITS2| or |n / BN_BITS2| being + * non-secret. + */ +int bn_lshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n) +{ + int i, nw; + unsigned int lb, rb; + BN_ULONG *t, *f; + BN_ULONG l, m, rmask = 0; + + assert(n >= 0); + + bn_check_top(r); + bn_check_top(a); + nw = n / BN_BITS2; if (bn_wexpand(r, a->top + nw + 1) == NULL) return 0; - r->neg = a->neg; - lb = n % BN_BITS2; - rb = BN_BITS2 - lb; - f = a->d; - t = r->d; - t[a->top + nw] = 0; - if (lb == 0) - for (i = a->top - 1; i >= 0; i--) - t[nw + i] = f[i]; - else - for (i = a->top - 1; i >= 0; i--) { - l = f[i]; - t[nw + i + 1] |= (l >> rb) & BN_MASK2; - t[nw + i] = (l << lb) & BN_MASK2; + + if (a->top != 0) { + lb = (unsigned int)n % BN_BITS2; + rb = BN_BITS2 - lb; + rb %= BN_BITS2; /* say no to undefined behaviour */ + rmask = (BN_ULONG)0 - rb; /* rmask = 0 - (rb != 0) */ + rmask |= rmask >> 8; + f = &(a->d[0]); + t = &(r->d[nw]); + l = f[a->top - 1]; + t[a->top] = (l >> rb) & rmask; + for (i = a->top - 1; i > 0; i--) { + m = l << lb; + l = f[i - 1]; + t[i] = (m | ((l >> rb) & rmask)) & BN_MASK2; } - memset(t, 0, sizeof(*t) * nw); + t[0] = (l << lb) & BN_MASK2; + } else { + /* shouldn't happen, but formally required */ + r->d[nw] = 0; + } + if (nw != 0) + memset(r->d, 0, sizeof(*t) * nw); + + r->neg = a->neg; r->top = a->top + nw + 1; - bn_correct_top(r); - bn_check_top(r); + r->flags |= BN_FLG_FIXED_TOP; + return 1; } @@ -173,3 +204,54 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) bn_check_top(r); return 1; } + +/* + * In respect to shift factor the execution time is invariant of + * |n % BN_BITS2|, but not |n / BN_BITS2|. Or in other words pre-condition + * for constant-time-ness for sufficiently[!] zero-padded inputs is + * |n < BN_BITS2| or |n / BN_BITS2| being non-secret. + */ +int bn_rshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n) +{ + int i, top, nw; + unsigned int lb, rb; + BN_ULONG *t, *f; + BN_ULONG l, m, mask; + + bn_check_top(r); + bn_check_top(a); + + assert(n >= 0); + + nw = n / BN_BITS2; + if (nw >= a->top) { + /* shouldn't happen, but formally required */ + BN_zero(r); + return 1; + } + + rb = (unsigned int)n % BN_BITS2; + lb = BN_BITS2 - rb; + lb %= BN_BITS2; /* say no to undefined behaviour */ + mask = (BN_ULONG)0 - lb; /* mask = 0 - (lb != 0) */ + mask |= mask >> 8; + top = a->top - nw; + if (r != a && bn_wexpand(r, top) == NULL) + return 0; + + t = &(r->d[0]); + f = &(a->d[nw]); + l = f[0]; + for (i = 0; i < top - 1; i++) { + m = f[i + 1]; + t[i] = (l >> rb) | ((m << lb) & mask); + l = m; + } + t[i] = l >> rb; + + r->neg = a->neg; + r->top = top; + r->flags |= BN_FLG_FIXED_TOP; + + return 1; +} diff --git a/crypto/openssl/crypto/chacha/asm/chacha-armv8.pl b/crypto/openssl/crypto/chacha/asm/chacha-armv8.pl index 4a838bc2b32e..e90be6d0e5bd 100755 --- a/crypto/openssl/crypto/chacha/asm/chacha-armv8.pl +++ b/crypto/openssl/crypto/chacha/asm/chacha-armv8.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -157,6 +157,7 @@ ChaCha20_ctr32: b.ne ChaCha20_neon .Lshort: + .inst 0xd503233f // paciasp stp x29,x30,[sp,#-96]! add x29,sp,#0 @@ -276,6 +277,7 @@ $code.=<<___; ldp x25,x26,[x29,#64] ldp x27,x28,[x29,#80] ldp x29,x30,[sp],#96 + .inst 0xd50323bf // autiasp .Labort: ret @@ -332,6 +334,7 @@ $code.=<<___; ldp x25,x26,[x29,#64] ldp x27,x28,[x29,#80] ldp x29,x30,[sp],#96 + .inst 0xd50323bf // autiasp ret .size ChaCha20_ctr32,.-ChaCha20_ctr32 ___ @@ -377,6 +380,7 @@ $code.=<<___; .type ChaCha20_neon,%function .align 5 ChaCha20_neon: + .inst 0xd503233f // paciasp stp x29,x30,[sp,#-96]! add x29,sp,#0 @@ -575,6 +579,7 @@ $code.=<<___; ldp x25,x26,[x29,#64] ldp x27,x28,[x29,#80] ldp x29,x30,[sp],#96 + .inst 0xd50323bf // autiasp ret .Ltail_neon: @@ -684,6 +689,7 @@ $code.=<<___; ldp x25,x26,[x29,#64] ldp x27,x28,[x29,#80] ldp x29,x30,[sp],#96 + .inst 0xd50323bf // autiasp ret .size ChaCha20_neon,.-ChaCha20_neon ___ @@ -696,6 +702,7 @@ $code.=<<___; .type ChaCha20_512_neon,%function .align 5 ChaCha20_512_neon: + .inst 0xd503233f // paciasp stp x29,x30,[sp,#-96]! add x29,sp,#0 @@ -1114,6 +1121,7 @@ $code.=<<___; ldp x25,x26,[x29,#64] ldp x27,x28,[x29,#80] ldp x29,x30,[sp],#96 + .inst 0xd50323bf // autiasp ret .size ChaCha20_512_neon,.-ChaCha20_512_neon ___ diff --git a/crypto/openssl/crypto/cms/cms_kari.c b/crypto/openssl/crypto/cms/cms_kari.c index 3bc46febf640..5e83814d0fcf 100644 --- a/crypto/openssl/crypto/cms/cms_kari.c +++ b/crypto/openssl/crypto/cms/cms_kari.c @@ -1,5 +1,5 @@ /* - * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2013-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -282,7 +282,7 @@ static int cms_kari_create_ephemeral_key(CMS_KeyAgreeRecipientInfo *kari, return rv; } -/* Initialise a ktri based on passed certificate and key */ +/* Initialise a kari based on passed certificate and key */ int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip, EVP_PKEY *pk, unsigned int flags) @@ -299,6 +299,9 @@ int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip, kari->version = 3; rek = M_ASN1_new_of(CMS_RecipientEncryptedKey); + if (rek == NULL) + return 0; + if (!sk_CMS_RecipientEncryptedKey_push(kari->recipientEncryptedKeys, rek)) { M_ASN1_free_of(rek, CMS_RecipientEncryptedKey); return 0; diff --git a/crypto/openssl/crypto/cms/cms_pwri.c b/crypto/openssl/crypto/cms/cms_pwri.c index eac9c2fc862e..26e3bdcf9e41 100644 --- a/crypto/openssl/crypto/cms/cms_pwri.c +++ b/crypto/openssl/crypto/cms/cms_pwri.c @@ -373,6 +373,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, goto err; } + OPENSSL_clear_free(ec->key, ec->keylen); ec->key = key; ec->keylen = keylen; diff --git a/crypto/openssl/crypto/conf/conf_def.c b/crypto/openssl/crypto/conf/conf_def.c index 7f0d70ea695e..8e3f42a0caca 100644 --- a/crypto/openssl/crypto/conf/conf_def.c +++ b/crypto/openssl/crypto/conf/conf_def.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -348,10 +348,15 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) psection = section; } p = eat_ws(conf, end); - if (strncmp(pname, ".include", 8) == 0 && p != pname + 8) { + if (strncmp(pname, ".include", 8) == 0 + && (p != pname + 8 || *p == '=')) { char *include = NULL; BIO *next; + if (*p == '=') { + p++; + p = eat_ws(conf, p); + } trim_ws(conf, p); if (!str_copy(conf, psection, &include, p)) goto err; diff --git a/crypto/openssl/crypto/conf/conf_def.h b/crypto/openssl/crypto/conf/conf_def.h index 73e88baa8ba1..2016d31b8929 100644 --- a/crypto/openssl/crypto/conf/conf_def.h +++ b/crypto/openssl/crypto/conf/conf_def.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/conf/keysets.pl * - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at diff --git a/crypto/openssl/crypto/conf/conf_lib.c b/crypto/openssl/crypto/conf/conf_lib.c index 07110d8502a4..2d40ac97ec27 100644 --- a/crypto/openssl/crypto/conf/conf_lib.c +++ b/crypto/openssl/crypto/conf/conf_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -358,11 +358,36 @@ OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void) if (ret != NULL) memset(ret, 0, sizeof(*ret)); + ret->flags = DEFAULT_CONF_MFLAGS; + return ret; } #ifndef OPENSSL_NO_STDIO +int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings, + const char *filename) +{ + char *newfilename = NULL; + + if (filename != NULL) { + newfilename = strdup(filename); + if (newfilename == NULL) + return 0; + } + + free(settings->filename); + settings->filename = newfilename; + + return 1; +} + +void OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *settings, + unsigned long flags) +{ + settings->flags = flags; +} + int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings, const char *appname) { @@ -383,6 +408,7 @@ int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings, void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings) { + free(settings->filename); free(settings->appname); free(settings); } diff --git a/crypto/openssl/crypto/conf/conf_mod.c b/crypto/openssl/crypto/conf/conf_mod.c index 51f262e774dd..e703d97f5451 100644 --- a/crypto/openssl/crypto/conf/conf_mod.c +++ b/crypto/openssl/crypto/conf/conf_mod.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -142,6 +142,9 @@ int CONF_modules_load_file(const char *filename, const char *appname, OPENSSL_free(file); NCONF_free(conf); + if (flags & CONF_MFLAGS_IGNORE_RETURN_CODES) + return 1; + return ret; } diff --git a/crypto/openssl/crypto/conf/conf_sap.c b/crypto/openssl/crypto/conf/conf_sap.c index 3d2e065e5b07..2ce42f0c6740 100644 --- a/crypto/openssl/crypto/conf/conf_sap.c +++ b/crypto/openssl/crypto/conf/conf_sap.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -39,10 +39,24 @@ void OPENSSL_config(const char *appname) } #endif -void openssl_config_int(const char *appname) +int openssl_config_int(const OPENSSL_INIT_SETTINGS *settings) { + int ret; + const char *filename; + const char *appname; + unsigned long flags; + if (openssl_configured) - return; + return 1; + + filename = settings ? settings->filename : NULL; + appname = settings ? settings->appname : NULL; + flags = settings ? settings->flags : DEFAULT_CONF_MFLAGS; + +#ifdef OPENSSL_INIT_DEBUG + fprintf(stderr, "OPENSSL_INIT: openssl_config_int(%s, %s, %lu)\n", + filename, appname, flags); +#endif OPENSSL_load_builtin_modules(); #ifndef OPENSSL_NO_ENGINE @@ -51,11 +65,10 @@ void openssl_config_int(const char *appname) #endif ERR_clear_error(); #ifndef OPENSSL_SYS_UEFI - CONF_modules_load_file(NULL, appname, - CONF_MFLAGS_DEFAULT_SECTION | - CONF_MFLAGS_IGNORE_MISSING_FILE); + ret = CONF_modules_load_file(filename, appname, flags); #endif openssl_configured = 1; + return ret; } void openssl_no_config_int(void) diff --git a/crypto/openssl/crypto/conf/conf_ssl.c b/crypto/openssl/crypto/conf/conf_ssl.c index 024bdb4808e3..387f2cf46c31 100644 --- a/crypto/openssl/crypto/conf/conf_ssl.c +++ b/crypto/openssl/crypto/conf/conf_ssl.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -78,6 +78,8 @@ static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf) cnt = sk_CONF_VALUE_num(cmd_lists); ssl_module_free(md); ssl_names = OPENSSL_zalloc(sizeof(*ssl_names) * cnt); + if (ssl_names == NULL) + goto err; ssl_names_count = cnt; for (i = 0; i < ssl_names_count; i++) { struct ssl_conf_name_st *ssl_name = ssl_names + i; diff --git a/crypto/openssl/crypto/conf/keysets.pl b/crypto/openssl/crypto/conf/keysets.pl index cfa230ec3a1a..27a7214cc519 100644 --- a/crypto/openssl/crypto/conf/keysets.pl +++ b/crypto/openssl/crypto/conf/keysets.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/crypto/cryptlib.c b/crypto/openssl/crypto/cryptlib.c index 1cd77c96d2f7..7b761a3adced 100644 --- a/crypto/openssl/crypto/cryptlib.c +++ b/crypto/openssl/crypto/cryptlib.c @@ -1,5 +1,5 @@ /* - * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -352,9 +352,9 @@ void OPENSSL_showfatal(const char *fmta, ...) /* * TODO: (For non GUI and no std error cases) - * Add event logging feature here. + * Add event logging feature here. */ - + # if !defined(NDEBUG) /* * We are in a situation where we tried to report a critical @@ -393,7 +393,7 @@ void OPENSSL_showfatal(const char *fmta, ...) # endif # else MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONERROR); -# endif +# endif } #else void OPENSSL_showfatal(const char *fmta, ...) @@ -460,4 +460,14 @@ uint32_t OPENSSL_rdtsc(void) { return 0; } + +size_t OPENSSL_instrument_bus(unsigned int *out, size_t cnt) +{ + return 0; +} + +size_t OPENSSL_instrument_bus2(unsigned int *out, size_t cnt, size_t max) +{ + return 0; +} #endif diff --git a/crypto/openssl/crypto/des/asm/des_enc.m4 b/crypto/openssl/crypto/des/asm/des_enc.m4 index 4a0d15620c00..4ada97b175d9 100644 --- a/crypto/openssl/crypto/des/asm/des_enc.m4 +++ b/crypto/openssl/crypto/des/asm/des_enc.m4 @@ -1,4 +1,4 @@ -! Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +! Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. ! ! Licensed under the OpenSSL license (the "License"). You may not use ! this file except in compliance with the License. You can obtain a copy @@ -313,7 +313,7 @@ $4: sll out1, 28, out1 ! rotate xor $1, local1, $1 ! 1 finished, local1 now sbox 7 - ld [global2+local2], local2 ! 2 + ld [global2+local2], local2 ! 2 srl out0, 24, local1 ! 7 or out1, local0, out1 ! rotate @@ -1392,7 +1392,7 @@ DES_ncbc_encrypt: add %o7,global1,global1 sub global1,.PIC.DES_SPtrans-.des_and,out2 - cmp in5, 0 ! enc + cmp in5, 0 ! enc be .ncbc.dec STPTR in4, IVEC diff --git a/crypto/openssl/crypto/dso/dso_dlfcn.c b/crypto/openssl/crypto/dso/dso_dlfcn.c index ad8899c289a3..4240f5f5e30c 100644 --- a/crypto/openssl/crypto/dso/dso_dlfcn.c +++ b/crypto/openssl/crypto/dso/dso_dlfcn.c @@ -17,6 +17,7 @@ #endif #include "dso_locl.h" +#include "e_os.h" #ifdef DSO_DLFCN @@ -99,6 +100,7 @@ static int dlfcn_load(DSO *dso) /* See applicable comments in dso_dl.c */ char *filename = DSO_convert_filename(dso, NULL); int flags = DLOPEN_FLAG; + int saveerrno = get_last_sys_error(); if (filename == NULL) { DSOerr(DSO_F_DLFCN_LOAD, DSO_R_NO_FILENAME); @@ -118,6 +120,11 @@ static int dlfcn_load(DSO *dso) ERR_add_error_data(4, "filename(", filename, "): ", dlerror()); goto err; } + /* + * Some dlopen() implementations (e.g. solaris) do no preserve errno, even + * on a successful call. + */ + set_sys_error(saveerrno); if (!sk_void_push(dso->meth_data, (char *)ptr)) { DSOerr(DSO_F_DLFCN_LOAD, DSO_R_STACK_ERROR); goto err; diff --git a/crypto/openssl/crypto/ec/asm/ecp_nistz256-armv8.pl b/crypto/openssl/crypto/ec/asm/ecp_nistz256-armv8.pl index 1361cb395ffb..887ddfb1ea9b 100755 --- a/crypto/openssl/crypto/ec/asm/ecp_nistz256-armv8.pl +++ b/crypto/openssl/crypto/ec/asm/ecp_nistz256-armv8.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -119,6 +119,7 @@ $code.=<<___; .type ecp_nistz256_to_mont,%function .align 6 ecp_nistz256_to_mont: + .inst 0xd503233f // paciasp stp x29,x30,[sp,#-32]! add x29,sp,#0 stp x19,x20,[sp,#16] @@ -134,6 +135,7 @@ ecp_nistz256_to_mont: ldp x19,x20,[sp,#16] ldp x29,x30,[sp],#32 + .inst 0xd50323bf // autiasp ret .size ecp_nistz256_to_mont,.-ecp_nistz256_to_mont @@ -142,6 +144,7 @@ ecp_nistz256_to_mont: .type ecp_nistz256_from_mont,%function .align 4 ecp_nistz256_from_mont: + .inst 0xd503233f // paciasp stp x29,x30,[sp,#-32]! add x29,sp,#0 stp x19,x20,[sp,#16] @@ -157,6 +160,7 @@ ecp_nistz256_from_mont: ldp x19,x20,[sp,#16] ldp x29,x30,[sp],#32 + .inst 0xd50323bf // autiasp ret .size ecp_nistz256_from_mont,.-ecp_nistz256_from_mont @@ -166,6 +170,7 @@ ecp_nistz256_from_mont: .type ecp_nistz256_mul_mont,%function .align 4 ecp_nistz256_mul_mont: + .inst 0xd503233f // paciasp stp x29,x30,[sp,#-32]! add x29,sp,#0 stp x19,x20,[sp,#16] @@ -180,6 +185,7 @@ ecp_nistz256_mul_mont: ldp x19,x20,[sp,#16] ldp x29,x30,[sp],#32 + .inst 0xd50323bf // autiasp ret .size ecp_nistz256_mul_mont,.-ecp_nistz256_mul_mont @@ -188,6 +194,7 @@ ecp_nistz256_mul_mont: .type ecp_nistz256_sqr_mont,%function .align 4 ecp_nistz256_sqr_mont: + .inst 0xd503233f // paciasp stp x29,x30,[sp,#-32]! add x29,sp,#0 stp x19,x20,[sp,#16] @@ -201,6 +208,7 @@ ecp_nistz256_sqr_mont: ldp x19,x20,[sp,#16] ldp x29,x30,[sp],#32 + .inst 0xd50323bf // autiasp ret .size ecp_nistz256_sqr_mont,.-ecp_nistz256_sqr_mont @@ -210,6 +218,7 @@ ecp_nistz256_sqr_mont: .type ecp_nistz256_add,%function .align 4 ecp_nistz256_add: + .inst 0xd503233f // paciasp stp x29,x30,[sp,#-16]! add x29,sp,#0 @@ -223,6 +232,7 @@ ecp_nistz256_add: bl __ecp_nistz256_add ldp x29,x30,[sp],#16 + .inst 0xd50323bf // autiasp ret .size ecp_nistz256_add,.-ecp_nistz256_add @@ -231,6 +241,7 @@ ecp_nistz256_add: .type ecp_nistz256_div_by_2,%function .align 4 ecp_nistz256_div_by_2: + .inst 0xd503233f // paciasp stp x29,x30,[sp,#-16]! add x29,sp,#0 @@ -242,6 +253,7 @@ ecp_nistz256_div_by_2: bl __ecp_nistz256_div_by_2 ldp x29,x30,[sp],#16 + .inst 0xd50323bf // autiasp ret .size ecp_nistz256_div_by_2,.-ecp_nistz256_div_by_2 @@ -250,6 +262,7 @@ ecp_nistz256_div_by_2: .type ecp_nistz256_mul_by_2,%function .align 4 ecp_nistz256_mul_by_2: + .inst 0xd503233f // paciasp stp x29,x30,[sp,#-16]! add x29,sp,#0 @@ -265,6 +278,7 @@ ecp_nistz256_mul_by_2: bl __ecp_nistz256_add // ret = a+a // 2*a ldp x29,x30,[sp],#16 + .inst 0xd50323bf // autiasp ret .size ecp_nistz256_mul_by_2,.-ecp_nistz256_mul_by_2 @@ -273,6 +287,7 @@ ecp_nistz256_mul_by_2: .type ecp_nistz256_mul_by_3,%function .align 4 ecp_nistz256_mul_by_3: + .inst 0xd503233f // paciasp stp x29,x30,[sp,#-16]! add x29,sp,#0 @@ -299,6 +314,7 @@ ecp_nistz256_mul_by_3: bl __ecp_nistz256_add // ret += a // 2*a+a=3*a ldp x29,x30,[sp],#16 + .inst 0xd50323bf // autiasp ret .size ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3 @@ -308,6 +324,7 @@ ecp_nistz256_mul_by_3: .type ecp_nistz256_sub,%function .align 4 ecp_nistz256_sub: + .inst 0xd503233f // paciasp stp x29,x30,[sp,#-16]! add x29,sp,#0 @@ -319,6 +336,7 @@ ecp_nistz256_sub: bl __ecp_nistz256_sub_from ldp x29,x30,[sp],#16 + .inst 0xd50323bf // autiasp ret .size ecp_nistz256_sub,.-ecp_nistz256_sub @@ -327,6 +345,7 @@ ecp_nistz256_sub: .type ecp_nistz256_neg,%function .align 4 ecp_nistz256_neg: + .inst 0xd503233f // paciasp stp x29,x30,[sp,#-16]! add x29,sp,#0 @@ -341,6 +360,7 @@ ecp_nistz256_neg: bl __ecp_nistz256_sub_from ldp x29,x30,[sp],#16 + .inst 0xd50323bf // autiasp ret .size ecp_nistz256_neg,.-ecp_nistz256_neg @@ -701,6 +721,7 @@ $code.=<<___; .type ecp_nistz256_point_double,%function .align 5 ecp_nistz256_point_double: + .inst 0xd503233f // paciasp stp x29,x30,[sp,#-80]! add x29,sp,#0 stp x19,x20,[sp,#16] @@ -835,6 +856,7 @@ ecp_nistz256_point_double: ldp x19,x20,[x29,#16] ldp x21,x22,[x29,#32] ldp x29,x30,[sp],#80 + .inst 0xd50323bf // autiasp ret .size ecp_nistz256_point_double,.-ecp_nistz256_point_double ___ @@ -857,6 +879,7 @@ $code.=<<___; .type ecp_nistz256_point_add,%function .align 5 ecp_nistz256_point_add: + .inst 0xd503233f // paciasp stp x29,x30,[sp,#-80]! add x29,sp,#0 stp x19,x20,[sp,#16] @@ -1094,12 +1117,13 @@ $code.=<<___; stp $acc2,$acc3,[$rp_real,#$i+16] .Ladd_done: - add sp,x29,#0 // destroy frame + add sp,x29,#0 // destroy frame ldp x19,x20,[x29,#16] ldp x21,x22,[x29,#32] ldp x23,x24,[x29,#48] ldp x25,x26,[x29,#64] ldp x29,x30,[sp],#80 + .inst 0xd50323bf // autiasp ret .size ecp_nistz256_point_add,.-ecp_nistz256_point_add ___ @@ -1121,6 +1145,7 @@ $code.=<<___; .type ecp_nistz256_point_add_affine,%function .align 5 ecp_nistz256_point_add_affine: + .inst 0xd503233f // paciasp stp x29,x30,[sp,#-80]! add x29,sp,#0 stp x19,x20,[sp,#16] @@ -1309,6 +1334,7 @@ $code.=<<___; ldp x23,x24,[x29,#48] ldp x25,x26,[x29,#64] ldp x29,x30,[sp],#80 + .inst 0xd50323bf // autiasp ret .size ecp_nistz256_point_add_affine,.-ecp_nistz256_point_add_affine ___ diff --git a/crypto/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl b/crypto/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl index eba6ffd430be..87149e7f680d 100755 --- a/crypto/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl +++ b/crypto/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved. # Copyright (c) 2014, Intel Corporation. All Rights Reserved. # Copyright (c) 2015 CloudFlare, Inc. # @@ -1674,6 +1674,7 @@ $code.=<<___; .type __ecp_nistz256_mul_montq,\@abi-omnipotent .align 32 __ecp_nistz256_mul_montq: +.cfi_startproc ######################################################################## # Multiply a by b[0] mov %rax, $t1 @@ -1885,6 +1886,7 @@ __ecp_nistz256_mul_montq: mov $acc1, 8*3($r_ptr) ret +.cfi_endproc .size __ecp_nistz256_mul_montq,.-__ecp_nistz256_mul_montq ################################################################################ @@ -1968,6 +1970,7 @@ $code.=<<___; .type __ecp_nistz256_sqr_montq,\@abi-omnipotent .align 32 __ecp_nistz256_sqr_montq: +.cfi_startproc mov %rax, $acc5 mulq $acc6 # a[1]*a[0] mov %rax, $acc1 @@ -2125,6 +2128,7 @@ __ecp_nistz256_sqr_montq: mov $acc7, 8*3($r_ptr) ret +.cfi_endproc .size __ecp_nistz256_sqr_montq,.-__ecp_nistz256_sqr_montq ___ @@ -2133,6 +2137,7 @@ $code.=<<___; .type __ecp_nistz256_mul_montx,\@abi-omnipotent .align 32 __ecp_nistz256_mul_montx: +.cfi_startproc ######################################################################## # Multiply by b[0] mulx $acc1, $acc0, $acc1 @@ -2295,11 +2300,13 @@ __ecp_nistz256_mul_montx: mov $acc1, 8*3($r_ptr) ret +.cfi_endproc .size __ecp_nistz256_mul_montx,.-__ecp_nistz256_mul_montx .type __ecp_nistz256_sqr_montx,\@abi-omnipotent .align 32 __ecp_nistz256_sqr_montx: +.cfi_startproc mulx $acc6, $acc1, $acc2 # a[0]*a[1] mulx $acc7, $t0, $acc3 # a[0]*a[2] xor %eax, %eax @@ -2423,6 +2430,7 @@ __ecp_nistz256_sqr_montx: mov $acc7, 8*3($r_ptr) ret +.cfi_endproc .size __ecp_nistz256_sqr_montx,.-__ecp_nistz256_sqr_montx ___ } @@ -2578,6 +2586,7 @@ ecp_nistz256_scatter_w5: .type ecp_nistz256_gather_w5,\@abi-omnipotent .align 32 ecp_nistz256_gather_w5: +.cfi_startproc ___ $code.=<<___ if ($avx>1); mov OPENSSL_ia32cap_P+8(%rip), %eax @@ -2666,6 +2675,7 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .LSEH_end_ecp_nistz256_gather_w5: .size ecp_nistz256_gather_w5,.-ecp_nistz256_gather_w5 @@ -2694,6 +2704,7 @@ ecp_nistz256_scatter_w7: .type ecp_nistz256_gather_w7,\@abi-omnipotent .align 32 ecp_nistz256_gather_w7: +.cfi_startproc ___ $code.=<<___ if ($avx>1); mov OPENSSL_ia32cap_P+8(%rip), %eax @@ -2771,6 +2782,7 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .LSEH_end_ecp_nistz256_gather_w7: .size ecp_nistz256_gather_w7,.-ecp_nistz256_gather_w7 ___ @@ -2787,6 +2799,7 @@ $code.=<<___; .type ecp_nistz256_avx2_gather_w5,\@abi-omnipotent .align 32 ecp_nistz256_avx2_gather_w5: +.cfi_startproc .Lavx2_gather_w5: vzeroupper ___ @@ -2874,6 +2887,7 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .LSEH_end_ecp_nistz256_avx2_gather_w5: .size ecp_nistz256_avx2_gather_w5,.-ecp_nistz256_avx2_gather_w5 ___ @@ -2893,6 +2907,7 @@ $code.=<<___; .type ecp_nistz256_avx2_gather_w7,\@abi-omnipotent .align 32 ecp_nistz256_avx2_gather_w7: +.cfi_startproc .Lavx2_gather_w7: vzeroupper ___ @@ -2995,6 +3010,7 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .LSEH_end_ecp_nistz256_avx2_gather_w7: .size ecp_nistz256_avx2_gather_w7,.-ecp_nistz256_avx2_gather_w7 ___ @@ -3064,6 +3080,7 @@ $code.=<<___; .type __ecp_nistz256_add_toq,\@abi-omnipotent .align 32 __ecp_nistz256_add_toq: +.cfi_startproc xor $t4,$t4 add 8*0($b_ptr), $a0 adc 8*1($b_ptr), $a1 @@ -3091,11 +3108,13 @@ __ecp_nistz256_add_toq: mov $a3, 8*3($r_ptr) ret +.cfi_endproc .size __ecp_nistz256_add_toq,.-__ecp_nistz256_add_toq .type __ecp_nistz256_sub_fromq,\@abi-omnipotent .align 32 __ecp_nistz256_sub_fromq: +.cfi_startproc sub 8*0($b_ptr), $a0 sbb 8*1($b_ptr), $a1 mov $a0, $t0 @@ -3122,11 +3141,13 @@ __ecp_nistz256_sub_fromq: mov $a3, 8*3($r_ptr) ret +.cfi_endproc .size __ecp_nistz256_sub_fromq,.-__ecp_nistz256_sub_fromq .type __ecp_nistz256_subq,\@abi-omnipotent .align 32 __ecp_nistz256_subq: +.cfi_startproc sub $a0, $t0 sbb $a1, $t1 mov $t0, $a0 @@ -3149,11 +3170,13 @@ __ecp_nistz256_subq: cmovnz $t3, $a3 ret +.cfi_endproc .size __ecp_nistz256_subq,.-__ecp_nistz256_subq .type __ecp_nistz256_mul_by_2q,\@abi-omnipotent .align 32 __ecp_nistz256_mul_by_2q: +.cfi_startproc xor $t4, $t4 add $a0, $a0 # a0:a3+a0:a3 adc $a1, $a1 @@ -3181,6 +3204,7 @@ __ecp_nistz256_mul_by_2q: mov $a3, 8*3($r_ptr) ret +.cfi_endproc .size __ecp_nistz256_mul_by_2q,.-__ecp_nistz256_mul_by_2q ___ } @@ -3620,7 +3644,9 @@ $code.=<<___; movq %xmm1, $a_ptr # restore $a_ptr movq %xmm0, $r_ptr # restore $r_ptr add \$`32*(18-5)`, %rsp # difference in frame sizes +.cfi_adjust_cfa_offset `-32*(18-5)` jmp .Lpoint_double_shortcut$x +.cfi_adjust_cfa_offset `32*(18-5)` .align 32 .Ladd_proceed$x: @@ -4156,6 +4182,7 @@ $code.=<<___; .type __ecp_nistz256_add_tox,\@abi-omnipotent .align 32 __ecp_nistz256_add_tox: +.cfi_startproc xor $t4, $t4 adc 8*0($b_ptr), $a0 adc 8*1($b_ptr), $a1 @@ -4184,11 +4211,13 @@ __ecp_nistz256_add_tox: mov $a3, 8*3($r_ptr) ret +.cfi_endproc .size __ecp_nistz256_add_tox,.-__ecp_nistz256_add_tox .type __ecp_nistz256_sub_fromx,\@abi-omnipotent .align 32 __ecp_nistz256_sub_fromx: +.cfi_startproc xor $t4, $t4 sbb 8*0($b_ptr), $a0 sbb 8*1($b_ptr), $a1 @@ -4217,11 +4246,13 @@ __ecp_nistz256_sub_fromx: mov $a3, 8*3($r_ptr) ret +.cfi_endproc .size __ecp_nistz256_sub_fromx,.-__ecp_nistz256_sub_fromx .type __ecp_nistz256_subx,\@abi-omnipotent .align 32 __ecp_nistz256_subx: +.cfi_startproc xor $t4, $t4 sbb $a0, $t0 sbb $a1, $t1 @@ -4246,11 +4277,13 @@ __ecp_nistz256_subx: cmovc $t3, $a3 ret +.cfi_endproc .size __ecp_nistz256_subx,.-__ecp_nistz256_subx .type __ecp_nistz256_mul_by_2x,\@abi-omnipotent .align 32 __ecp_nistz256_mul_by_2x: +.cfi_startproc xor $t4, $t4 adc $a0, $a0 # a0:a3+a0:a3 adc $a1, $a1 @@ -4279,6 +4312,7 @@ __ecp_nistz256_mul_by_2x: mov $a3, 8*3($r_ptr) ret +.cfi_endproc .size __ecp_nistz256_mul_by_2x,.-__ecp_nistz256_mul_by_2x ___ } diff --git a/crypto/openssl/crypto/ec/curve25519.c b/crypto/openssl/crypto/ec/curve25519.c index abe9b9cbf6dd..aa999cc5914e 100644 --- a/crypto/openssl/crypto/ec/curve25519.c +++ b/crypto/openssl/crypto/ec/curve25519.c @@ -744,91 +744,99 @@ static void x25519_scalar_mult(uint8_t out[32], const uint8_t scalar[32], /* * Reference base 2^25.5 implementation. - */ -/* + * * This code is mostly taken from the ref10 version of Ed25519 in SUPERCOP * 20141124 (http://bench.cr.yp.to/supercop.html). * * The field functions are shared by Ed25519 and X25519 where possible. */ -/* fe means field element. Here the field is \Z/(2^255-19). An element t, +/* + * fe means field element. Here the field is \Z/(2^255-19). An element t, * entries t[0]...t[9], represents the integer t[0]+2^26 t[1]+2^51 t[2]+2^77 * t[3]+2^102 t[4]+...+2^230 t[9]. Bounds on each t[i] vary depending on - * context. */ + * context. + */ typedef int32_t fe[10]; +static const int64_t kBottom21Bits = 0x1fffffLL; static const int64_t kBottom25Bits = 0x1ffffffLL; static const int64_t kBottom26Bits = 0x3ffffffLL; static const int64_t kTop39Bits = 0xfffffffffe000000LL; static const int64_t kTop38Bits = 0xfffffffffc000000LL; -static uint64_t load_3(const uint8_t *in) { - uint64_t result; - result = (uint64_t)in[0]; - result |= ((uint64_t)in[1]) << 8; - result |= ((uint64_t)in[2]) << 16; - return result; +static uint64_t load_3(const uint8_t *in) +{ + uint64_t result; + + result = ((uint64_t)in[0]); + result |= ((uint64_t)in[1]) << 8; + result |= ((uint64_t)in[2]) << 16; + return result; } -static uint64_t load_4(const uint8_t *in) { - uint64_t result; - result = (uint64_t)in[0]; - result |= ((uint64_t)in[1]) << 8; - result |= ((uint64_t)in[2]) << 16; - result |= ((uint64_t)in[3]) << 24; - return result; +static uint64_t load_4(const uint8_t *in) +{ + uint64_t result; + + result = ((uint64_t)in[0]); + result |= ((uint64_t)in[1]) << 8; + result |= ((uint64_t)in[2]) << 16; + result |= ((uint64_t)in[3]) << 24; + return result; } -static void fe_frombytes(fe h, const uint8_t *s) { - /* Ignores top bit of h. */ - int64_t h0 = load_4(s); - int64_t h1 = load_3(s + 4) << 6; - int64_t h2 = load_3(s + 7) << 5; - int64_t h3 = load_3(s + 10) << 3; - int64_t h4 = load_3(s + 13) << 2; - int64_t h5 = load_4(s + 16); - int64_t h6 = load_3(s + 20) << 7; - int64_t h7 = load_3(s + 23) << 5; - int64_t h8 = load_3(s + 26) << 4; - int64_t h9 = (load_3(s + 29) & 8388607) << 2; - int64_t carry0; - int64_t carry1; - int64_t carry2; - int64_t carry3; - int64_t carry4; - int64_t carry5; - int64_t carry6; - int64_t carry7; - int64_t carry8; - int64_t carry9; - - carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits; - carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits; - carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits; - carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits; - carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits; - - carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; - carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits; - carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; - carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits; - carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits; - - h[0] = (int32_t)h0; - h[1] = (int32_t)h1; - h[2] = (int32_t)h2; - h[3] = (int32_t)h3; - h[4] = (int32_t)h4; - h[5] = (int32_t)h5; - h[6] = (int32_t)h6; - h[7] = (int32_t)h7; - h[8] = (int32_t)h8; - h[9] = (int32_t)h9; +static void fe_frombytes(fe h, const uint8_t *s) +{ + /* Ignores top bit of h. */ + int64_t h0 = load_4(s); + int64_t h1 = load_3(s + 4) << 6; + int64_t h2 = load_3(s + 7) << 5; + int64_t h3 = load_3(s + 10) << 3; + int64_t h4 = load_3(s + 13) << 2; + int64_t h5 = load_4(s + 16); + int64_t h6 = load_3(s + 20) << 7; + int64_t h7 = load_3(s + 23) << 5; + int64_t h8 = load_3(s + 26) << 4; + int64_t h9 = (load_3(s + 29) & 0x7fffff) << 2; + int64_t carry0; + int64_t carry1; + int64_t carry2; + int64_t carry3; + int64_t carry4; + int64_t carry5; + int64_t carry6; + int64_t carry7; + int64_t carry8; + int64_t carry9; + + carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits; + carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits; + carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits; + carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits; + carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits; + + carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; + carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits; + carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; + carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits; + carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits; + + h[0] = (int32_t)h0; + h[1] = (int32_t)h1; + h[2] = (int32_t)h2; + h[3] = (int32_t)h3; + h[4] = (int32_t)h4; + h[5] = (int32_t)h5; + h[6] = (int32_t)h6; + h[7] = (int32_t)h7; + h[8] = (int32_t)h8; + h[9] = (int32_t)h9; } -/* Preconditions: - * |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. +/* + * Preconditions: + * |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. * * Write p=2^255-19; q=floor(h/p). * Basic claim: q = floor(2^(-255)(h + 19 2^(-25)h9 + 2^(-1))). @@ -848,102 +856,112 @@ static void fe_frombytes(fe h, const uint8_t *s) { * Then 0<x<2^255 so floor(2^(-255)x) = 0 so floor(q+2^(-255)x) = q. * * Have q+2^(-255)x = 2^(-255)(h + 19 2^(-25) h9 + 2^(-1)) - * so floor(2^(-255)(h + 19 2^(-25) h9 + 2^(-1))) = q. */ -static void fe_tobytes(uint8_t *s, const fe h) { - int32_t h0 = h[0]; - int32_t h1 = h[1]; - int32_t h2 = h[2]; - int32_t h3 = h[3]; - int32_t h4 = h[4]; - int32_t h5 = h[5]; - int32_t h6 = h[6]; - int32_t h7 = h[7]; - int32_t h8 = h[8]; - int32_t h9 = h[9]; - int32_t q; - - q = (19 * h9 + (((int32_t) 1) << 24)) >> 25; - q = (h0 + q) >> 26; - q = (h1 + q) >> 25; - q = (h2 + q) >> 26; - q = (h3 + q) >> 25; - q = (h4 + q) >> 26; - q = (h5 + q) >> 25; - q = (h6 + q) >> 26; - q = (h7 + q) >> 25; - q = (h8 + q) >> 26; - q = (h9 + q) >> 25; - - /* Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20. */ - h0 += 19 * q; - /* Goal: Output h-2^255 q, which is between 0 and 2^255-20. */ - - h1 += h0 >> 26; h0 &= kBottom26Bits; - h2 += h1 >> 25; h1 &= kBottom25Bits; - h3 += h2 >> 26; h2 &= kBottom26Bits; - h4 += h3 >> 25; h3 &= kBottom25Bits; - h5 += h4 >> 26; h4 &= kBottom26Bits; - h6 += h5 >> 25; h5 &= kBottom25Bits; - h7 += h6 >> 26; h6 &= kBottom26Bits; - h8 += h7 >> 25; h7 &= kBottom25Bits; - h9 += h8 >> 26; h8 &= kBottom26Bits; - h9 &= kBottom25Bits; - /* h10 = carry9 */ - - /* Goal: Output h0+...+2^255 h10-2^255 q, which is between 0 and 2^255-20. - * Have h0+...+2^230 h9 between 0 and 2^255-1; - * evidently 2^255 h10-2^255 q = 0. - * Goal: Output h0+...+2^230 h9. */ - - s[0] = (uint8_t)(h0 >> 0); - s[1] = (uint8_t)(h0 >> 8); - s[2] = (uint8_t)(h0 >> 16); - s[3] = (uint8_t)((h0 >> 24) | ((uint32_t)(h1) << 2)); - s[4] = (uint8_t)(h1 >> 6); - s[5] = (uint8_t)(h1 >> 14); - s[6] = (uint8_t)((h1 >> 22) | ((uint32_t)(h2) << 3)); - s[7] = (uint8_t)(h2 >> 5); - s[8] = (uint8_t)(h2 >> 13); - s[9] = (uint8_t)((h2 >> 21) | ((uint32_t)(h3) << 5)); - s[10] = (uint8_t)(h3 >> 3); - s[11] = (uint8_t)(h3 >> 11); - s[12] = (uint8_t)((h3 >> 19) | ((uint32_t)(h4) << 6)); - s[13] = (uint8_t)(h4 >> 2); - s[14] = (uint8_t)(h4 >> 10); - s[15] = (uint8_t)(h4 >> 18); - s[16] = (uint8_t)(h5 >> 0); - s[17] = (uint8_t)(h5 >> 8); - s[18] = (uint8_t)(h5 >> 16); - s[19] = (uint8_t)((h5 >> 24) | ((uint32_t)(h6) << 1)); - s[20] = (uint8_t)(h6 >> 7); - s[21] = (uint8_t)(h6 >> 15); - s[22] = (uint8_t)((h6 >> 23) | ((uint32_t)(h7) << 3)); - s[23] = (uint8_t)(h7 >> 5); - s[24] = (uint8_t)(h7 >> 13); - s[25] = (uint8_t)((h7 >> 21) | ((uint32_t)(h8) << 4)); - s[26] = (uint8_t)(h8 >> 4); - s[27] = (uint8_t)(h8 >> 12); - s[28] = (uint8_t)((h8 >> 20) | ((uint32_t)(h9) << 6)); - s[29] = (uint8_t)(h9 >> 2); - s[30] = (uint8_t)(h9 >> 10); - s[31] = (uint8_t)(h9 >> 18); + * so floor(2^(-255)(h + 19 2^(-25) h9 + 2^(-1))) = q. + */ +static void fe_tobytes(uint8_t *s, const fe h) +{ + int32_t h0 = h[0]; + int32_t h1 = h[1]; + int32_t h2 = h[2]; + int32_t h3 = h[3]; + int32_t h4 = h[4]; + int32_t h5 = h[5]; + int32_t h6 = h[6]; + int32_t h7 = h[7]; + int32_t h8 = h[8]; + int32_t h9 = h[9]; + int32_t q; + + q = (19 * h9 + (((int32_t) 1) << 24)) >> 25; + q = (h0 + q) >> 26; + q = (h1 + q) >> 25; + q = (h2 + q) >> 26; + q = (h3 + q) >> 25; + q = (h4 + q) >> 26; + q = (h5 + q) >> 25; + q = (h6 + q) >> 26; + q = (h7 + q) >> 25; + q = (h8 + q) >> 26; + q = (h9 + q) >> 25; + + /* Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20. */ + h0 += 19 * q; + /* Goal: Output h-2^255 q, which is between 0 and 2^255-20. */ + + h1 += h0 >> 26; h0 &= kBottom26Bits; + h2 += h1 >> 25; h1 &= kBottom25Bits; + h3 += h2 >> 26; h2 &= kBottom26Bits; + h4 += h3 >> 25; h3 &= kBottom25Bits; + h5 += h4 >> 26; h4 &= kBottom26Bits; + h6 += h5 >> 25; h5 &= kBottom25Bits; + h7 += h6 >> 26; h6 &= kBottom26Bits; + h8 += h7 >> 25; h7 &= kBottom25Bits; + h9 += h8 >> 26; h8 &= kBottom26Bits; + h9 &= kBottom25Bits; + /* h10 = carry9 */ + + /* + * Goal: Output h0+...+2^255 h10-2^255 q, which is between 0 and 2^255-20. + * Have h0+...+2^230 h9 between 0 and 2^255-1; + * evidently 2^255 h10-2^255 q = 0. + * Goal: Output h0+...+2^230 h9. + */ + s[ 0] = (uint8_t) (h0 >> 0); + s[ 1] = (uint8_t) (h0 >> 8); + s[ 2] = (uint8_t) (h0 >> 16); + s[ 3] = (uint8_t)((h0 >> 24) | ((uint32_t)(h1) << 2)); + s[ 4] = (uint8_t) (h1 >> 6); + s[ 5] = (uint8_t) (h1 >> 14); + s[ 6] = (uint8_t)((h1 >> 22) | ((uint32_t)(h2) << 3)); + s[ 7] = (uint8_t) (h2 >> 5); + s[ 8] = (uint8_t) (h2 >> 13); + s[ 9] = (uint8_t)((h2 >> 21) | ((uint32_t)(h3) << 5)); + s[10] = (uint8_t) (h3 >> 3); + s[11] = (uint8_t) (h3 >> 11); + s[12] = (uint8_t)((h3 >> 19) | ((uint32_t)(h4) << 6)); + s[13] = (uint8_t) (h4 >> 2); + s[14] = (uint8_t) (h4 >> 10); + s[15] = (uint8_t) (h4 >> 18); + s[16] = (uint8_t) (h5 >> 0); + s[17] = (uint8_t) (h5 >> 8); + s[18] = (uint8_t) (h5 >> 16); + s[19] = (uint8_t)((h5 >> 24) | ((uint32_t)(h6) << 1)); + s[20] = (uint8_t) (h6 >> 7); + s[21] = (uint8_t) (h6 >> 15); + s[22] = (uint8_t)((h6 >> 23) | ((uint32_t)(h7) << 3)); + s[23] = (uint8_t) (h7 >> 5); + s[24] = (uint8_t) (h7 >> 13); + s[25] = (uint8_t)((h7 >> 21) | ((uint32_t)(h8) << 4)); + s[26] = (uint8_t) (h8 >> 4); + s[27] = (uint8_t) (h8 >> 12); + s[28] = (uint8_t)((h8 >> 20) | ((uint32_t)(h9) << 6)); + s[29] = (uint8_t) (h9 >> 2); + s[30] = (uint8_t) (h9 >> 10); + s[31] = (uint8_t) (h9 >> 18); } /* h = f */ -static void fe_copy(fe h, const fe f) { - memmove(h, f, sizeof(int32_t) * 10); +static void fe_copy(fe h, const fe f) +{ + memmove(h, f, sizeof(int32_t) * 10); } /* h = 0 */ -static void fe_0(fe h) { memset(h, 0, sizeof(int32_t) * 10); } +static void fe_0(fe h) +{ + memset(h, 0, sizeof(int32_t) * 10); +} /* h = 1 */ -static void fe_1(fe h) { - memset(h, 0, sizeof(int32_t) * 10); - h[0] = 1; +static void fe_1(fe h) +{ + memset(h, 0, sizeof(int32_t) * 10); + h[0] = 1; } -/* h = f + g +/* + * h = f + g + * * Can overlap h with f or g. * * Preconditions: @@ -951,15 +969,20 @@ static void fe_1(fe h) { * |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. * * Postconditions: - * |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. */ -static void fe_add(fe h, const fe f, const fe g) { - unsigned i; - for (i = 0; i < 10; i++) { - h[i] = f[i] + g[i]; - } + * |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. + */ +static void fe_add(fe h, const fe f, const fe g) +{ + unsigned i; + + for (i = 0; i < 10; i++) { + h[i] = f[i] + g[i]; + } } -/* h = f - g +/* + * h = f - g + * * Can overlap h with f or g. * * Preconditions: @@ -967,15 +990,20 @@ static void fe_add(fe h, const fe f, const fe g) { * |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. * * Postconditions: - * |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. */ -static void fe_sub(fe h, const fe f, const fe g) { - unsigned i; - for (i = 0; i < 10; i++) { - h[i] = f[i] - g[i]; - } + * |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. + */ +static void fe_sub(fe h, const fe f, const fe g) +{ + unsigned i; + + for (i = 0; i < 10; i++) { + h[i] = f[i] - g[i]; + } } -/* h = f * g +/* + * h = f * g + * * Can overlap h with f or g. * * Preconditions: @@ -1001,224 +1029,228 @@ static void fe_sub(fe h, const fe f, const fe g) { * 10 of them are 2-way parallelizable and vectorizable. * Can get away with 11 carries, but then data flow is much deeper. * - * With tighter constraints on inputs can squeeze carries into int32. */ -static void fe_mul(fe h, const fe f, const fe g) { - int32_t f0 = f[0]; - int32_t f1 = f[1]; - int32_t f2 = f[2]; - int32_t f3 = f[3]; - int32_t f4 = f[4]; - int32_t f5 = f[5]; - int32_t f6 = f[6]; - int32_t f7 = f[7]; - int32_t f8 = f[8]; - int32_t f9 = f[9]; - int32_t g0 = g[0]; - int32_t g1 = g[1]; - int32_t g2 = g[2]; - int32_t g3 = g[3]; - int32_t g4 = g[4]; - int32_t g5 = g[5]; - int32_t g6 = g[6]; - int32_t g7 = g[7]; - int32_t g8 = g[8]; - int32_t g9 = g[9]; - int32_t g1_19 = 19 * g1; /* 1.959375*2^29 */ - int32_t g2_19 = 19 * g2; /* 1.959375*2^30; still ok */ - int32_t g3_19 = 19 * g3; - int32_t g4_19 = 19 * g4; - int32_t g5_19 = 19 * g5; - int32_t g6_19 = 19 * g6; - int32_t g7_19 = 19 * g7; - int32_t g8_19 = 19 * g8; - int32_t g9_19 = 19 * g9; - int32_t f1_2 = 2 * f1; - int32_t f3_2 = 2 * f3; - int32_t f5_2 = 2 * f5; - int32_t f7_2 = 2 * f7; - int32_t f9_2 = 2 * f9; - int64_t f0g0 = f0 * (int64_t) g0; - int64_t f0g1 = f0 * (int64_t) g1; - int64_t f0g2 = f0 * (int64_t) g2; - int64_t f0g3 = f0 * (int64_t) g3; - int64_t f0g4 = f0 * (int64_t) g4; - int64_t f0g5 = f0 * (int64_t) g5; - int64_t f0g6 = f0 * (int64_t) g6; - int64_t f0g7 = f0 * (int64_t) g7; - int64_t f0g8 = f0 * (int64_t) g8; - int64_t f0g9 = f0 * (int64_t) g9; - int64_t f1g0 = f1 * (int64_t) g0; - int64_t f1g1_2 = f1_2 * (int64_t) g1; - int64_t f1g2 = f1 * (int64_t) g2; - int64_t f1g3_2 = f1_2 * (int64_t) g3; - int64_t f1g4 = f1 * (int64_t) g4; - int64_t f1g5_2 = f1_2 * (int64_t) g5; - int64_t f1g6 = f1 * (int64_t) g6; - int64_t f1g7_2 = f1_2 * (int64_t) g7; - int64_t f1g8 = f1 * (int64_t) g8; - int64_t f1g9_38 = f1_2 * (int64_t) g9_19; - int64_t f2g0 = f2 * (int64_t) g0; - int64_t f2g1 = f2 * (int64_t) g1; - int64_t f2g2 = f2 * (int64_t) g2; - int64_t f2g3 = f2 * (int64_t) g3; - int64_t f2g4 = f2 * (int64_t) g4; - int64_t f2g5 = f2 * (int64_t) g5; - int64_t f2g6 = f2 * (int64_t) g6; - int64_t f2g7 = f2 * (int64_t) g7; - int64_t f2g8_19 = f2 * (int64_t) g8_19; - int64_t f2g9_19 = f2 * (int64_t) g9_19; - int64_t f3g0 = f3 * (int64_t) g0; - int64_t f3g1_2 = f3_2 * (int64_t) g1; - int64_t f3g2 = f3 * (int64_t) g2; - int64_t f3g3_2 = f3_2 * (int64_t) g3; - int64_t f3g4 = f3 * (int64_t) g4; - int64_t f3g5_2 = f3_2 * (int64_t) g5; - int64_t f3g6 = f3 * (int64_t) g6; - int64_t f3g7_38 = f3_2 * (int64_t) g7_19; - int64_t f3g8_19 = f3 * (int64_t) g8_19; - int64_t f3g9_38 = f3_2 * (int64_t) g9_19; - int64_t f4g0 = f4 * (int64_t) g0; - int64_t f4g1 = f4 * (int64_t) g1; - int64_t f4g2 = f4 * (int64_t) g2; - int64_t f4g3 = f4 * (int64_t) g3; - int64_t f4g4 = f4 * (int64_t) g4; - int64_t f4g5 = f4 * (int64_t) g5; - int64_t f4g6_19 = f4 * (int64_t) g6_19; - int64_t f4g7_19 = f4 * (int64_t) g7_19; - int64_t f4g8_19 = f4 * (int64_t) g8_19; - int64_t f4g9_19 = f4 * (int64_t) g9_19; - int64_t f5g0 = f5 * (int64_t) g0; - int64_t f5g1_2 = f5_2 * (int64_t) g1; - int64_t f5g2 = f5 * (int64_t) g2; - int64_t f5g3_2 = f5_2 * (int64_t) g3; - int64_t f5g4 = f5 * (int64_t) g4; - int64_t f5g5_38 = f5_2 * (int64_t) g5_19; - int64_t f5g6_19 = f5 * (int64_t) g6_19; - int64_t f5g7_38 = f5_2 * (int64_t) g7_19; - int64_t f5g8_19 = f5 * (int64_t) g8_19; - int64_t f5g9_38 = f5_2 * (int64_t) g9_19; - int64_t f6g0 = f6 * (int64_t) g0; - int64_t f6g1 = f6 * (int64_t) g1; - int64_t f6g2 = f6 * (int64_t) g2; - int64_t f6g3 = f6 * (int64_t) g3; - int64_t f6g4_19 = f6 * (int64_t) g4_19; - int64_t f6g5_19 = f6 * (int64_t) g5_19; - int64_t f6g6_19 = f6 * (int64_t) g6_19; - int64_t f6g7_19 = f6 * (int64_t) g7_19; - int64_t f6g8_19 = f6 * (int64_t) g8_19; - int64_t f6g9_19 = f6 * (int64_t) g9_19; - int64_t f7g0 = f7 * (int64_t) g0; - int64_t f7g1_2 = f7_2 * (int64_t) g1; - int64_t f7g2 = f7 * (int64_t) g2; - int64_t f7g3_38 = f7_2 * (int64_t) g3_19; - int64_t f7g4_19 = f7 * (int64_t) g4_19; - int64_t f7g5_38 = f7_2 * (int64_t) g5_19; - int64_t f7g6_19 = f7 * (int64_t) g6_19; - int64_t f7g7_38 = f7_2 * (int64_t) g7_19; - int64_t f7g8_19 = f7 * (int64_t) g8_19; - int64_t f7g9_38 = f7_2 * (int64_t) g9_19; - int64_t f8g0 = f8 * (int64_t) g0; - int64_t f8g1 = f8 * (int64_t) g1; - int64_t f8g2_19 = f8 * (int64_t) g2_19; - int64_t f8g3_19 = f8 * (int64_t) g3_19; - int64_t f8g4_19 = f8 * (int64_t) g4_19; - int64_t f8g5_19 = f8 * (int64_t) g5_19; - int64_t f8g6_19 = f8 * (int64_t) g6_19; - int64_t f8g7_19 = f8 * (int64_t) g7_19; - int64_t f8g8_19 = f8 * (int64_t) g8_19; - int64_t f8g9_19 = f8 * (int64_t) g9_19; - int64_t f9g0 = f9 * (int64_t) g0; - int64_t f9g1_38 = f9_2 * (int64_t) g1_19; - int64_t f9g2_19 = f9 * (int64_t) g2_19; - int64_t f9g3_38 = f9_2 * (int64_t) g3_19; - int64_t f9g4_19 = f9 * (int64_t) g4_19; - int64_t f9g5_38 = f9_2 * (int64_t) g5_19; - int64_t f9g6_19 = f9 * (int64_t) g6_19; - int64_t f9g7_38 = f9_2 * (int64_t) g7_19; - int64_t f9g8_19 = f9 * (int64_t) g8_19; - int64_t f9g9_38 = f9_2 * (int64_t) g9_19; - int64_t h0 = f0g0+f1g9_38+f2g8_19+f3g7_38+f4g6_19+f5g5_38+f6g4_19+f7g3_38+f8g2_19+f9g1_38; - int64_t h1 = f0g1+f1g0 +f2g9_19+f3g8_19+f4g7_19+f5g6_19+f6g5_19+f7g4_19+f8g3_19+f9g2_19; - int64_t h2 = f0g2+f1g1_2 +f2g0 +f3g9_38+f4g8_19+f5g7_38+f6g6_19+f7g5_38+f8g4_19+f9g3_38; - int64_t h3 = f0g3+f1g2 +f2g1 +f3g0 +f4g9_19+f5g8_19+f6g7_19+f7g6_19+f8g5_19+f9g4_19; - int64_t h4 = f0g4+f1g3_2 +f2g2 +f3g1_2 +f4g0 +f5g9_38+f6g8_19+f7g7_38+f8g6_19+f9g5_38; - int64_t h5 = f0g5+f1g4 +f2g3 +f3g2 +f4g1 +f5g0 +f6g9_19+f7g8_19+f8g7_19+f9g6_19; - int64_t h6 = f0g6+f1g5_2 +f2g4 +f3g3_2 +f4g2 +f5g1_2 +f6g0 +f7g9_38+f8g8_19+f9g7_38; - int64_t h7 = f0g7+f1g6 +f2g5 +f3g4 +f4g3 +f5g2 +f6g1 +f7g0 +f8g9_19+f9g8_19; - int64_t h8 = f0g8+f1g7_2 +f2g6 +f3g5_2 +f4g4 +f5g3_2 +f6g2 +f7g1_2 +f8g0 +f9g9_38; - int64_t h9 = f0g9+f1g8 +f2g7 +f3g6 +f4g5 +f5g4 +f6g3 +f7g2 +f8g1 +f9g0 ; - int64_t carry0; - int64_t carry1; - int64_t carry2; - int64_t carry3; - int64_t carry4; - int64_t carry5; - int64_t carry6; - int64_t carry7; - int64_t carry8; - int64_t carry9; - - /* |h0| <= (1.65*1.65*2^52*(1+19+19+19+19)+1.65*1.65*2^50*(38+38+38+38+38)) - * i.e. |h0| <= 1.4*2^60; narrower ranges for h2, h4, h6, h8 - * |h1| <= (1.65*1.65*2^51*(1+1+19+19+19+19+19+19+19+19)) - * i.e. |h1| <= 1.7*2^59; narrower ranges for h3, h5, h7, h9 */ - - carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; - carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; - /* |h0| <= 2^25 */ - /* |h4| <= 2^25 */ - /* |h1| <= 1.71*2^59 */ - /* |h5| <= 1.71*2^59 */ - - carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits; - carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits; - /* |h1| <= 2^24; from now on fits into int32 */ - /* |h5| <= 2^24; from now on fits into int32 */ - /* |h2| <= 1.41*2^60 */ - /* |h6| <= 1.41*2^60 */ - - carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits; - carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits; - /* |h2| <= 2^25; from now on fits into int32 unchanged */ - /* |h6| <= 2^25; from now on fits into int32 unchanged */ - /* |h3| <= 1.71*2^59 */ - /* |h7| <= 1.71*2^59 */ - - carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits; - carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits; - /* |h3| <= 2^24; from now on fits into int32 unchanged */ - /* |h7| <= 2^24; from now on fits into int32 unchanged */ - /* |h4| <= 1.72*2^34 */ - /* |h8| <= 1.41*2^60 */ - - carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; - carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits; - /* |h4| <= 2^25; from now on fits into int32 unchanged */ - /* |h8| <= 2^25; from now on fits into int32 unchanged */ - /* |h5| <= 1.01*2^24 */ - /* |h9| <= 1.71*2^59 */ - - carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits; - /* |h9| <= 2^24; from now on fits into int32 unchanged */ - /* |h0| <= 1.1*2^39 */ - - carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; - /* |h0| <= 2^25; from now on fits into int32 unchanged */ - /* |h1| <= 1.01*2^24 */ - - h[0] = (int32_t)h0; - h[1] = (int32_t)h1; - h[2] = (int32_t)h2; - h[3] = (int32_t)h3; - h[4] = (int32_t)h4; - h[5] = (int32_t)h5; - h[6] = (int32_t)h6; - h[7] = (int32_t)h7; - h[8] = (int32_t)h8; - h[9] = (int32_t)h9; + * With tighter constraints on inputs can squeeze carries into int32. + */ +static void fe_mul(fe h, const fe f, const fe g) +{ + int32_t f0 = f[0]; + int32_t f1 = f[1]; + int32_t f2 = f[2]; + int32_t f3 = f[3]; + int32_t f4 = f[4]; + int32_t f5 = f[5]; + int32_t f6 = f[6]; + int32_t f7 = f[7]; + int32_t f8 = f[8]; + int32_t f9 = f[9]; + int32_t g0 = g[0]; + int32_t g1 = g[1]; + int32_t g2 = g[2]; + int32_t g3 = g[3]; + int32_t g4 = g[4]; + int32_t g5 = g[5]; + int32_t g6 = g[6]; + int32_t g7 = g[7]; + int32_t g8 = g[8]; + int32_t g9 = g[9]; + int32_t g1_19 = 19 * g1; /* 1.959375*2^29 */ + int32_t g2_19 = 19 * g2; /* 1.959375*2^30; still ok */ + int32_t g3_19 = 19 * g3; + int32_t g4_19 = 19 * g4; + int32_t g5_19 = 19 * g5; + int32_t g6_19 = 19 * g6; + int32_t g7_19 = 19 * g7; + int32_t g8_19 = 19 * g8; + int32_t g9_19 = 19 * g9; + int32_t f1_2 = 2 * f1; + int32_t f3_2 = 2 * f3; + int32_t f5_2 = 2 * f5; + int32_t f7_2 = 2 * f7; + int32_t f9_2 = 2 * f9; + int64_t f0g0 = f0 * (int64_t) g0; + int64_t f0g1 = f0 * (int64_t) g1; + int64_t f0g2 = f0 * (int64_t) g2; + int64_t f0g3 = f0 * (int64_t) g3; + int64_t f0g4 = f0 * (int64_t) g4; + int64_t f0g5 = f0 * (int64_t) g5; + int64_t f0g6 = f0 * (int64_t) g6; + int64_t f0g7 = f0 * (int64_t) g7; + int64_t f0g8 = f0 * (int64_t) g8; + int64_t f0g9 = f0 * (int64_t) g9; + int64_t f1g0 = f1 * (int64_t) g0; + int64_t f1g1_2 = f1_2 * (int64_t) g1; + int64_t f1g2 = f1 * (int64_t) g2; + int64_t f1g3_2 = f1_2 * (int64_t) g3; + int64_t f1g4 = f1 * (int64_t) g4; + int64_t f1g5_2 = f1_2 * (int64_t) g5; + int64_t f1g6 = f1 * (int64_t) g6; + int64_t f1g7_2 = f1_2 * (int64_t) g7; + int64_t f1g8 = f1 * (int64_t) g8; + int64_t f1g9_38 = f1_2 * (int64_t) g9_19; + int64_t f2g0 = f2 * (int64_t) g0; + int64_t f2g1 = f2 * (int64_t) g1; + int64_t f2g2 = f2 * (int64_t) g2; + int64_t f2g3 = f2 * (int64_t) g3; + int64_t f2g4 = f2 * (int64_t) g4; + int64_t f2g5 = f2 * (int64_t) g5; + int64_t f2g6 = f2 * (int64_t) g6; + int64_t f2g7 = f2 * (int64_t) g7; + int64_t f2g8_19 = f2 * (int64_t) g8_19; + int64_t f2g9_19 = f2 * (int64_t) g9_19; + int64_t f3g0 = f3 * (int64_t) g0; + int64_t f3g1_2 = f3_2 * (int64_t) g1; + int64_t f3g2 = f3 * (int64_t) g2; + int64_t f3g3_2 = f3_2 * (int64_t) g3; + int64_t f3g4 = f3 * (int64_t) g4; + int64_t f3g5_2 = f3_2 * (int64_t) g5; + int64_t f3g6 = f3 * (int64_t) g6; + int64_t f3g7_38 = f3_2 * (int64_t) g7_19; + int64_t f3g8_19 = f3 * (int64_t) g8_19; + int64_t f3g9_38 = f3_2 * (int64_t) g9_19; + int64_t f4g0 = f4 * (int64_t) g0; + int64_t f4g1 = f4 * (int64_t) g1; + int64_t f4g2 = f4 * (int64_t) g2; + int64_t f4g3 = f4 * (int64_t) g3; + int64_t f4g4 = f4 * (int64_t) g4; + int64_t f4g5 = f4 * (int64_t) g5; + int64_t f4g6_19 = f4 * (int64_t) g6_19; + int64_t f4g7_19 = f4 * (int64_t) g7_19; + int64_t f4g8_19 = f4 * (int64_t) g8_19; + int64_t f4g9_19 = f4 * (int64_t) g9_19; + int64_t f5g0 = f5 * (int64_t) g0; + int64_t f5g1_2 = f5_2 * (int64_t) g1; + int64_t f5g2 = f5 * (int64_t) g2; + int64_t f5g3_2 = f5_2 * (int64_t) g3; + int64_t f5g4 = f5 * (int64_t) g4; + int64_t f5g5_38 = f5_2 * (int64_t) g5_19; + int64_t f5g6_19 = f5 * (int64_t) g6_19; + int64_t f5g7_38 = f5_2 * (int64_t) g7_19; + int64_t f5g8_19 = f5 * (int64_t) g8_19; + int64_t f5g9_38 = f5_2 * (int64_t) g9_19; + int64_t f6g0 = f6 * (int64_t) g0; + int64_t f6g1 = f6 * (int64_t) g1; + int64_t f6g2 = f6 * (int64_t) g2; + int64_t f6g3 = f6 * (int64_t) g3; + int64_t f6g4_19 = f6 * (int64_t) g4_19; + int64_t f6g5_19 = f6 * (int64_t) g5_19; + int64_t f6g6_19 = f6 * (int64_t) g6_19; + int64_t f6g7_19 = f6 * (int64_t) g7_19; + int64_t f6g8_19 = f6 * (int64_t) g8_19; + int64_t f6g9_19 = f6 * (int64_t) g9_19; + int64_t f7g0 = f7 * (int64_t) g0; + int64_t f7g1_2 = f7_2 * (int64_t) g1; + int64_t f7g2 = f7 * (int64_t) g2; + int64_t f7g3_38 = f7_2 * (int64_t) g3_19; + int64_t f7g4_19 = f7 * (int64_t) g4_19; + int64_t f7g5_38 = f7_2 * (int64_t) g5_19; + int64_t f7g6_19 = f7 * (int64_t) g6_19; + int64_t f7g7_38 = f7_2 * (int64_t) g7_19; + int64_t f7g8_19 = f7 * (int64_t) g8_19; + int64_t f7g9_38 = f7_2 * (int64_t) g9_19; + int64_t f8g0 = f8 * (int64_t) g0; + int64_t f8g1 = f8 * (int64_t) g1; + int64_t f8g2_19 = f8 * (int64_t) g2_19; + int64_t f8g3_19 = f8 * (int64_t) g3_19; + int64_t f8g4_19 = f8 * (int64_t) g4_19; + int64_t f8g5_19 = f8 * (int64_t) g5_19; + int64_t f8g6_19 = f8 * (int64_t) g6_19; + int64_t f8g7_19 = f8 * (int64_t) g7_19; + int64_t f8g8_19 = f8 * (int64_t) g8_19; + int64_t f8g9_19 = f8 * (int64_t) g9_19; + int64_t f9g0 = f9 * (int64_t) g0; + int64_t f9g1_38 = f9_2 * (int64_t) g1_19; + int64_t f9g2_19 = f9 * (int64_t) g2_19; + int64_t f9g3_38 = f9_2 * (int64_t) g3_19; + int64_t f9g4_19 = f9 * (int64_t) g4_19; + int64_t f9g5_38 = f9_2 * (int64_t) g5_19; + int64_t f9g6_19 = f9 * (int64_t) g6_19; + int64_t f9g7_38 = f9_2 * (int64_t) g7_19; + int64_t f9g8_19 = f9 * (int64_t) g8_19; + int64_t f9g9_38 = f9_2 * (int64_t) g9_19; + int64_t h0 = f0g0 + f1g9_38 + f2g8_19 + f3g7_38 + f4g6_19 + f5g5_38 + f6g4_19 + f7g3_38 + f8g2_19 + f9g1_38; + int64_t h1 = f0g1 + f1g0 + f2g9_19 + f3g8_19 + f4g7_19 + f5g6_19 + f6g5_19 + f7g4_19 + f8g3_19 + f9g2_19; + int64_t h2 = f0g2 + f1g1_2 + f2g0 + f3g9_38 + f4g8_19 + f5g7_38 + f6g6_19 + f7g5_38 + f8g4_19 + f9g3_38; + int64_t h3 = f0g3 + f1g2 + f2g1 + f3g0 + f4g9_19 + f5g8_19 + f6g7_19 + f7g6_19 + f8g5_19 + f9g4_19; + int64_t h4 = f0g4 + f1g3_2 + f2g2 + f3g1_2 + f4g0 + f5g9_38 + f6g8_19 + f7g7_38 + f8g6_19 + f9g5_38; + int64_t h5 = f0g5 + f1g4 + f2g3 + f3g2 + f4g1 + f5g0 + f6g9_19 + f7g8_19 + f8g7_19 + f9g6_19; + int64_t h6 = f0g6 + f1g5_2 + f2g4 + f3g3_2 + f4g2 + f5g1_2 + f6g0 + f7g9_38 + f8g8_19 + f9g7_38; + int64_t h7 = f0g7 + f1g6 + f2g5 + f3g4 + f4g3 + f5g2 + f6g1 + f7g0 + f8g9_19 + f9g8_19; + int64_t h8 = f0g8 + f1g7_2 + f2g6 + f3g5_2 + f4g4 + f5g3_2 + f6g2 + f7g1_2 + f8g0 + f9g9_38; + int64_t h9 = f0g9 + f1g8 + f2g7 + f3g6 + f4g5 + f5g4 + f6g3 + f7g2 + f8g1 + f9g0 ; + int64_t carry0; + int64_t carry1; + int64_t carry2; + int64_t carry3; + int64_t carry4; + int64_t carry5; + int64_t carry6; + int64_t carry7; + int64_t carry8; + int64_t carry9; + + /* |h0| <= (1.65*1.65*2^52*(1+19+19+19+19)+1.65*1.65*2^50*(38+38+38+38+38)) + * i.e. |h0| <= 1.4*2^60; narrower ranges for h2, h4, h6, h8 + * |h1| <= (1.65*1.65*2^51*(1+1+19+19+19+19+19+19+19+19)) + * i.e. |h1| <= 1.7*2^59; narrower ranges for h3, h5, h7, h9 */ + + carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; + carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; + /* |h0| <= 2^25 */ + /* |h4| <= 2^25 */ + /* |h1| <= 1.71*2^59 */ + /* |h5| <= 1.71*2^59 */ + + carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits; + carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits; + /* |h1| <= 2^24; from now on fits into int32 */ + /* |h5| <= 2^24; from now on fits into int32 */ + /* |h2| <= 1.41*2^60 */ + /* |h6| <= 1.41*2^60 */ + + carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits; + carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits; + /* |h2| <= 2^25; from now on fits into int32 unchanged */ + /* |h6| <= 2^25; from now on fits into int32 unchanged */ + /* |h3| <= 1.71*2^59 */ + /* |h7| <= 1.71*2^59 */ + + carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits; + carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits; + /* |h3| <= 2^24; from now on fits into int32 unchanged */ + /* |h7| <= 2^24; from now on fits into int32 unchanged */ + /* |h4| <= 1.72*2^34 */ + /* |h8| <= 1.41*2^60 */ + + carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; + carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits; + /* |h4| <= 2^25; from now on fits into int32 unchanged */ + /* |h8| <= 2^25; from now on fits into int32 unchanged */ + /* |h5| <= 1.01*2^24 */ + /* |h9| <= 1.71*2^59 */ + + carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits; + /* |h9| <= 2^24; from now on fits into int32 unchanged */ + /* |h0| <= 1.1*2^39 */ + + carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; + /* |h0| <= 2^25; from now on fits into int32 unchanged */ + /* |h1| <= 1.01*2^24 */ + + h[0] = (int32_t)h0; + h[1] = (int32_t)h1; + h[2] = (int32_t)h2; + h[3] = (int32_t)h3; + h[4] = (int32_t)h4; + h[5] = (int32_t)h5; + h[6] = (int32_t)h6; + h[7] = (int32_t)h7; + h[8] = (int32_t)h8; + h[9] = (int32_t)h9; } -/* h = f * f +/* + * h = f * f + * * Can overlap h with f. * * Preconditions: @@ -1227,286 +1259,307 @@ static void fe_mul(fe h, const fe f, const fe g) { * Postconditions: * |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc. * - * See fe_mul.c for discussion of implementation strategy. */ -static void fe_sq(fe h, const fe f) { - int32_t f0 = f[0]; - int32_t f1 = f[1]; - int32_t f2 = f[2]; - int32_t f3 = f[3]; - int32_t f4 = f[4]; - int32_t f5 = f[5]; - int32_t f6 = f[6]; - int32_t f7 = f[7]; - int32_t f8 = f[8]; - int32_t f9 = f[9]; - int32_t f0_2 = 2 * f0; - int32_t f1_2 = 2 * f1; - int32_t f2_2 = 2 * f2; - int32_t f3_2 = 2 * f3; - int32_t f4_2 = 2 * f4; - int32_t f5_2 = 2 * f5; - int32_t f6_2 = 2 * f6; - int32_t f7_2 = 2 * f7; - int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */ - int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */ - int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */ - int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */ - int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */ - int64_t f0f0 = f0 * (int64_t) f0; - int64_t f0f1_2 = f0_2 * (int64_t) f1; - int64_t f0f2_2 = f0_2 * (int64_t) f2; - int64_t f0f3_2 = f0_2 * (int64_t) f3; - int64_t f0f4_2 = f0_2 * (int64_t) f4; - int64_t f0f5_2 = f0_2 * (int64_t) f5; - int64_t f0f6_2 = f0_2 * (int64_t) f6; - int64_t f0f7_2 = f0_2 * (int64_t) f7; - int64_t f0f8_2 = f0_2 * (int64_t) f8; - int64_t f0f9_2 = f0_2 * (int64_t) f9; - int64_t f1f1_2 = f1_2 * (int64_t) f1; - int64_t f1f2_2 = f1_2 * (int64_t) f2; - int64_t f1f3_4 = f1_2 * (int64_t) f3_2; - int64_t f1f4_2 = f1_2 * (int64_t) f4; - int64_t f1f5_4 = f1_2 * (int64_t) f5_2; - int64_t f1f6_2 = f1_2 * (int64_t) f6; - int64_t f1f7_4 = f1_2 * (int64_t) f7_2; - int64_t f1f8_2 = f1_2 * (int64_t) f8; - int64_t f1f9_76 = f1_2 * (int64_t) f9_38; - int64_t f2f2 = f2 * (int64_t) f2; - int64_t f2f3_2 = f2_2 * (int64_t) f3; - int64_t f2f4_2 = f2_2 * (int64_t) f4; - int64_t f2f5_2 = f2_2 * (int64_t) f5; - int64_t f2f6_2 = f2_2 * (int64_t) f6; - int64_t f2f7_2 = f2_2 * (int64_t) f7; - int64_t f2f8_38 = f2_2 * (int64_t) f8_19; - int64_t f2f9_38 = f2 * (int64_t) f9_38; - int64_t f3f3_2 = f3_2 * (int64_t) f3; - int64_t f3f4_2 = f3_2 * (int64_t) f4; - int64_t f3f5_4 = f3_2 * (int64_t) f5_2; - int64_t f3f6_2 = f3_2 * (int64_t) f6; - int64_t f3f7_76 = f3_2 * (int64_t) f7_38; - int64_t f3f8_38 = f3_2 * (int64_t) f8_19; - int64_t f3f9_76 = f3_2 * (int64_t) f9_38; - int64_t f4f4 = f4 * (int64_t) f4; - int64_t f4f5_2 = f4_2 * (int64_t) f5; - int64_t f4f6_38 = f4_2 * (int64_t) f6_19; - int64_t f4f7_38 = f4 * (int64_t) f7_38; - int64_t f4f8_38 = f4_2 * (int64_t) f8_19; - int64_t f4f9_38 = f4 * (int64_t) f9_38; - int64_t f5f5_38 = f5 * (int64_t) f5_38; - int64_t f5f6_38 = f5_2 * (int64_t) f6_19; - int64_t f5f7_76 = f5_2 * (int64_t) f7_38; - int64_t f5f8_38 = f5_2 * (int64_t) f8_19; - int64_t f5f9_76 = f5_2 * (int64_t) f9_38; - int64_t f6f6_19 = f6 * (int64_t) f6_19; - int64_t f6f7_38 = f6 * (int64_t) f7_38; - int64_t f6f8_38 = f6_2 * (int64_t) f8_19; - int64_t f6f9_38 = f6 * (int64_t) f9_38; - int64_t f7f7_38 = f7 * (int64_t) f7_38; - int64_t f7f8_38 = f7_2 * (int64_t) f8_19; - int64_t f7f9_76 = f7_2 * (int64_t) f9_38; - int64_t f8f8_19 = f8 * (int64_t) f8_19; - int64_t f8f9_38 = f8 * (int64_t) f9_38; - int64_t f9f9_38 = f9 * (int64_t) f9_38; - int64_t h0 = f0f0 +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38; - int64_t h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38; - int64_t h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19; - int64_t h3 = f0f3_2+f1f2_2 +f4f9_38+f5f8_38+f6f7_38; - int64_t h4 = f0f4_2+f1f3_4 +f2f2 +f5f9_76+f6f8_38+f7f7_38; - int64_t h5 = f0f5_2+f1f4_2 +f2f3_2 +f6f9_38+f7f8_38; - int64_t h6 = f0f6_2+f1f5_4 +f2f4_2 +f3f3_2 +f7f9_76+f8f8_19; - int64_t h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38; - int64_t h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4 +f9f9_38; - int64_t h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2; - int64_t carry0; - int64_t carry1; - int64_t carry2; - int64_t carry3; - int64_t carry4; - int64_t carry5; - int64_t carry6; - int64_t carry7; - int64_t carry8; - int64_t carry9; - - carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; - carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; - - carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits; - carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits; - - carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits; - carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits; - - carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits; - carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits; - - carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; - carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits; - - carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits; - - carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; - - h[0] = (int32_t)h0; - h[1] = (int32_t)h1; - h[2] = (int32_t)h2; - h[3] = (int32_t)h3; - h[4] = (int32_t)h4; - h[5] = (int32_t)h5; - h[6] = (int32_t)h6; - h[7] = (int32_t)h7; - h[8] = (int32_t)h8; - h[9] = (int32_t)h9; + * See fe_mul.c for discussion of implementation strategy. + */ +static void fe_sq(fe h, const fe f) +{ + int32_t f0 = f[0]; + int32_t f1 = f[1]; + int32_t f2 = f[2]; + int32_t f3 = f[3]; + int32_t f4 = f[4]; + int32_t f5 = f[5]; + int32_t f6 = f[6]; + int32_t f7 = f[7]; + int32_t f8 = f[8]; + int32_t f9 = f[9]; + int32_t f0_2 = 2 * f0; + int32_t f1_2 = 2 * f1; + int32_t f2_2 = 2 * f2; + int32_t f3_2 = 2 * f3; + int32_t f4_2 = 2 * f4; + int32_t f5_2 = 2 * f5; + int32_t f6_2 = 2 * f6; + int32_t f7_2 = 2 * f7; + int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */ + int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */ + int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */ + int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */ + int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */ + int64_t f0f0 = f0 * (int64_t) f0; + int64_t f0f1_2 = f0_2 * (int64_t) f1; + int64_t f0f2_2 = f0_2 * (int64_t) f2; + int64_t f0f3_2 = f0_2 * (int64_t) f3; + int64_t f0f4_2 = f0_2 * (int64_t) f4; + int64_t f0f5_2 = f0_2 * (int64_t) f5; + int64_t f0f6_2 = f0_2 * (int64_t) f6; + int64_t f0f7_2 = f0_2 * (int64_t) f7; + int64_t f0f8_2 = f0_2 * (int64_t) f8; + int64_t f0f9_2 = f0_2 * (int64_t) f9; + int64_t f1f1_2 = f1_2 * (int64_t) f1; + int64_t f1f2_2 = f1_2 * (int64_t) f2; + int64_t f1f3_4 = f1_2 * (int64_t) f3_2; + int64_t f1f4_2 = f1_2 * (int64_t) f4; + int64_t f1f5_4 = f1_2 * (int64_t) f5_2; + int64_t f1f6_2 = f1_2 * (int64_t) f6; + int64_t f1f7_4 = f1_2 * (int64_t) f7_2; + int64_t f1f8_2 = f1_2 * (int64_t) f8; + int64_t f1f9_76 = f1_2 * (int64_t) f9_38; + int64_t f2f2 = f2 * (int64_t) f2; + int64_t f2f3_2 = f2_2 * (int64_t) f3; + int64_t f2f4_2 = f2_2 * (int64_t) f4; + int64_t f2f5_2 = f2_2 * (int64_t) f5; + int64_t f2f6_2 = f2_2 * (int64_t) f6; + int64_t f2f7_2 = f2_2 * (int64_t) f7; + int64_t f2f8_38 = f2_2 * (int64_t) f8_19; + int64_t f2f9_38 = f2 * (int64_t) f9_38; + int64_t f3f3_2 = f3_2 * (int64_t) f3; + int64_t f3f4_2 = f3_2 * (int64_t) f4; + int64_t f3f5_4 = f3_2 * (int64_t) f5_2; + int64_t f3f6_2 = f3_2 * (int64_t) f6; + int64_t f3f7_76 = f3_2 * (int64_t) f7_38; + int64_t f3f8_38 = f3_2 * (int64_t) f8_19; + int64_t f3f9_76 = f3_2 * (int64_t) f9_38; + int64_t f4f4 = f4 * (int64_t) f4; + int64_t f4f5_2 = f4_2 * (int64_t) f5; + int64_t f4f6_38 = f4_2 * (int64_t) f6_19; + int64_t f4f7_38 = f4 * (int64_t) f7_38; + int64_t f4f8_38 = f4_2 * (int64_t) f8_19; + int64_t f4f9_38 = f4 * (int64_t) f9_38; + int64_t f5f5_38 = f5 * (int64_t) f5_38; + int64_t f5f6_38 = f5_2 * (int64_t) f6_19; + int64_t f5f7_76 = f5_2 * (int64_t) f7_38; + int64_t f5f8_38 = f5_2 * (int64_t) f8_19; + int64_t f5f9_76 = f5_2 * (int64_t) f9_38; + int64_t f6f6_19 = f6 * (int64_t) f6_19; + int64_t f6f7_38 = f6 * (int64_t) f7_38; + int64_t f6f8_38 = f6_2 * (int64_t) f8_19; + int64_t f6f9_38 = f6 * (int64_t) f9_38; + int64_t f7f7_38 = f7 * (int64_t) f7_38; + int64_t f7f8_38 = f7_2 * (int64_t) f8_19; + int64_t f7f9_76 = f7_2 * (int64_t) f9_38; + int64_t f8f8_19 = f8 * (int64_t) f8_19; + int64_t f8f9_38 = f8 * (int64_t) f9_38; + int64_t f9f9_38 = f9 * (int64_t) f9_38; + int64_t h0 = f0f0 + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38; + int64_t h1 = f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38; + int64_t h2 = f0f2_2 + f1f1_2 + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19; + int64_t h3 = f0f3_2 + f1f2_2 + f4f9_38 + f5f8_38 + f6f7_38; + int64_t h4 = f0f4_2 + f1f3_4 + f2f2 + f5f9_76 + f6f8_38 + f7f7_38; + int64_t h5 = f0f5_2 + f1f4_2 + f2f3_2 + f6f9_38 + f7f8_38; + int64_t h6 = f0f6_2 + f1f5_4 + f2f4_2 + f3f3_2 + f7f9_76 + f8f8_19; + int64_t h7 = f0f7_2 + f1f6_2 + f2f5_2 + f3f4_2 + f8f9_38; + int64_t h8 = f0f8_2 + f1f7_4 + f2f6_2 + f3f5_4 + f4f4 + f9f9_38; + int64_t h9 = f0f9_2 + f1f8_2 + f2f7_2 + f3f6_2 + f4f5_2; + int64_t carry0; + int64_t carry1; + int64_t carry2; + int64_t carry3; + int64_t carry4; + int64_t carry5; + int64_t carry6; + int64_t carry7; + int64_t carry8; + int64_t carry9; + + carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; + carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; + + carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits; + carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits; + + carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits; + carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits; + + carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits; + carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits; + + carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; + carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits; + + carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits; + + carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; + + h[0] = (int32_t)h0; + h[1] = (int32_t)h1; + h[2] = (int32_t)h2; + h[3] = (int32_t)h3; + h[4] = (int32_t)h4; + h[5] = (int32_t)h5; + h[6] = (int32_t)h6; + h[7] = (int32_t)h7; + h[8] = (int32_t)h8; + h[9] = (int32_t)h9; } -static void fe_invert(fe out, const fe z) { - fe t0; - fe t1; - fe t2; - fe t3; - int i; +static void fe_invert(fe out, const fe z) +{ + fe t0; + fe t1; + fe t2; + fe t3; + int i; - /* - * Compute z ** -1 = z ** (2 ** 255 - 19 - 2) with the exponent as - * 2 ** 255 - 21 = (2 ** 5) * (2 ** 250 - 1) + 11. - */ + /* + * Compute z ** -1 = z ** (2 ** 255 - 19 - 2) with the exponent as + * 2 ** 255 - 21 = (2 ** 5) * (2 ** 250 - 1) + 11. + */ - /* t0 = z ** 2 */ - fe_sq(t0, z); + /* t0 = z ** 2 */ + fe_sq(t0, z); - /* t1 = t0 ** (2 ** 2) = z ** 8 */ - fe_sq(t1, t0); - fe_sq(t1, t1); + /* t1 = t0 ** (2 ** 2) = z ** 8 */ + fe_sq(t1, t0); + fe_sq(t1, t1); - /* t1 = z * t1 = z ** 9 */ - fe_mul(t1, z, t1); - /* t0 = t0 * t1 = z ** 11 -- stash t0 away for the end. */ - fe_mul(t0, t0, t1); + /* t1 = z * t1 = z ** 9 */ + fe_mul(t1, z, t1); + /* t0 = t0 * t1 = z ** 11 -- stash t0 away for the end. */ + fe_mul(t0, t0, t1); - /* t2 = t0 ** 2 = z ** 22 */ - fe_sq(t2, t0); + /* t2 = t0 ** 2 = z ** 22 */ + fe_sq(t2, t0); - /* t1 = t1 * t2 = z ** (2 ** 5 - 1) */ - fe_mul(t1, t1, t2); + /* t1 = t1 * t2 = z ** (2 ** 5 - 1) */ + fe_mul(t1, t1, t2); - /* t2 = t1 ** (2 ** 5) = z ** ((2 ** 5) * (2 ** 5 - 1)) */ - fe_sq(t2, t1); - for (i = 1; i < 5; ++i) { - fe_sq(t2, t2); - } + /* t2 = t1 ** (2 ** 5) = z ** ((2 ** 5) * (2 ** 5 - 1)) */ + fe_sq(t2, t1); + for (i = 1; i < 5; ++i) { + fe_sq(t2, t2); + } - /* t1 = t1 * t2 = z ** ((2 ** 5 + 1) * (2 ** 5 - 1)) = z ** (2 ** 10 - 1) */ - fe_mul(t1, t2, t1); + /* t1 = t1 * t2 = z ** ((2 ** 5 + 1) * (2 ** 5 - 1)) = z ** (2 ** 10 - 1) */ + fe_mul(t1, t2, t1); - /* Continuing similarly... */ + /* Continuing similarly... */ - /* t2 = z ** (2 ** 20 - 1) */ - fe_sq(t2, t1); - for (i = 1; i < 10; ++i) { - fe_sq(t2, t2); - } - fe_mul(t2, t2, t1); - - /* t2 = z ** (2 ** 40 - 1) */ - fe_sq(t3, t2); - for (i = 1; i < 20; ++i) { - fe_sq(t3, t3); - } - fe_mul(t2, t3, t2); - - /* t2 = z ** (2 ** 10) * (2 ** 40 - 1) */ - for (i = 0; i < 10; ++i) { - fe_sq(t2, t2); - } - /* t1 = z ** (2 ** 50 - 1) */ - fe_mul(t1, t2, t1); + /* t2 = z ** (2 ** 20 - 1) */ + fe_sq(t2, t1); + for (i = 1; i < 10; ++i) { + fe_sq(t2, t2); + } + fe_mul(t2, t2, t1); - /* t2 = z ** (2 ** 100 - 1) */ - fe_sq(t2, t1); - for (i = 1; i < 50; ++i) { - fe_sq(t2, t2); - } - fe_mul(t2, t2, t1); - - /* t2 = z ** (2 ** 200 - 1) */ - fe_sq(t3, t2); - for (i = 1; i < 100; ++i) { - fe_sq(t3, t3); - } - fe_mul(t2, t3, t2); - - /* t2 = z ** ((2 ** 50) * (2 ** 200 - 1) */ - fe_sq(t2, t2); - for (i = 1; i < 50; ++i) { + /* t2 = z ** (2 ** 40 - 1) */ + fe_sq(t3, t2); + for (i = 1; i < 20; ++i) { + fe_sq(t3, t3); + } + fe_mul(t2, t3, t2); + + /* t2 = z ** (2 ** 10) * (2 ** 40 - 1) */ + for (i = 0; i < 10; ++i) { + fe_sq(t2, t2); + } + /* t1 = z ** (2 ** 50 - 1) */ + fe_mul(t1, t2, t1); + + /* t2 = z ** (2 ** 100 - 1) */ + fe_sq(t2, t1); + for (i = 1; i < 50; ++i) { + fe_sq(t2, t2); + } + fe_mul(t2, t2, t1); + + /* t2 = z ** (2 ** 200 - 1) */ + fe_sq(t3, t2); + for (i = 1; i < 100; ++i) { + fe_sq(t3, t3); + } + fe_mul(t2, t3, t2); + + /* t2 = z ** ((2 ** 50) * (2 ** 200 - 1) */ fe_sq(t2, t2); - } + for (i = 1; i < 50; ++i) { + fe_sq(t2, t2); + } - /* t1 = z ** (2 ** 250 - 1) */ - fe_mul(t1, t2, t1); + /* t1 = z ** (2 ** 250 - 1) */ + fe_mul(t1, t2, t1); - /* t1 = z ** ((2 ** 5) * (2 ** 250 - 1)) */ - fe_sq(t1, t1); - for (i = 1; i < 5; ++i) { + /* t1 = z ** ((2 ** 5) * (2 ** 250 - 1)) */ fe_sq(t1, t1); - } + for (i = 1; i < 5; ++i) { + fe_sq(t1, t1); + } - /* Recall t0 = z ** 11; out = z ** (2 ** 255 - 21) */ - fe_mul(out, t1, t0); + /* Recall t0 = z ** 11; out = z ** (2 ** 255 - 21) */ + fe_mul(out, t1, t0); } -/* h = -f +/* + * h = -f * * Preconditions: * |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. * * Postconditions: - * |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. */ -static void fe_neg(fe h, const fe f) { - unsigned i; - for (i = 0; i < 10; i++) { - h[i] = -f[i]; - } + * |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. + */ +static void fe_neg(fe h, const fe f) +{ + unsigned i; + + for (i = 0; i < 10; i++) { + h[i] = -f[i]; + } } -/* Replace (f,g) with (g,g) if b == 1; +/* + * Replace (f,g) with (g,g) if b == 1; * replace (f,g) with (f,g) if b == 0. * - * Preconditions: b in {0,1}. */ -static void fe_cmov(fe f, const fe g, unsigned b) { - size_t i; - b = 0-b; - for (i = 0; i < 10; i++) { - int32_t x = f[i] ^ g[i]; - x &= b; - f[i] ^= x; - } + * Preconditions: b in {0,1}. + */ +static void fe_cmov(fe f, const fe g, unsigned b) +{ + size_t i; + + b = 0-b; + for (i = 0; i < 10; i++) { + int32_t x = f[i] ^ g[i]; + x &= b; + f[i] ^= x; + } } -/* return 0 if f == 0 +/* + * return 0 if f == 0 * return 1 if f != 0 * * Preconditions: - * |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. */ -static int fe_isnonzero(const fe f) { - uint8_t s[32]; - static const uint8_t zero[32] = {0}; - fe_tobytes(s, f); + * |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. + */ +static int fe_isnonzero(const fe f) +{ + uint8_t s[32]; + static const uint8_t zero[32] = {0}; - return CRYPTO_memcmp(s, zero, sizeof(zero)) != 0; + fe_tobytes(s, f); + + return CRYPTO_memcmp(s, zero, sizeof(zero)) != 0; } -/* return 1 if f is in {1,3,5,...,q-2} +/* + * return 1 if f is in {1,3,5,...,q-2} * return 0 if f is in {0,2,4,...,q-1} * * Preconditions: - * |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. */ -static int fe_isnegative(const fe f) { - uint8_t s[32]; - fe_tobytes(s, f); - return s[0] & 1; + * |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. + */ +static int fe_isnegative(const fe f) +{ + uint8_t s[32]; + + fe_tobytes(s, f); + return s[0] & 1; } -/* h = 2 * f * f +/* + * h = 2 * f * f + * * Can overlap h with f. * * Preconditions: @@ -1515,208 +1568,212 @@ static int fe_isnegative(const fe f) { * Postconditions: * |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc. * - * See fe_mul.c for discussion of implementation strategy. */ -static void fe_sq2(fe h, const fe f) { - int32_t f0 = f[0]; - int32_t f1 = f[1]; - int32_t f2 = f[2]; - int32_t f3 = f[3]; - int32_t f4 = f[4]; - int32_t f5 = f[5]; - int32_t f6 = f[6]; - int32_t f7 = f[7]; - int32_t f8 = f[8]; - int32_t f9 = f[9]; - int32_t f0_2 = 2 * f0; - int32_t f1_2 = 2 * f1; - int32_t f2_2 = 2 * f2; - int32_t f3_2 = 2 * f3; - int32_t f4_2 = 2 * f4; - int32_t f5_2 = 2 * f5; - int32_t f6_2 = 2 * f6; - int32_t f7_2 = 2 * f7; - int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */ - int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */ - int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */ - int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */ - int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */ - int64_t f0f0 = f0 * (int64_t) f0; - int64_t f0f1_2 = f0_2 * (int64_t) f1; - int64_t f0f2_2 = f0_2 * (int64_t) f2; - int64_t f0f3_2 = f0_2 * (int64_t) f3; - int64_t f0f4_2 = f0_2 * (int64_t) f4; - int64_t f0f5_2 = f0_2 * (int64_t) f5; - int64_t f0f6_2 = f0_2 * (int64_t) f6; - int64_t f0f7_2 = f0_2 * (int64_t) f7; - int64_t f0f8_2 = f0_2 * (int64_t) f8; - int64_t f0f9_2 = f0_2 * (int64_t) f9; - int64_t f1f1_2 = f1_2 * (int64_t) f1; - int64_t f1f2_2 = f1_2 * (int64_t) f2; - int64_t f1f3_4 = f1_2 * (int64_t) f3_2; - int64_t f1f4_2 = f1_2 * (int64_t) f4; - int64_t f1f5_4 = f1_2 * (int64_t) f5_2; - int64_t f1f6_2 = f1_2 * (int64_t) f6; - int64_t f1f7_4 = f1_2 * (int64_t) f7_2; - int64_t f1f8_2 = f1_2 * (int64_t) f8; - int64_t f1f9_76 = f1_2 * (int64_t) f9_38; - int64_t f2f2 = f2 * (int64_t) f2; - int64_t f2f3_2 = f2_2 * (int64_t) f3; - int64_t f2f4_2 = f2_2 * (int64_t) f4; - int64_t f2f5_2 = f2_2 * (int64_t) f5; - int64_t f2f6_2 = f2_2 * (int64_t) f6; - int64_t f2f7_2 = f2_2 * (int64_t) f7; - int64_t f2f8_38 = f2_2 * (int64_t) f8_19; - int64_t f2f9_38 = f2 * (int64_t) f9_38; - int64_t f3f3_2 = f3_2 * (int64_t) f3; - int64_t f3f4_2 = f3_2 * (int64_t) f4; - int64_t f3f5_4 = f3_2 * (int64_t) f5_2; - int64_t f3f6_2 = f3_2 * (int64_t) f6; - int64_t f3f7_76 = f3_2 * (int64_t) f7_38; - int64_t f3f8_38 = f3_2 * (int64_t) f8_19; - int64_t f3f9_76 = f3_2 * (int64_t) f9_38; - int64_t f4f4 = f4 * (int64_t) f4; - int64_t f4f5_2 = f4_2 * (int64_t) f5; - int64_t f4f6_38 = f4_2 * (int64_t) f6_19; - int64_t f4f7_38 = f4 * (int64_t) f7_38; - int64_t f4f8_38 = f4_2 * (int64_t) f8_19; - int64_t f4f9_38 = f4 * (int64_t) f9_38; - int64_t f5f5_38 = f5 * (int64_t) f5_38; - int64_t f5f6_38 = f5_2 * (int64_t) f6_19; - int64_t f5f7_76 = f5_2 * (int64_t) f7_38; - int64_t f5f8_38 = f5_2 * (int64_t) f8_19; - int64_t f5f9_76 = f5_2 * (int64_t) f9_38; - int64_t f6f6_19 = f6 * (int64_t) f6_19; - int64_t f6f7_38 = f6 * (int64_t) f7_38; - int64_t f6f8_38 = f6_2 * (int64_t) f8_19; - int64_t f6f9_38 = f6 * (int64_t) f9_38; - int64_t f7f7_38 = f7 * (int64_t) f7_38; - int64_t f7f8_38 = f7_2 * (int64_t) f8_19; - int64_t f7f9_76 = f7_2 * (int64_t) f9_38; - int64_t f8f8_19 = f8 * (int64_t) f8_19; - int64_t f8f9_38 = f8 * (int64_t) f9_38; - int64_t f9f9_38 = f9 * (int64_t) f9_38; - int64_t h0 = f0f0 +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38; - int64_t h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38; - int64_t h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19; - int64_t h3 = f0f3_2+f1f2_2 +f4f9_38+f5f8_38+f6f7_38; - int64_t h4 = f0f4_2+f1f3_4 +f2f2 +f5f9_76+f6f8_38+f7f7_38; - int64_t h5 = f0f5_2+f1f4_2 +f2f3_2 +f6f9_38+f7f8_38; - int64_t h6 = f0f6_2+f1f5_4 +f2f4_2 +f3f3_2 +f7f9_76+f8f8_19; - int64_t h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38; - int64_t h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4 +f9f9_38; - int64_t h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2; - int64_t carry0; - int64_t carry1; - int64_t carry2; - int64_t carry3; - int64_t carry4; - int64_t carry5; - int64_t carry6; - int64_t carry7; - int64_t carry8; - int64_t carry9; - - h0 += h0; - h1 += h1; - h2 += h2; - h3 += h3; - h4 += h4; - h5 += h5; - h6 += h6; - h7 += h7; - h8 += h8; - h9 += h9; - - carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; - carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; - - carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits; - carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits; - - carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits; - carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits; - - carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits; - carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits; - - carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; - carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits; - - carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits; - - carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; - - h[0] = (int32_t)h0; - h[1] = (int32_t)h1; - h[2] = (int32_t)h2; - h[3] = (int32_t)h3; - h[4] = (int32_t)h4; - h[5] = (int32_t)h5; - h[6] = (int32_t)h6; - h[7] = (int32_t)h7; - h[8] = (int32_t)h8; - h[9] = (int32_t)h9; + * See fe_mul.c for discussion of implementation strategy. + */ +static void fe_sq2(fe h, const fe f) +{ + int32_t f0 = f[0]; + int32_t f1 = f[1]; + int32_t f2 = f[2]; + int32_t f3 = f[3]; + int32_t f4 = f[4]; + int32_t f5 = f[5]; + int32_t f6 = f[6]; + int32_t f7 = f[7]; + int32_t f8 = f[8]; + int32_t f9 = f[9]; + int32_t f0_2 = 2 * f0; + int32_t f1_2 = 2 * f1; + int32_t f2_2 = 2 * f2; + int32_t f3_2 = 2 * f3; + int32_t f4_2 = 2 * f4; + int32_t f5_2 = 2 * f5; + int32_t f6_2 = 2 * f6; + int32_t f7_2 = 2 * f7; + int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */ + int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */ + int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */ + int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */ + int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */ + int64_t f0f0 = f0 * (int64_t) f0; + int64_t f0f1_2 = f0_2 * (int64_t) f1; + int64_t f0f2_2 = f0_2 * (int64_t) f2; + int64_t f0f3_2 = f0_2 * (int64_t) f3; + int64_t f0f4_2 = f0_2 * (int64_t) f4; + int64_t f0f5_2 = f0_2 * (int64_t) f5; + int64_t f0f6_2 = f0_2 * (int64_t) f6; + int64_t f0f7_2 = f0_2 * (int64_t) f7; + int64_t f0f8_2 = f0_2 * (int64_t) f8; + int64_t f0f9_2 = f0_2 * (int64_t) f9; + int64_t f1f1_2 = f1_2 * (int64_t) f1; + int64_t f1f2_2 = f1_2 * (int64_t) f2; + int64_t f1f3_4 = f1_2 * (int64_t) f3_2; + int64_t f1f4_2 = f1_2 * (int64_t) f4; + int64_t f1f5_4 = f1_2 * (int64_t) f5_2; + int64_t f1f6_2 = f1_2 * (int64_t) f6; + int64_t f1f7_4 = f1_2 * (int64_t) f7_2; + int64_t f1f8_2 = f1_2 * (int64_t) f8; + int64_t f1f9_76 = f1_2 * (int64_t) f9_38; + int64_t f2f2 = f2 * (int64_t) f2; + int64_t f2f3_2 = f2_2 * (int64_t) f3; + int64_t f2f4_2 = f2_2 * (int64_t) f4; + int64_t f2f5_2 = f2_2 * (int64_t) f5; + int64_t f2f6_2 = f2_2 * (int64_t) f6; + int64_t f2f7_2 = f2_2 * (int64_t) f7; + int64_t f2f8_38 = f2_2 * (int64_t) f8_19; + int64_t f2f9_38 = f2 * (int64_t) f9_38; + int64_t f3f3_2 = f3_2 * (int64_t) f3; + int64_t f3f4_2 = f3_2 * (int64_t) f4; + int64_t f3f5_4 = f3_2 * (int64_t) f5_2; + int64_t f3f6_2 = f3_2 * (int64_t) f6; + int64_t f3f7_76 = f3_2 * (int64_t) f7_38; + int64_t f3f8_38 = f3_2 * (int64_t) f8_19; + int64_t f3f9_76 = f3_2 * (int64_t) f9_38; + int64_t f4f4 = f4 * (int64_t) f4; + int64_t f4f5_2 = f4_2 * (int64_t) f5; + int64_t f4f6_38 = f4_2 * (int64_t) f6_19; + int64_t f4f7_38 = f4 * (int64_t) f7_38; + int64_t f4f8_38 = f4_2 * (int64_t) f8_19; + int64_t f4f9_38 = f4 * (int64_t) f9_38; + int64_t f5f5_38 = f5 * (int64_t) f5_38; + int64_t f5f6_38 = f5_2 * (int64_t) f6_19; + int64_t f5f7_76 = f5_2 * (int64_t) f7_38; + int64_t f5f8_38 = f5_2 * (int64_t) f8_19; + int64_t f5f9_76 = f5_2 * (int64_t) f9_38; + int64_t f6f6_19 = f6 * (int64_t) f6_19; + int64_t f6f7_38 = f6 * (int64_t) f7_38; + int64_t f6f8_38 = f6_2 * (int64_t) f8_19; + int64_t f6f9_38 = f6 * (int64_t) f9_38; + int64_t f7f7_38 = f7 * (int64_t) f7_38; + int64_t f7f8_38 = f7_2 * (int64_t) f8_19; + int64_t f7f9_76 = f7_2 * (int64_t) f9_38; + int64_t f8f8_19 = f8 * (int64_t) f8_19; + int64_t f8f9_38 = f8 * (int64_t) f9_38; + int64_t f9f9_38 = f9 * (int64_t) f9_38; + int64_t h0 = f0f0 + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38; + int64_t h1 = f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38; + int64_t h2 = f0f2_2 + f1f1_2 + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19; + int64_t h3 = f0f3_2 + f1f2_2 + f4f9_38 + f5f8_38 + f6f7_38; + int64_t h4 = f0f4_2 + f1f3_4 + f2f2 + f5f9_76 + f6f8_38 + f7f7_38; + int64_t h5 = f0f5_2 + f1f4_2 + f2f3_2 + f6f9_38 + f7f8_38; + int64_t h6 = f0f6_2 + f1f5_4 + f2f4_2 + f3f3_2 + f7f9_76 + f8f8_19; + int64_t h7 = f0f7_2 + f1f6_2 + f2f5_2 + f3f4_2 + f8f9_38; + int64_t h8 = f0f8_2 + f1f7_4 + f2f6_2 + f3f5_4 + f4f4 + f9f9_38; + int64_t h9 = f0f9_2 + f1f8_2 + f2f7_2 + f3f6_2 + f4f5_2; + int64_t carry0; + int64_t carry1; + int64_t carry2; + int64_t carry3; + int64_t carry4; + int64_t carry5; + int64_t carry6; + int64_t carry7; + int64_t carry8; + int64_t carry9; + + h0 += h0; + h1 += h1; + h2 += h2; + h3 += h3; + h4 += h4; + h5 += h5; + h6 += h6; + h7 += h7; + h8 += h8; + h9 += h9; + + carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; + carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; + + carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits; + carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits; + + carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits; + carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits; + + carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits; + carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits; + + carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; + carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits; + + carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits; + + carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; + + h[0] = (int32_t)h0; + h[1] = (int32_t)h1; + h[2] = (int32_t)h2; + h[3] = (int32_t)h3; + h[4] = (int32_t)h4; + h[5] = (int32_t)h5; + h[6] = (int32_t)h6; + h[7] = (int32_t)h7; + h[8] = (int32_t)h8; + h[9] = (int32_t)h9; } -static void fe_pow22523(fe out, const fe z) { - fe t0; - fe t1; - fe t2; - int i; +static void fe_pow22523(fe out, const fe z) +{ + fe t0; + fe t1; + fe t2; + int i; - fe_sq(t0, z); - fe_sq(t1, t0); - for (i = 1; i < 2; ++i) { - fe_sq(t1, t1); - } - fe_mul(t1, z, t1); - fe_mul(t0, t0, t1); - fe_sq(t0, t0); - fe_mul(t0, t1, t0); - fe_sq(t1, t0); - for (i = 1; i < 5; ++i) { - fe_sq(t1, t1); - } - fe_mul(t0, t1, t0); - fe_sq(t1, t0); - for (i = 1; i < 10; ++i) { - fe_sq(t1, t1); - } - fe_mul(t1, t1, t0); - fe_sq(t2, t1); - for (i = 1; i < 20; ++i) { - fe_sq(t2, t2); - } - fe_mul(t1, t2, t1); - fe_sq(t1, t1); - for (i = 1; i < 10; ++i) { - fe_sq(t1, t1); - } - fe_mul(t0, t1, t0); - fe_sq(t1, t0); - for (i = 1; i < 50; ++i) { + fe_sq(t0, z); + fe_sq(t1, t0); + for (i = 1; i < 2; ++i) { + fe_sq(t1, t1); + } + fe_mul(t1, z, t1); + fe_mul(t0, t0, t1); + fe_sq(t0, t0); + fe_mul(t0, t1, t0); + fe_sq(t1, t0); + for (i = 1; i < 5; ++i) { + fe_sq(t1, t1); + } + fe_mul(t0, t1, t0); + fe_sq(t1, t0); + for (i = 1; i < 10; ++i) { + fe_sq(t1, t1); + } + fe_mul(t1, t1, t0); + fe_sq(t2, t1); + for (i = 1; i < 20; ++i) { + fe_sq(t2, t2); + } + fe_mul(t1, t2, t1); fe_sq(t1, t1); - } - fe_mul(t1, t1, t0); - fe_sq(t2, t1); - for (i = 1; i < 100; ++i) { - fe_sq(t2, t2); - } - fe_mul(t1, t2, t1); - fe_sq(t1, t1); - for (i = 1; i < 50; ++i) { + for (i = 1; i < 10; ++i) { + fe_sq(t1, t1); + } + fe_mul(t0, t1, t0); + fe_sq(t1, t0); + for (i = 1; i < 50; ++i) { + fe_sq(t1, t1); + } + fe_mul(t1, t1, t0); + fe_sq(t2, t1); + for (i = 1; i < 100; ++i) { + fe_sq(t2, t2); + } + fe_mul(t1, t2, t1); fe_sq(t1, t1); - } - fe_mul(t0, t1, t0); - fe_sq(t0, t0); - for (i = 1; i < 2; ++i) { + for (i = 1; i < 50; ++i) { + fe_sq(t1, t1); + } + fe_mul(t0, t1, t0); fe_sq(t0, t0); - } - fe_mul(out, t0, z); + for (i = 1; i < 2; ++i) { + fe_sq(t0, t0); + } + fe_mul(out, t0, z); } -/* ge means group element. - +/* + * ge means group element. + * * Here the group is the set of pairs (x,y) of field elements (see fe.h) * satisfying -x^2 + y^2 = 1 + d x^2y^2 * where d = -121665/121666. @@ -1725,268 +1782,292 @@ static void fe_pow22523(fe out, const fe z) { * ge_p2 (projective): (X:Y:Z) satisfying x=X/Z, y=Y/Z * ge_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT * ge_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T - * ge_precomp (Duif): (y+x,y-x,2dxy) */ - + * ge_precomp (Duif): (y+x,y-x,2dxy) + */ typedef struct { - fe X; - fe Y; - fe Z; + fe X; + fe Y; + fe Z; } ge_p2; typedef struct { - fe X; - fe Y; - fe Z; - fe T; + fe X; + fe Y; + fe Z; + fe T; } ge_p3; typedef struct { - fe X; - fe Y; - fe Z; - fe T; + fe X; + fe Y; + fe Z; + fe T; } ge_p1p1; typedef struct { - fe yplusx; - fe yminusx; - fe xy2d; + fe yplusx; + fe yminusx; + fe xy2d; } ge_precomp; typedef struct { - fe YplusX; - fe YminusX; - fe Z; - fe T2d; + fe YplusX; + fe YminusX; + fe Z; + fe T2d; } ge_cached; -static void ge_tobytes(uint8_t *s, const ge_p2 *h) { - fe recip; - fe x; - fe y; +static void ge_tobytes(uint8_t *s, const ge_p2 *h) +{ + fe recip; + fe x; + fe y; + + fe_invert(recip, h->Z); + fe_mul(x, h->X, recip); + fe_mul(y, h->Y, recip); + fe_tobytes(s, y); + s[31] ^= fe_isnegative(x) << 7; +} - fe_invert(recip, h->Z); - fe_mul(x, h->X, recip); - fe_mul(y, h->Y, recip); - fe_tobytes(s, y); - s[31] ^= fe_isnegative(x) << 7; +static void ge_p3_tobytes(uint8_t *s, const ge_p3 *h) +{ + fe recip; + fe x; + fe y; + + fe_invert(recip, h->Z); + fe_mul(x, h->X, recip); + fe_mul(y, h->Y, recip); + fe_tobytes(s, y); + s[31] ^= fe_isnegative(x) << 7; } -static void ge_p3_tobytes(uint8_t *s, const ge_p3 *h) { - fe recip; - fe x; - fe y; +static const fe d = { + -10913610, 13857413, -15372611, 6949391, 114729, + -8787816, -6275908, -3247719, -18696448, -12055116 +}; - fe_invert(recip, h->Z); - fe_mul(x, h->X, recip); - fe_mul(y, h->Y, recip); - fe_tobytes(s, y); - s[31] ^= fe_isnegative(x) << 7; -} +static const fe sqrtm1 = { + -32595792, -7943725, 9377950, 3500415, 12389472, + -272473, -25146209, -2005654, 326686, 11406482 +}; -static const fe d = {-10913610, 13857413, -15372611, 6949391, 114729, - -8787816, -6275908, -3247719, -18696448, -12055116}; - -static const fe sqrtm1 = {-32595792, -7943725, 9377950, 3500415, 12389472, - -272473, -25146209, -2005654, 326686, 11406482}; - -static int ge_frombytes_vartime(ge_p3 *h, const uint8_t *s) { - fe u; - fe v; - fe v3; - fe vxx; - fe check; - - fe_frombytes(h->Y, s); - fe_1(h->Z); - fe_sq(u, h->Y); - fe_mul(v, u, d); - fe_sub(u, u, h->Z); /* u = y^2-1 */ - fe_add(v, v, h->Z); /* v = dy^2+1 */ - - fe_sq(v3, v); - fe_mul(v3, v3, v); /* v3 = v^3 */ - fe_sq(h->X, v3); - fe_mul(h->X, h->X, v); - fe_mul(h->X, h->X, u); /* x = uv^7 */ - - fe_pow22523(h->X, h->X); /* x = (uv^7)^((q-5)/8) */ - fe_mul(h->X, h->X, v3); - fe_mul(h->X, h->X, u); /* x = uv^3(uv^7)^((q-5)/8) */ - - fe_sq(vxx, h->X); - fe_mul(vxx, vxx, v); - fe_sub(check, vxx, u); /* vx^2-u */ - if (fe_isnonzero(check)) { - fe_add(check, vxx, u); /* vx^2+u */ +static int ge_frombytes_vartime(ge_p3 *h, const uint8_t *s) +{ + fe u; + fe v; + fe v3; + fe vxx; + fe check; + + fe_frombytes(h->Y, s); + fe_1(h->Z); + fe_sq(u, h->Y); + fe_mul(v, u, d); + fe_sub(u, u, h->Z); /* u = y^2-1 */ + fe_add(v, v, h->Z); /* v = dy^2+1 */ + + fe_sq(v3, v); + fe_mul(v3, v3, v); /* v3 = v^3 */ + fe_sq(h->X, v3); + fe_mul(h->X, h->X, v); + fe_mul(h->X, h->X, u); /* x = uv^7 */ + + fe_pow22523(h->X, h->X); /* x = (uv^7)^((q-5)/8) */ + fe_mul(h->X, h->X, v3); + fe_mul(h->X, h->X, u); /* x = uv^3(uv^7)^((q-5)/8) */ + + fe_sq(vxx, h->X); + fe_mul(vxx, vxx, v); + fe_sub(check, vxx, u); /* vx^2-u */ if (fe_isnonzero(check)) { - return -1; + fe_add(check, vxx, u); /* vx^2+u */ + if (fe_isnonzero(check)) { + return -1; + } + fe_mul(h->X, h->X, sqrtm1); } - fe_mul(h->X, h->X, sqrtm1); - } - if (fe_isnegative(h->X) != (s[31] >> 7)) { - fe_neg(h->X, h->X); - } + if (fe_isnegative(h->X) != (s[31] >> 7)) { + fe_neg(h->X, h->X); + } - fe_mul(h->T, h->X, h->Y); - return 0; + fe_mul(h->T, h->X, h->Y); + return 0; } -static void ge_p2_0(ge_p2 *h) { - fe_0(h->X); - fe_1(h->Y); - fe_1(h->Z); +static void ge_p2_0(ge_p2 *h) +{ + fe_0(h->X); + fe_1(h->Y); + fe_1(h->Z); } -static void ge_p3_0(ge_p3 *h) { - fe_0(h->X); - fe_1(h->Y); - fe_1(h->Z); - fe_0(h->T); +static void ge_p3_0(ge_p3 *h) +{ + fe_0(h->X); + fe_1(h->Y); + fe_1(h->Z); + fe_0(h->T); } -static void ge_precomp_0(ge_precomp *h) { - fe_1(h->yplusx); - fe_1(h->yminusx); - fe_0(h->xy2d); +static void ge_precomp_0(ge_precomp *h) +{ + fe_1(h->yplusx); + fe_1(h->yminusx); + fe_0(h->xy2d); } /* r = p */ -static void ge_p3_to_p2(ge_p2 *r, const ge_p3 *p) { - fe_copy(r->X, p->X); - fe_copy(r->Y, p->Y); - fe_copy(r->Z, p->Z); +static void ge_p3_to_p2(ge_p2 *r, const ge_p3 *p) +{ + fe_copy(r->X, p->X); + fe_copy(r->Y, p->Y); + fe_copy(r->Z, p->Z); } -static const fe d2 = {-21827239, -5839606, -30745221, 13898782, 229458, - 15978800, -12551817, -6495438, 29715968, 9444199}; +static const fe d2 = { + -21827239, -5839606, -30745221, 13898782, 229458, + 15978800, -12551817, -6495438, 29715968, 9444199 +}; /* r = p */ -static void ge_p3_to_cached(ge_cached *r, const ge_p3 *p) { - fe_add(r->YplusX, p->Y, p->X); - fe_sub(r->YminusX, p->Y, p->X); - fe_copy(r->Z, p->Z); - fe_mul(r->T2d, p->T, d2); +static void ge_p3_to_cached(ge_cached *r, const ge_p3 *p) +{ + fe_add(r->YplusX, p->Y, p->X); + fe_sub(r->YminusX, p->Y, p->X); + fe_copy(r->Z, p->Z); + fe_mul(r->T2d, p->T, d2); } /* r = p */ -static void ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p) { - fe_mul(r->X, p->X, p->T); - fe_mul(r->Y, p->Y, p->Z); - fe_mul(r->Z, p->Z, p->T); +static void ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p) +{ + fe_mul(r->X, p->X, p->T); + fe_mul(r->Y, p->Y, p->Z); + fe_mul(r->Z, p->Z, p->T); } /* r = p */ -static void ge_p1p1_to_p3(ge_p3 *r, const ge_p1p1 *p) { - fe_mul(r->X, p->X, p->T); - fe_mul(r->Y, p->Y, p->Z); - fe_mul(r->Z, p->Z, p->T); - fe_mul(r->T, p->X, p->Y); +static void ge_p1p1_to_p3(ge_p3 *r, const ge_p1p1 *p) +{ + fe_mul(r->X, p->X, p->T); + fe_mul(r->Y, p->Y, p->Z); + fe_mul(r->Z, p->Z, p->T); + fe_mul(r->T, p->X, p->Y); } /* r = 2 * p */ -static void ge_p2_dbl(ge_p1p1 *r, const ge_p2 *p) { - fe t0; - - fe_sq(r->X, p->X); - fe_sq(r->Z, p->Y); - fe_sq2(r->T, p->Z); - fe_add(r->Y, p->X, p->Y); - fe_sq(t0, r->Y); - fe_add(r->Y, r->Z, r->X); - fe_sub(r->Z, r->Z, r->X); - fe_sub(r->X, t0, r->Y); - fe_sub(r->T, r->T, r->Z); +static void ge_p2_dbl(ge_p1p1 *r, const ge_p2 *p) +{ + fe t0; + + fe_sq(r->X, p->X); + fe_sq(r->Z, p->Y); + fe_sq2(r->T, p->Z); + fe_add(r->Y, p->X, p->Y); + fe_sq(t0, r->Y); + fe_add(r->Y, r->Z, r->X); + fe_sub(r->Z, r->Z, r->X); + fe_sub(r->X, t0, r->Y); + fe_sub(r->T, r->T, r->Z); } /* r = 2 * p */ -static void ge_p3_dbl(ge_p1p1 *r, const ge_p3 *p) { - ge_p2 q; - ge_p3_to_p2(&q, p); - ge_p2_dbl(r, &q); +static void ge_p3_dbl(ge_p1p1 *r, const ge_p3 *p) +{ + ge_p2 q; + ge_p3_to_p2(&q, p); + ge_p2_dbl(r, &q); } /* r = p + q */ -static void ge_madd(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q) { - fe t0; - - fe_add(r->X, p->Y, p->X); - fe_sub(r->Y, p->Y, p->X); - fe_mul(r->Z, r->X, q->yplusx); - fe_mul(r->Y, r->Y, q->yminusx); - fe_mul(r->T, q->xy2d, p->T); - fe_add(t0, p->Z, p->Z); - fe_sub(r->X, r->Z, r->Y); - fe_add(r->Y, r->Z, r->Y); - fe_add(r->Z, t0, r->T); - fe_sub(r->T, t0, r->T); +static void ge_madd(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q) +{ + fe t0; + + fe_add(r->X, p->Y, p->X); + fe_sub(r->Y, p->Y, p->X); + fe_mul(r->Z, r->X, q->yplusx); + fe_mul(r->Y, r->Y, q->yminusx); + fe_mul(r->T, q->xy2d, p->T); + fe_add(t0, p->Z, p->Z); + fe_sub(r->X, r->Z, r->Y); + fe_add(r->Y, r->Z, r->Y); + fe_add(r->Z, t0, r->T); + fe_sub(r->T, t0, r->T); } /* r = p - q */ -static void ge_msub(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q) { - fe t0; - - fe_add(r->X, p->Y, p->X); - fe_sub(r->Y, p->Y, p->X); - fe_mul(r->Z, r->X, q->yminusx); - fe_mul(r->Y, r->Y, q->yplusx); - fe_mul(r->T, q->xy2d, p->T); - fe_add(t0, p->Z, p->Z); - fe_sub(r->X, r->Z, r->Y); - fe_add(r->Y, r->Z, r->Y); - fe_sub(r->Z, t0, r->T); - fe_add(r->T, t0, r->T); +static void ge_msub(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q) +{ + fe t0; + + fe_add(r->X, p->Y, p->X); + fe_sub(r->Y, p->Y, p->X); + fe_mul(r->Z, r->X, q->yminusx); + fe_mul(r->Y, r->Y, q->yplusx); + fe_mul(r->T, q->xy2d, p->T); + fe_add(t0, p->Z, p->Z); + fe_sub(r->X, r->Z, r->Y); + fe_add(r->Y, r->Z, r->Y); + fe_sub(r->Z, t0, r->T); + fe_add(r->T, t0, r->T); } /* r = p + q */ -static void ge_add(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q) { - fe t0; - - fe_add(r->X, p->Y, p->X); - fe_sub(r->Y, p->Y, p->X); - fe_mul(r->Z, r->X, q->YplusX); - fe_mul(r->Y, r->Y, q->YminusX); - fe_mul(r->T, q->T2d, p->T); - fe_mul(r->X, p->Z, q->Z); - fe_add(t0, r->X, r->X); - fe_sub(r->X, r->Z, r->Y); - fe_add(r->Y, r->Z, r->Y); - fe_add(r->Z, t0, r->T); - fe_sub(r->T, t0, r->T); +static void ge_add(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q) +{ + fe t0; + + fe_add(r->X, p->Y, p->X); + fe_sub(r->Y, p->Y, p->X); + fe_mul(r->Z, r->X, q->YplusX); + fe_mul(r->Y, r->Y, q->YminusX); + fe_mul(r->T, q->T2d, p->T); + fe_mul(r->X, p->Z, q->Z); + fe_add(t0, r->X, r->X); + fe_sub(r->X, r->Z, r->Y); + fe_add(r->Y, r->Z, r->Y); + fe_add(r->Z, t0, r->T); + fe_sub(r->T, t0, r->T); } /* r = p - q */ -static void ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q) { - fe t0; - - fe_add(r->X, p->Y, p->X); - fe_sub(r->Y, p->Y, p->X); - fe_mul(r->Z, r->X, q->YminusX); - fe_mul(r->Y, r->Y, q->YplusX); - fe_mul(r->T, q->T2d, p->T); - fe_mul(r->X, p->Z, q->Z); - fe_add(t0, r->X, r->X); - fe_sub(r->X, r->Z, r->Y); - fe_add(r->Y, r->Z, r->Y); - fe_sub(r->Z, t0, r->T); - fe_add(r->T, t0, r->T); +static void ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q) +{ + fe t0; + + fe_add(r->X, p->Y, p->X); + fe_sub(r->Y, p->Y, p->X); + fe_mul(r->Z, r->X, q->YminusX); + fe_mul(r->Y, r->Y, q->YplusX); + fe_mul(r->T, q->T2d, p->T); + fe_mul(r->X, p->Z, q->Z); + fe_add(t0, r->X, r->X); + fe_sub(r->X, r->Z, r->Y); + fe_add(r->Y, r->Z, r->Y); + fe_sub(r->Z, t0, r->T); + fe_add(r->T, t0, r->T); } -static uint8_t equal(signed char b, signed char c) { - uint8_t ub = b; - uint8_t uc = c; - uint8_t x = ub ^ uc; /* 0: yes; 1..255: no */ - uint32_t y = x; /* 0: yes; 1..255: no */ - y -= 1; /* 4294967295: yes; 0..254: no */ - y >>= 31; /* 1: yes; 0: no */ - return y; +static uint8_t equal(signed char b, signed char c) +{ + uint8_t ub = b; + uint8_t uc = c; + uint8_t x = ub ^ uc; /* 0: yes; 1..255: no */ + uint32_t y = x; /* 0: yes; 1..255: no */ + y -= 1; /* 4294967295: yes; 0..254: no */ + y >>= 31; /* 1: yes; 0: no */ + return y; } -static void cmov(ge_precomp *t, const ge_precomp *u, uint8_t b) { - fe_cmov(t->yplusx, u->yplusx, b); - fe_cmov(t->yminusx, u->yminusx, b); - fe_cmov(t->xy2d, u->xy2d, b); +static void cmov(ge_precomp *t, const ge_precomp *u, uint8_t b) +{ + fe_cmov(t->yplusx, u->yplusx, b); + fe_cmov(t->yminusx, u->yminusx, b); + fe_cmov(t->xy2d, u->xy2d, b); } /* k25519Precomp[i][j] = (j+1)*256^i*B */ @@ -4105,257 +4186,273 @@ static const ge_precomp k25519Precomp[32][8] = { }, }; -static uint8_t negative(signed char b) { - uint32_t x = b; - x >>= 31; /* 1: yes; 0: no */ - return x; +static uint8_t negative(signed char b) +{ + uint32_t x = b; + + x >>= 31; /* 1: yes; 0: no */ + return x; } -static void table_select(ge_precomp *t, int pos, signed char b) { - ge_precomp minust; - uint8_t bnegative = negative(b); - uint8_t babs = b - ((uint8_t)((-bnegative) & b) << 1); - - ge_precomp_0(t); - cmov(t, &k25519Precomp[pos][0], equal(babs, 1)); - cmov(t, &k25519Precomp[pos][1], equal(babs, 2)); - cmov(t, &k25519Precomp[pos][2], equal(babs, 3)); - cmov(t, &k25519Precomp[pos][3], equal(babs, 4)); - cmov(t, &k25519Precomp[pos][4], equal(babs, 5)); - cmov(t, &k25519Precomp[pos][5], equal(babs, 6)); - cmov(t, &k25519Precomp[pos][6], equal(babs, 7)); - cmov(t, &k25519Precomp[pos][7], equal(babs, 8)); - fe_copy(minust.yplusx, t->yminusx); - fe_copy(minust.yminusx, t->yplusx); - fe_neg(minust.xy2d, t->xy2d); - cmov(t, &minust, bnegative); +static void table_select(ge_precomp *t, int pos, signed char b) +{ + ge_precomp minust; + uint8_t bnegative = negative(b); + uint8_t babs = b - ((uint8_t)((-bnegative) & b) << 1); + + ge_precomp_0(t); + cmov(t, &k25519Precomp[pos][0], equal(babs, 1)); + cmov(t, &k25519Precomp[pos][1], equal(babs, 2)); + cmov(t, &k25519Precomp[pos][2], equal(babs, 3)); + cmov(t, &k25519Precomp[pos][3], equal(babs, 4)); + cmov(t, &k25519Precomp[pos][4], equal(babs, 5)); + cmov(t, &k25519Precomp[pos][5], equal(babs, 6)); + cmov(t, &k25519Precomp[pos][6], equal(babs, 7)); + cmov(t, &k25519Precomp[pos][7], equal(babs, 8)); + fe_copy(minust.yplusx, t->yminusx); + fe_copy(minust.yminusx, t->yplusx); + fe_neg(minust.xy2d, t->xy2d); + cmov(t, &minust, bnegative); } -/* h = a * B +/* + * h = a * B + * * where a = a[0]+256*a[1]+...+256^31 a[31] * B is the Ed25519 base point (x,4/5) with x positive. * * Preconditions: - * a[31] <= 127 */ -static void ge_scalarmult_base(ge_p3 *h, const uint8_t *a) { - signed char e[64]; - signed char carry; - ge_p1p1 r; - ge_p2 s; - ge_precomp t; - int i; - - for (i = 0; i < 32; ++i) { - e[2 * i + 0] = (a[i] >> 0) & 15; - e[2 * i + 1] = (a[i] >> 4) & 15; - } - /* each e[i] is between 0 and 15 */ - /* e[63] is between 0 and 7 */ - - carry = 0; - for (i = 0; i < 63; ++i) { - e[i] += carry; - carry = e[i] + 8; - carry >>= 4; - e[i] -= carry << 4; - } - e[63] += carry; - /* each e[i] is between -8 and 8 */ - - ge_p3_0(h); - for (i = 1; i < 64; i += 2) { - table_select(&t, i / 2, e[i]); - ge_madd(&r, h, &t); - ge_p1p1_to_p3(h, &r); - } - - ge_p3_dbl(&r, h); - ge_p1p1_to_p2(&s, &r); - ge_p2_dbl(&r, &s); - ge_p1p1_to_p2(&s, &r); - ge_p2_dbl(&r, &s); - ge_p1p1_to_p2(&s, &r); - ge_p2_dbl(&r, &s); - ge_p1p1_to_p3(h, &r); - - for (i = 0; i < 64; i += 2) { - table_select(&t, i / 2, e[i]); - ge_madd(&r, h, &t); + * a[31] <= 127 + */ +static void ge_scalarmult_base(ge_p3 *h, const uint8_t *a) +{ + signed char e[64]; + signed char carry; + ge_p1p1 r; + ge_p2 s; + ge_precomp t; + int i; + + for (i = 0; i < 32; ++i) { + e[2 * i + 0] = (a[i] >> 0) & 15; + e[2 * i + 1] = (a[i] >> 4) & 15; + } + /* each e[i] is between 0 and 15 */ + /* e[63] is between 0 and 7 */ + + carry = 0; + for (i = 0; i < 63; ++i) { + e[i] += carry; + carry = e[i] + 8; + carry >>= 4; + e[i] -= carry << 4; + } + e[63] += carry; + /* each e[i] is between -8 and 8 */ + + ge_p3_0(h); + for (i = 1; i < 64; i += 2) { + table_select(&t, i / 2, e[i]); + ge_madd(&r, h, &t); + ge_p1p1_to_p3(h, &r); + } + + ge_p3_dbl(&r, h); + ge_p1p1_to_p2(&s, &r); + ge_p2_dbl(&r, &s); + ge_p1p1_to_p2(&s, &r); + ge_p2_dbl(&r, &s); + ge_p1p1_to_p2(&s, &r); + ge_p2_dbl(&r, &s); ge_p1p1_to_p3(h, &r); - } - OPENSSL_cleanse(e, sizeof(e)); + for (i = 0; i < 64; i += 2) { + table_select(&t, i / 2, e[i]); + ge_madd(&r, h, &t); + ge_p1p1_to_p3(h, &r); + } + + OPENSSL_cleanse(e, sizeof(e)); } #if !defined(BASE_2_51_IMPLEMENTED) -/* Replace (f,g) with (g,f) if b == 1; +/* + * Replace (f,g) with (g,f) if b == 1; * replace (f,g) with (f,g) if b == 0. * - * Preconditions: b in {0,1}. */ -static void fe_cswap(fe f, fe g, unsigned int b) { - size_t i; - b = 0-b; - for (i = 0; i < 10; i++) { - int32_t x = f[i] ^ g[i]; - x &= b; - f[i] ^= x; - g[i] ^= x; - } + * Preconditions: b in {0,1}. + */ +static void fe_cswap(fe f, fe g, unsigned int b) +{ + size_t i; + + b = 0-b; + for (i = 0; i < 10; i++) { + int32_t x = f[i] ^ g[i]; + x &= b; + f[i] ^= x; + g[i] ^= x; + } } -/* h = f * 121666 +/* + * h = f * 121666 + * * Can overlap h with f. * * Preconditions: * |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. * * Postconditions: - * |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. */ -static void fe_mul121666(fe h, fe f) { - int32_t f0 = f[0]; - int32_t f1 = f[1]; - int32_t f2 = f[2]; - int32_t f3 = f[3]; - int32_t f4 = f[4]; - int32_t f5 = f[5]; - int32_t f6 = f[6]; - int32_t f7 = f[7]; - int32_t f8 = f[8]; - int32_t f9 = f[9]; - int64_t h0 = f0 * (int64_t) 121666; - int64_t h1 = f1 * (int64_t) 121666; - int64_t h2 = f2 * (int64_t) 121666; - int64_t h3 = f3 * (int64_t) 121666; - int64_t h4 = f4 * (int64_t) 121666; - int64_t h5 = f5 * (int64_t) 121666; - int64_t h6 = f6 * (int64_t) 121666; - int64_t h7 = f7 * (int64_t) 121666; - int64_t h8 = f8 * (int64_t) 121666; - int64_t h9 = f9 * (int64_t) 121666; - int64_t carry0; - int64_t carry1; - int64_t carry2; - int64_t carry3; - int64_t carry4; - int64_t carry5; - int64_t carry6; - int64_t carry7; - int64_t carry8; - int64_t carry9; - - carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits; - carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits; - carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits; - carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits; - carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits; - - carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; - carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits; - carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; - carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits; - carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits; - - h[0] = (int32_t)h0; - h[1] = (int32_t)h1; - h[2] = (int32_t)h2; - h[3] = (int32_t)h3; - h[4] = (int32_t)h4; - h[5] = (int32_t)h5; - h[6] = (int32_t)h6; - h[7] = (int32_t)h7; - h[8] = (int32_t)h8; - h[9] = (int32_t)h9; + * |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. + */ +static void fe_mul121666(fe h, fe f) +{ + int32_t f0 = f[0]; + int32_t f1 = f[1]; + int32_t f2 = f[2]; + int32_t f3 = f[3]; + int32_t f4 = f[4]; + int32_t f5 = f[5]; + int32_t f6 = f[6]; + int32_t f7 = f[7]; + int32_t f8 = f[8]; + int32_t f9 = f[9]; + int64_t h0 = f0 * (int64_t) 121666; + int64_t h1 = f1 * (int64_t) 121666; + int64_t h2 = f2 * (int64_t) 121666; + int64_t h3 = f3 * (int64_t) 121666; + int64_t h4 = f4 * (int64_t) 121666; + int64_t h5 = f5 * (int64_t) 121666; + int64_t h6 = f6 * (int64_t) 121666; + int64_t h7 = f7 * (int64_t) 121666; + int64_t h8 = f8 * (int64_t) 121666; + int64_t h9 = f9 * (int64_t) 121666; + int64_t carry0; + int64_t carry1; + int64_t carry2; + int64_t carry3; + int64_t carry4; + int64_t carry5; + int64_t carry6; + int64_t carry7; + int64_t carry8; + int64_t carry9; + + carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits; + carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits; + carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits; + carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits; + carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits; + + carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; + carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits; + carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; + carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits; + carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits; + + h[0] = (int32_t)h0; + h[1] = (int32_t)h1; + h[2] = (int32_t)h2; + h[3] = (int32_t)h3; + h[4] = (int32_t)h4; + h[5] = (int32_t)h5; + h[6] = (int32_t)h6; + h[7] = (int32_t)h7; + h[8] = (int32_t)h8; + h[9] = (int32_t)h9; } static void x25519_scalar_mult_generic(uint8_t out[32], const uint8_t scalar[32], const uint8_t point[32]) { - fe x1, x2, z2, x3, z3, tmp0, tmp1; - uint8_t e[32]; - unsigned swap = 0; - int pos; - - memcpy(e, scalar, 32); - e[0] &= 248; - e[31] &= 127; - e[31] |= 64; - fe_frombytes(x1, point); - fe_1(x2); - fe_0(z2); - fe_copy(x3, x1); - fe_1(z3); - - for (pos = 254; pos >= 0; --pos) { - unsigned b = 1 & (e[pos / 8] >> (pos & 7)); - swap ^= b; - fe_cswap(x2, x3, swap); - fe_cswap(z2, z3, swap); - swap = b; - fe_sub(tmp0, x3, z3); - fe_sub(tmp1, x2, z2); - fe_add(x2, x2, z2); - fe_add(z2, x3, z3); - fe_mul(z3, tmp0, x2); - fe_mul(z2, z2, tmp1); - fe_sq(tmp0, tmp1); - fe_sq(tmp1, x2); - fe_add(x3, z3, z2); - fe_sub(z2, z3, z2); - fe_mul(x2, tmp1, tmp0); - fe_sub(tmp1, tmp1, tmp0); - fe_sq(z2, z2); - fe_mul121666(z3, tmp1); - fe_sq(x3, x3); - fe_add(tmp0, tmp0, z3); - fe_mul(z3, x1, z2); - fe_mul(z2, tmp1, tmp0); - } - - fe_invert(z2, z2); - fe_mul(x2, x2, z2); - fe_tobytes(out, x2); - - OPENSSL_cleanse(e, sizeof(e)); + fe x1, x2, z2, x3, z3, tmp0, tmp1; + uint8_t e[32]; + unsigned swap = 0; + int pos; + + memcpy(e, scalar, 32); + e[0] &= 248; + e[31] &= 127; + e[31] |= 64; + fe_frombytes(x1, point); + fe_1(x2); + fe_0(z2); + fe_copy(x3, x1); + fe_1(z3); + + for (pos = 254; pos >= 0; --pos) { + unsigned b = 1 & (e[pos / 8] >> (pos & 7)); + swap ^= b; + fe_cswap(x2, x3, swap); + fe_cswap(z2, z3, swap); + swap = b; + fe_sub(tmp0, x3, z3); + fe_sub(tmp1, x2, z2); + fe_add(x2, x2, z2); + fe_add(z2, x3, z3); + fe_mul(z3, tmp0, x2); + fe_mul(z2, z2, tmp1); + fe_sq(tmp0, tmp1); + fe_sq(tmp1, x2); + fe_add(x3, z3, z2); + fe_sub(z2, z3, z2); + fe_mul(x2, tmp1, tmp0); + fe_sub(tmp1, tmp1, tmp0); + fe_sq(z2, z2); + fe_mul121666(z3, tmp1); + fe_sq(x3, x3); + fe_add(tmp0, tmp0, z3); + fe_mul(z3, x1, z2); + fe_mul(z2, tmp1, tmp0); + } + + fe_invert(z2, z2); + fe_mul(x2, x2, z2); + fe_tobytes(out, x2); + + OPENSSL_cleanse(e, sizeof(e)); } static void x25519_scalar_mult(uint8_t out[32], const uint8_t scalar[32], const uint8_t point[32]) { - x25519_scalar_mult_generic(out, scalar, point); + x25519_scalar_mult_generic(out, scalar, point); } #endif -static void slide(signed char *r, const uint8_t *a) { - int i; - int b; - int k; - - for (i = 0; i < 256; ++i) { - r[i] = 1 & (a[i >> 3] >> (i & 7)); - } - - for (i = 0; i < 256; ++i) { - if (r[i]) { - for (b = 1; b <= 6 && i + b < 256; ++b) { - if (r[i + b]) { - if (r[i] + (r[i + b] << b) <= 15) { - r[i] += r[i + b] << b; - r[i + b] = 0; - } else if (r[i] - (r[i + b] << b) >= -15) { - r[i] -= r[i + b] << b; - for (k = i + b; k < 256; ++k) { - if (!r[k]) { - r[k] = 1; - break; - } - r[k] = 0; +static void slide(signed char *r, const uint8_t *a) +{ + int i; + int b; + int k; + + for (i = 0; i < 256; ++i) { + r[i] = 1 & (a[i >> 3] >> (i & 7)); + } + + for (i = 0; i < 256; ++i) { + if (r[i]) { + for (b = 1; b <= 6 && i + b < 256; ++b) { + if (r[i + b]) { + if (r[i] + (r[i + b] << b) <= 15) { + r[i] += r[i + b] << b; + r[i + b] = 0; + } else if (r[i] - (r[i + b] << b) >= -15) { + r[i] -= r[i + b] << b; + for (k = i + b; k < 256; ++k) { + if (!r[k]) { + r[k] = 1; + break; + } + r[k] = 0; + } + } else { + break; + } + } } - } else { - break; - } } - } } - } } static const ge_precomp Bi[8] = { @@ -4425,1033 +4522,1075 @@ static const ge_precomp Bi[8] = { }, }; -/* r = a * A + b * B +/* + * r = a * A + b * B + * * where a = a[0]+256*a[1]+...+256^31 a[31]. * and b = b[0]+256*b[1]+...+256^31 b[31]. - * B is the Ed25519 base point (x,4/5) with x positive. */ + * B is the Ed25519 base point (x,4/5) with x positive. + */ static void ge_double_scalarmult_vartime(ge_p2 *r, const uint8_t *a, - const ge_p3 *A, const uint8_t *b) { - signed char aslide[256]; - signed char bslide[256]; - ge_cached Ai[8]; /* A,3A,5A,7A,9A,11A,13A,15A */ - ge_p1p1 t; - ge_p3 u; - ge_p3 A2; - int i; - - slide(aslide, a); - slide(bslide, b); - - ge_p3_to_cached(&Ai[0], A); - ge_p3_dbl(&t, A); - ge_p1p1_to_p3(&A2, &t); - ge_add(&t, &A2, &Ai[0]); - ge_p1p1_to_p3(&u, &t); - ge_p3_to_cached(&Ai[1], &u); - ge_add(&t, &A2, &Ai[1]); - ge_p1p1_to_p3(&u, &t); - ge_p3_to_cached(&Ai[2], &u); - ge_add(&t, &A2, &Ai[2]); - ge_p1p1_to_p3(&u, &t); - ge_p3_to_cached(&Ai[3], &u); - ge_add(&t, &A2, &Ai[3]); - ge_p1p1_to_p3(&u, &t); - ge_p3_to_cached(&Ai[4], &u); - ge_add(&t, &A2, &Ai[4]); - ge_p1p1_to_p3(&u, &t); - ge_p3_to_cached(&Ai[5], &u); - ge_add(&t, &A2, &Ai[5]); - ge_p1p1_to_p3(&u, &t); - ge_p3_to_cached(&Ai[6], &u); - ge_add(&t, &A2, &Ai[6]); - ge_p1p1_to_p3(&u, &t); - ge_p3_to_cached(&Ai[7], &u); - - ge_p2_0(r); - - for (i = 255; i >= 0; --i) { - if (aslide[i] || bslide[i]) { - break; + const ge_p3 *A, const uint8_t *b) +{ + signed char aslide[256]; + signed char bslide[256]; + ge_cached Ai[8]; /* A,3A,5A,7A,9A,11A,13A,15A */ + ge_p1p1 t; + ge_p3 u; + ge_p3 A2; + int i; + + slide(aslide, a); + slide(bslide, b); + + ge_p3_to_cached(&Ai[0], A); + ge_p3_dbl(&t, A); + ge_p1p1_to_p3(&A2, &t); + ge_add(&t, &A2, &Ai[0]); + ge_p1p1_to_p3(&u, &t); + ge_p3_to_cached(&Ai[1], &u); + ge_add(&t, &A2, &Ai[1]); + ge_p1p1_to_p3(&u, &t); + ge_p3_to_cached(&Ai[2], &u); + ge_add(&t, &A2, &Ai[2]); + ge_p1p1_to_p3(&u, &t); + ge_p3_to_cached(&Ai[3], &u); + ge_add(&t, &A2, &Ai[3]); + ge_p1p1_to_p3(&u, &t); + ge_p3_to_cached(&Ai[4], &u); + ge_add(&t, &A2, &Ai[4]); + ge_p1p1_to_p3(&u, &t); + ge_p3_to_cached(&Ai[5], &u); + ge_add(&t, &A2, &Ai[5]); + ge_p1p1_to_p3(&u, &t); + ge_p3_to_cached(&Ai[6], &u); + ge_add(&t, &A2, &Ai[6]); + ge_p1p1_to_p3(&u, &t); + ge_p3_to_cached(&Ai[7], &u); + + ge_p2_0(r); + + for (i = 255; i >= 0; --i) { + if (aslide[i] || bslide[i]) { + break; + } } - } - for (; i >= 0; --i) { - ge_p2_dbl(&t, r); + for (; i >= 0; --i) { + ge_p2_dbl(&t, r); - if (aslide[i] > 0) { - ge_p1p1_to_p3(&u, &t); - ge_add(&t, &u, &Ai[aslide[i] / 2]); - } else if (aslide[i] < 0) { - ge_p1p1_to_p3(&u, &t); - ge_sub(&t, &u, &Ai[(-aslide[i]) / 2]); - } + if (aslide[i] > 0) { + ge_p1p1_to_p3(&u, &t); + ge_add(&t, &u, &Ai[aslide[i] / 2]); + } else if (aslide[i] < 0) { + ge_p1p1_to_p3(&u, &t); + ge_sub(&t, &u, &Ai[(-aslide[i]) / 2]); + } - if (bslide[i] > 0) { - ge_p1p1_to_p3(&u, &t); - ge_madd(&t, &u, &Bi[bslide[i] / 2]); - } else if (bslide[i] < 0) { - ge_p1p1_to_p3(&u, &t); - ge_msub(&t, &u, &Bi[(-bslide[i]) / 2]); - } + if (bslide[i] > 0) { + ge_p1p1_to_p3(&u, &t); + ge_madd(&t, &u, &Bi[bslide[i] / 2]); + } else if (bslide[i] < 0) { + ge_p1p1_to_p3(&u, &t); + ge_msub(&t, &u, &Bi[(-bslide[i]) / 2]); + } - ge_p1p1_to_p2(r, &t); - } + ge_p1p1_to_p2(r, &t); + } } -/* The set of scalars is \Z/l - * where l = 2^252 + 27742317777372353535851937790883648493. */ - -/* Input: +/* + * The set of scalars is \Z/l + * where l = 2^252 + 27742317777372353535851937790883648493. + * + * Input: * s[0]+256*s[1]+...+256^63*s[63] = s * * Output: * s[0]+256*s[1]+...+256^31*s[31] = s mod l * where l = 2^252 + 27742317777372353535851937790883648493. - * Overwrites s in place. */ -static void x25519_sc_reduce(uint8_t *s) { - int64_t s0 = 2097151 & load_3(s); - int64_t s1 = 2097151 & (load_4(s + 2) >> 5); - int64_t s2 = 2097151 & (load_3(s + 5) >> 2); - int64_t s3 = 2097151 & (load_4(s + 7) >> 7); - int64_t s4 = 2097151 & (load_4(s + 10) >> 4); - int64_t s5 = 2097151 & (load_3(s + 13) >> 1); - int64_t s6 = 2097151 & (load_4(s + 15) >> 6); - int64_t s7 = 2097151 & (load_3(s + 18) >> 3); - int64_t s8 = 2097151 & load_3(s + 21); - int64_t s9 = 2097151 & (load_4(s + 23) >> 5); - int64_t s10 = 2097151 & (load_3(s + 26) >> 2); - int64_t s11 = 2097151 & (load_4(s + 28) >> 7); - int64_t s12 = 2097151 & (load_4(s + 31) >> 4); - int64_t s13 = 2097151 & (load_3(s + 34) >> 1); - int64_t s14 = 2097151 & (load_4(s + 36) >> 6); - int64_t s15 = 2097151 & (load_3(s + 39) >> 3); - int64_t s16 = 2097151 & load_3(s + 42); - int64_t s17 = 2097151 & (load_4(s + 44) >> 5); - int64_t s18 = 2097151 & (load_3(s + 47) >> 2); - int64_t s19 = 2097151 & (load_4(s + 49) >> 7); - int64_t s20 = 2097151 & (load_4(s + 52) >> 4); - int64_t s21 = 2097151 & (load_3(s + 55) >> 1); - int64_t s22 = 2097151 & (load_4(s + 57) >> 6); - int64_t s23 = (load_4(s + 60) >> 3); - int64_t carry0; - int64_t carry1; - int64_t carry2; - int64_t carry3; - int64_t carry4; - int64_t carry5; - int64_t carry6; - int64_t carry7; - int64_t carry8; - int64_t carry9; - int64_t carry10; - int64_t carry11; - int64_t carry12; - int64_t carry13; - int64_t carry14; - int64_t carry15; - int64_t carry16; - - s11 += s23 * 666643; - s12 += s23 * 470296; - s13 += s23 * 654183; - s14 -= s23 * 997805; - s15 += s23 * 136657; - s16 -= s23 * 683901; - s23 = 0; - - s10 += s22 * 666643; - s11 += s22 * 470296; - s12 += s22 * 654183; - s13 -= s22 * 997805; - s14 += s22 * 136657; - s15 -= s22 * 683901; - s22 = 0; - - s9 += s21 * 666643; - s10 += s21 * 470296; - s11 += s21 * 654183; - s12 -= s21 * 997805; - s13 += s21 * 136657; - s14 -= s21 * 683901; - s21 = 0; - - s8 += s20 * 666643; - s9 += s20 * 470296; - s10 += s20 * 654183; - s11 -= s20 * 997805; - s12 += s20 * 136657; - s13 -= s20 * 683901; - s20 = 0; - - s7 += s19 * 666643; - s8 += s19 * 470296; - s9 += s19 * 654183; - s10 -= s19 * 997805; - s11 += s19 * 136657; - s12 -= s19 * 683901; - s19 = 0; - - s6 += s18 * 666643; - s7 += s18 * 470296; - s8 += s18 * 654183; - s9 -= s18 * 997805; - s10 += s18 * 136657; - s11 -= s18 * 683901; - s18 = 0; - - carry6 = (s6 + (1 << 20)) >> 21; - s7 += carry6; - s6 -= carry6 * (1 << 21); - carry8 = (s8 + (1 << 20)) >> 21; - s9 += carry8; - s8 -= carry8 * (1 << 21); - carry10 = (s10 + (1 << 20)) >> 21; - s11 += carry10; - s10 -= carry10 * (1 << 21); - carry12 = (s12 + (1 << 20)) >> 21; - s13 += carry12; - s12 -= carry12 * (1 << 21); - carry14 = (s14 + (1 << 20)) >> 21; - s15 += carry14; - s14 -= carry14 * (1 << 21); - carry16 = (s16 + (1 << 20)) >> 21; - s17 += carry16; - s16 -= carry16 * (1 << 21); - - carry7 = (s7 + (1 << 20)) >> 21; - s8 += carry7; - s7 -= carry7 * (1 << 21); - carry9 = (s9 + (1 << 20)) >> 21; - s10 += carry9; - s9 -= carry9 * (1 << 21); - carry11 = (s11 + (1 << 20)) >> 21; - s12 += carry11; - s11 -= carry11 * (1 << 21); - carry13 = (s13 + (1 << 20)) >> 21; - s14 += carry13; - s13 -= carry13 * (1 << 21); - carry15 = (s15 + (1 << 20)) >> 21; - s16 += carry15; - s15 -= carry15 * (1 << 21); - - s5 += s17 * 666643; - s6 += s17 * 470296; - s7 += s17 * 654183; - s8 -= s17 * 997805; - s9 += s17 * 136657; - s10 -= s17 * 683901; - s17 = 0; - - s4 += s16 * 666643; - s5 += s16 * 470296; - s6 += s16 * 654183; - s7 -= s16 * 997805; - s8 += s16 * 136657; - s9 -= s16 * 683901; - s16 = 0; - - s3 += s15 * 666643; - s4 += s15 * 470296; - s5 += s15 * 654183; - s6 -= s15 * 997805; - s7 += s15 * 136657; - s8 -= s15 * 683901; - s15 = 0; - - s2 += s14 * 666643; - s3 += s14 * 470296; - s4 += s14 * 654183; - s5 -= s14 * 997805; - s6 += s14 * 136657; - s7 -= s14 * 683901; - s14 = 0; - - s1 += s13 * 666643; - s2 += s13 * 470296; - s3 += s13 * 654183; - s4 -= s13 * 997805; - s5 += s13 * 136657; - s6 -= s13 * 683901; - s13 = 0; - - s0 += s12 * 666643; - s1 += s12 * 470296; - s2 += s12 * 654183; - s3 -= s12 * 997805; - s4 += s12 * 136657; - s5 -= s12 * 683901; - s12 = 0; - - carry0 = (s0 + (1 << 20)) >> 21; - s1 += carry0; - s0 -= carry0 * (1 << 21); - carry2 = (s2 + (1 << 20)) >> 21; - s3 += carry2; - s2 -= carry2 * (1 << 21); - carry4 = (s4 + (1 << 20)) >> 21; - s5 += carry4; - s4 -= carry4 * (1 << 21); - carry6 = (s6 + (1 << 20)) >> 21; - s7 += carry6; - s6 -= carry6 * (1 << 21); - carry8 = (s8 + (1 << 20)) >> 21; - s9 += carry8; - s8 -= carry8 * (1 << 21); - carry10 = (s10 + (1 << 20)) >> 21; - s11 += carry10; - s10 -= carry10 * (1 << 21); - - carry1 = (s1 + (1 << 20)) >> 21; - s2 += carry1; - s1 -= carry1 * (1 << 21); - carry3 = (s3 + (1 << 20)) >> 21; - s4 += carry3; - s3 -= carry3 * (1 << 21); - carry5 = (s5 + (1 << 20)) >> 21; - s6 += carry5; - s5 -= carry5 * (1 << 21); - carry7 = (s7 + (1 << 20)) >> 21; - s8 += carry7; - s7 -= carry7 * (1 << 21); - carry9 = (s9 + (1 << 20)) >> 21; - s10 += carry9; - s9 -= carry9 * (1 << 21); - carry11 = (s11 + (1 << 20)) >> 21; - s12 += carry11; - s11 -= carry11 * (1 << 21); - - s0 += s12 * 666643; - s1 += s12 * 470296; - s2 += s12 * 654183; - s3 -= s12 * 997805; - s4 += s12 * 136657; - s5 -= s12 * 683901; - s12 = 0; - - carry0 = s0 >> 21; - s1 += carry0; - s0 -= carry0 * (1 << 21); - carry1 = s1 >> 21; - s2 += carry1; - s1 -= carry1 * (1 << 21); - carry2 = s2 >> 21; - s3 += carry2; - s2 -= carry2 * (1 << 21); - carry3 = s3 >> 21; - s4 += carry3; - s3 -= carry3 * (1 << 21); - carry4 = s4 >> 21; - s5 += carry4; - s4 -= carry4 * (1 << 21); - carry5 = s5 >> 21; - s6 += carry5; - s5 -= carry5 * (1 << 21); - carry6 = s6 >> 21; - s7 += carry6; - s6 -= carry6 * (1 << 21); - carry7 = s7 >> 21; - s8 += carry7; - s7 -= carry7 * (1 << 21); - carry8 = s8 >> 21; - s9 += carry8; - s8 -= carry8 * (1 << 21); - carry9 = s9 >> 21; - s10 += carry9; - s9 -= carry9 * (1 << 21); - carry10 = s10 >> 21; - s11 += carry10; - s10 -= carry10 * (1 << 21); - carry11 = s11 >> 21; - s12 += carry11; - s11 -= carry11 * (1 << 21); - - s0 += s12 * 666643; - s1 += s12 * 470296; - s2 += s12 * 654183; - s3 -= s12 * 997805; - s4 += s12 * 136657; - s5 -= s12 * 683901; - s12 = 0; - - carry0 = s0 >> 21; - s1 += carry0; - s0 -= carry0 * (1 << 21); - carry1 = s1 >> 21; - s2 += carry1; - s1 -= carry1 * (1 << 21); - carry2 = s2 >> 21; - s3 += carry2; - s2 -= carry2 * (1 << 21); - carry3 = s3 >> 21; - s4 += carry3; - s3 -= carry3 * (1 << 21); - carry4 = s4 >> 21; - s5 += carry4; - s4 -= carry4 * (1 << 21); - carry5 = s5 >> 21; - s6 += carry5; - s5 -= carry5 * (1 << 21); - carry6 = s6 >> 21; - s7 += carry6; - s6 -= carry6 * (1 << 21); - carry7 = s7 >> 21; - s8 += carry7; - s7 -= carry7 * (1 << 21); - carry8 = s8 >> 21; - s9 += carry8; - s8 -= carry8 * (1 << 21); - carry9 = s9 >> 21; - s10 += carry9; - s9 -= carry9 * (1 << 21); - carry10 = s10 >> 21; - s11 += carry10; - s10 -= carry10 * (1 << 21); - - s[0] = (uint8_t)(s0 >> 0); - s[1] = (uint8_t)(s0 >> 8); - s[2] = (uint8_t)((s0 >> 16) | (s1 << 5)); - s[3] = (uint8_t)(s1 >> 3); - s[4] = (uint8_t)(s1 >> 11); - s[5] = (uint8_t)((s1 >> 19) | (s2 << 2)); - s[6] = (uint8_t)(s2 >> 6); - s[7] = (uint8_t)((s2 >> 14) | (s3 << 7)); - s[8] = (uint8_t)(s3 >> 1); - s[9] = (uint8_t)(s3 >> 9); - s[10] = (uint8_t)((s3 >> 17) | (s4 << 4)); - s[11] = (uint8_t)(s4 >> 4); - s[12] = (uint8_t)(s4 >> 12); - s[13] = (uint8_t)((s4 >> 20) | (s5 << 1)); - s[14] = (uint8_t)(s5 >> 7); - s[15] = (uint8_t)((s5 >> 15) | (s6 << 6)); - s[16] = (uint8_t)(s6 >> 2); - s[17] = (uint8_t)(s6 >> 10); - s[18] = (uint8_t)((s6 >> 18) | (s7 << 3)); - s[19] = (uint8_t)(s7 >> 5); - s[20] = (uint8_t)(s7 >> 13); - s[21] = (uint8_t)(s8 >> 0); - s[22] = (uint8_t)(s8 >> 8); - s[23] = (uint8_t)((s8 >> 16) | (s9 << 5)); - s[24] = (uint8_t)(s9 >> 3); - s[25] = (uint8_t)(s9 >> 11); - s[26] = (uint8_t)((s9 >> 19) | (s10 << 2)); - s[27] = (uint8_t)(s10 >> 6); - s[28] = (uint8_t)((s10 >> 14) | (s11 << 7)); - s[29] = (uint8_t)(s11 >> 1); - s[30] = (uint8_t)(s11 >> 9); - s[31] = (uint8_t)(s11 >> 17); + * Overwrites s in place. +*/ +static void x25519_sc_reduce(uint8_t *s) +{ + int64_t s0 = kBottom21Bits & load_3(s); + int64_t s1 = kBottom21Bits & (load_4(s + 2) >> 5); + int64_t s2 = kBottom21Bits & (load_3(s + 5) >> 2); + int64_t s3 = kBottom21Bits & (load_4(s + 7) >> 7); + int64_t s4 = kBottom21Bits & (load_4(s + 10) >> 4); + int64_t s5 = kBottom21Bits & (load_3(s + 13) >> 1); + int64_t s6 = kBottom21Bits & (load_4(s + 15) >> 6); + int64_t s7 = kBottom21Bits & (load_3(s + 18) >> 3); + int64_t s8 = kBottom21Bits & load_3(s + 21); + int64_t s9 = kBottom21Bits & (load_4(s + 23) >> 5); + int64_t s10 = kBottom21Bits & (load_3(s + 26) >> 2); + int64_t s11 = kBottom21Bits & (load_4(s + 28) >> 7); + int64_t s12 = kBottom21Bits & (load_4(s + 31) >> 4); + int64_t s13 = kBottom21Bits & (load_3(s + 34) >> 1); + int64_t s14 = kBottom21Bits & (load_4(s + 36) >> 6); + int64_t s15 = kBottom21Bits & (load_3(s + 39) >> 3); + int64_t s16 = kBottom21Bits & load_3(s + 42); + int64_t s17 = kBottom21Bits & (load_4(s + 44) >> 5); + int64_t s18 = kBottom21Bits & (load_3(s + 47) >> 2); + int64_t s19 = kBottom21Bits & (load_4(s + 49) >> 7); + int64_t s20 = kBottom21Bits & (load_4(s + 52) >> 4); + int64_t s21 = kBottom21Bits & (load_3(s + 55) >> 1); + int64_t s22 = kBottom21Bits & (load_4(s + 57) >> 6); + int64_t s23 = (load_4(s + 60) >> 3); + int64_t carry0; + int64_t carry1; + int64_t carry2; + int64_t carry3; + int64_t carry4; + int64_t carry5; + int64_t carry6; + int64_t carry7; + int64_t carry8; + int64_t carry9; + int64_t carry10; + int64_t carry11; + int64_t carry12; + int64_t carry13; + int64_t carry14; + int64_t carry15; + int64_t carry16; + + s11 += s23 * 666643; + s12 += s23 * 470296; + s13 += s23 * 654183; + s14 -= s23 * 997805; + s15 += s23 * 136657; + s16 -= s23 * 683901; + s23 = 0; + + s10 += s22 * 666643; + s11 += s22 * 470296; + s12 += s22 * 654183; + s13 -= s22 * 997805; + s14 += s22 * 136657; + s15 -= s22 * 683901; + s22 = 0; + + s9 += s21 * 666643; + s10 += s21 * 470296; + s11 += s21 * 654183; + s12 -= s21 * 997805; + s13 += s21 * 136657; + s14 -= s21 * 683901; + s21 = 0; + + s8 += s20 * 666643; + s9 += s20 * 470296; + s10 += s20 * 654183; + s11 -= s20 * 997805; + s12 += s20 * 136657; + s13 -= s20 * 683901; + s20 = 0; + + s7 += s19 * 666643; + s8 += s19 * 470296; + s9 += s19 * 654183; + s10 -= s19 * 997805; + s11 += s19 * 136657; + s12 -= s19 * 683901; + s19 = 0; + + s6 += s18 * 666643; + s7 += s18 * 470296; + s8 += s18 * 654183; + s9 -= s18 * 997805; + s10 += s18 * 136657; + s11 -= s18 * 683901; + s18 = 0; + + carry6 = (s6 + (1 << 20)) >> 21; + s7 += carry6; + s6 -= carry6 * (1 << 21); + carry8 = (s8 + (1 << 20)) >> 21; + s9 += carry8; + s8 -= carry8 * (1 << 21); + carry10 = (s10 + (1 << 20)) >> 21; + s11 += carry10; + s10 -= carry10 * (1 << 21); + carry12 = (s12 + (1 << 20)) >> 21; + s13 += carry12; + s12 -= carry12 * (1 << 21); + carry14 = (s14 + (1 << 20)) >> 21; + s15 += carry14; + s14 -= carry14 * (1 << 21); + carry16 = (s16 + (1 << 20)) >> 21; + s17 += carry16; + s16 -= carry16 * (1 << 21); + + carry7 = (s7 + (1 << 20)) >> 21; + s8 += carry7; + s7 -= carry7 * (1 << 21); + carry9 = (s9 + (1 << 20)) >> 21; + s10 += carry9; + s9 -= carry9 * (1 << 21); + carry11 = (s11 + (1 << 20)) >> 21; + s12 += carry11; + s11 -= carry11 * (1 << 21); + carry13 = (s13 + (1 << 20)) >> 21; + s14 += carry13; + s13 -= carry13 * (1 << 21); + carry15 = (s15 + (1 << 20)) >> 21; + s16 += carry15; + s15 -= carry15 * (1 << 21); + + s5 += s17 * 666643; + s6 += s17 * 470296; + s7 += s17 * 654183; + s8 -= s17 * 997805; + s9 += s17 * 136657; + s10 -= s17 * 683901; + s17 = 0; + + s4 += s16 * 666643; + s5 += s16 * 470296; + s6 += s16 * 654183; + s7 -= s16 * 997805; + s8 += s16 * 136657; + s9 -= s16 * 683901; + s16 = 0; + + s3 += s15 * 666643; + s4 += s15 * 470296; + s5 += s15 * 654183; + s6 -= s15 * 997805; + s7 += s15 * 136657; + s8 -= s15 * 683901; + s15 = 0; + + s2 += s14 * 666643; + s3 += s14 * 470296; + s4 += s14 * 654183; + s5 -= s14 * 997805; + s6 += s14 * 136657; + s7 -= s14 * 683901; + s14 = 0; + + s1 += s13 * 666643; + s2 += s13 * 470296; + s3 += s13 * 654183; + s4 -= s13 * 997805; + s5 += s13 * 136657; + s6 -= s13 * 683901; + s13 = 0; + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; + + carry0 = (s0 + (1 << 20)) >> 21; + s1 += carry0; + s0 -= carry0 * (1 << 21); + carry2 = (s2 + (1 << 20)) >> 21; + s3 += carry2; + s2 -= carry2 * (1 << 21); + carry4 = (s4 + (1 << 20)) >> 21; + s5 += carry4; + s4 -= carry4 * (1 << 21); + carry6 = (s6 + (1 << 20)) >> 21; + s7 += carry6; + s6 -= carry6 * (1 << 21); + carry8 = (s8 + (1 << 20)) >> 21; + s9 += carry8; + s8 -= carry8 * (1 << 21); + carry10 = (s10 + (1 << 20)) >> 21; + s11 += carry10; + s10 -= carry10 * (1 << 21); + + carry1 = (s1 + (1 << 20)) >> 21; + s2 += carry1; + s1 -= carry1 * (1 << 21); + carry3 = (s3 + (1 << 20)) >> 21; + s4 += carry3; + s3 -= carry3 * (1 << 21); + carry5 = (s5 + (1 << 20)) >> 21; + s6 += carry5; + s5 -= carry5 * (1 << 21); + carry7 = (s7 + (1 << 20)) >> 21; + s8 += carry7; + s7 -= carry7 * (1 << 21); + carry9 = (s9 + (1 << 20)) >> 21; + s10 += carry9; + s9 -= carry9 * (1 << 21); + carry11 = (s11 + (1 << 20)) >> 21; + s12 += carry11; + s11 -= carry11 * (1 << 21); + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; + + carry0 = s0 >> 21; + s1 += carry0; + s0 -= carry0 * (1 << 21); + carry1 = s1 >> 21; + s2 += carry1; + s1 -= carry1 * (1 << 21); + carry2 = s2 >> 21; + s3 += carry2; + s2 -= carry2 * (1 << 21); + carry3 = s3 >> 21; + s4 += carry3; + s3 -= carry3 * (1 << 21); + carry4 = s4 >> 21; + s5 += carry4; + s4 -= carry4 * (1 << 21); + carry5 = s5 >> 21; + s6 += carry5; + s5 -= carry5 * (1 << 21); + carry6 = s6 >> 21; + s7 += carry6; + s6 -= carry6 * (1 << 21); + carry7 = s7 >> 21; + s8 += carry7; + s7 -= carry7 * (1 << 21); + carry8 = s8 >> 21; + s9 += carry8; + s8 -= carry8 * (1 << 21); + carry9 = s9 >> 21; + s10 += carry9; + s9 -= carry9 * (1 << 21); + carry10 = s10 >> 21; + s11 += carry10; + s10 -= carry10 * (1 << 21); + carry11 = s11 >> 21; + s12 += carry11; + s11 -= carry11 * (1 << 21); + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; + + carry0 = s0 >> 21; + s1 += carry0; + s0 -= carry0 * (1 << 21); + carry1 = s1 >> 21; + s2 += carry1; + s1 -= carry1 * (1 << 21); + carry2 = s2 >> 21; + s3 += carry2; + s2 -= carry2 * (1 << 21); + carry3 = s3 >> 21; + s4 += carry3; + s3 -= carry3 * (1 << 21); + carry4 = s4 >> 21; + s5 += carry4; + s4 -= carry4 * (1 << 21); + carry5 = s5 >> 21; + s6 += carry5; + s5 -= carry5 * (1 << 21); + carry6 = s6 >> 21; + s7 += carry6; + s6 -= carry6 * (1 << 21); + carry7 = s7 >> 21; + s8 += carry7; + s7 -= carry7 * (1 << 21); + carry8 = s8 >> 21; + s9 += carry8; + s8 -= carry8 * (1 << 21); + carry9 = s9 >> 21; + s10 += carry9; + s9 -= carry9 * (1 << 21); + carry10 = s10 >> 21; + s11 += carry10; + s10 -= carry10 * (1 << 21); + + s[ 0] = (uint8_t) (s0 >> 0); + s[ 1] = (uint8_t) (s0 >> 8); + s[ 2] = (uint8_t)((s0 >> 16) | (s1 << 5)); + s[ 3] = (uint8_t) (s1 >> 3); + s[ 4] = (uint8_t) (s1 >> 11); + s[ 5] = (uint8_t)((s1 >> 19) | (s2 << 2)); + s[ 6] = (uint8_t) (s2 >> 6); + s[ 7] = (uint8_t)((s2 >> 14) | (s3 << 7)); + s[ 8] = (uint8_t) (s3 >> 1); + s[ 9] = (uint8_t) (s3 >> 9); + s[10] = (uint8_t)((s3 >> 17) | (s4 << 4)); + s[11] = (uint8_t) (s4 >> 4); + s[12] = (uint8_t) (s4 >> 12); + s[13] = (uint8_t)((s4 >> 20) | (s5 << 1)); + s[14] = (uint8_t) (s5 >> 7); + s[15] = (uint8_t)((s5 >> 15) | (s6 << 6)); + s[16] = (uint8_t) (s6 >> 2); + s[17] = (uint8_t) (s6 >> 10); + s[18] = (uint8_t)((s6 >> 18) | (s7 << 3)); + s[19] = (uint8_t) (s7 >> 5); + s[20] = (uint8_t) (s7 >> 13); + s[21] = (uint8_t) (s8 >> 0); + s[22] = (uint8_t) (s8 >> 8); + s[23] = (uint8_t)((s8 >> 16) | (s9 << 5)); + s[24] = (uint8_t) (s9 >> 3); + s[25] = (uint8_t) (s9 >> 11); + s[26] = (uint8_t)((s9 >> 19) | (s10 << 2)); + s[27] = (uint8_t) (s10 >> 6); + s[28] = (uint8_t)((s10 >> 14) | (s11 << 7)); + s[29] = (uint8_t) (s11 >> 1); + s[30] = (uint8_t) (s11 >> 9); + s[31] = (uint8_t) (s11 >> 17); } -/* Input: +/* + * Input: * a[0]+256*a[1]+...+256^31*a[31] = a * b[0]+256*b[1]+...+256^31*b[31] = b * c[0]+256*c[1]+...+256^31*c[31] = c * * Output: * s[0]+256*s[1]+...+256^31*s[31] = (ab+c) mod l - * where l = 2^252 + 27742317777372353535851937790883648493. */ + * where l = 2^252 + 27742317777372353535851937790883648493. + */ static void sc_muladd(uint8_t *s, const uint8_t *a, const uint8_t *b, - const uint8_t *c) { - int64_t a0 = 2097151 & load_3(a); - int64_t a1 = 2097151 & (load_4(a + 2) >> 5); - int64_t a2 = 2097151 & (load_3(a + 5) >> 2); - int64_t a3 = 2097151 & (load_4(a + 7) >> 7); - int64_t a4 = 2097151 & (load_4(a + 10) >> 4); - int64_t a5 = 2097151 & (load_3(a + 13) >> 1); - int64_t a6 = 2097151 & (load_4(a + 15) >> 6); - int64_t a7 = 2097151 & (load_3(a + 18) >> 3); - int64_t a8 = 2097151 & load_3(a + 21); - int64_t a9 = 2097151 & (load_4(a + 23) >> 5); - int64_t a10 = 2097151 & (load_3(a + 26) >> 2); - int64_t a11 = (load_4(a + 28) >> 7); - int64_t b0 = 2097151 & load_3(b); - int64_t b1 = 2097151 & (load_4(b + 2) >> 5); - int64_t b2 = 2097151 & (load_3(b + 5) >> 2); - int64_t b3 = 2097151 & (load_4(b + 7) >> 7); - int64_t b4 = 2097151 & (load_4(b + 10) >> 4); - int64_t b5 = 2097151 & (load_3(b + 13) >> 1); - int64_t b6 = 2097151 & (load_4(b + 15) >> 6); - int64_t b7 = 2097151 & (load_3(b + 18) >> 3); - int64_t b8 = 2097151 & load_3(b + 21); - int64_t b9 = 2097151 & (load_4(b + 23) >> 5); - int64_t b10 = 2097151 & (load_3(b + 26) >> 2); - int64_t b11 = (load_4(b + 28) >> 7); - int64_t c0 = 2097151 & load_3(c); - int64_t c1 = 2097151 & (load_4(c + 2) >> 5); - int64_t c2 = 2097151 & (load_3(c + 5) >> 2); - int64_t c3 = 2097151 & (load_4(c + 7) >> 7); - int64_t c4 = 2097151 & (load_4(c + 10) >> 4); - int64_t c5 = 2097151 & (load_3(c + 13) >> 1); - int64_t c6 = 2097151 & (load_4(c + 15) >> 6); - int64_t c7 = 2097151 & (load_3(c + 18) >> 3); - int64_t c8 = 2097151 & load_3(c + 21); - int64_t c9 = 2097151 & (load_4(c + 23) >> 5); - int64_t c10 = 2097151 & (load_3(c + 26) >> 2); - int64_t c11 = (load_4(c + 28) >> 7); - int64_t s0; - int64_t s1; - int64_t s2; - int64_t s3; - int64_t s4; - int64_t s5; - int64_t s6; - int64_t s7; - int64_t s8; - int64_t s9; - int64_t s10; - int64_t s11; - int64_t s12; - int64_t s13; - int64_t s14; - int64_t s15; - int64_t s16; - int64_t s17; - int64_t s18; - int64_t s19; - int64_t s20; - int64_t s21; - int64_t s22; - int64_t s23; - int64_t carry0; - int64_t carry1; - int64_t carry2; - int64_t carry3; - int64_t carry4; - int64_t carry5; - int64_t carry6; - int64_t carry7; - int64_t carry8; - int64_t carry9; - int64_t carry10; - int64_t carry11; - int64_t carry12; - int64_t carry13; - int64_t carry14; - int64_t carry15; - int64_t carry16; - int64_t carry17; - int64_t carry18; - int64_t carry19; - int64_t carry20; - int64_t carry21; - int64_t carry22; - - s0 = c0 + a0 * b0; - s1 = c1 + a0 * b1 + a1 * b0; - s2 = c2 + a0 * b2 + a1 * b1 + a2 * b0; - s3 = c3 + a0 * b3 + a1 * b2 + a2 * b1 + a3 * b0; - s4 = c4 + a0 * b4 + a1 * b3 + a2 * b2 + a3 * b1 + a4 * b0; - s5 = c5 + a0 * b5 + a1 * b4 + a2 * b3 + a3 * b2 + a4 * b1 + a5 * b0; - s6 = c6 + a0 * b6 + a1 * b5 + a2 * b4 + a3 * b3 + a4 * b2 + a5 * b1 + a6 * b0; - s7 = c7 + a0 * b7 + a1 * b6 + a2 * b5 + a3 * b4 + a4 * b3 + a5 * b2 + - a6 * b1 + a7 * b0; - s8 = c8 + a0 * b8 + a1 * b7 + a2 * b6 + a3 * b5 + a4 * b4 + a5 * b3 + - a6 * b2 + a7 * b1 + a8 * b0; - s9 = c9 + a0 * b9 + a1 * b8 + a2 * b7 + a3 * b6 + a4 * b5 + a5 * b4 + - a6 * b3 + a7 * b2 + a8 * b1 + a9 * b0; - s10 = c10 + a0 * b10 + a1 * b9 + a2 * b8 + a3 * b7 + a4 * b6 + a5 * b5 + - a6 * b4 + a7 * b3 + a8 * b2 + a9 * b1 + a10 * b0; - s11 = c11 + a0 * b11 + a1 * b10 + a2 * b9 + a3 * b8 + a4 * b7 + a5 * b6 + - a6 * b5 + a7 * b4 + a8 * b3 + a9 * b2 + a10 * b1 + a11 * b0; - s12 = a1 * b11 + a2 * b10 + a3 * b9 + a4 * b8 + a5 * b7 + a6 * b6 + a7 * b5 + - a8 * b4 + a9 * b3 + a10 * b2 + a11 * b1; - s13 = a2 * b11 + a3 * b10 + a4 * b9 + a5 * b8 + a6 * b7 + a7 * b6 + a8 * b5 + - a9 * b4 + a10 * b3 + a11 * b2; - s14 = a3 * b11 + a4 * b10 + a5 * b9 + a6 * b8 + a7 * b7 + a8 * b6 + a9 * b5 + - a10 * b4 + a11 * b3; - s15 = a4 * b11 + a5 * b10 + a6 * b9 + a7 * b8 + a8 * b7 + a9 * b6 + a10 * b5 + - a11 * b4; - s16 = a5 * b11 + a6 * b10 + a7 * b9 + a8 * b8 + a9 * b7 + a10 * b6 + a11 * b5; - s17 = a6 * b11 + a7 * b10 + a8 * b9 + a9 * b8 + a10 * b7 + a11 * b6; - s18 = a7 * b11 + a8 * b10 + a9 * b9 + a10 * b8 + a11 * b7; - s19 = a8 * b11 + a9 * b10 + a10 * b9 + a11 * b8; - s20 = a9 * b11 + a10 * b10 + a11 * b9; - s21 = a10 * b11 + a11 * b10; - s22 = a11 * b11; - s23 = 0; - - carry0 = (s0 + (1 << 20)) >> 21; - s1 += carry0; - s0 -= carry0 * (1 << 21); - carry2 = (s2 + (1 << 20)) >> 21; - s3 += carry2; - s2 -= carry2 * (1 << 21); - carry4 = (s4 + (1 << 20)) >> 21; - s5 += carry4; - s4 -= carry4 * (1 << 21); - carry6 = (s6 + (1 << 20)) >> 21; - s7 += carry6; - s6 -= carry6 * (1 << 21); - carry8 = (s8 + (1 << 20)) >> 21; - s9 += carry8; - s8 -= carry8 * (1 << 21); - carry10 = (s10 + (1 << 20)) >> 21; - s11 += carry10; - s10 -= carry10 * (1 << 21); - carry12 = (s12 + (1 << 20)) >> 21; - s13 += carry12; - s12 -= carry12 * (1 << 21); - carry14 = (s14 + (1 << 20)) >> 21; - s15 += carry14; - s14 -= carry14 * (1 << 21); - carry16 = (s16 + (1 << 20)) >> 21; - s17 += carry16; - s16 -= carry16 * (1 << 21); - carry18 = (s18 + (1 << 20)) >> 21; - s19 += carry18; - s18 -= carry18 * (1 << 21); - carry20 = (s20 + (1 << 20)) >> 21; - s21 += carry20; - s20 -= carry20 * (1 << 21); - carry22 = (s22 + (1 << 20)) >> 21; - s23 += carry22; - s22 -= carry22 * (1 << 21); - - carry1 = (s1 + (1 << 20)) >> 21; - s2 += carry1; - s1 -= carry1 * (1 << 21); - carry3 = (s3 + (1 << 20)) >> 21; - s4 += carry3; - s3 -= carry3 * (1 << 21); - carry5 = (s5 + (1 << 20)) >> 21; - s6 += carry5; - s5 -= carry5 * (1 << 21); - carry7 = (s7 + (1 << 20)) >> 21; - s8 += carry7; - s7 -= carry7 * (1 << 21); - carry9 = (s9 + (1 << 20)) >> 21; - s10 += carry9; - s9 -= carry9 * (1 << 21); - carry11 = (s11 + (1 << 20)) >> 21; - s12 += carry11; - s11 -= carry11 * (1 << 21); - carry13 = (s13 + (1 << 20)) >> 21; - s14 += carry13; - s13 -= carry13 * (1 << 21); - carry15 = (s15 + (1 << 20)) >> 21; - s16 += carry15; - s15 -= carry15 * (1 << 21); - carry17 = (s17 + (1 << 20)) >> 21; - s18 += carry17; - s17 -= carry17 * (1 << 21); - carry19 = (s19 + (1 << 20)) >> 21; - s20 += carry19; - s19 -= carry19 * (1 << 21); - carry21 = (s21 + (1 << 20)) >> 21; - s22 += carry21; - s21 -= carry21 * (1 << 21); - - s11 += s23 * 666643; - s12 += s23 * 470296; - s13 += s23 * 654183; - s14 -= s23 * 997805; - s15 += s23 * 136657; - s16 -= s23 * 683901; - s23 = 0; - - s10 += s22 * 666643; - s11 += s22 * 470296; - s12 += s22 * 654183; - s13 -= s22 * 997805; - s14 += s22 * 136657; - s15 -= s22 * 683901; - s22 = 0; - - s9 += s21 * 666643; - s10 += s21 * 470296; - s11 += s21 * 654183; - s12 -= s21 * 997805; - s13 += s21 * 136657; - s14 -= s21 * 683901; - s21 = 0; - - s8 += s20 * 666643; - s9 += s20 * 470296; - s10 += s20 * 654183; - s11 -= s20 * 997805; - s12 += s20 * 136657; - s13 -= s20 * 683901; - s20 = 0; - - s7 += s19 * 666643; - s8 += s19 * 470296; - s9 += s19 * 654183; - s10 -= s19 * 997805; - s11 += s19 * 136657; - s12 -= s19 * 683901; - s19 = 0; - - s6 += s18 * 666643; - s7 += s18 * 470296; - s8 += s18 * 654183; - s9 -= s18 * 997805; - s10 += s18 * 136657; - s11 -= s18 * 683901; - s18 = 0; - - carry6 = (s6 + (1 << 20)) >> 21; - s7 += carry6; - s6 -= carry6 * (1 << 21); - carry8 = (s8 + (1 << 20)) >> 21; - s9 += carry8; - s8 -= carry8 * (1 << 21); - carry10 = (s10 + (1 << 20)) >> 21; - s11 += carry10; - s10 -= carry10 * (1 << 21); - carry12 = (s12 + (1 << 20)) >> 21; - s13 += carry12; - s12 -= carry12 * (1 << 21); - carry14 = (s14 + (1 << 20)) >> 21; - s15 += carry14; - s14 -= carry14 * (1 << 21); - carry16 = (s16 + (1 << 20)) >> 21; - s17 += carry16; - s16 -= carry16 * (1 << 21); - - carry7 = (s7 + (1 << 20)) >> 21; - s8 += carry7; - s7 -= carry7 * (1 << 21); - carry9 = (s9 + (1 << 20)) >> 21; - s10 += carry9; - s9 -= carry9 * (1 << 21); - carry11 = (s11 + (1 << 20)) >> 21; - s12 += carry11; - s11 -= carry11 * (1 << 21); - carry13 = (s13 + (1 << 20)) >> 21; - s14 += carry13; - s13 -= carry13 * (1 << 21); - carry15 = (s15 + (1 << 20)) >> 21; - s16 += carry15; - s15 -= carry15 * (1 << 21); - - s5 += s17 * 666643; - s6 += s17 * 470296; - s7 += s17 * 654183; - s8 -= s17 * 997805; - s9 += s17 * 136657; - s10 -= s17 * 683901; - s17 = 0; - - s4 += s16 * 666643; - s5 += s16 * 470296; - s6 += s16 * 654183; - s7 -= s16 * 997805; - s8 += s16 * 136657; - s9 -= s16 * 683901; - s16 = 0; - - s3 += s15 * 666643; - s4 += s15 * 470296; - s5 += s15 * 654183; - s6 -= s15 * 997805; - s7 += s15 * 136657; - s8 -= s15 * 683901; - s15 = 0; - - s2 += s14 * 666643; - s3 += s14 * 470296; - s4 += s14 * 654183; - s5 -= s14 * 997805; - s6 += s14 * 136657; - s7 -= s14 * 683901; - s14 = 0; - - s1 += s13 * 666643; - s2 += s13 * 470296; - s3 += s13 * 654183; - s4 -= s13 * 997805; - s5 += s13 * 136657; - s6 -= s13 * 683901; - s13 = 0; - - s0 += s12 * 666643; - s1 += s12 * 470296; - s2 += s12 * 654183; - s3 -= s12 * 997805; - s4 += s12 * 136657; - s5 -= s12 * 683901; - s12 = 0; - - carry0 = (s0 + (1 << 20)) >> 21; - s1 += carry0; - s0 -= carry0 * (1 << 21); - carry2 = (s2 + (1 << 20)) >> 21; - s3 += carry2; - s2 -= carry2 * (1 << 21); - carry4 = (s4 + (1 << 20)) >> 21; - s5 += carry4; - s4 -= carry4 * (1 << 21); - carry6 = (s6 + (1 << 20)) >> 21; - s7 += carry6; - s6 -= carry6 * (1 << 21); - carry8 = (s8 + (1 << 20)) >> 21; - s9 += carry8; - s8 -= carry8 * (1 << 21); - carry10 = (s10 + (1 << 20)) >> 21; - s11 += carry10; - s10 -= carry10 * (1 << 21); - - carry1 = (s1 + (1 << 20)) >> 21; - s2 += carry1; - s1 -= carry1 * (1 << 21); - carry3 = (s3 + (1 << 20)) >> 21; - s4 += carry3; - s3 -= carry3 * (1 << 21); - carry5 = (s5 + (1 << 20)) >> 21; - s6 += carry5; - s5 -= carry5 * (1 << 21); - carry7 = (s7 + (1 << 20)) >> 21; - s8 += carry7; - s7 -= carry7 * (1 << 21); - carry9 = (s9 + (1 << 20)) >> 21; - s10 += carry9; - s9 -= carry9 * (1 << 21); - carry11 = (s11 + (1 << 20)) >> 21; - s12 += carry11; - s11 -= carry11 * (1 << 21); - - s0 += s12 * 666643; - s1 += s12 * 470296; - s2 += s12 * 654183; - s3 -= s12 * 997805; - s4 += s12 * 136657; - s5 -= s12 * 683901; - s12 = 0; - - carry0 = s0 >> 21; - s1 += carry0; - s0 -= carry0 * (1 << 21); - carry1 = s1 >> 21; - s2 += carry1; - s1 -= carry1 * (1 << 21); - carry2 = s2 >> 21; - s3 += carry2; - s2 -= carry2 * (1 << 21); - carry3 = s3 >> 21; - s4 += carry3; - s3 -= carry3 * (1 << 21); - carry4 = s4 >> 21; - s5 += carry4; - s4 -= carry4 * (1 << 21); - carry5 = s5 >> 21; - s6 += carry5; - s5 -= carry5 * (1 << 21); - carry6 = s6 >> 21; - s7 += carry6; - s6 -= carry6 * (1 << 21); - carry7 = s7 >> 21; - s8 += carry7; - s7 -= carry7 * (1 << 21); - carry8 = s8 >> 21; - s9 += carry8; - s8 -= carry8 * (1 << 21); - carry9 = s9 >> 21; - s10 += carry9; - s9 -= carry9 * (1 << 21); - carry10 = s10 >> 21; - s11 += carry10; - s10 -= carry10 * (1 << 21); - carry11 = s11 >> 21; - s12 += carry11; - s11 -= carry11 * (1 << 21); - - s0 += s12 * 666643; - s1 += s12 * 470296; - s2 += s12 * 654183; - s3 -= s12 * 997805; - s4 += s12 * 136657; - s5 -= s12 * 683901; - s12 = 0; - - carry0 = s0 >> 21; - s1 += carry0; - s0 -= carry0 * (1 << 21); - carry1 = s1 >> 21; - s2 += carry1; - s1 -= carry1 * (1 << 21); - carry2 = s2 >> 21; - s3 += carry2; - s2 -= carry2 * (1 << 21); - carry3 = s3 >> 21; - s4 += carry3; - s3 -= carry3 * (1 << 21); - carry4 = s4 >> 21; - s5 += carry4; - s4 -= carry4 * (1 << 21); - carry5 = s5 >> 21; - s6 += carry5; - s5 -= carry5 * (1 << 21); - carry6 = s6 >> 21; - s7 += carry6; - s6 -= carry6 * (1 << 21); - carry7 = s7 >> 21; - s8 += carry7; - s7 -= carry7 * (1 << 21); - carry8 = s8 >> 21; - s9 += carry8; - s8 -= carry8 * (1 << 21); - carry9 = s9 >> 21; - s10 += carry9; - s9 -= carry9 * (1 << 21); - carry10 = s10 >> 21; - s11 += carry10; - s10 -= carry10 * (1 << 21); - - s[0] = (uint8_t)(s0 >> 0); - s[1] = (uint8_t)(s0 >> 8); - s[2] = (uint8_t)((s0 >> 16) | (s1 << 5)); - s[3] = (uint8_t)(s1 >> 3); - s[4] = (uint8_t)(s1 >> 11); - s[5] = (uint8_t)((s1 >> 19) | (s2 << 2)); - s[6] = (uint8_t)(s2 >> 6); - s[7] = (uint8_t)((s2 >> 14) | (s3 << 7)); - s[8] = (uint8_t)(s3 >> 1); - s[9] = (uint8_t)(s3 >> 9); - s[10] = (uint8_t)((s3 >> 17) | (s4 << 4)); - s[11] = (uint8_t)(s4 >> 4); - s[12] = (uint8_t)(s4 >> 12); - s[13] = (uint8_t)((s4 >> 20) | (s5 << 1)); - s[14] = (uint8_t)(s5 >> 7); - s[15] = (uint8_t)((s5 >> 15) | (s6 << 6)); - s[16] = (uint8_t)(s6 >> 2); - s[17] = (uint8_t)(s6 >> 10); - s[18] = (uint8_t)((s6 >> 18) | (s7 << 3)); - s[19] = (uint8_t)(s7 >> 5); - s[20] = (uint8_t)(s7 >> 13); - s[21] = (uint8_t)(s8 >> 0); - s[22] = (uint8_t)(s8 >> 8); - s[23] = (uint8_t)((s8 >> 16) | (s9 << 5)); - s[24] = (uint8_t)(s9 >> 3); - s[25] = (uint8_t)(s9 >> 11); - s[26] = (uint8_t)((s9 >> 19) | (s10 << 2)); - s[27] = (uint8_t)(s10 >> 6); - s[28] = (uint8_t)((s10 >> 14) | (s11 << 7)); - s[29] = (uint8_t)(s11 >> 1); - s[30] = (uint8_t)(s11 >> 9); - s[31] = (uint8_t)(s11 >> 17); + const uint8_t *c) +{ + int64_t a0 = kBottom21Bits & load_3(a); + int64_t a1 = kBottom21Bits & (load_4(a + 2) >> 5); + int64_t a2 = kBottom21Bits & (load_3(a + 5) >> 2); + int64_t a3 = kBottom21Bits & (load_4(a + 7) >> 7); + int64_t a4 = kBottom21Bits & (load_4(a + 10) >> 4); + int64_t a5 = kBottom21Bits & (load_3(a + 13) >> 1); + int64_t a6 = kBottom21Bits & (load_4(a + 15) >> 6); + int64_t a7 = kBottom21Bits & (load_3(a + 18) >> 3); + int64_t a8 = kBottom21Bits & load_3(a + 21); + int64_t a9 = kBottom21Bits & (load_4(a + 23) >> 5); + int64_t a10 = kBottom21Bits & (load_3(a + 26) >> 2); + int64_t a11 = (load_4(a + 28) >> 7); + int64_t b0 = kBottom21Bits & load_3(b); + int64_t b1 = kBottom21Bits & (load_4(b + 2) >> 5); + int64_t b2 = kBottom21Bits & (load_3(b + 5) >> 2); + int64_t b3 = kBottom21Bits & (load_4(b + 7) >> 7); + int64_t b4 = kBottom21Bits & (load_4(b + 10) >> 4); + int64_t b5 = kBottom21Bits & (load_3(b + 13) >> 1); + int64_t b6 = kBottom21Bits & (load_4(b + 15) >> 6); + int64_t b7 = kBottom21Bits & (load_3(b + 18) >> 3); + int64_t b8 = kBottom21Bits & load_3(b + 21); + int64_t b9 = kBottom21Bits & (load_4(b + 23) >> 5); + int64_t b10 = kBottom21Bits & (load_3(b + 26) >> 2); + int64_t b11 = (load_4(b + 28) >> 7); + int64_t c0 = kBottom21Bits & load_3(c); + int64_t c1 = kBottom21Bits & (load_4(c + 2) >> 5); + int64_t c2 = kBottom21Bits & (load_3(c + 5) >> 2); + int64_t c3 = kBottom21Bits & (load_4(c + 7) >> 7); + int64_t c4 = kBottom21Bits & (load_4(c + 10) >> 4); + int64_t c5 = kBottom21Bits & (load_3(c + 13) >> 1); + int64_t c6 = kBottom21Bits & (load_4(c + 15) >> 6); + int64_t c7 = kBottom21Bits & (load_3(c + 18) >> 3); + int64_t c8 = kBottom21Bits & load_3(c + 21); + int64_t c9 = kBottom21Bits & (load_4(c + 23) >> 5); + int64_t c10 = kBottom21Bits & (load_3(c + 26) >> 2); + int64_t c11 = (load_4(c + 28) >> 7); + int64_t s0; + int64_t s1; + int64_t s2; + int64_t s3; + int64_t s4; + int64_t s5; + int64_t s6; + int64_t s7; + int64_t s8; + int64_t s9; + int64_t s10; + int64_t s11; + int64_t s12; + int64_t s13; + int64_t s14; + int64_t s15; + int64_t s16; + int64_t s17; + int64_t s18; + int64_t s19; + int64_t s20; + int64_t s21; + int64_t s22; + int64_t s23; + int64_t carry0; + int64_t carry1; + int64_t carry2; + int64_t carry3; + int64_t carry4; + int64_t carry5; + int64_t carry6; + int64_t carry7; + int64_t carry8; + int64_t carry9; + int64_t carry10; + int64_t carry11; + int64_t carry12; + int64_t carry13; + int64_t carry14; + int64_t carry15; + int64_t carry16; + int64_t carry17; + int64_t carry18; + int64_t carry19; + int64_t carry20; + int64_t carry21; + int64_t carry22; + + s0 = c0 + a0 * b0; + s1 = c1 + a0 * b1 + a1 * b0; + s2 = c2 + a0 * b2 + a1 * b1 + a2 * b0; + s3 = c3 + a0 * b3 + a1 * b2 + a2 * b1 + a3 * b0; + s4 = c4 + a0 * b4 + a1 * b3 + a2 * b2 + a3 * b1 + a4 * b0; + s5 = c5 + a0 * b5 + a1 * b4 + a2 * b3 + a3 * b2 + a4 * b1 + a5 * b0; + s6 = c6 + a0 * b6 + a1 * b5 + a2 * b4 + a3 * b3 + a4 * b2 + a5 * b1 + a6 * b0; + s7 = c7 + a0 * b7 + a1 * b6 + a2 * b5 + a3 * b4 + a4 * b3 + a5 * b2 + a6 * b1 + a7 * b0; + s8 = c8 + a0 * b8 + a1 * b7 + a2 * b6 + a3 * b5 + a4 * b4 + a5 * b3 + a6 * b2 + a7 * b1 + a8 * b0; + s9 = c9 + a0 * b9 + a1 * b8 + a2 * b7 + a3 * b6 + a4 * b5 + a5 * b4 + a6 * b3 + a7 * b2 + a8 * b1 + a9 * b0; + s10 = c10 + a0 * b10 + a1 * b9 + a2 * b8 + a3 * b7 + a4 * b6 + a5 * b5 + a6 * b4 + a7 * b3 + a8 * b2 + a9 * b1 + a10 * b0; + s11 = c11 + a0 * b11 + a1 * b10 + a2 * b9 + a3 * b8 + a4 * b7 + a5 * b6 + a6 * b5 + a7 * b4 + a8 * b3 + a9 * b2 + a10 * b1 + a11 * b0; + s12 = a1 * b11 + a2 * b10 + a3 * b9 + a4 * b8 + a5 * b7 + a6 * b6 + a7 * b5 + a8 * b4 + a9 * b3 + a10 * b2 + a11 * b1; + s13 = a2 * b11 + a3 * b10 + a4 * b9 + a5 * b8 + a6 * b7 + a7 * b6 + a8 * b5 + a9 * b4 + a10 * b3 + a11 * b2; + s14 = a3 * b11 + a4 * b10 + a5 * b9 + a6 * b8 + a7 * b7 + a8 * b6 + a9 * b5 + a10 * b4 + a11 * b3; + s15 = a4 * b11 + a5 * b10 + a6 * b9 + a7 * b8 + a8 * b7 + a9 * b6 + a10 * b5 + a11 * b4; + s16 = a5 * b11 + a6 * b10 + a7 * b9 + a8 * b8 + a9 * b7 + a10 * b6 + a11 * b5; + s17 = a6 * b11 + a7 * b10 + a8 * b9 + a9 * b8 + a10 * b7 + a11 * b6; + s18 = a7 * b11 + a8 * b10 + a9 * b9 + a10 * b8 + a11 * b7; + s19 = a8 * b11 + a9 * b10 + a10 * b9 + a11 * b8; + s20 = a9 * b11 + a10 * b10 + a11 * b9; + s21 = a10 * b11 + a11 * b10; + s22 = a11 * b11; + s23 = 0; + + carry0 = (s0 + (1 << 20)) >> 21; + s1 += carry0; + s0 -= carry0 * (1 << 21); + carry2 = (s2 + (1 << 20)) >> 21; + s3 += carry2; + s2 -= carry2 * (1 << 21); + carry4 = (s4 + (1 << 20)) >> 21; + s5 += carry4; + s4 -= carry4 * (1 << 21); + carry6 = (s6 + (1 << 20)) >> 21; + s7 += carry6; + s6 -= carry6 * (1 << 21); + carry8 = (s8 + (1 << 20)) >> 21; + s9 += carry8; + s8 -= carry8 * (1 << 21); + carry10 = (s10 + (1 << 20)) >> 21; + s11 += carry10; + s10 -= carry10 * (1 << 21); + carry12 = (s12 + (1 << 20)) >> 21; + s13 += carry12; + s12 -= carry12 * (1 << 21); + carry14 = (s14 + (1 << 20)) >> 21; + s15 += carry14; + s14 -= carry14 * (1 << 21); + carry16 = (s16 + (1 << 20)) >> 21; + s17 += carry16; + s16 -= carry16 * (1 << 21); + carry18 = (s18 + (1 << 20)) >> 21; + s19 += carry18; + s18 -= carry18 * (1 << 21); + carry20 = (s20 + (1 << 20)) >> 21; + s21 += carry20; + s20 -= carry20 * (1 << 21); + carry22 = (s22 + (1 << 20)) >> 21; + s23 += carry22; + s22 -= carry22 * (1 << 21); + + carry1 = (s1 + (1 << 20)) >> 21; + s2 += carry1; + s1 -= carry1 * (1 << 21); + carry3 = (s3 + (1 << 20)) >> 21; + s4 += carry3; + s3 -= carry3 * (1 << 21); + carry5 = (s5 + (1 << 20)) >> 21; + s6 += carry5; + s5 -= carry5 * (1 << 21); + carry7 = (s7 + (1 << 20)) >> 21; + s8 += carry7; + s7 -= carry7 * (1 << 21); + carry9 = (s9 + (1 << 20)) >> 21; + s10 += carry9; + s9 -= carry9 * (1 << 21); + carry11 = (s11 + (1 << 20)) >> 21; + s12 += carry11; + s11 -= carry11 * (1 << 21); + carry13 = (s13 + (1 << 20)) >> 21; + s14 += carry13; + s13 -= carry13 * (1 << 21); + carry15 = (s15 + (1 << 20)) >> 21; + s16 += carry15; + s15 -= carry15 * (1 << 21); + carry17 = (s17 + (1 << 20)) >> 21; + s18 += carry17; + s17 -= carry17 * (1 << 21); + carry19 = (s19 + (1 << 20)) >> 21; + s20 += carry19; + s19 -= carry19 * (1 << 21); + carry21 = (s21 + (1 << 20)) >> 21; + s22 += carry21; + s21 -= carry21 * (1 << 21); + + s11 += s23 * 666643; + s12 += s23 * 470296; + s13 += s23 * 654183; + s14 -= s23 * 997805; + s15 += s23 * 136657; + s16 -= s23 * 683901; + s23 = 0; + + s10 += s22 * 666643; + s11 += s22 * 470296; + s12 += s22 * 654183; + s13 -= s22 * 997805; + s14 += s22 * 136657; + s15 -= s22 * 683901; + s22 = 0; + + s9 += s21 * 666643; + s10 += s21 * 470296; + s11 += s21 * 654183; + s12 -= s21 * 997805; + s13 += s21 * 136657; + s14 -= s21 * 683901; + s21 = 0; + + s8 += s20 * 666643; + s9 += s20 * 470296; + s10 += s20 * 654183; + s11 -= s20 * 997805; + s12 += s20 * 136657; + s13 -= s20 * 683901; + s20 = 0; + + s7 += s19 * 666643; + s8 += s19 * 470296; + s9 += s19 * 654183; + s10 -= s19 * 997805; + s11 += s19 * 136657; + s12 -= s19 * 683901; + s19 = 0; + + s6 += s18 * 666643; + s7 += s18 * 470296; + s8 += s18 * 654183; + s9 -= s18 * 997805; + s10 += s18 * 136657; + s11 -= s18 * 683901; + s18 = 0; + + carry6 = (s6 + (1 << 20)) >> 21; + s7 += carry6; + s6 -= carry6 * (1 << 21); + carry8 = (s8 + (1 << 20)) >> 21; + s9 += carry8; + s8 -= carry8 * (1 << 21); + carry10 = (s10 + (1 << 20)) >> 21; + s11 += carry10; + s10 -= carry10 * (1 << 21); + carry12 = (s12 + (1 << 20)) >> 21; + s13 += carry12; + s12 -= carry12 * (1 << 21); + carry14 = (s14 + (1 << 20)) >> 21; + s15 += carry14; + s14 -= carry14 * (1 << 21); + carry16 = (s16 + (1 << 20)) >> 21; + s17 += carry16; + s16 -= carry16 * (1 << 21); + + carry7 = (s7 + (1 << 20)) >> 21; + s8 += carry7; + s7 -= carry7 * (1 << 21); + carry9 = (s9 + (1 << 20)) >> 21; + s10 += carry9; + s9 -= carry9 * (1 << 21); + carry11 = (s11 + (1 << 20)) >> 21; + s12 += carry11; + s11 -= carry11 * (1 << 21); + carry13 = (s13 + (1 << 20)) >> 21; + s14 += carry13; + s13 -= carry13 * (1 << 21); + carry15 = (s15 + (1 << 20)) >> 21; + s16 += carry15; + s15 -= carry15 * (1 << 21); + + s5 += s17 * 666643; + s6 += s17 * 470296; + s7 += s17 * 654183; + s8 -= s17 * 997805; + s9 += s17 * 136657; + s10 -= s17 * 683901; + s17 = 0; + + s4 += s16 * 666643; + s5 += s16 * 470296; + s6 += s16 * 654183; + s7 -= s16 * 997805; + s8 += s16 * 136657; + s9 -= s16 * 683901; + s16 = 0; + + s3 += s15 * 666643; + s4 += s15 * 470296; + s5 += s15 * 654183; + s6 -= s15 * 997805; + s7 += s15 * 136657; + s8 -= s15 * 683901; + s15 = 0; + + s2 += s14 * 666643; + s3 += s14 * 470296; + s4 += s14 * 654183; + s5 -= s14 * 997805; + s6 += s14 * 136657; + s7 -= s14 * 683901; + s14 = 0; + + s1 += s13 * 666643; + s2 += s13 * 470296; + s3 += s13 * 654183; + s4 -= s13 * 997805; + s5 += s13 * 136657; + s6 -= s13 * 683901; + s13 = 0; + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; + + carry0 = (s0 + (1 << 20)) >> 21; + s1 += carry0; + s0 -= carry0 * (1 << 21); + carry2 = (s2 + (1 << 20)) >> 21; + s3 += carry2; + s2 -= carry2 * (1 << 21); + carry4 = (s4 + (1 << 20)) >> 21; + s5 += carry4; + s4 -= carry4 * (1 << 21); + carry6 = (s6 + (1 << 20)) >> 21; + s7 += carry6; + s6 -= carry6 * (1 << 21); + carry8 = (s8 + (1 << 20)) >> 21; + s9 += carry8; + s8 -= carry8 * (1 << 21); + carry10 = (s10 + (1 << 20)) >> 21; + s11 += carry10; + s10 -= carry10 * (1 << 21); + + carry1 = (s1 + (1 << 20)) >> 21; + s2 += carry1; + s1 -= carry1 * (1 << 21); + carry3 = (s3 + (1 << 20)) >> 21; + s4 += carry3; + s3 -= carry3 * (1 << 21); + carry5 = (s5 + (1 << 20)) >> 21; + s6 += carry5; + s5 -= carry5 * (1 << 21); + carry7 = (s7 + (1 << 20)) >> 21; + s8 += carry7; + s7 -= carry7 * (1 << 21); + carry9 = (s9 + (1 << 20)) >> 21; + s10 += carry9; + s9 -= carry9 * (1 << 21); + carry11 = (s11 + (1 << 20)) >> 21; + s12 += carry11; + s11 -= carry11 * (1 << 21); + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; + + carry0 = s0 >> 21; + s1 += carry0; + s0 -= carry0 * (1 << 21); + carry1 = s1 >> 21; + s2 += carry1; + s1 -= carry1 * (1 << 21); + carry2 = s2 >> 21; + s3 += carry2; + s2 -= carry2 * (1 << 21); + carry3 = s3 >> 21; + s4 += carry3; + s3 -= carry3 * (1 << 21); + carry4 = s4 >> 21; + s5 += carry4; + s4 -= carry4 * (1 << 21); + carry5 = s5 >> 21; + s6 += carry5; + s5 -= carry5 * (1 << 21); + carry6 = s6 >> 21; + s7 += carry6; + s6 -= carry6 * (1 << 21); + carry7 = s7 >> 21; + s8 += carry7; + s7 -= carry7 * (1 << 21); + carry8 = s8 >> 21; + s9 += carry8; + s8 -= carry8 * (1 << 21); + carry9 = s9 >> 21; + s10 += carry9; + s9 -= carry9 * (1 << 21); + carry10 = s10 >> 21; + s11 += carry10; + s10 -= carry10 * (1 << 21); + carry11 = s11 >> 21; + s12 += carry11; + s11 -= carry11 * (1 << 21); + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; + + carry0 = s0 >> 21; + s1 += carry0; + s0 -= carry0 * (1 << 21); + carry1 = s1 >> 21; + s2 += carry1; + s1 -= carry1 * (1 << 21); + carry2 = s2 >> 21; + s3 += carry2; + s2 -= carry2 * (1 << 21); + carry3 = s3 >> 21; + s4 += carry3; + s3 -= carry3 * (1 << 21); + carry4 = s4 >> 21; + s5 += carry4; + s4 -= carry4 * (1 << 21); + carry5 = s5 >> 21; + s6 += carry5; + s5 -= carry5 * (1 << 21); + carry6 = s6 >> 21; + s7 += carry6; + s6 -= carry6 * (1 << 21); + carry7 = s7 >> 21; + s8 += carry7; + s7 -= carry7 * (1 << 21); + carry8 = s8 >> 21; + s9 += carry8; + s8 -= carry8 * (1 << 21); + carry9 = s9 >> 21; + s10 += carry9; + s9 -= carry9 * (1 << 21); + carry10 = s10 >> 21; + s11 += carry10; + s10 -= carry10 * (1 << 21); + + s[ 0] = (uint8_t) (s0 >> 0); + s[ 1] = (uint8_t) (s0 >> 8); + s[ 2] = (uint8_t)((s0 >> 16) | (s1 << 5)); + s[ 3] = (uint8_t) (s1 >> 3); + s[ 4] = (uint8_t) (s1 >> 11); + s[ 5] = (uint8_t)((s1 >> 19) | (s2 << 2)); + s[ 6] = (uint8_t) (s2 >> 6); + s[ 7] = (uint8_t)((s2 >> 14) | (s3 << 7)); + s[ 8] = (uint8_t) (s3 >> 1); + s[ 9] = (uint8_t) (s3 >> 9); + s[10] = (uint8_t)((s3 >> 17) | (s4 << 4)); + s[11] = (uint8_t) (s4 >> 4); + s[12] = (uint8_t) (s4 >> 12); + s[13] = (uint8_t)((s4 >> 20) | (s5 << 1)); + s[14] = (uint8_t) (s5 >> 7); + s[15] = (uint8_t)((s5 >> 15) | (s6 << 6)); + s[16] = (uint8_t) (s6 >> 2); + s[17] = (uint8_t) (s6 >> 10); + s[18] = (uint8_t)((s6 >> 18) | (s7 << 3)); + s[19] = (uint8_t) (s7 >> 5); + s[20] = (uint8_t) (s7 >> 13); + s[21] = (uint8_t) (s8 >> 0); + s[22] = (uint8_t) (s8 >> 8); + s[23] = (uint8_t)((s8 >> 16) | (s9 << 5)); + s[24] = (uint8_t) (s9 >> 3); + s[25] = (uint8_t) (s9 >> 11); + s[26] = (uint8_t)((s9 >> 19) | (s10 << 2)); + s[27] = (uint8_t) (s10 >> 6); + s[28] = (uint8_t)((s10 >> 14) | (s11 << 7)); + s[29] = (uint8_t) (s11 >> 1); + s[30] = (uint8_t) (s11 >> 9); + s[31] = (uint8_t) (s11 >> 17); } int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, - const uint8_t public_key[32], const uint8_t private_key[32]) { - uint8_t az[SHA512_DIGEST_LENGTH]; - uint8_t nonce[SHA512_DIGEST_LENGTH]; - ge_p3 R; - uint8_t hram[SHA512_DIGEST_LENGTH]; - SHA512_CTX hash_ctx; - - SHA512_Init(&hash_ctx); - SHA512_Update(&hash_ctx, private_key, 32); - SHA512_Final(az, &hash_ctx); - - az[0] &= 248; - az[31] &= 63; - az[31] |= 64; - - SHA512_Init(&hash_ctx); - SHA512_Update(&hash_ctx, az + 32, 32); - SHA512_Update(&hash_ctx, message, message_len); - SHA512_Final(nonce, &hash_ctx); - - x25519_sc_reduce(nonce); - ge_scalarmult_base(&R, nonce); - ge_p3_tobytes(out_sig, &R); - - SHA512_Init(&hash_ctx); - SHA512_Update(&hash_ctx, out_sig, 32); - SHA512_Update(&hash_ctx, public_key, 32); - SHA512_Update(&hash_ctx, message, message_len); - SHA512_Final(hram, &hash_ctx); - - x25519_sc_reduce(hram); - sc_muladd(out_sig + 32, hram, az, nonce); - - OPENSSL_cleanse(&hash_ctx, sizeof(hash_ctx)); - OPENSSL_cleanse(nonce, sizeof(nonce)); - OPENSSL_cleanse(az, sizeof(az)); - - return 1; + const uint8_t public_key[32], const uint8_t private_key[32]) +{ + uint8_t az[SHA512_DIGEST_LENGTH]; + uint8_t nonce[SHA512_DIGEST_LENGTH]; + ge_p3 R; + uint8_t hram[SHA512_DIGEST_LENGTH]; + SHA512_CTX hash_ctx; + + SHA512_Init(&hash_ctx); + SHA512_Update(&hash_ctx, private_key, 32); + SHA512_Final(az, &hash_ctx); + + az[0] &= 248; + az[31] &= 63; + az[31] |= 64; + + SHA512_Init(&hash_ctx); + SHA512_Update(&hash_ctx, az + 32, 32); + SHA512_Update(&hash_ctx, message, message_len); + SHA512_Final(nonce, &hash_ctx); + + x25519_sc_reduce(nonce); + ge_scalarmult_base(&R, nonce); + ge_p3_tobytes(out_sig, &R); + + SHA512_Init(&hash_ctx); + SHA512_Update(&hash_ctx, out_sig, 32); + SHA512_Update(&hash_ctx, public_key, 32); + SHA512_Update(&hash_ctx, message, message_len); + SHA512_Final(hram, &hash_ctx); + + x25519_sc_reduce(hram); + sc_muladd(out_sig + 32, hram, az, nonce); + + OPENSSL_cleanse(&hash_ctx, sizeof(hash_ctx)); + OPENSSL_cleanse(nonce, sizeof(nonce)); + OPENSSL_cleanse(az, sizeof(az)); + + return 1; } +static const char allzeroes[15]; + int ED25519_verify(const uint8_t *message, size_t message_len, - const uint8_t signature[64], const uint8_t public_key[32]) { - ge_p3 A; - uint8_t rcopy[32]; - uint8_t scopy[32]; - SHA512_CTX hash_ctx; - ge_p2 R; - uint8_t rcheck[32]; - uint8_t h[SHA512_DIGEST_LENGTH]; - - if ((signature[63] & 224) != 0 || - ge_frombytes_vartime(&A, public_key) != 0) { - return 0; - } + const uint8_t signature[64], const uint8_t public_key[32]) +{ + int i; + ge_p3 A; + const uint8_t *r, *s; + SHA512_CTX hash_ctx; + ge_p2 R; + uint8_t rcheck[32]; + uint8_t h[SHA512_DIGEST_LENGTH]; + /* 27742317777372353535851937790883648493 in little endian format */ + const uint8_t l_low[16] = { + 0xED, 0xD3, 0xF5, 0x5C, 0x1A, 0x63, 0x12, 0x58, 0xD6, 0x9C, 0xF7, 0xA2, + 0xDE, 0xF9, 0xDE, 0x14 + }; + + r = signature; + s = signature + 32; + + /* + * Check 0 <= s < L where L = 2^252 + 27742317777372353535851937790883648493 + * + * If not the signature is publicly invalid. Since it's public we can do the + * check in variable time. + * + * First check the most significant byte + */ + if (s[31] > 0x10) + return 0; + if (s[31] == 0x10) { + /* + * Most significant byte indicates a value close to 2^252 so check the + * rest + */ + if (memcmp(s + 16, allzeroes, sizeof(allzeroes)) != 0) + return 0; + for (i = 15; i >= 0; i--) { + if (s[i] < l_low[i]) + break; + if (s[i] > l_low[i]) + return 0; + } + if (i < 0) + return 0; + } - fe_neg(A.X, A.X); - fe_neg(A.T, A.T); + if (ge_frombytes_vartime(&A, public_key) != 0) { + return 0; + } - memcpy(rcopy, signature, 32); - memcpy(scopy, signature + 32, 32); + fe_neg(A.X, A.X); + fe_neg(A.T, A.T); - SHA512_Init(&hash_ctx); - SHA512_Update(&hash_ctx, signature, 32); - SHA512_Update(&hash_ctx, public_key, 32); - SHA512_Update(&hash_ctx, message, message_len); - SHA512_Final(h, &hash_ctx); + SHA512_Init(&hash_ctx); + SHA512_Update(&hash_ctx, r, 32); + SHA512_Update(&hash_ctx, public_key, 32); + SHA512_Update(&hash_ctx, message, message_len); + SHA512_Final(h, &hash_ctx); - x25519_sc_reduce(h); + x25519_sc_reduce(h); - ge_double_scalarmult_vartime(&R, h, &A, scopy); + ge_double_scalarmult_vartime(&R, h, &A, s); - ge_tobytes(rcheck, &R); + ge_tobytes(rcheck, &R); - return CRYPTO_memcmp(rcheck, rcopy, sizeof(rcheck)) == 0; + return CRYPTO_memcmp(rcheck, r, sizeof(rcheck)) == 0; } void ED25519_public_from_private(uint8_t out_public_key[32], - const uint8_t private_key[32]) { - uint8_t az[SHA512_DIGEST_LENGTH]; - ge_p3 A; + const uint8_t private_key[32]) +{ + uint8_t az[SHA512_DIGEST_LENGTH]; + ge_p3 A; - SHA512(private_key, 32, az); + SHA512(private_key, 32, az); - az[0] &= 248; - az[31] &= 63; - az[31] |= 64; + az[0] &= 248; + az[31] &= 63; + az[31] |= 64; - ge_scalarmult_base(&A, az); - ge_p3_tobytes(out_public_key, &A); + ge_scalarmult_base(&A, az); + ge_p3_tobytes(out_public_key, &A); - OPENSSL_cleanse(az, sizeof(az)); + OPENSSL_cleanse(az, sizeof(az)); } int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32], - const uint8_t peer_public_value[32]) { - static const uint8_t kZeros[32] = {0}; - x25519_scalar_mult(out_shared_key, private_key, peer_public_value); - /* The all-zero output results when the input is a point of small order. */ - return CRYPTO_memcmp(kZeros, out_shared_key, 32) != 0; + const uint8_t peer_public_value[32]) +{ + static const uint8_t kZeros[32] = {0}; + x25519_scalar_mult(out_shared_key, private_key, peer_public_value); + /* The all-zero output results when the input is a point of small order. */ + return CRYPTO_memcmp(kZeros, out_shared_key, 32) != 0; } void X25519_public_from_private(uint8_t out_public_value[32], - const uint8_t private_key[32]) { - uint8_t e[32]; - ge_p3 A; - fe zplusy, zminusy, zminusy_inv; - - memcpy(e, private_key, 32); - e[0] &= 248; - e[31] &= 127; - e[31] |= 64; - - ge_scalarmult_base(&A, e); - - /* We only need the u-coordinate of the curve25519 point. The map is - * u=(y+1)/(1-y). Since y=Y/Z, this gives u=(Z+Y)/(Z-Y). */ - fe_add(zplusy, A.Z, A.Y); - fe_sub(zminusy, A.Z, A.Y); - fe_invert(zminusy_inv, zminusy); - fe_mul(zplusy, zplusy, zminusy_inv); - fe_tobytes(out_public_value, zplusy); - - OPENSSL_cleanse(e, sizeof(e)); + const uint8_t private_key[32]) +{ + uint8_t e[32]; + ge_p3 A; + fe zplusy, zminusy, zminusy_inv; + + memcpy(e, private_key, 32); + e[0] &= 248; + e[31] &= 127; + e[31] |= 64; + + ge_scalarmult_base(&A, e); + + /* + * We only need the u-coordinate of the curve25519 point. + * The map is u=(y+1)/(1-y). Since y=Y/Z, this gives + * u=(Z+Y)/(Z-Y). + */ + fe_add(zplusy, A.Z, A.Y); + fe_sub(zminusy, A.Z, A.Y); + fe_invert(zminusy_inv, zminusy); + fe_mul(zplusy, zplusy, zminusy_inv); + fe_tobytes(out_public_value, zplusy); + + OPENSSL_cleanse(e, sizeof(e)); } diff --git a/crypto/openssl/crypto/ec/curve448/eddsa.c b/crypto/openssl/crypto/ec/curve448/eddsa.c index 909413a535a8..b28f7dff9138 100644 --- a/crypto/openssl/crypto/ec/curve448/eddsa.c +++ b/crypto/openssl/crypto/ec/curve448/eddsa.c @@ -246,10 +246,36 @@ c448_error_t c448_ed448_verify( uint8_t context_len) { curve448_point_t pk_point, r_point; - c448_error_t error = - curve448_point_decode_like_eddsa_and_mul_by_ratio(pk_point, pubkey); + c448_error_t error; curve448_scalar_t challenge_scalar; curve448_scalar_t response_scalar; + /* Order in little endian format */ + static const uint8_t order[] = { + 0xF3, 0x44, 0x58, 0xAB, 0x92, 0xC2, 0x78, 0x23, 0x55, 0x8F, 0xC5, 0x8D, + 0x72, 0xC2, 0x6C, 0x21, 0x90, 0x36, 0xD6, 0xAE, 0x49, 0xDB, 0x4E, 0xC4, + 0xE9, 0x23, 0xCA, 0x7C, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x3F, 0x00 + }; + int i; + + /* + * Check that s (second 57 bytes of the sig) is less than the order. Both + * s and the order are in little-endian format. This can be done in + * variable time, since if this is not the case the signature if publicly + * invalid. + */ + for (i = EDDSA_448_PUBLIC_BYTES - 1; i >= 0; i--) { + if (signature[i + EDDSA_448_PUBLIC_BYTES] > order[i]) + return C448_FAILURE; + if (signature[i + EDDSA_448_PUBLIC_BYTES] < order[i]) + break; + } + if (i < 0) + return C448_FAILURE; + + error = + curve448_point_decode_like_eddsa_and_mul_by_ratio(pk_point, pubkey); if (C448_SUCCESS != error) return error; diff --git a/crypto/openssl/crypto/ec/curve448/point_448.h b/crypto/openssl/crypto/ec/curve448/point_448.h index 0ef3b8714e26..399f91b9a1d9 100644 --- a/crypto/openssl/crypto/ec/curve448/point_448.h +++ b/crypto/openssl/crypto/ec/curve448/point_448.h @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2015-2016 Cryptography Research, Inc. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -116,7 +116,7 @@ void curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES], /* * Add two scalars. |a|, |b| and |out| may alias each other. - * + * * a (in): One scalar. * b (in): Another scalar. * out (out): a+b. @@ -135,7 +135,7 @@ void curve448_scalar_sub(curve448_scalar_t out, /* * Multiply two scalars. |a|, |b| and |out| may alias each other. - * + * * a (in): One scalar. * b (in): Another scalar. * out (out): a*b. @@ -145,7 +145,7 @@ void curve448_scalar_mul(curve448_scalar_t out, /* * Halve a scalar. |a| and |out| may alias each other. -* +* * a (in): A scalar. * out (out): a/2. */ @@ -154,7 +154,7 @@ void curve448_scalar_halve(curve448_scalar_t out, const curve448_scalar_t a); /* * Copy a scalar. The scalars may alias each other, in which case this * function does nothing. - * + * * a (in): A scalar. * out (out): Will become a copy of a. */ @@ -183,7 +183,7 @@ static ossl_inline void curve448_point_copy(curve448_point_t a, * * a (in): A point. * b (in): Another point. - * + * * Returns: * C448_TRUE: The points are equal. * C448_FALSE: The points are not equal. @@ -243,7 +243,7 @@ void curve448_point_mul_by_ratio_and_encode_like_x448( /* * RFC 7748 Diffie-Hellman base point scalarmul. This function uses a different * (non-Decaf) encoding. - * + * * out (out): The scaled point base*scalar * scalar (in): The scalar to multiply by. */ @@ -273,7 +273,7 @@ void curve448_precomputed_scalarmul(curve448_point_t scaled, * base2 (in): A second point to be scaled. * scalar2 (in) A second scalar to multiply by. * - * Warning: This function takes variable time, and may leak the scalars used. + * Warning: This function takes variable time, and may leak the scalars used. * It is designed for signature verification. */ void curve448_base_double_scalarmul_non_secret(curve448_point_t combo, diff --git a/crypto/openssl/crypto/ec/ec2_smpl.c b/crypto/openssl/crypto/ec/ec2_smpl.c index 87f7ce56911d..0a05a7aeea61 100644 --- a/crypto/openssl/crypto/ec/ec2_smpl.c +++ b/crypto/openssl/crypto/ec/ec2_smpl.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -810,7 +810,7 @@ int ec_GF2m_simple_ladder_post(const EC_GROUP *group, || !group->meth->field_mul(group, t2, t2, t0, ctx) || !BN_GF2m_add(t1, t2, t1) || !group->meth->field_mul(group, t2, p->X, t0, ctx) - || !BN_GF2m_mod_inv(t2, t2, group->field, ctx) + || !group->meth->field_inv(group, t2, t2, ctx) || !group->meth->field_mul(group, t1, t1, t2, ctx) || !group->meth->field_mul(group, r->X, r->Z, t2, ctx) || !BN_GF2m_add(t2, p->X, r->X) @@ -889,6 +889,21 @@ int ec_GF2m_simple_points_mul(const EC_GROUP *group, EC_POINT *r, return ret; } +/*- + * Computes the multiplicative inverse of a in GF(2^m), storing the result in r. + * If a is zero (or equivalent), you'll get a EC_R_CANNOT_INVERT error. + * SCA hardening is with blinding: BN_GF2m_mod_inv does that. + */ +static int ec_GF2m_simple_field_inv(const EC_GROUP *group, BIGNUM *r, + const BIGNUM *a, BN_CTX *ctx) +{ + int ret; + + if (!(ret = BN_GF2m_mod_inv(r, a, group->field, ctx))) + ECerr(EC_F_EC_GF2M_SIMPLE_FIELD_INV, EC_R_CANNOT_INVERT); + return ret; +} + const EC_METHOD *EC_GF2m_simple_method(void) { static const EC_METHOD ret = { @@ -929,6 +944,7 @@ const EC_METHOD *EC_GF2m_simple_method(void) ec_GF2m_simple_field_mul, ec_GF2m_simple_field_sqr, ec_GF2m_simple_field_div, + ec_GF2m_simple_field_inv, 0, /* field_encode */ 0, /* field_decode */ 0, /* field_set_to_one */ diff --git a/crypto/openssl/crypto/ec/ec_ameth.c b/crypto/openssl/crypto/ec/ec_ameth.c index a3164b5b2ed9..8b363e096bed 100644 --- a/crypto/openssl/crypto/ec/ec_ameth.c +++ b/crypto/openssl/crypto/ec/ec_ameth.c @@ -505,7 +505,7 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) case ASN1_PKEY_CTRL_DEFAULT_MD_NID: *(int *)arg2 = NID_sha256; - return 2; + return 1; case ASN1_PKEY_CTRL_SET1_TLS_ENCPT: return EC_KEY_oct2key(EVP_PKEY_get0_EC_KEY(pkey), arg2, arg1, NULL); diff --git a/crypto/openssl/crypto/ec/ec_err.c b/crypto/openssl/crypto/ec/ec_err.c index 8f4911abec79..ce3493823218 100644 --- a/crypto/openssl/crypto/ec/ec_err.c +++ b/crypto/openssl/crypto/ec/ec_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -66,6 +66,8 @@ static const ERR_STRING_DATA EC_str_functs[] = { "ec_asn1_group2fieldid"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY, 0), "ec_GF2m_montgomery_point_multiply"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_FIELD_INV, 0), + "ec_GF2m_simple_field_inv"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT, 0), "ec_GF2m_simple_group_check_discriminant"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE, 0), @@ -90,6 +92,8 @@ static const ERR_STRING_DATA EC_str_functs[] = { "ec_GFp_mont_field_decode"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_ENCODE, 0), "ec_GFp_mont_field_encode"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_INV, 0), + "ec_GFp_mont_field_inv"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_MUL, 0), "ec_GFp_mont_field_mul"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE, 0), @@ -124,6 +128,8 @@ static const ERR_STRING_DATA EC_str_functs[] = { "ec_GFp_nist_group_set_curve"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES, 0), "ec_GFp_simple_blind_coordinates"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_FIELD_INV, 0), + "ec_GFp_simple_field_inv"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT, 0), "ec_GFp_simple_group_check_discriminant"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, 0), @@ -287,6 +293,7 @@ static const ERR_STRING_DATA EC_str_reasons[] = { {ERR_PACK(ERR_LIB_EC, 0, EC_R_BAD_SIGNATURE), "bad signature"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_BIGNUM_OUT_OF_RANGE), "bignum out of range"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_BUFFER_TOO_SMALL), "buffer too small"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_CANNOT_INVERT), "cannot invert"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_COORDINATES_OUT_OF_RANGE), "coordinates out of range"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH), diff --git a/crypto/openssl/crypto/ec/ec_lcl.h b/crypto/openssl/crypto/ec/ec_lcl.h index e055ddab1c76..119255f1dc83 100644 --- a/crypto/openssl/crypto/ec/ec_lcl.h +++ b/crypto/openssl/crypto/ec/ec_lcl.h @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -15,7 +15,6 @@ #include <openssl/bn.h> #include "internal/refcount.h" #include "internal/ec_int.h" -#include "curve448/curve448_lcl.h" #if defined(__SUNPRO_C) # if __SUNPRO_C >= 0x520 @@ -154,6 +153,13 @@ struct ec_method_st { int (*field_sqr) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); int (*field_div) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); + /*- + * 'field_inv' computes the multipicative inverse of a in the field, + * storing the result in r. + * + * If 'a' is zero (or equivalent), you'll get an EC_R_CANNOT_INVERT error. + */ + int (*field_inv) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. to Montgomery */ int (*field_encode) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); @@ -390,6 +396,8 @@ int ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); +int ec_GFp_simple_field_inv(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, + BN_CTX *); int ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx); int ec_GFp_simple_ladder_pre(const EC_GROUP *group, @@ -413,6 +421,8 @@ int ec_GFp_mont_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); int ec_GFp_mont_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); +int ec_GFp_mont_field_inv(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, + BN_CTX *); int ec_GFp_mont_field_encode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); int ec_GFp_mont_field_decode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, diff --git a/crypto/openssl/crypto/ec/ecp_mont.c b/crypto/openssl/crypto/ec/ecp_mont.c index 36682e5cfbd1..252e66ef3791 100644 --- a/crypto/openssl/crypto/ec/ecp_mont.c +++ b/crypto/openssl/crypto/ec/ecp_mont.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -50,6 +50,7 @@ const EC_METHOD *EC_GFp_mont_method(void) ec_GFp_mont_field_mul, ec_GFp_mont_field_sqr, 0 /* field_div */ , + ec_GFp_mont_field_inv, ec_GFp_mont_field_encode, ec_GFp_mont_field_decode, ec_GFp_mont_field_set_to_one, @@ -206,6 +207,54 @@ int ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, return BN_mod_mul_montgomery(r, a, a, group->field_data1, ctx); } +/*- + * Computes the multiplicative inverse of a in GF(p), storing the result in r. + * If a is zero (or equivalent), you'll get a EC_R_CANNOT_INVERT error. + * We have a Mont structure, so SCA hardening is FLT inversion. + */ +int ec_GFp_mont_field_inv(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, + BN_CTX *ctx) +{ + BIGNUM *e = NULL; + BN_CTX *new_ctx = NULL; + int ret = 0; + + if (group->field_data1 == NULL) + return 0; + + if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL) + return 0; + + BN_CTX_start(ctx); + if ((e = BN_CTX_get(ctx)) == NULL) + goto err; + + /* Inverse in constant time with Fermats Little Theorem */ + if (!BN_set_word(e, 2)) + goto err; + if (!BN_sub(e, group->field, e)) + goto err; + /*- + * Exponent e is public. + * No need for scatter-gather or BN_FLG_CONSTTIME. + */ + if (!BN_mod_exp_mont(r, a, e, group->field, ctx, group->field_data1)) + goto err; + + /* throw an error on zero */ + if (BN_is_zero(r)) { + ECerr(EC_F_EC_GFP_MONT_FIELD_INV, EC_R_CANNOT_INVERT); + goto err; + } + + ret = 1; + + err: + BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + return ret; +} + int ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) { diff --git a/crypto/openssl/crypto/ec/ecp_nist.c b/crypto/openssl/crypto/ec/ecp_nist.c index f53de1a1638b..5eaa99d8402b 100644 --- a/crypto/openssl/crypto/ec/ecp_nist.c +++ b/crypto/openssl/crypto/ec/ecp_nist.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -52,6 +52,7 @@ const EC_METHOD *EC_GFp_nist_method(void) ec_GFp_nist_field_mul, ec_GFp_nist_field_sqr, 0 /* field_div */ , + ec_GFp_simple_field_inv, 0 /* field_encode */ , 0 /* field_decode */ , 0, /* field_set_to_one */ diff --git a/crypto/openssl/crypto/ec/ecp_nistp224.c b/crypto/openssl/crypto/ec/ecp_nistp224.c index 555bf307dd03..025273a14440 100644 --- a/crypto/openssl/crypto/ec/ecp_nistp224.c +++ b/crypto/openssl/crypto/ec/ecp_nistp224.c @@ -1,5 +1,5 @@ /* - * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2010-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -279,6 +279,7 @@ const EC_METHOD *EC_GFp_nistp224_method(void) ec_GFp_nist_field_mul, ec_GFp_nist_field_sqr, 0 /* field_div */ , + ec_GFp_simple_field_inv, 0 /* field_encode */ , 0 /* field_decode */ , 0, /* field_set_to_one */ diff --git a/crypto/openssl/crypto/ec/ecp_nistp256.c b/crypto/openssl/crypto/ec/ecp_nistp256.c index c87a5e548d36..a21e5f78fc90 100644 --- a/crypto/openssl/crypto/ec/ecp_nistp256.c +++ b/crypto/openssl/crypto/ec/ecp_nistp256.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1810,6 +1810,7 @@ const EC_METHOD *EC_GFp_nistp256_method(void) ec_GFp_nist_field_mul, ec_GFp_nist_field_sqr, 0 /* field_div */ , + ec_GFp_simple_field_inv, 0 /* field_encode */ , 0 /* field_decode */ , 0, /* field_set_to_one */ diff --git a/crypto/openssl/crypto/ec/ecp_nistp521.c b/crypto/openssl/crypto/ec/ecp_nistp521.c index 14f2feeb6999..2f47772a3477 100644 --- a/crypto/openssl/crypto/ec/ecp_nistp521.c +++ b/crypto/openssl/crypto/ec/ecp_nistp521.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1647,6 +1647,7 @@ const EC_METHOD *EC_GFp_nistp521_method(void) ec_GFp_nist_field_mul, ec_GFp_nist_field_sqr, 0 /* field_div */ , + ec_GFp_simple_field_inv, 0 /* field_encode */ , 0 /* field_decode */ , 0, /* field_set_to_one */ diff --git a/crypto/openssl/crypto/ec/ecp_nistz256.c b/crypto/openssl/crypto/ec/ecp_nistz256.c index b0564bdbd04c..aea6394169ce 100644 --- a/crypto/openssl/crypto/ec/ecp_nistz256.c +++ b/crypto/openssl/crypto/ec/ecp_nistz256.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2014, Intel Corporation. All Rights Reserved. * Copyright (c) 2015, CloudFlare, Inc. * @@ -1677,6 +1677,7 @@ const EC_METHOD *EC_GFp_nistz256_method(void) ec_GFp_mont_field_mul, ec_GFp_mont_field_sqr, 0, /* field_div */ + ec_GFp_mont_field_inv, ec_GFp_mont_field_encode, ec_GFp_mont_field_decode, ec_GFp_mont_field_set_to_one, diff --git a/crypto/openssl/crypto/ec/ecp_smpl.c b/crypto/openssl/crypto/ec/ecp_smpl.c index d0c5557ff4dd..f6a6cedb0ae3 100644 --- a/crypto/openssl/crypto/ec/ecp_smpl.c +++ b/crypto/openssl/crypto/ec/ecp_smpl.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -51,6 +51,7 @@ const EC_METHOD *EC_GFp_simple_method(void) ec_GFp_simple_field_mul, ec_GFp_simple_field_sqr, 0 /* field_div */ , + ec_GFp_simple_field_inv, 0 /* field_encode */ , 0 /* field_decode */ , 0, /* field_set_to_one */ @@ -553,7 +554,7 @@ int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, } } } else { - if (!BN_mod_inverse(Z_1, Z_, group->field, ctx)) { + if (!group->meth->field_inv(group, Z_1, Z_, ctx)) { ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, ERR_R_BN_LIB); goto err; @@ -1266,7 +1267,7 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, * points[i]->Z by its inverse. */ - if (!BN_mod_inverse(tmp, prod_Z[num - 1], group->field, ctx)) { + if (!group->meth->field_inv(group, tmp, prod_Z[num - 1], ctx)) { ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB); goto err; } @@ -1370,6 +1371,50 @@ int ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, } /*- + * Computes the multiplicative inverse of a in GF(p), storing the result in r. + * If a is zero (or equivalent), you'll get a EC_R_CANNOT_INVERT error. + * Since we don't have a Mont structure here, SCA hardening is with blinding. + */ +int ec_GFp_simple_field_inv(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, + BN_CTX *ctx) +{ + BIGNUM *e = NULL; + BN_CTX *new_ctx = NULL; + int ret = 0; + + if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL) + return 0; + + BN_CTX_start(ctx); + if ((e = BN_CTX_get(ctx)) == NULL) + goto err; + + do { + if (!BN_priv_rand_range(e, group->field)) + goto err; + } while (BN_is_zero(e)); + + /* r := a * e */ + if (!group->meth->field_mul(group, r, a, e, ctx)) + goto err; + /* r := 1/(a * e) */ + if (!BN_mod_inverse(r, r, group->field, ctx)) { + ECerr(EC_F_EC_GFP_SIMPLE_FIELD_INV, EC_R_CANNOT_INVERT); + goto err; + } + /* r := e/(a * e) = 1/a */ + if (!group->meth->field_mul(group, r, r, e, ctx)) + goto err; + + ret = 1; + + err: + BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + return ret; +} + +/*- * Apply randomization of EC point projective coordinates: * * (X, Y ,Z ) = (lambda^2*X, lambda^3*Y, lambda*Z) diff --git a/crypto/openssl/crypto/ec/ecx_meth.c b/crypto/openssl/crypto/ec/ecx_meth.c index b76bfdb6dc34..e4cac99e2d2a 100644 --- a/crypto/openssl/crypto/ec/ecx_meth.c +++ b/crypto/openssl/crypto/ec/ecx_meth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,6 +15,7 @@ #include "internal/asn1_int.h" #include "internal/evp_int.h" #include "ec_lcl.h" +#include "curve448/curve448_lcl.h" #define X25519_BITS 253 #define X25519_SECURITY_BITS 128 diff --git a/crypto/openssl/crypto/engine/README b/crypto/openssl/crypto/engine/README index 0050b9e50951..c7a5696ca14c 100644 --- a/crypto/openssl/crypto/engine/README +++ b/crypto/openssl/crypto/engine/README @@ -26,7 +26,7 @@ algorithm/mode pair are; EVP_EncryptInit(&ctx, cipher, key, iv); [ ... use EVP_EncryptUpdate() and EVP_EncryptFinal() ...] -(ii) indirectly; +(ii) indirectly; OpenSSL_add_all_ciphers(); cipher = EVP_get_cipherbyname("des_cbc"); EVP_EncryptInit(&ctx, cipher, key, iv); diff --git a/crypto/openssl/crypto/engine/eng_devcrypto.c b/crypto/openssl/crypto/engine/eng_devcrypto.c index 337cc69f3cb7..717d7c27794f 100644 --- a/crypto/openssl/crypto/engine/eng_devcrypto.c +++ b/crypto/openssl/crypto/engine/eng_devcrypto.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -37,6 +37,15 @@ */ static int cfd; +static int clean_devcrypto_session(struct session_op *sess) { + if (ioctl(cfd, CIOCFSESSION, &sess->ses) < 0) { + SYSerr(SYS_F_IOCTL, errno); + return 0; + } + memset(sess, 0, sizeof(struct session_op)); + return 1; +} + /****************************************************************************** * * Ciphers @@ -49,10 +58,12 @@ static int cfd; struct cipher_ctx { struct session_op sess; - - /* to pass from init to do_cipher */ - const unsigned char *iv; int op; /* COP_ENCRYPT or COP_DECRYPT */ + unsigned long mode; /* EVP_CIPH_*_MODE */ + + /* to handle ctr mode being a stream cipher */ + unsigned char partial[EVP_MAX_BLOCK_LENGTH]; + unsigned int blocksize, num; }; static const struct cipher_data_st { @@ -89,9 +100,9 @@ static const struct cipher_data_st { { NID_aes_256_xts, 16, 256 / 8 * 2, 16, EVP_CIPH_XTS_MODE, CRYPTO_AES_XTS }, #endif #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_AES_ECB) - { NID_aes_128_ecb, 16, 128 / 8, 16, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB }, - { NID_aes_192_ecb, 16, 192 / 8, 16, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB }, - { NID_aes_256_ecb, 16, 256 / 8, 16, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB }, + { NID_aes_128_ecb, 16, 128 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB }, + { NID_aes_192_ecb, 16, 192 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB }, + { NID_aes_256_ecb, 16, 256 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB }, #endif #if 0 /* Not yet supported */ { NID_aes_128_gcm, 16, 128 / 8, 16, EVP_CIPH_GCM_MODE, CRYPTO_AES_GCM }, @@ -143,11 +154,17 @@ static int cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, const struct cipher_data_st *cipher_d = get_cipher_data(EVP_CIPHER_CTX_nid(ctx)); - memset(&cipher_ctx->sess, 0, sizeof(cipher_ctx->sess)); + /* cleanup a previous session */ + if (cipher_ctx->sess.ses != 0 && + clean_devcrypto_session(&cipher_ctx->sess) == 0) + return 0; + cipher_ctx->sess.cipher = cipher_d->devcryptoid; cipher_ctx->sess.keylen = cipher_d->keylen; cipher_ctx->sess.key = (void *)key; cipher_ctx->op = enc ? COP_ENCRYPT : COP_DECRYPT; + cipher_ctx->mode = cipher_d->flags & EVP_CIPH_MODE; + cipher_ctx->blocksize = cipher_d->blocksize; if (ioctl(cfd, CIOCGSESSION, &cipher_ctx->sess) < 0) { SYSerr(SYS_F_IOCTL, errno); return 0; @@ -162,8 +179,11 @@ static int cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, struct cipher_ctx *cipher_ctx = (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); struct crypt_op cryp; + unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); #if !defined(COP_FLAG_WRITE_IV) unsigned char saved_iv[EVP_MAX_IV_LENGTH]; + const unsigned char *ivptr; + size_t nblocks, ivlen; #endif memset(&cryp, 0, sizeof(cryp)); @@ -171,19 +191,28 @@ static int cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, cryp.len = inl; cryp.src = (void *)in; cryp.dst = (void *)out; - cryp.iv = (void *)EVP_CIPHER_CTX_iv_noconst(ctx); + cryp.iv = (void *)iv; cryp.op = cipher_ctx->op; #if !defined(COP_FLAG_WRITE_IV) cryp.flags = 0; - if (EVP_CIPHER_CTX_iv_length(ctx) > 0) { - assert(inl >= EVP_CIPHER_CTX_iv_length(ctx)); - if (!EVP_CIPHER_CTX_encrypting(ctx)) { - unsigned char *ivptr = in + inl - EVP_CIPHER_CTX_iv_length(ctx); - - memcpy(saved_iv, ivptr, EVP_CIPHER_CTX_iv_length(ctx)); + ivlen = EVP_CIPHER_CTX_iv_length(ctx); + if (ivlen > 0) + switch (cipher_ctx->mode) { + case EVP_CIPH_CBC_MODE: + assert(inl >= ivlen); + if (!EVP_CIPHER_CTX_encrypting(ctx)) { + ivptr = in + inl - ivlen; + memcpy(saved_iv, ivptr, ivlen); + } + break; + + case EVP_CIPH_CTR_MODE: + break; + + default: /* should not happen */ + return 0; } - } #else cryp.flags = COP_FLAG_WRITE_IV; #endif @@ -194,32 +223,113 @@ static int cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } #if !defined(COP_FLAG_WRITE_IV) - if (EVP_CIPHER_CTX_iv_length(ctx) > 0) { - unsigned char *ivptr = saved_iv; + if (ivlen > 0) + switch (cipher_ctx->mode) { + case EVP_CIPH_CBC_MODE: + assert(inl >= ivlen); + if (EVP_CIPHER_CTX_encrypting(ctx)) + ivptr = out + inl - ivlen; + else + ivptr = saved_iv; + + memcpy(iv, ivptr, ivlen); + break; + + case EVP_CIPH_CTR_MODE: + nblocks = (inl + cipher_ctx->blocksize - 1) + / cipher_ctx->blocksize; + do { + ivlen--; + nblocks += iv[ivlen]; + iv[ivlen] = (uint8_t) nblocks; + nblocks >>= 8; + } while (ivlen); + break; + + default: /* should not happen */ + return 0; + } +#endif + + return 1; +} + +static int ctr_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) +{ + struct cipher_ctx *cipher_ctx = + (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); + size_t nblocks, len; - assert(inl >= EVP_CIPHER_CTX_iv_length(ctx)); - if (!EVP_CIPHER_CTX_encrypting(ctx)) - ivptr = out + inl - EVP_CIPHER_CTX_iv_length(ctx); + /* initial partial block */ + while (cipher_ctx->num && inl) { + (*out++) = *(in++) ^ cipher_ctx->partial[cipher_ctx->num]; + --inl; + cipher_ctx->num = (cipher_ctx->num + 1) % cipher_ctx->blocksize; + } - memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), ivptr, - EVP_CIPHER_CTX_iv_length(ctx)); + /* full blocks */ + if (inl > (unsigned int) cipher_ctx->blocksize) { + nblocks = inl/cipher_ctx->blocksize; + len = nblocks * cipher_ctx->blocksize; + if (cipher_do_cipher(ctx, out, in, len) < 1) + return 0; + inl -= len; + out += len; + in += len; + } + + /* final partial block */ + if (inl) { + memset(cipher_ctx->partial, 0, cipher_ctx->blocksize); + if (cipher_do_cipher(ctx, cipher_ctx->partial, cipher_ctx->partial, + cipher_ctx->blocksize) < 1) + return 0; + while (inl--) { + out[cipher_ctx->num] = in[cipher_ctx->num] + ^ cipher_ctx->partial[cipher_ctx->num]; + cipher_ctx->num++; + } } -#endif return 1; } -static int cipher_cleanup(EVP_CIPHER_CTX *ctx) +static int cipher_ctrl(EVP_CIPHER_CTX *ctx, int type, int p1, void* p2) { struct cipher_ctx *cipher_ctx = (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); + EVP_CIPHER_CTX *to_ctx = (EVP_CIPHER_CTX *)p2; + struct cipher_ctx *to_cipher_ctx; + + switch (type) { + case EVP_CTRL_COPY: + if (cipher_ctx == NULL) + return 1; + /* when copying the context, a new session needs to be initialized */ + to_cipher_ctx = + (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(to_ctx); + memset(&to_cipher_ctx->sess, 0, sizeof(to_cipher_ctx->sess)); + return cipher_init(to_ctx, cipher_ctx->sess.key, EVP_CIPHER_CTX_iv(ctx), + (cipher_ctx->op == COP_ENCRYPT)); + + case EVP_CTRL_INIT: + memset(&cipher_ctx->sess, 0, sizeof(cipher_ctx->sess)); + return 1; - if (ioctl(cfd, CIOCFSESSION, &cipher_ctx->sess.ses) < 0) { - SYSerr(SYS_F_IOCTL, errno); - return 0; + default: + break; } - return 1; + return -1; +} + +static int cipher_cleanup(EVP_CIPHER_CTX *ctx) +{ + struct cipher_ctx *cipher_ctx = + (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); + + return clean_devcrypto_session(&cipher_ctx->sess); } /* @@ -235,6 +345,7 @@ static void prepare_cipher_methods(void) { size_t i; struct session_op sess; + unsigned long cipher_mode; memset(&sess, 0, sizeof(sess)); sess.key = (void *)"01234567890123456789012345678901234567890123456789"; @@ -252,18 +363,26 @@ static void prepare_cipher_methods(void) || ioctl(cfd, CIOCFSESSION, &sess.ses) < 0) continue; + cipher_mode = cipher_data[i].flags & EVP_CIPH_MODE; + if ((known_cipher_methods[i] = EVP_CIPHER_meth_new(cipher_data[i].nid, - cipher_data[i].blocksize, + cipher_mode == EVP_CIPH_CTR_MODE ? 1 : + cipher_data[i].blocksize, cipher_data[i].keylen)) == NULL || !EVP_CIPHER_meth_set_iv_length(known_cipher_methods[i], cipher_data[i].ivlen) || !EVP_CIPHER_meth_set_flags(known_cipher_methods[i], cipher_data[i].flags + | EVP_CIPH_CUSTOM_COPY + | EVP_CIPH_CTRL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1) || !EVP_CIPHER_meth_set_init(known_cipher_methods[i], cipher_init) || !EVP_CIPHER_meth_set_do_cipher(known_cipher_methods[i], + cipher_mode == EVP_CIPH_CTR_MODE ? + ctr_do_cipher : cipher_do_cipher) + || !EVP_CIPHER_meth_set_ctrl(known_cipher_methods[i], cipher_ctrl) || !EVP_CIPHER_meth_set_cleanup(known_cipher_methods[i], cipher_cleanup) || !EVP_CIPHER_meth_set_impl_ctx_size(known_cipher_methods[i], @@ -340,34 +459,36 @@ static int devcrypto_ciphers(ENGINE *e, const EVP_CIPHER **cipher, struct digest_ctx { struct session_op sess; - int init; + /* This signals that the init function was called, not that it succeeded. */ + int init_called; }; static const struct digest_data_st { int nid; + int blocksize; int digestlen; int devcryptoid; } digest_data[] = { #ifndef OPENSSL_NO_MD5 - { NID_md5, 16, CRYPTO_MD5 }, + { NID_md5, /* MD5_CBLOCK */ 64, 16, CRYPTO_MD5 }, #endif - { NID_sha1, 20, CRYPTO_SHA1 }, + { NID_sha1, SHA_CBLOCK, 20, CRYPTO_SHA1 }, #ifndef OPENSSL_NO_RMD160 # if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_RIPEMD160) - { NID_ripemd160, 20, CRYPTO_RIPEMD160 }, + { NID_ripemd160, /* RIPEMD160_CBLOCK */ 64, 20, CRYPTO_RIPEMD160 }, # endif #endif #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_224) - { NID_sha224, 224 / 8, CRYPTO_SHA2_224 }, + { NID_sha224, SHA256_CBLOCK, 224 / 8, CRYPTO_SHA2_224 }, #endif #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_256) - { NID_sha256, 256 / 8, CRYPTO_SHA2_256 }, + { NID_sha256, SHA256_CBLOCK, 256 / 8, CRYPTO_SHA2_256 }, #endif #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_384) - { NID_sha384, 384 / 8, CRYPTO_SHA2_384 }, + { NID_sha384, SHA512_CBLOCK, 384 / 8, CRYPTO_SHA2_384 }, #endif #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_512) - { NID_sha512, 512 / 8, CRYPTO_SHA2_512 }, + { NID_sha512, SHA512_CBLOCK, 512 / 8, CRYPTO_SHA2_512 }, #endif }; @@ -405,7 +526,7 @@ static int digest_init(EVP_MD_CTX *ctx) const struct digest_data_st *digest_d = get_digest_data(EVP_MD_CTX_type(ctx)); - digest_ctx->init = 1; + digest_ctx->init_called = 1; memset(&digest_ctx->sess, 0, sizeof(digest_ctx->sess)); digest_ctx->sess.mac = digest_d->devcryptoid; @@ -440,6 +561,9 @@ static int digest_update(EVP_MD_CTX *ctx, const void *data, size_t count) if (count == 0) return 1; + if (digest_ctx == NULL) + return 0; + if (digest_op(digest_ctx, data, count, NULL, COP_FLAG_UPDATE) < 0) { SYSerr(SYS_F_IOCTL, errno); return 0; @@ -453,11 +577,9 @@ static int digest_final(EVP_MD_CTX *ctx, unsigned char *md) struct digest_ctx *digest_ctx = (struct digest_ctx *)EVP_MD_CTX_md_data(ctx); - if (digest_op(digest_ctx, NULL, 0, md, COP_FLAG_FINAL) < 0) { - SYSerr(SYS_F_IOCTL, errno); + if (md == NULL || digest_ctx == NULL) return 0; - } - if (ioctl(cfd, CIOCFSESSION, &digest_ctx->sess.ses) < 0) { + if (digest_op(digest_ctx, NULL, 0, md, COP_FLAG_FINAL) < 0) { SYSerr(SYS_F_IOCTL, errno); return 0; } @@ -473,14 +595,9 @@ static int digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) (struct digest_ctx *)EVP_MD_CTX_md_data(to); struct cphash_op cphash; - if (digest_from == NULL) + if (digest_from == NULL || digest_from->init_called != 1) return 1; - if (digest_from->init != 1) { - SYSerr(SYS_F_IOCTL, EINVAL); - return 0; - } - if (!digest_init(to)) { SYSerr(SYS_F_IOCTL, errno); return 0; @@ -497,7 +614,37 @@ static int digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) static int digest_cleanup(EVP_MD_CTX *ctx) { - return 1; + struct digest_ctx *digest_ctx = + (struct digest_ctx *)EVP_MD_CTX_md_data(ctx); + + if (digest_ctx == NULL) + return 1; + + return clean_devcrypto_session(&digest_ctx->sess); +} + +static int devcrypto_test_digest(size_t digest_data_index) +{ + struct session_op sess1, sess2; + struct cphash_op cphash; + int ret=0; + + memset(&sess1, 0, sizeof(sess1)); + memset(&sess2, 0, sizeof(sess2)); + sess1.mac = digest_data[digest_data_index].devcryptoid; + if (ioctl(cfd, CIOCGSESSION, &sess1) < 0) + return 0; + /* Make sure the driver is capable of hash state copy */ + sess2.mac = sess1.mac; + if (ioctl(cfd, CIOCGSESSION, &sess2) >= 0) { + cphash.src_ses = sess1.ses; + cphash.dst_ses = sess2.ses; + if (ioctl(cfd, CIOCCPHASH, &cphash) >= 0) + ret = 1; + ioctl(cfd, CIOCFSESSION, &sess2.ses); + } + ioctl(cfd, CIOCFSESSION, &sess1.ses); + return ret; } /* @@ -512,24 +659,20 @@ static EVP_MD *known_digest_methods[OSSL_NELEM(digest_data)] = { NULL, }; static void prepare_digest_methods(void) { size_t i; - struct session_op sess; - - memset(&sess, 0, sizeof(sess)); for (i = 0, known_digest_nids_amount = 0; i < OSSL_NELEM(digest_data); i++) { /* - * Check that the algo is really availably by trying to open and close - * a session. + * Check that the algo is usable */ - sess.mac = digest_data[i].devcryptoid; - if (ioctl(cfd, CIOCGSESSION, &sess) < 0 - || ioctl(cfd, CIOCFSESSION, &sess.ses) < 0) + if (!devcrypto_test_digest(i)) continue; if ((known_digest_methods[i] = EVP_MD_meth_new(digest_data[i].nid, NID_undef)) == NULL + || !EVP_MD_meth_set_input_blocksize(known_digest_methods[i], + digest_data[i].blocksize) || !EVP_MD_meth_set_result_size(known_digest_methods[i], digest_data[i].digestlen) || !EVP_MD_meth_set_init(known_digest_methods[i], digest_init) @@ -620,15 +763,10 @@ void engine_load_devcrypto_int() #ifndef ENGINE_DEVCRYPTO_DEBUG if (errno != ENOENT) #endif - fprintf(stderr, "Could not open /dev/crypto: %s\n", strerror(errno)); + fprintf(stderr, "Could not open /dev/crypto: %s\n", strerror(errno)); return; } - prepare_cipher_methods(); -#ifdef IMPLEMENT_DIGEST - prepare_digest_methods(); -#endif - if ((e = ENGINE_new()) == NULL || !ENGINE_set_destroy_function(e, devcrypto_unload)) { ENGINE_free(e); @@ -641,6 +779,11 @@ void engine_load_devcrypto_int() return; } + prepare_cipher_methods(); +#ifdef IMPLEMENT_DIGEST + prepare_digest_methods(); +#endif + if (!ENGINE_set_id(e, "devcrypto") || !ENGINE_set_name(e, "/dev/crypto engine") diff --git a/crypto/openssl/crypto/engine/eng_lib.c b/crypto/openssl/crypto/engine/eng_lib.c index 3ef3aae28a21..d7f2026fac54 100644 --- a/crypto/openssl/crypto/engine/eng_lib.c +++ b/crypto/openssl/crypto/engine/eng_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -124,7 +124,7 @@ static int int_cleanup_check(int create) static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb) { ENGINE_CLEANUP_ITEM *item; - + if ((item = OPENSSL_malloc(sizeof(*item))) == NULL) { ENGINEerr(ENGINE_F_INT_CLEANUP_ITEM, ERR_R_MALLOC_FAILURE); return NULL; diff --git a/crypto/openssl/crypto/err/err.c b/crypto/openssl/crypto/err/err.c index 03cbd738e193..c737b2a9c3e6 100644 --- a/crypto/openssl/crypto/err/err.c +++ b/crypto/openssl/crypto/err/err.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -19,6 +19,9 @@ #include <openssl/bio.h> #include <openssl/opensslconf.h> #include "internal/thread_once.h" +#include "internal/ctype.h" +#include "internal/constant_time_locl.h" +#include "e_os.h" static int err_load_strings(const ERR_STRING_DATA *str); @@ -181,8 +184,9 @@ static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d) } #ifndef OPENSSL_NO_ERR +/* A measurement on Linux 2018-11-21 showed about 3.5kib */ +# define SPACE_SYS_STR_REASONS 4 * 1024 # define NUM_SYS_STR_REASONS 127 -# define LEN_SYS_STR_REASON 32 static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1]; /* @@ -198,9 +202,12 @@ static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1]; static void build_SYS_str_reasons(void) { /* OPENSSL_malloc cannot be used here, use static storage instead */ - static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON]; + static char strerror_pool[SPACE_SYS_STR_REASONS]; + char *cur = strerror_pool; + size_t cnt = 0; static int init = 1; int i; + int saveerrno = get_last_sys_error(); CRYPTO_THREAD_write_lock(err_string_lock); if (!init) { @@ -213,9 +220,26 @@ static void build_SYS_str_reasons(void) str->error = ERR_PACK(ERR_LIB_SYS, 0, i); if (str->string == NULL) { - char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]); - if (openssl_strerror_r(i, *dest, sizeof(*dest))) - str->string = *dest; + if (openssl_strerror_r(i, cur, sizeof(strerror_pool) - cnt)) { + size_t l = strlen(cur); + + str->string = cur; + cnt += l; + if (cnt > sizeof(strerror_pool)) + cnt = sizeof(strerror_pool); + cur += l; + + /* + * VMS has an unusual quirk of adding spaces at the end of + * some (most? all?) messages. Lets trim them off. + */ + while (ossl_isspace(cur[-1])) { + cur--; + cnt--; + } + *cur++ = '\0'; + cnt++; + } } if (str->string == NULL) str->string = "unknown"; @@ -229,6 +253,8 @@ static void build_SYS_str_reasons(void) init = 0; CRYPTO_THREAD_unlock(err_string_lock); + /* openssl_strerror_r could change errno, but we want to preserve it */ + set_sys_error(saveerrno); err_load_strings(SYS_str_reasons); } #endif @@ -671,6 +697,7 @@ DEFINE_RUN_ONCE_STATIC(err_do_init) ERR_STATE *ERR_get_state(void) { ERR_STATE *state; + int saveerrno = get_last_sys_error(); if (!OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL)) return NULL; @@ -702,6 +729,7 @@ ERR_STATE *ERR_get_state(void) OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); } + set_sys_error(saveerrno); return state; } @@ -711,6 +739,20 @@ ERR_STATE *ERR_get_state(void) */ int err_shelve_state(void **state) { + int saveerrno = get_last_sys_error(); + + /* + * Note, at present our only caller is OPENSSL_init_crypto(), indirectly + * via ossl_init_load_crypto_nodelete(), by which point the requested + * "base" initialization has already been performed, so the below call is a + * NOOP, that re-enters OPENSSL_init_crypto() only to quickly return. + * + * If are no other valid callers of this function, the call below can be + * removed, avoiding the re-entry into OPENSSL_init_crypto(). If there are + * potential uses that are not from inside OPENSSL_init_crypto(), then this + * call is needed, but some care is required to make sure that the re-entry + * remains a NOOP. + */ if (!OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL)) return 0; @@ -721,6 +763,7 @@ int err_shelve_state(void **state) if (!CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE*)-1)) return 0; + set_sys_error(saveerrno); return 1; } @@ -747,20 +790,31 @@ int ERR_get_next_error_library(void) return ret; } -void ERR_set_error_data(char *data, int flags) +static int err_set_error_data_int(char *data, int flags) { ERR_STATE *es; int i; es = ERR_get_state(); if (es == NULL) - return; + return 0; i = es->top; err_clear_data(es, i); es->err_data[i] = data; es->err_data_flags[i] = flags; + + return 1; +} + +void ERR_set_error_data(char *data, int flags) +{ + /* + * This function is void so we cannot propagate the error return. Since it + * is also in the public API we can't change the return type. + */ + err_set_error_data_int(data, flags); } void ERR_add_error_data(int num, ...) @@ -800,7 +854,8 @@ void ERR_add_error_vdata(int num, va_list args) } OPENSSL_strlcat(str, a, (size_t)s + 1); } - ERR_set_error_data(str, ERR_TXT_MALLOCED | ERR_TXT_STRING); + if (!err_set_error_data_int(str, ERR_TXT_MALLOCED | ERR_TXT_STRING)) + OPENSSL_free(str); } int ERR_set_mark(void) @@ -857,3 +912,42 @@ int ERR_clear_last_mark(void) es->err_flags[top] &= ~ERR_FLAG_MARK; return 1; } + +#ifdef UINTPTR_T +# undef UINTPTR_T +#endif +/* + * uintptr_t is the answer, but unfortunately C89, current "least common + * denominator" doesn't define it. Most legacy platforms typedef it anyway, + * so that attempt to fill the gaps means that one would have to identify + * that track these gaps, which would be undesirable. Macro it is... + */ +#if defined(__VMS) && __INITIAL_POINTER_SIZE==64 +/* + * But we can't use size_t on VMS, because it adheres to sizeof(size_t)==4 + * even in 64-bit builds, which means that it won't work as mask. + */ +# define UINTPTR_T unsigned long long +#else +# define UINTPTR_T size_t +#endif + +void err_clear_last_constant_time(int clear) +{ + ERR_STATE *es; + int top; + + es = ERR_get_state(); + if (es == NULL) + return; + + top = es->top; + + es->err_flags[top] &= ~(0 - clear); + es->err_buffer[top] &= ~(0UL - clear); + es->err_file[top] = (const char *)((UINTPTR_T)es->err_file[top] & + ~((UINTPTR_T)0 - clear)); + es->err_line[top] |= 0 - clear; + + es->top = (top + ERR_NUM_ERRORS - clear) % ERR_NUM_ERRORS; +} diff --git a/crypto/openssl/crypto/err/openssl.txt b/crypto/openssl/crypto/err/openssl.txt index 5003d8735a4d..feff1dccded7 100644 --- a/crypto/openssl/crypto/err/openssl.txt +++ b/crypto/openssl/crypto/err/openssl.txt @@ -1,4 +1,4 @@ -# Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -519,6 +519,7 @@ EC_F_ECX_PUB_ENCODE:268:ecx_pub_encode EC_F_EC_ASN1_GROUP2CURVE:153:ec_asn1_group2curve EC_F_EC_ASN1_GROUP2FIELDID:154:ec_asn1_group2fieldid EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY:208:ec_GF2m_montgomery_point_multiply +EC_F_EC_GF2M_SIMPLE_FIELD_INV:296:ec_GF2m_simple_field_inv EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT:159:\ ec_GF2m_simple_group_check_discriminant EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE:195:ec_GF2m_simple_group_set_curve @@ -535,6 +536,7 @@ EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES:164:\ ec_GF2m_simple_set_compressed_coordinates EC_F_EC_GFP_MONT_FIELD_DECODE:133:ec_GFp_mont_field_decode EC_F_EC_GFP_MONT_FIELD_ENCODE:134:ec_GFp_mont_field_encode +EC_F_EC_GFP_MONT_FIELD_INV:297:ec_GFp_mont_field_inv EC_F_EC_GFP_MONT_FIELD_MUL:131:ec_GFp_mont_field_mul EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE:209:ec_GFp_mont_field_set_to_one EC_F_EC_GFP_MONT_FIELD_SQR:132:ec_GFp_mont_field_sqr @@ -555,6 +557,7 @@ EC_F_EC_GFP_NIST_FIELD_MUL:200:ec_GFp_nist_field_mul EC_F_EC_GFP_NIST_FIELD_SQR:201:ec_GFp_nist_field_sqr EC_F_EC_GFP_NIST_GROUP_SET_CURVE:202:ec_GFp_nist_group_set_curve EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES:287:ec_GFp_simple_blind_coordinates +EC_F_EC_GFP_SIMPLE_FIELD_INV:298:ec_GFp_simple_field_inv EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT:165:\ ec_GFp_simple_group_check_discriminant EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE:166:ec_GFp_simple_group_set_curve @@ -737,6 +740,7 @@ EVP_F_EVP_DECRYPTFINAL_EX:101:EVP_DecryptFinal_ex EVP_F_EVP_DECRYPTUPDATE:166:EVP_DecryptUpdate EVP_F_EVP_DIGESTFINALXOF:174:EVP_DigestFinalXOF EVP_F_EVP_DIGESTINIT_EX:128:EVP_DigestInit_ex +EVP_F_EVP_ENCRYPTDECRYPTUPDATE:219:evp_EncryptDecryptUpdate EVP_F_EVP_ENCRYPTFINAL_EX:127:EVP_EncryptFinal_ex EVP_F_EVP_ENCRYPTUPDATE:167:EVP_EncryptUpdate EVP_F_EVP_MD_CTX_COPY_EX:110:EVP_MD_CTX_copy_ex @@ -2115,6 +2119,7 @@ EC_R_ASN1_ERROR:115:asn1 error EC_R_BAD_SIGNATURE:156:bad signature EC_R_BIGNUM_OUT_OF_RANGE:144:bignum out of range EC_R_BUFFER_TOO_SMALL:100:buffer too small +EC_R_CANNOT_INVERT:165:cannot invert EC_R_COORDINATES_OUT_OF_RANGE:146:coordinates out of range EC_R_CURVE_DOES_NOT_SUPPORT_ECDH:160:curve does not support ecdh EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING:159:curve does not support signing @@ -2722,6 +2727,8 @@ SSL_R_MISSING_SRP_PARAM:358:can't find SRP server param SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION:209:missing supported groups extension SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key SSL_R_MISSING_TMP_ECDH_KEY:311:missing tmp ecdh key +SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA:293:\ + mixed handshake and non handshake data SSL_R_NOT_ON_RECORD_BOUNDARY:182:not on record boundary SSL_R_NOT_REPLACING_CERTIFICATE:289:not replacing certificate SSL_R_NOT_SERVER:284:not server diff --git a/crypto/openssl/crypto/evp/evp_enc.c b/crypto/openssl/crypto/evp/evp_enc.c index 38633410cd1a..05dd791b6cb0 100644 --- a/crypto/openssl/crypto/evp/evp_enc.c +++ b/crypto/openssl/crypto/evp/evp_enc.c @@ -294,8 +294,9 @@ int is_partially_overlapping(const void *ptr1, const void *ptr2, int len) return overlapped; } -int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl) +static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx, + unsigned char *out, int *outl, + const unsigned char *in, int inl) { int i, j, bl, cmpl = inl; @@ -307,7 +308,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { /* If block size > 1 then the cipher will have to do this check */ if (bl == 1 && is_partially_overlapping(out, in, cmpl)) { - EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); + EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); return 0; } @@ -324,7 +325,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, return inl == 0; } if (is_partially_overlapping(out + ctx->buf_len, in, cmpl)) { - EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); + EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); return 0; } @@ -371,6 +372,19 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, return 1; } + +int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl) +{ + /* Prevent accidental use of decryption context when encrypting */ + if (!ctx->encrypt) { + EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_INVALID_OPERATION); + return 0; + } + + return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl); +} + int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { int ret; @@ -383,6 +397,12 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int n, ret; unsigned int i, b, bl; + /* Prevent accidental use of decryption context when encrypting */ + if (!ctx->encrypt) { + EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX, EVP_R_INVALID_OPERATION); + return 0; + } + if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { ret = ctx->cipher->do_cipher(ctx, out, NULL, 0); if (ret < 0) @@ -426,6 +446,12 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, int fix_len, cmpl = inl; unsigned int b; + /* Prevent accidental use of encryption context when decrypting */ + if (ctx->encrypt) { + EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_INVALID_OPERATION); + return 0; + } + b = ctx->cipher->block_size; if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) @@ -452,7 +478,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, } if (ctx->flags & EVP_CIPH_NO_PADDING) - return EVP_EncryptUpdate(ctx, out, outl, in, inl); + return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl); OPENSSL_assert(b <= sizeof(ctx->final)); @@ -469,7 +495,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, } else fix_len = 0; - if (!EVP_EncryptUpdate(ctx, out, outl, in, inl)) + if (!evp_EncryptDecryptUpdate(ctx, out, outl, in, inl)) return 0; /* @@ -500,6 +526,13 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { int i, n; unsigned int b; + + /* Prevent accidental use of encryption context when decrypting */ + if (ctx->encrypt) { + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_INVALID_OPERATION); + return 0; + } + *outl = 0; if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { diff --git a/crypto/openssl/crypto/evp/evp_err.c b/crypto/openssl/crypto/evp/evp_err.c index 3e14a7b50949..60df27cbc20a 100644 --- a/crypto/openssl/crypto/evp/evp_err.c +++ b/crypto/openssl/crypto/evp/evp_err.c @@ -50,6 +50,8 @@ static const ERR_STRING_DATA EVP_str_functs[] = { {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTUPDATE, 0), "EVP_DecryptUpdate"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DIGESTFINALXOF, 0), "EVP_DigestFinalXOF"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DIGESTINIT_EX, 0), "EVP_DigestInit_ex"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTDECRYPTUPDATE, 0), + "evp_EncryptDecryptUpdate"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTFINAL_EX, 0), "EVP_EncryptFinal_ex"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTUPDATE, 0), "EVP_EncryptUpdate"}, diff --git a/crypto/openssl/crypto/evp/p_lib.c b/crypto/openssl/crypto/evp/p_lib.c index 9429be97e3f9..148df90f84b1 100644 --- a/crypto/openssl/crypto/evp/p_lib.c +++ b/crypto/openssl/crypto/evp/p_lib.c @@ -42,7 +42,7 @@ int EVP_PKEY_security_bits(const EVP_PKEY *pkey) return pkey->ameth->pkey_security_bits(pkey); } -int EVP_PKEY_size(EVP_PKEY *pkey) +int EVP_PKEY_size(const EVP_PKEY *pkey) { if (pkey && pkey->ameth && pkey->ameth->pkey_size) return pkey->ameth->pkey_size(pkey); diff --git a/crypto/openssl/crypto/include/internal/bn_int.h b/crypto/openssl/crypto/include/internal/bn_int.h index cffe5cfc1650..30be7efe14d8 100644 --- a/crypto/openssl/crypto/include/internal/bn_int.h +++ b/crypto/openssl/crypto/include/internal/bn_int.h @@ -65,7 +65,10 @@ int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words); * is customarily arranged by bn_correct_top. Output from below functions * is not processed with bn_correct_top, and for this reason it may not be * returned out of public API. It may only be passed internally into other - * functions known to support non-minimal or zero-padded BIGNUMs. + * functions known to support non-minimal or zero-padded BIGNUMs. Even + * though the goal is to facilitate constant-time-ness, not each subroutine + * is constant-time by itself. They all have pre-conditions, consult source + * code... */ int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_MONT_CTX *mont, BN_CTX *ctx); @@ -79,5 +82,9 @@ int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m); int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); +int bn_lshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n); +int bn_rshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n); +int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, + const BIGNUM *d, BN_CTX *ctx); #endif diff --git a/crypto/openssl/crypto/init.c b/crypto/openssl/crypto/init.c index 209d1a483dae..b9a7334a7ed7 100644 --- a/crypto/openssl/crypto/init.c +++ b/crypto/openssl/crypto/init.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -100,10 +100,6 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_base) return 0; if ((init_lock = CRYPTO_THREAD_lock_new()) == NULL) goto err; -#ifndef OPENSSL_SYS_UEFI - if (atexit(OPENSSL_cleanup) != 0) - goto err; -#endif OPENSSL_cpuid_setup(); destructor_key.value = key; @@ -121,13 +117,53 @@ err: return 0; } +static CRYPTO_ONCE register_atexit = CRYPTO_ONCE_STATIC_INIT; +#if !defined(OPENSSL_SYS_UEFI) && defined(_WIN32) +static int win32atexit(void) +{ + OPENSSL_cleanup(); + return 0; +} +#endif + +DEFINE_RUN_ONCE_STATIC(ossl_init_register_atexit) +{ +#ifdef OPENSSL_INIT_DEBUG + fprintf(stderr, "OPENSSL_INIT: ossl_init_register_atexit()\n"); +#endif +#ifndef OPENSSL_SYS_UEFI +# ifdef _WIN32 + /* We use _onexit() in preference because it gets called on DLL unload */ + if (_onexit(win32atexit) == NULL) + return 0; +# else + if (atexit(OPENSSL_cleanup) != 0) + return 0; +# endif +#endif + + return 1; +} + +DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_register_atexit, + ossl_init_register_atexit) +{ +#ifdef OPENSSL_INIT_DEBUG + fprintf(stderr, "OPENSSL_INIT: ossl_init_no_register_atexit ok!\n"); +#endif + /* Do nothing in this case */ + return 1; +} + static CRYPTO_ONCE load_crypto_nodelete = CRYPTO_ONCE_STATIC_INIT; DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete) { #ifdef OPENSSL_INIT_DEBUG fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_nodelete()\n"); #endif -#if !defined(OPENSSL_NO_DSO) && !defined(OPENSSL_USE_NODELETE) +#if !defined(OPENSSL_NO_DSO) \ + && !defined(OPENSSL_USE_NODELETE) \ + && !defined(OPENSSL_NO_PINSHARED) # ifdef DSO_WIN32 { HMODULE handle = NULL; @@ -177,12 +213,6 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete) static CRYPTO_ONCE load_crypto_strings = CRYPTO_ONCE_STATIC_INIT; static int load_crypto_strings_inited = 0; -DEFINE_RUN_ONCE_STATIC(ossl_init_no_load_crypto_strings) -{ - /* Do nothing in this case */ - return 1; -} - DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings) { int ret = 1; @@ -201,6 +231,13 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings) return ret; } +DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_crypto_strings, + ossl_init_load_crypto_strings) +{ + /* Do nothing in this case */ + return 1; +} + static CRYPTO_ONCE add_all_ciphers = CRYPTO_ONCE_STATIC_INIT; DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers) { @@ -218,6 +255,13 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers) return 1; } +DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_ciphers, + ossl_init_add_all_ciphers) +{ + /* Do nothing */ + return 1; +} + static CRYPTO_ONCE add_all_digests = CRYPTO_ONCE_STATIC_INIT; DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_digests) { @@ -235,7 +279,8 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_digests) return 1; } -DEFINE_RUN_ONCE_STATIC(ossl_init_no_add_algs) +DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_digests, + ossl_init_add_all_digests) { /* Do nothing */ return 1; @@ -243,19 +288,14 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_no_add_algs) static CRYPTO_ONCE config = CRYPTO_ONCE_STATIC_INIT; static int config_inited = 0; -static const char *appname; +static const OPENSSL_INIT_SETTINGS *conf_settings = NULL; DEFINE_RUN_ONCE_STATIC(ossl_init_config) { -#ifdef OPENSSL_INIT_DEBUG - fprintf(stderr, - "OPENSSL_INIT: ossl_init_config: openssl_config(%s)\n", - appname == NULL ? "NULL" : appname); -#endif - openssl_config_int(appname); + int ret = openssl_config_int(conf_settings); config_inited = 1; - return 1; + return ret; } -DEFINE_RUN_ONCE_STATIC(ossl_init_no_config) +DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_config, ossl_init_config) { #ifdef OPENSSL_INIT_DEBUG fprintf(stderr, @@ -586,17 +626,43 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) return 0; } + /* + * When the caller specifies OPENSSL_INIT_BASE_ONLY, that should be the + * *only* option specified. With that option we return immediately after + * doing the requested limited initialization. Note that + * err_shelve_state() called by us via ossl_init_load_crypto_nodelete() + * re-enters OPENSSL_init_crypto() with OPENSSL_INIT_BASE_ONLY, but with + * base already initialized this is a harmless NOOP. + * + * If we remain the only caller of err_shelve_state() the recursion should + * perhaps be removed, but if in doubt, it can be left in place. + */ if (!RUN_ONCE(&base, ossl_init_base)) return 0; + if (opts & OPENSSL_INIT_BASE_ONLY) + return 1; + + /* + * Now we don't always set up exit handlers, the INIT_BASE_ONLY calls + * should not have the side-effect of setting up exit handlers, and + * therefore, this code block is below the INIT_BASE_ONLY-conditioned early + * return above. + */ + if ((opts & OPENSSL_INIT_NO_ATEXIT) != 0) { + if (!RUN_ONCE_ALT(®ister_atexit, ossl_init_no_register_atexit, + ossl_init_register_atexit)) + return 0; + } else if (!RUN_ONCE(®ister_atexit, ossl_init_register_atexit)) { + return 0; + } - if (!(opts & OPENSSL_INIT_BASE_ONLY) - && !RUN_ONCE(&load_crypto_nodelete, - ossl_init_load_crypto_nodelete)) + if (!RUN_ONCE(&load_crypto_nodelete, ossl_init_load_crypto_nodelete)) return 0; if ((opts & OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS) - && !RUN_ONCE(&load_crypto_strings, - ossl_init_no_load_crypto_strings)) + && !RUN_ONCE_ALT(&load_crypto_strings, + ossl_init_no_load_crypto_strings, + ossl_init_load_crypto_strings)) return 0; if ((opts & OPENSSL_INIT_LOAD_CRYPTO_STRINGS) @@ -604,7 +670,8 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) return 0; if ((opts & OPENSSL_INIT_NO_ADD_ALL_CIPHERS) - && !RUN_ONCE(&add_all_ciphers, ossl_init_no_add_algs)) + && !RUN_ONCE_ALT(&add_all_ciphers, ossl_init_no_add_all_ciphers, + ossl_init_add_all_ciphers)) return 0; if ((opts & OPENSSL_INIT_ADD_ALL_CIPHERS) @@ -612,7 +679,8 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) return 0; if ((opts & OPENSSL_INIT_NO_ADD_ALL_DIGESTS) - && !RUN_ONCE(&add_all_digests, ossl_init_no_add_algs)) + && !RUN_ONCE_ALT(&add_all_digests, ossl_init_no_add_all_digests, + ossl_init_add_all_digests)) return 0; if ((opts & OPENSSL_INIT_ADD_ALL_DIGESTS) @@ -624,14 +692,15 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) return 0; if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG) - && !RUN_ONCE(&config, ossl_init_no_config)) + && !RUN_ONCE_ALT(&config, ossl_init_no_config, ossl_init_config)) return 0; if (opts & OPENSSL_INIT_LOAD_CONFIG) { int ret; CRYPTO_THREAD_write_lock(init_lock); - appname = (settings == NULL) ? NULL : settings->appname; + conf_settings = settings; ret = RUN_ONCE(&config, ossl_init_config); + conf_settings = NULL; CRYPTO_THREAD_unlock(init_lock); if (!ret) return 0; @@ -695,7 +764,9 @@ int OPENSSL_atexit(void (*handler)(void)) { OPENSSL_INIT_STOP *newhand; -#if !defined(OPENSSL_NO_DSO) && !defined(OPENSSL_USE_NODELETE) +#if !defined(OPENSSL_NO_DSO) \ + && !defined(OPENSSL_USE_NODELETE)\ + && !defined(OPENSSL_NO_PINSHARED) { union { void *sym; diff --git a/crypto/openssl/crypto/modes/asm/ghash-x86_64.pl b/crypto/openssl/crypto/modes/asm/ghash-x86_64.pl index afc30c3e72a4..30158aa076da 100755 --- a/crypto/openssl/crypto/modes/asm/ghash-x86_64.pl +++ b/crypto/openssl/crypto/modes/asm/ghash-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -529,6 +529,7 @@ $code.=<<___; .type gcm_init_clmul,\@abi-omnipotent .align 16 gcm_init_clmul: +.cfi_startproc .L_init_clmul: ___ $code.=<<___ if ($win64); @@ -598,6 +599,7 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .size gcm_init_clmul,.-gcm_init_clmul ___ } @@ -609,6 +611,7 @@ $code.=<<___; .type gcm_gmult_clmul,\@abi-omnipotent .align 16 gcm_gmult_clmul: +.cfi_startproc .L_gmult_clmul: movdqu ($Xip),$Xi movdqa .Lbswap_mask(%rip),$T3 @@ -645,6 +648,7 @@ $code.=<<___; pshufb $T3,$Xi movdqu $Xi,($Xip) ret +.cfi_endproc .size gcm_gmult_clmul,.-gcm_gmult_clmul ___ } @@ -658,6 +662,7 @@ $code.=<<___; .type gcm_ghash_clmul,\@abi-omnipotent .align 32 gcm_ghash_clmul: +.cfi_startproc .L_ghash_clmul: ___ $code.=<<___ if ($win64); @@ -1005,6 +1010,7 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .size gcm_ghash_clmul,.-gcm_ghash_clmul ___ } @@ -1014,6 +1020,7 @@ $code.=<<___; .type gcm_init_avx,\@abi-omnipotent .align 32 gcm_init_avx: +.cfi_startproc ___ if ($avx) { my ($Htbl,$Xip)=@_4args; @@ -1142,6 +1149,7 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .size gcm_init_avx,.-gcm_init_avx ___ } else { @@ -1156,7 +1164,9 @@ $code.=<<___; .type gcm_gmult_avx,\@abi-omnipotent .align 32 gcm_gmult_avx: +.cfi_startproc jmp .L_gmult_clmul +.cfi_endproc .size gcm_gmult_avx,.-gcm_gmult_avx ___ @@ -1165,6 +1175,7 @@ $code.=<<___; .type gcm_ghash_avx,\@abi-omnipotent .align 32 gcm_ghash_avx: +.cfi_startproc ___ if ($avx) { my ($Xip,$Htbl,$inp,$len)=@_4args; @@ -1577,6 +1588,7 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .size gcm_ghash_avx,.-gcm_ghash_avx ___ } else { diff --git a/crypto/openssl/crypto/objects/obj_dat.h b/crypto/openssl/crypto/objects/obj_dat.h index e931f7f516ca..9ab1a14b9e32 100644 --- a/crypto/openssl/crypto/objects/obj_dat.h +++ b/crypto/openssl/crypto/objects/obj_dat.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/objects/obj_dat.pl * - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at diff --git a/crypto/openssl/crypto/objects/obj_dat.pl b/crypto/openssl/crypto/objects/obj_dat.pl index e80900d09d26..e5d38147eccf 100644 --- a/crypto/openssl/crypto/objects/obj_dat.pl +++ b/crypto/openssl/crypto/objects/obj_dat.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/crypto/objects/obj_xref.h b/crypto/openssl/crypto/objects/obj_xref.h index 9606e57d6191..9144d569dcd0 100644 --- a/crypto/openssl/crypto/objects/obj_xref.h +++ b/crypto/openssl/crypto/objects/obj_xref.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by objxref.pl * - * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/crypto/objects/objects.pl b/crypto/openssl/crypto/objects/objects.pl index 8f9b67f95991..d7d1962c9999 100644 --- a/crypto/openssl/crypto/objects/objects.pl +++ b/crypto/openssl/crypto/objects/objects.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/crypto/objects/objxref.pl b/crypto/openssl/crypto/objects/objxref.pl index 0ec63f067e3c..ce76cadae31c 100755 --- a/crypto/openssl/crypto/objects/objxref.pl +++ b/crypto/openssl/crypto/objects/objxref.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/crypto/pem/pem_info.c b/crypto/openssl/crypto/pem/pem_info.c index a45fe83001b3..f90cb4465096 100644 --- a/crypto/openssl/crypto/pem/pem_info.c +++ b/crypto/openssl/crypto/pem/pem_info.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -297,7 +297,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, goto err; } - /* Create the right magic header stuff */ + /* Create the right magic header stuff */ buf[0] = '\0'; PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc), diff --git a/crypto/openssl/crypto/perlasm/x86_64-xlate.pl b/crypto/openssl/crypto/perlasm/x86_64-xlate.pl index f8380f2e9cfa..29a0eacfd532 100755 --- a/crypto/openssl/crypto/perlasm/x86_64-xlate.pl +++ b/crypto/openssl/crypto/perlasm/x86_64-xlate.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -541,6 +541,7 @@ my %globals; ); my ($cfa_reg, $cfa_rsp); + my @cfa_stack; # [us]leb128 format is variable-length integer representation base # 2^128, with most significant bit of each byte being 0 denoting @@ -648,7 +649,13 @@ my %globals; # why it starts with -8. Recall that CFA is top of caller's # stack... /startproc/ && do { ($cfa_reg, $cfa_rsp) = ("%rsp", -8); last; }; - /endproc/ && do { ($cfa_reg, $cfa_rsp) = ("%rsp", 0); last; }; + /endproc/ && do { ($cfa_reg, $cfa_rsp) = ("%rsp", 0); + # .cfi_remember_state directives that are not + # matched with .cfi_restore_state are + # unnecessary. + die "unpaired .cfi_remember_state" if (@cfa_stack); + last; + }; /def_cfa_register/ && do { $cfa_reg = $$line; last; }; /def_cfa_offset/ @@ -688,6 +695,14 @@ my %globals; cfa_expression($$line))); last; }; + /remember_state/ + && do { push @cfa_stack, [$cfa_reg, $cfa_rsp]; + last; + }; + /restore_state/ + && do { ($cfa_reg, $cfa_rsp) = @{pop @cfa_stack}; + last; + }; } $self->{value} = ".cfi_$dir\t$$line" if ($dir); diff --git a/crypto/openssl/crypto/poly1305/asm/poly1305-armv8.pl b/crypto/openssl/crypto/poly1305/asm/poly1305-armv8.pl index ac06457b6530..6c6c9bb05be0 100755 --- a/crypto/openssl/crypto/poly1305/asm/poly1305-armv8.pl +++ b/crypto/openssl/crypto/poly1305/asm/poly1305-armv8.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -291,6 +291,7 @@ poly1305_blocks_neon: cbz $is_base2_26,poly1305_blocks .Lblocks_neon: + .inst 0xd503233f // paciasp stp x29,x30,[sp,#-80]! add x29,sp,#0 @@ -859,6 +860,7 @@ poly1305_blocks_neon: st1 {$ACC4}[0],[$ctx] .Lno_data_neon: + .inst 0xd50323bf // autiasp ldr x29,[sp],#80 ret .size poly1305_blocks_neon,.-poly1305_blocks_neon diff --git a/crypto/openssl/crypto/ppc_arch.h b/crypto/openssl/crypto/ppc_arch.h index 65cf96fc1fe8..72bd7468745c 100644 --- a/crypto/openssl/crypto/ppc_arch.h +++ b/crypto/openssl/crypto/ppc_arch.h @@ -1,5 +1,5 @@ /* - * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,5 +22,7 @@ extern unsigned int OPENSSL_ppccap_P; # define PPC_CRYPTO207 (1<<2) # define PPC_FPU (1<<3) # define PPC_MADD300 (1<<4) +# define PPC_MFTB (1<<5) +# define PPC_MFSPR268 (1<<6) #endif diff --git a/crypto/openssl/crypto/ppccap.c b/crypto/openssl/crypto/ppccap.c index 8b7d765c3aa2..afb9e31b0028 100644 --- a/crypto/openssl/crypto/ppccap.c +++ b/crypto/openssl/crypto/ppccap.c @@ -1,5 +1,5 @@ /* - * Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -168,16 +168,50 @@ void OPENSSL_altivec_probe(void); void OPENSSL_crypto207_probe(void); void OPENSSL_madd300_probe(void); -/* - * Use a weak reference to getauxval() so we can use it if it is available - * but don't break the build if it is not. Note that this is *link-time* - * feature detection, not *run-time*. In other words if we link with - * symbol present, it's expected to be present even at run-time. - */ -#if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) -extern unsigned long getauxval(unsigned long type) __attribute__ ((weak)); -#else -static unsigned long (*getauxval) (unsigned long) = NULL; +long OPENSSL_rdtsc_mftb(void); +long OPENSSL_rdtsc_mfspr268(void); + +uint32_t OPENSSL_rdtsc(void) +{ + if (OPENSSL_ppccap_P & PPC_MFTB) + return OPENSSL_rdtsc_mftb(); + else if (OPENSSL_ppccap_P & PPC_MFSPR268) + return OPENSSL_rdtsc_mfspr268(); + else + return 0; +} + +size_t OPENSSL_instrument_bus_mftb(unsigned int *, size_t); +size_t OPENSSL_instrument_bus_mfspr268(unsigned int *, size_t); + +size_t OPENSSL_instrument_bus(unsigned int *out, size_t cnt) +{ + if (OPENSSL_ppccap_P & PPC_MFTB) + return OPENSSL_instrument_bus_mftb(out, cnt); + else if (OPENSSL_ppccap_P & PPC_MFSPR268) + return OPENSSL_instrument_bus_mfspr268(out, cnt); + else + return 0; +} + +size_t OPENSSL_instrument_bus2_mftb(unsigned int *, size_t, size_t); +size_t OPENSSL_instrument_bus2_mfspr268(unsigned int *, size_t, size_t); + +size_t OPENSSL_instrument_bus2(unsigned int *out, size_t cnt, size_t max) +{ + if (OPENSSL_ppccap_P & PPC_MFTB) + return OPENSSL_instrument_bus2_mftb(out, cnt, max); + else if (OPENSSL_ppccap_P & PPC_MFSPR268) + return OPENSSL_instrument_bus2_mfspr268(out, cnt, max); + else + return 0; +} + +#if defined(__GLIBC__) && defined(__GLIBC_PREREQ) +# if __GLIBC_PREREQ(2, 16) +# include <sys/auxv.h> +# define OSSL_IMPLEMENT_GETAUXVAL +# endif #endif /* I wish <sys/auxv.h> was universally available */ @@ -277,7 +311,8 @@ void OPENSSL_cpuid_setup(void) } #endif - if (getauxval != NULL) { +#ifdef OSSL_IMPLEMENT_GETAUXVAL + { unsigned long hwcap = getauxval(HWCAP); if (hwcap & HWCAP_FPU) { @@ -304,9 +339,8 @@ void OPENSSL_cpuid_setup(void) if (hwcap & HWCAP_ARCH_3_00) { OPENSSL_ppccap_P |= PPC_MADD300; } - - return; } +#endif sigfillset(&all_masked); sigdelset(&all_masked, SIGILL); @@ -325,15 +359,16 @@ void OPENSSL_cpuid_setup(void) sigprocmask(SIG_SETMASK, &ill_act.sa_mask, &oset); sigaction(SIGILL, &ill_act, &ill_oact); +#ifndef OSSL_IMPLEMENT_GETAUXVAL if (sigsetjmp(ill_jmp,1) == 0) { OPENSSL_fpu_probe(); OPENSSL_ppccap_P |= PPC_FPU; if (sizeof(size_t) == 4) { -#ifdef __linux +# ifdef __linux struct utsname uts; if (uname(&uts) == 0 && strcmp(uts.machine, "ppc64") == 0) -#endif +# endif if (sigsetjmp(ill_jmp, 1) == 0) { OPENSSL_ppc64_probe(); OPENSSL_ppccap_P |= PPC_FPU64; @@ -358,6 +393,15 @@ void OPENSSL_cpuid_setup(void) OPENSSL_madd300_probe(); OPENSSL_ppccap_P |= PPC_MADD300; } +#endif + + if (sigsetjmp(ill_jmp, 1) == 0) { + OPENSSL_rdtsc_mftb(); + OPENSSL_ppccap_P |= PPC_MFTB; + } else if (sigsetjmp(ill_jmp, 1) == 0) { + OPENSSL_rdtsc_mfspr268(); + OPENSSL_ppccap_P |= PPC_MFSPR268; + } sigaction(SIGILL, &ill_oact, NULL); sigprocmask(SIG_SETMASK, &oset, NULL); diff --git a/crypto/openssl/crypto/ppccpuid.pl b/crypto/openssl/crypto/ppccpuid.pl index 9d1cada4dc4c..a38445fd3c52 100755 --- a/crypto/openssl/crypto/ppccpuid.pl +++ b/crypto/openssl/crypto/ppccpuid.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -124,26 +124,23 @@ Ladd: lwarx r5,0,r3 .long 0 .size .OPENSSL_atomic_add,.-.OPENSSL_atomic_add -.globl .OPENSSL_rdtsc +.globl .OPENSSL_rdtsc_mftb .align 4 -.OPENSSL_rdtsc: -___ -$code.=<<___ if ($flavour =~ /64/); - mftb r3 -___ -$code.=<<___ if ($flavour !~ /64/); -Loop_rdtsc: - mftbu r5 +.OPENSSL_rdtsc_mftb: mftb r3 - mftbu r4 - cmplw r4,r5 - bne Loop_rdtsc -___ -$code.=<<___; blr .long 0 .byte 0,12,0x14,0,0,0,0,0 -.size .OPENSSL_rdtsc,.-.OPENSSL_rdtsc +.size .OPENSSL_rdtsc_mftb,.-.OPENSSL_rdtsc_mftb + +.globl .OPENSSL_rdtsc_mfspr268 +.align 4 +.OPENSSL_rdtsc_mfspr268: + mfspr r3,268 + blr + .long 0 + .byte 0,12,0x14,0,0,0,0,0 +.size .OPENSSL_rdtsc_mfspr268,.-.OPENSSL_rdtsc_mfspr268 .globl .OPENSSL_cleanse .align 4 @@ -210,9 +207,9 @@ my ($tick,$lasttick)=("r6","r7"); my ($diff,$lastdiff)=("r8","r9"); $code.=<<___; -.globl .OPENSSL_instrument_bus +.globl .OPENSSL_instrument_bus_mftb .align 4 -.OPENSSL_instrument_bus: +.OPENSSL_instrument_bus_mftb: mtctr $cnt mftb $lasttick # collect 1st tick @@ -240,11 +237,11 @@ Loop: mftb $tick .long 0 .byte 0,12,0x14,0,0,0,2,0 .long 0 -.size .OPENSSL_instrument_bus,.-.OPENSSL_instrument_bus +.size .OPENSSL_instrument_bus_mftb,.-.OPENSSL_instrument_bus_mftb -.globl .OPENSSL_instrument_bus2 +.globl .OPENSSL_instrument_bus2_mftb .align 4 -.OPENSSL_instrument_bus2: +.OPENSSL_instrument_bus2_mftb: mr r0,$cnt slwi $cnt,$cnt,2 @@ -292,7 +289,91 @@ Ldone2: .long 0 .byte 0,12,0x14,0,0,0,3,0 .long 0 -.size .OPENSSL_instrument_bus2,.-.OPENSSL_instrument_bus2 +.size .OPENSSL_instrument_bus2_mftb,.-.OPENSSL_instrument_bus2_mftb + +.globl .OPENSSL_instrument_bus_mfspr268 +.align 4 +.OPENSSL_instrument_bus_mfspr268: + mtctr $cnt + + mfspr $lasttick,268 # collect 1st tick + li $diff,0 + + dcbf 0,$out # flush cache line + lwarx $tick,0,$out # load and lock + add $tick,$tick,$diff + stwcx. $tick,0,$out + stwx $tick,0,$out + +Loop3: mfspr $tick,268 + sub $diff,$tick,$lasttick + mr $lasttick,$tick + dcbf 0,$out # flush cache line + lwarx $tick,0,$out # load and lock + add $tick,$tick,$diff + stwcx. $tick,0,$out + stwx $tick,0,$out + addi $out,$out,4 # ++$out + bdnz Loop3 + + mr r3,$cnt + blr + .long 0 + .byte 0,12,0x14,0,0,0,2,0 + .long 0 +.size .OPENSSL_instrument_bus_mfspr268,.-.OPENSSL_instrument_bus_mfspr268 + +.globl .OPENSSL_instrument_bus2_mfspr268 +.align 4 +.OPENSSL_instrument_bus2_mfspr268: + mr r0,$cnt + slwi $cnt,$cnt,2 + + mfspr $lasttick,268 # collect 1st tick + li $diff,0 + + dcbf 0,$out # flush cache line + lwarx $tick,0,$out # load and lock + add $tick,$tick,$diff + stwcx. $tick,0,$out + stwx $tick,0,$out + + mfspr $tick,268 # collect 1st diff + sub $diff,$tick,$lasttick + mr $lasttick,$tick + mr $lastdiff,$diff +Loop4: + dcbf 0,$out # flush cache line + lwarx $tick,0,$out # load and lock + add $tick,$tick,$diff + stwcx. $tick,0,$out + stwx $tick,0,$out + + addic. $max,$max,-1 + beq Ldone4 + + mfspr $tick,268 + sub $diff,$tick,$lasttick + mr $lasttick,$tick + cmplw 7,$diff,$lastdiff + mr $lastdiff,$diff + + mfcr $tick # pull cr + not $tick,$tick # flip bits + rlwinm $tick,$tick,1,29,29 # isolate flipped eq bit and scale + + sub. $cnt,$cnt,$tick # conditional --$cnt + add $out,$out,$tick # conditional ++$out + bne Loop4 + +Ldone4: + srwi $cnt,$cnt,2 + sub r3,r0,$cnt + blr + .long 0 + .byte 0,12,0x14,0,0,0,3,0 + .long 0 +.size .OPENSSL_instrument_bus2_mfspr268,.-.OPENSSL_instrument_bus2_mfspr268 ___ } diff --git a/crypto/openssl/crypto/rand/rand_unix.c b/crypto/openssl/crypto/rand/rand_unix.c index 9d8ffdd53796..9cbc9ade77fa 100644 --- a/crypto/openssl/crypto/rand/rand_unix.c +++ b/crypto/openssl/crypto/rand/rand_unix.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -93,6 +93,27 @@ static uint64_t get_timer_bits(void); # error "UEFI and VXWorks only support seeding NONE" #endif +#if defined(OPENSSL_SYS_VXWORKS) +/* empty implementation */ +int rand_pool_init(void) +{ + return 1; +} + +void rand_pool_cleanup(void) +{ +} + +void rand_pool_keep_random_devices_open(int keep) +{ +} + +size_t rand_pool_acquire_entropy(RAND_POOL *pool) +{ + return rand_pool_entropy_available(pool); +} +#endif + #if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) \ || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VXWORKS) \ || defined(OPENSSL_SYS_UEFI)) diff --git a/crypto/openssl/crypto/rsa/rsa_ameth.c b/crypto/openssl/crypto/rsa/rsa_ameth.c index a6595aec0542..75debb3e0a9d 100644 --- a/crypto/openssl/crypto/rsa/rsa_ameth.c +++ b/crypto/openssl/crypto/rsa/rsa_ameth.c @@ -34,7 +34,7 @@ static int rsa_param_encode(const EVP_PKEY *pkey, *pstr = NULL; /* If RSA it's just NULL type */ - if (pkey->ameth->pkey_id == EVP_PKEY_RSA) { + if (pkey->ameth->pkey_id != EVP_PKEY_RSA_PSS) { *pstrtype = V_ASN1_NULL; return 1; } @@ -58,7 +58,7 @@ static int rsa_param_decode(RSA *rsa, const X509_ALGOR *alg) int algptype; X509_ALGOR_get0(&algoid, &algptype, &algp, alg); - if (OBJ_obj2nid(algoid) == EVP_PKEY_RSA) + if (OBJ_obj2nid(algoid) != EVP_PKEY_RSA_PSS) return 1; if (algptype == V_ASN1_UNDEF) return 1; @@ -109,7 +109,10 @@ static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) RSA_free(rsa); return 0; } - EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa); + if (!EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa)) { + RSA_free(rsa); + return 0; + } return 1; } diff --git a/crypto/openssl/crypto/rsa/rsa_oaep.c b/crypto/openssl/crypto/rsa/rsa_oaep.c index f13c6fc9e506..689e6dc22292 100644 --- a/crypto/openssl/crypto/rsa/rsa_oaep.c +++ b/crypto/openssl/crypto/rsa/rsa_oaep.c @@ -120,7 +120,7 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, const EVP_MD *mgf1md) { int i, dblen = 0, mlen = -1, one_index = 0, msg_index; - unsigned int good, found_one_byte; + unsigned int good = 0, found_one_byte, mask; const unsigned char *maskedseed, *maskeddb; /* * |em| is the encoded message, zero-padded to exactly |num| bytes: em = @@ -147,8 +147,11 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, * the ciphertext, see PKCS #1 v2.2, section 7.1.2. * This does not leak any side-channel information. */ - if (num < flen || num < 2 * mdlen + 2) - goto decoding_err; + if (num < flen || num < 2 * mdlen + 2) { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, + RSA_R_OAEP_DECODING_ERROR); + return -1; + } dblen = num - mdlen - 1; db = OPENSSL_malloc(dblen); @@ -157,25 +160,26 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, goto cleanup; } - if (flen != num) { - em = OPENSSL_zalloc(num); - if (em == NULL) { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, - ERR_R_MALLOC_FAILURE); - goto cleanup; - } + em = OPENSSL_malloc(num); + if (em == NULL) { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, + ERR_R_MALLOC_FAILURE); + goto cleanup; + } - /* - * Caller is encouraged to pass zero-padded message created with - * BN_bn2binpad, but if it doesn't, we do this zero-padding copy - * to avoid leaking that information. The copy still leaks some - * side-channel information, but it's impossible to have a fixed - * memory access pattern since we can't read out of the bounds of - * |from|. - */ - memcpy(em + num - flen, from, flen); - from = em; + /* + * Caller is encouraged to pass zero-padded message created with + * BN_bn2binpad. Trouble is that since we can't read out of |from|'s + * bounds, it's impossible to have an invariant memory access pattern + * in case |from| was not zero-padded in advance. + */ + for (from += flen, em += num, i = 0; i < num; i++) { + mask = ~constant_time_is_zero(flen); + flen -= 1 & mask; + from -= 1 & mask; + *--em = *from & mask; } + from = em; /* * The first byte must be zero, however we must not leak if this is @@ -222,32 +226,48 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, * so plaintext-awareness ensures timing side-channels are no longer a * concern. */ - if (!good) - goto decoding_err; - msg_index = one_index + 1; mlen = dblen - msg_index; - if (tlen < mlen) { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, RSA_R_DATA_TOO_LARGE); - mlen = -1; - } else { - memcpy(to, db + msg_index, mlen); - goto cleanup; + /* + * For good measure, do this check in constant tine as well. + */ + good &= constant_time_ge(tlen, mlen); + + /* + * Even though we can't fake result's length, we can pretend copying + * |tlen| bytes where |mlen| bytes would be real. Last |tlen| of |dblen| + * bytes are viewed as circular buffer with start at |tlen|-|mlen'|, + * where |mlen'| is "saturated" |mlen| value. Deducing information + * about failure or |mlen| would take attacker's ability to observe + * memory access pattern with byte granularity *as it occurs*. It + * should be noted that failure is indistinguishable from normal + * operation if |tlen| is fixed by protocol. + */ + tlen = constant_time_select_int(constant_time_lt(dblen, tlen), dblen, tlen); + msg_index = constant_time_select_int(good, msg_index, dblen - tlen); + mlen = dblen - msg_index; + for (from = db + msg_index, mask = good, i = 0; i < tlen; i++) { + unsigned int equals = constant_time_eq(i, mlen); + + from -= dblen & equals; /* if (i == dblen) rewind */ + mask &= mask ^ equals; /* if (i == dblen) mask = 0 */ + to[i] = constant_time_select_8(mask, from[i], to[i]); } - decoding_err: /* * To avoid chosen ciphertext attacks, the error message should not * reveal which kind of decoding error happened. */ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, RSA_R_OAEP_DECODING_ERROR); + err_clear_last_constant_time(1 & good); cleanup: OPENSSL_cleanse(seed, sizeof(seed)); OPENSSL_clear_free(db, dblen); OPENSSL_clear_free(em, num); - return mlen; + + return constant_time_select_int(good, mlen, -1); } int PKCS1_MGF1(unsigned char *mask, long len, diff --git a/crypto/openssl/crypto/rsa/rsa_ossl.c b/crypto/openssl/crypto/rsa/rsa_ossl.c index 2b1b006c2801..465134257fcc 100644 --- a/crypto/openssl/crypto/rsa/rsa_ossl.c +++ b/crypto/openssl/crypto/rsa/rsa_ossl.c @@ -10,6 +10,7 @@ #include "internal/cryptlib.h" #include "internal/bn_int.h" #include "rsa_locl.h" +#include "internal/constant_time_locl.h" static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding); @@ -286,6 +287,11 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, goto err; } + if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock, + rsa->n, ctx)) + goto err; + if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) { blinding = rsa_get_blinding(rsa, &local_blinding, ctx); if (blinding == NULL) { @@ -318,13 +324,6 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, } BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); - if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) - if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock, - rsa->n, ctx)) { - BN_free(d); - goto err; - } - if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx, rsa->_method_mod_n)) { BN_free(d); @@ -481,8 +480,8 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE); goto err; } - if (r < 0) - RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_PADDING_CHECK_FAILED); + RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_PADDING_CHECK_FAILED); + err_clear_last_constant_time(r >= 0); err: if (ctx != NULL) diff --git a/crypto/openssl/crypto/rsa/rsa_pk1.c b/crypto/openssl/crypto/rsa/rsa_pk1.c index d07c0d6f852b..062690741809 100644 --- a/crypto/openssl/crypto/rsa/rsa_pk1.c +++ b/crypto/openssl/crypto/rsa/rsa_pk1.c @@ -158,10 +158,10 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, int i; /* |em| is the encoded message, zero-padded to exactly |num| bytes */ unsigned char *em = NULL; - unsigned int good, found_zero_byte; + unsigned int good, found_zero_byte, mask; int zero_index = 0, msg_index, mlen = -1; - if (tlen < 0 || flen < 0) + if (tlen <= 0 || flen <= 0) return -1; /* @@ -169,39 +169,41 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, * section 7.2.2. */ - if (flen > num) - goto err; - - if (num < 11) - goto err; + if (flen > num || num < 11) { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, + RSA_R_PKCS_DECODING_ERROR); + return -1; + } - if (flen != num) { - em = OPENSSL_zalloc(num); - if (em == NULL) { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE); - return -1; - } - /* - * Caller is encouraged to pass zero-padded message created with - * BN_bn2binpad, but if it doesn't, we do this zero-padding copy - * to avoid leaking that information. The copy still leaks some - * side-channel information, but it's impossible to have a fixed - * memory access pattern since we can't read out of the bounds of - * |from|. - */ - memcpy(em + num - flen, from, flen); - from = em; + em = OPENSSL_malloc(num); + if (em == NULL) { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE); + return -1; + } + /* + * Caller is encouraged to pass zero-padded message created with + * BN_bn2binpad. Trouble is that since we can't read out of |from|'s + * bounds, it's impossible to have an invariant memory access pattern + * in case |from| was not zero-padded in advance. + */ + for (from += flen, em += num, i = 0; i < num; i++) { + mask = ~constant_time_is_zero(flen); + flen -= 1 & mask; + from -= 1 & mask; + *--em = *from & mask; } + from = em; good = constant_time_is_zero(from[0]); good &= constant_time_eq(from[1], 2); + /* scan over padding data */ found_zero_byte = 0; for (i = 2; i < num; i++) { unsigned int equals0 = constant_time_is_zero(from[i]); - zero_index = - constant_time_select_int(~found_zero_byte & equals0, i, - zero_index); + + zero_index = constant_time_select_int(~found_zero_byte & equals0, + i, zero_index); found_zero_byte |= equals0; } @@ -210,7 +212,7 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, * If we never found a 0-byte, then |zero_index| is 0 and the check * also fails. */ - good &= constant_time_ge((unsigned int)(zero_index), 2 + 8); + good &= constant_time_ge(zero_index, 2 + 8); /* * Skip the zero byte. This is incorrect if we never found a zero-byte @@ -220,27 +222,34 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, mlen = num - msg_index; /* - * For good measure, do this check in constant time as well; it could - * leak something if |tlen| was assuming valid padding. + * For good measure, do this check in constant time as well. */ - good &= constant_time_ge((unsigned int)(tlen), (unsigned int)(mlen)); + good &= constant_time_ge(tlen, mlen); /* - * We can't continue in constant-time because we need to copy the result - * and we cannot fake its length. This unavoidably leaks timing - * information at the API boundary. + * Even though we can't fake result's length, we can pretend copying + * |tlen| bytes where |mlen| bytes would be real. Last |tlen| of |num| + * bytes are viewed as circular buffer with start at |tlen|-|mlen'|, + * where |mlen'| is "saturated" |mlen| value. Deducing information + * about failure or |mlen| would take attacker's ability to observe + * memory access pattern with byte granularity *as it occurs*. It + * should be noted that failure is indistinguishable from normal + * operation if |tlen| is fixed by protocol. */ - if (!good) { - mlen = -1; - goto err; - } + tlen = constant_time_select_int(constant_time_lt(num, tlen), num, tlen); + msg_index = constant_time_select_int(good, msg_index, num - tlen); + mlen = num - msg_index; + for (from += msg_index, mask = good, i = 0; i < tlen; i++) { + unsigned int equals = constant_time_eq(i, mlen); - memcpy(to, from + msg_index, mlen); + from -= tlen & equals; /* if (i == mlen) rewind */ + mask &= mask ^ equals; /* if (i == mlen) mask = 0 */ + to[i] = constant_time_select_8(mask, from[i], to[i]); + } - err: OPENSSL_clear_free(em, num); - if (mlen == -1) - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, - RSA_R_PKCS_DECODING_ERROR); - return mlen; + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, RSA_R_PKCS_DECODING_ERROR); + err_clear_last_constant_time(1 & good); + + return constant_time_select_int(good, mlen, -1); } diff --git a/crypto/openssl/crypto/rsa/rsa_ssl.c b/crypto/openssl/crypto/rsa/rsa_ssl.c index 286d0a42de0f..c5654595fb2f 100644 --- a/crypto/openssl/crypto/rsa/rsa_ssl.c +++ b/crypto/openssl/crypto/rsa/rsa_ssl.c @@ -12,6 +12,7 @@ #include <openssl/bn.h> #include <openssl/rsa.h> #include <openssl/rand.h> +#include "internal/constant_time_locl.h" int RSA_padding_add_SSLv23(unsigned char *to, int tlen, const unsigned char *from, int flen) @@ -52,57 +53,115 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen, return 1; } +/* + * Copy of RSA_padding_check_PKCS1_type_2 with a twist that rejects padding + * if nul delimiter is preceded by 8 consecutive 0x03 bytes. It also + * preserves error code reporting for backward compatibility. + */ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, const unsigned char *from, int flen, int num) { - int i, j, k; - const unsigned char *p; + int i; + /* |em| is the encoded message, zero-padded to exactly |num| bytes */ + unsigned char *em = NULL; + unsigned int good, found_zero_byte, mask, threes_in_row; + int zero_index = 0, msg_index, mlen = -1, err; - p = from; if (flen < 10) { RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_SMALL); return -1; } - /* Accept even zero-padded input */ - if (flen == num) { - if (*(p++) != 0) { - RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_BLOCK_TYPE_IS_NOT_02); - return -1; - } - flen--; - } - if ((num != (flen + 1)) || (*(p++) != 02)) { - RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_BLOCK_TYPE_IS_NOT_02); - return -1; - } - /* scan over padding data */ - j = flen - 1; /* one for type */ - for (i = 0; i < j; i++) - if (*(p++) == 0) - break; - - if ((i == j) || (i < 8)) { - RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, - RSA_R_NULL_BEFORE_BLOCK_MISSING); + em = OPENSSL_malloc(num); + if (em == NULL) { + RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, ERR_R_MALLOC_FAILURE); return -1; } - for (k = -9; k < -1; k++) { - if (p[k] != 0x03) - break; + /* + * Caller is encouraged to pass zero-padded message created with + * BN_bn2binpad. Trouble is that since we can't read out of |from|'s + * bounds, it's impossible to have an invariant memory access pattern + * in case |from| was not zero-padded in advance. + */ + for (from += flen, em += num, i = 0; i < num; i++) { + mask = ~constant_time_is_zero(flen); + flen -= 1 & mask; + from -= 1 & mask; + *--em = *from & mask; } - if (k == -1) { - RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_SSLV3_ROLLBACK_ATTACK); - return -1; + from = em; + + good = constant_time_is_zero(from[0]); + good &= constant_time_eq(from[1], 2); + err = constant_time_select_int(good, 0, RSA_R_BLOCK_TYPE_IS_NOT_02); + mask = ~good; + + /* scan over padding data */ + found_zero_byte = 0; + threes_in_row = 0; + for (i = 2; i < num; i++) { + unsigned int equals0 = constant_time_is_zero(from[i]); + + zero_index = constant_time_select_int(~found_zero_byte & equals0, + i, zero_index); + found_zero_byte |= equals0; + + threes_in_row += 1 & ~found_zero_byte; + threes_in_row &= found_zero_byte | constant_time_eq(from[i], 3); } - i++; /* Skip over the '\0' */ - j -= i; - if (j > tlen) { - RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_LARGE); - return -1; + /* + * PS must be at least 8 bytes long, and it starts two bytes into |from|. + * If we never found a 0-byte, then |zero_index| is 0 and the check + * also fails. + */ + good &= constant_time_ge(zero_index, 2 + 8); + err = constant_time_select_int(mask | good, err, + RSA_R_NULL_BEFORE_BLOCK_MISSING); + mask = ~good; + + good &= constant_time_lt(threes_in_row, 8); + err = constant_time_select_int(mask | good, err, + RSA_R_SSLV3_ROLLBACK_ATTACK); + mask = ~good; + + /* + * Skip the zero byte. This is incorrect if we never found a zero-byte + * but in this case we also do not copy the message out. + */ + msg_index = zero_index + 1; + mlen = num - msg_index; + + /* + * For good measure, do this check in constant time as well. + */ + good &= constant_time_ge(tlen, mlen); + err = constant_time_select_int(mask | good, err, RSA_R_DATA_TOO_LARGE); + + /* + * Even though we can't fake result's length, we can pretend copying + * |tlen| bytes where |mlen| bytes would be real. Last |tlen| of |num| + * bytes are viewed as circular buffer with start at |tlen|-|mlen'|, + * where |mlen'| is "saturated" |mlen| value. Deducing information + * about failure or |mlen| would take attacker's ability to observe + * memory access pattern with byte granularity *as it occurs*. It + * should be noted that failure is indistinguishable from normal + * operation if |tlen| is fixed by protocol. + */ + tlen = constant_time_select_int(constant_time_lt(num, tlen), num, tlen); + msg_index = constant_time_select_int(good, msg_index, num - tlen); + mlen = num - msg_index; + for (from += msg_index, mask = good, i = 0; i < tlen; i++) { + unsigned int equals = constant_time_eq(i, mlen); + + from -= tlen & equals; /* if (i == mlen) rewind */ + mask &= mask ^ equals; /* if (i == mlen) mask = 0 */ + to[i] = constant_time_select_8(mask, from[i], to[i]); } - memcpy(to, p, (unsigned int)j); - return j; + OPENSSL_clear_free(em, num); + RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, err); + err_clear_last_constant_time(1 & good); + + return constant_time_select_int(good, mlen, -1); } diff --git a/crypto/openssl/crypto/rsa/rsa_x931g.c b/crypto/openssl/crypto/rsa/rsa_x931g.c index 3563670a12ac..15e40e8d1dd7 100644 --- a/crypto/openssl/crypto/rsa/rsa_x931g.c +++ b/crypto/openssl/crypto/rsa/rsa_x931g.c @@ -128,6 +128,8 @@ int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, /* calculate inverse of q mod p */ rsa->iqmp = BN_mod_inverse(NULL, rsa->q, rsa->p, ctx2); + if (rsa->iqmp == NULL) + goto err; ret = 1; err: diff --git a/crypto/openssl/crypto/sha/asm/keccak1600-armv8.pl b/crypto/openssl/crypto/sha/asm/keccak1600-armv8.pl index 704ab4a7e45a..a3117bd7506d 100755 --- a/crypto/openssl/crypto/sha/asm/keccak1600-armv8.pl +++ b/crypto/openssl/crypto/sha/asm/keccak1600-armv8.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -121,6 +121,7 @@ $code.=<<___; .align 5 KeccakF1600_int: adr $C[2],iotas + .inst 0xd503233f // paciasp stp $C[2],x30,[sp,#16] // 32 bytes on top are mine b .Loop .align 4 @@ -292,12 +293,14 @@ $code.=<<___; bne .Loop ldr x30,[sp,#24] + .inst 0xd50323bf // autiasp ret .size KeccakF1600_int,.-KeccakF1600_int .type KeccakF1600,%function .align 5 KeccakF1600: + .inst 0xd503233f // paciasp stp x29,x30,[sp,#-128]! add x29,sp,#0 stp x19,x20,[sp,#16] @@ -347,6 +350,7 @@ KeccakF1600: ldp x25,x26,[x29,#64] ldp x27,x28,[x29,#80] ldp x29,x30,[sp],#128 + .inst 0xd50323bf // autiasp ret .size KeccakF1600,.-KeccakF1600 @@ -354,6 +358,7 @@ KeccakF1600: .type SHA3_absorb,%function .align 5 SHA3_absorb: + .inst 0xd503233f // paciasp stp x29,x30,[sp,#-128]! add x29,sp,#0 stp x19,x20,[sp,#16] @@ -451,6 +456,7 @@ $code.=<<___; ldp x25,x26,[x29,#64] ldp x27,x28,[x29,#80] ldp x29,x30,[sp],#128 + .inst 0xd50323bf // autiasp ret .size SHA3_absorb,.-SHA3_absorb ___ @@ -461,6 +467,7 @@ $code.=<<___; .type SHA3_squeeze,%function .align 5 SHA3_squeeze: + .inst 0xd503233f // paciasp stp x29,x30,[sp,#-48]! add x29,sp,#0 stp x19,x20,[sp,#16] @@ -523,6 +530,7 @@ SHA3_squeeze: ldp x19,x20,[sp,#16] ldp x21,x22,[sp,#32] ldp x29,x30,[sp],#48 + .inst 0xd50323bf // autiasp ret .size SHA3_squeeze,.-SHA3_squeeze ___ @@ -649,6 +657,7 @@ $code.=<<___; .type KeccakF1600_cext,%function .align 5 KeccakF1600_cext: + .inst 0xd503233f // paciasp stp x29,x30,[sp,#-80]! add x29,sp,#0 stp d8,d9,[sp,#16] // per ABI requirement @@ -681,6 +690,7 @@ $code.=<<___; ldp d12,d13,[sp,#48] ldp d14,d15,[sp,#64] ldr x29,[sp],#80 + .inst 0xd50323bf // autiasp ret .size KeccakF1600_cext,.-KeccakF1600_cext ___ @@ -693,6 +703,7 @@ $code.=<<___; .type SHA3_absorb_cext,%function .align 5 SHA3_absorb_cext: + .inst 0xd503233f // paciasp stp x29,x30,[sp,#-80]! add x29,sp,#0 stp d8,d9,[sp,#16] // per ABI requirement @@ -764,6 +775,7 @@ $code.=<<___; ldp d12,d13,[sp,#48] ldp d14,d15,[sp,#64] ldp x29,x30,[sp],#80 + .inst 0xd50323bf // autiasp ret .size SHA3_absorb_cext,.-SHA3_absorb_cext ___ @@ -775,6 +787,7 @@ $code.=<<___; .type SHA3_squeeze_cext,%function .align 5 SHA3_squeeze_cext: + .inst 0xd503233f // paciasp stp x29,x30,[sp,#-16]! add x29,sp,#0 mov x9,$ctx @@ -830,6 +843,7 @@ SHA3_squeeze_cext: .Lsqueeze_done_ce: ldr x29,[sp],#16 + .inst 0xd50323bf // autiasp ret .size SHA3_squeeze_cext,.-SHA3_squeeze_cext ___ diff --git a/crypto/openssl/crypto/sha/asm/sha512-armv8.pl b/crypto/openssl/crypto/sha/asm/sha512-armv8.pl index ac84ebb52e4f..01ffe9f98c3e 100755 --- a/crypto/openssl/crypto/sha/asm/sha512-armv8.pl +++ b/crypto/openssl/crypto/sha/asm/sha512-armv8.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -219,6 +219,7 @@ $code.=<<___ if ($SZ==8); ___ $code.=<<___; #endif + .inst 0xd503233f // paciasp stp x29,x30,[sp,#-128]! add x29,sp,#0 @@ -280,6 +281,7 @@ $code.=<<___; ldp x25,x26,[x29,#64] ldp x27,x28,[x29,#80] ldp x29,x30,[sp],#128 + .inst 0xd50323bf // autiasp ret .size $func,.-$func diff --git a/crypto/openssl/crypto/srp/srp_lib.c b/crypto/openssl/crypto/srp/srp_lib.c index b97d630d3753..ca20f6d09798 100644 --- a/crypto/openssl/crypto/srp/srp_lib.c +++ b/crypto/openssl/crypto/srp/srp_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2004, EdelKey Project. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -26,6 +26,7 @@ static BIGNUM *srp_Calc_xy(const BIGNUM *x, const BIGNUM *y, const BIGNUM *N) unsigned char *tmp = NULL; int numN = BN_num_bytes(N); BIGNUM *res = NULL; + if (x != N && BN_ucmp(x, N) >= 0) return NULL; if (y != N && BN_ucmp(y, N) >= 0) @@ -139,7 +140,8 @@ BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass) || !EVP_DigestFinal_ex(ctxt, dig, NULL) || !EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL)) goto err; - BN_bn2bin(s, cs); + if (BN_bn2bin(s, cs) < 0) + goto err; if (!EVP_DigestUpdate(ctxt, cs, BN_num_bytes(s))) goto err; diff --git a/crypto/openssl/crypto/srp/srp_vfy.c b/crypto/openssl/crypto/srp/srp_vfy.c index 17b35c00f9da..eb279dd4187a 100644 --- a/crypto/openssl/crypto/srp/srp_vfy.c +++ b/crypto/openssl/crypto/srp/srp_vfy.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2004, EdelKey Project. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -187,7 +187,7 @@ void SRP_user_pwd_free(SRP_user_pwd *user_pwd) static SRP_user_pwd *SRP_user_pwd_new(void) { SRP_user_pwd *ret; - + if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) { /* SRPerr(SRP_F_SRP_USER_PWD_NEW, ERR_R_MALLOC_FAILURE); */ /*ckerr_ignore*/ return NULL; @@ -598,10 +598,14 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, if ((len = t_fromb64(tmp, sizeof(tmp), N)) <= 0) goto err; N_bn_alloc = BN_bin2bn(tmp, len, NULL); + if (N_bn_alloc == NULL) + goto err; N_bn = N_bn_alloc; if ((len = t_fromb64(tmp, sizeof(tmp) ,g)) <= 0) goto err; g_bn_alloc = BN_bin2bn(tmp, len, NULL); + if (g_bn_alloc == NULL) + goto err; g_bn = g_bn_alloc; defgNid = "*"; } else { @@ -623,15 +627,19 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, goto err; s = BN_bin2bn(tmp2, len, NULL); } + if (s == NULL) + goto err; if (!SRP_create_verifier_BN(user, pass, &s, &v, N_bn, g_bn)) goto err; - BN_bn2bin(v, tmp); + if (BN_bn2bin(v, tmp) < 0) + goto err; vfsize = BN_num_bytes(v) * 2; if (((vf = OPENSSL_malloc(vfsize)) == NULL)) goto err; - t_tob64(vf, tmp, BN_num_bytes(v)); + if (!t_tob64(vf, tmp, BN_num_bytes(v))) + goto err; if (*salt == NULL) { char *tmp_salt; @@ -639,7 +647,10 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, if ((tmp_salt = OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL) { goto err; } - t_tob64(tmp_salt, tmp2, SRP_RANDOM_SALT_LEN); + if (!t_tob64(tmp_salt, tmp2, SRP_RANDOM_SALT_LEN)) { + OPENSSL_free(tmp_salt); + goto err; + } *salt = tmp_salt; } @@ -686,11 +697,15 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, goto err; salttmp = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL); + if (salttmp == NULL) + goto err; } else { salttmp = *salt; } x = SRP_Calc_x(salttmp, user, pass); + if (x == NULL) + goto err; *verifier = BN_new(); if (*verifier == NULL) diff --git a/crypto/openssl/crypto/ui/ui_openssl.c b/crypto/openssl/crypto/ui/ui_openssl.c index 6b996134df49..5ca418d24870 100644 --- a/crypto/openssl/crypto/ui/ui_openssl.c +++ b/crypto/openssl/crypto/ui/ui_openssl.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -101,6 +101,12 @@ # endif +# if defined(OPENSSL_SYS_VXWORKS) +# undef TERMIOS +# undef TERMIO +# undef SGTTY +# endif + # ifdef TERMIOS # include <termios.h> # define TTY_STRUCT struct termios diff --git a/crypto/openssl/crypto/uid.c b/crypto/openssl/crypto/uid.c index f7ae2610b360..b2b096446fb4 100644 --- a/crypto/openssl/crypto/uid.c +++ b/crypto/openssl/crypto/uid.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -34,12 +34,13 @@ int OPENSSL_issetugid(void) # if defined(__GLIBC__) && defined(__GLIBC_PREREQ) # if __GLIBC_PREREQ(2, 16) # include <sys/auxv.h> +# define OSSL_IMPLEMENT_GETAUXVAL # endif # endif int OPENSSL_issetugid(void) { -# ifdef AT_SECURE +# ifdef OSSL_IMPLEMENT_GETAUXVAL return getauxval(AT_SECURE) != 0; # else return getuid() != geteuid() || getgid() != getegid(); diff --git a/crypto/openssl/crypto/x509/x509_vfy.c b/crypto/openssl/crypto/x509/x509_vfy.c index 61e81922b4da..4ced716e3646 100644 --- a/crypto/openssl/crypto/x509/x509_vfy.c +++ b/crypto/openssl/crypto/x509/x509_vfy.c @@ -3232,12 +3232,19 @@ static int check_key_level(X509_STORE_CTX *ctx, X509 *cert) EVP_PKEY *pkey = X509_get0_pubkey(cert); int level = ctx->param->auth_level; + /* + * At security level zero, return without checking for a supported public + * key type. Some engines support key types not understood outside the + * engine, and we only need to understand the key when enforcing a security + * floor. + */ + if (level <= 0) + return 1; + /* Unsupported or malformed keys are not secure */ if (pkey == NULL) return 0; - if (level <= 0) - return 1; if (level > NUM_AUTH_LEVELS) level = NUM_AUTH_LEVELS; diff --git a/crypto/openssl/crypto/x509/x_crl.c b/crypto/openssl/crypto/x509/x_crl.c index 10733b58bca2..12ab3cca42c0 100644 --- a/crypto/openssl/crypto/x509/x_crl.c +++ b/crypto/openssl/crypto/x509/x_crl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -158,6 +158,18 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, int idx; switch (operation) { + case ASN1_OP_D2I_PRE: + if (crl->meth->crl_free) { + if (!crl->meth->crl_free(crl)) + return 0; + } + AUTHORITY_KEYID_free(crl->akid); + ISSUING_DIST_POINT_free(crl->idp); + ASN1_INTEGER_free(crl->crl_number); + ASN1_INTEGER_free(crl->base_crl_number); + sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free); + /* fall thru */ + case ASN1_OP_NEW_POST: crl->idp = NULL; crl->akid = NULL; diff --git a/crypto/openssl/crypto/x509/x_pubkey.c b/crypto/openssl/crypto/x509/x_pubkey.c index d050b0b4b3e2..1c87b8268eb5 100644 --- a/crypto/openssl/crypto/x509/x_pubkey.c +++ b/crypto/openssl/crypto/x509/x_pubkey.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -36,6 +36,7 @@ static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, /* Attempt to decode public key and cache in pubkey structure. */ X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval; EVP_PKEY_free(pubkey->pkey); + pubkey->pkey = NULL; /* * Opportunistically decode the key but remove any non fatal errors * from the queue. Subsequent explicit attempts to decode/use the key diff --git a/crypto/openssl/crypto/x509/x_x509.c b/crypto/openssl/crypto/x509/x_x509.c index 4c04f12c9494..afe59c46c518 100644 --- a/crypto/openssl/crypto/x509/x_x509.c +++ b/crypto/openssl/crypto/x509/x_x509.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -40,12 +40,35 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, switch (operation) { + case ASN1_OP_D2I_PRE: + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); + X509_CERT_AUX_free(ret->aux); + ASN1_OCTET_STRING_free(ret->skid); + AUTHORITY_KEYID_free(ret->akid); + CRL_DIST_POINTS_free(ret->crldp); + policy_cache_free(ret->policy_cache); + GENERAL_NAMES_free(ret->altname); + NAME_CONSTRAINTS_free(ret->nc); +#ifndef OPENSSL_NO_RFC3779 + sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free); + ASIdentifiers_free(ret->rfc3779_asid); +#endif + + /* fall thru */ + case ASN1_OP_NEW_POST: + ret->ex_cached = 0; + ret->ex_kusage = 0; + ret->ex_xkusage = 0; + ret->ex_nscert = 0; ret->ex_flags = 0; ret->ex_pathlen = -1; ret->ex_pcpathlen = -1; ret->skid = NULL; ret->akid = NULL; + ret->policy_cache = NULL; + ret->altname = NULL; + ret->nc = NULL; #ifndef OPENSSL_NO_RFC3779 ret->rfc3779_addr = NULL; ret->rfc3779_asid = NULL; diff --git a/crypto/openssl/doc/HOWTO/certificates.txt b/crypto/openssl/doc/HOWTO/certificates.txt index c2efdca8dc1a..cfd2bdabb130 100644 --- a/crypto/openssl/doc/HOWTO/certificates.txt +++ b/crypto/openssl/doc/HOWTO/certificates.txt @@ -106,5 +106,5 @@ some applications, you don't even have to do that. By now, you have your certificate and your private key and can start using applications that depend on it. --- +-- Richard Levitte diff --git a/crypto/openssl/doc/HOWTO/proxy_certificates.txt b/crypto/openssl/doc/HOWTO/proxy_certificates.txt index 18b3e0340f1d..2936cd6e518b 100644 --- a/crypto/openssl/doc/HOWTO/proxy_certificates.txt +++ b/crypto/openssl/doc/HOWTO/proxy_certificates.txt @@ -315,5 +315,5 @@ certificates checked properly, using the code above: SSL_CTX_set_cert_verify_callback(s_ctx, my_X509_verify_cert, &needed_rights); --- +-- Richard Levitte diff --git a/crypto/openssl/doc/fingerprints.txt b/crypto/openssl/doc/fingerprints.txt index 2cb74aec2778..51e76c8f71b9 100644 --- a/crypto/openssl/doc/fingerprints.txt +++ b/crypto/openssl/doc/fingerprints.txt @@ -18,7 +18,7 @@ uid Richard Levitte <richard@opensslfoundation.com> uid Richard Levitte <levitte@openssl.org> uid Richard Levitte <richard@openssl.com> -pub 2048R/0E604491 2013-04-30 +pub 2048R/0E604491 2013-04-30 Key fingerprint = 8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491 uid Matt Caswell <matt@openssl.org> uid Matt Caswell <frodo@baggins.org> diff --git a/crypto/openssl/doc/man1/ca.pod b/crypto/openssl/doc/man1/ca.pod index e998eabf8358..7385a00941ea 100644 --- a/crypto/openssl/doc/man1/ca.pod +++ b/crypto/openssl/doc/man1/ca.pod @@ -230,7 +230,7 @@ The section of the configuration file containing certificate extensions to be added when a certificate is issued (defaults to B<x509_extensions> unless the B<-extfile> option is used). If no extension section is present then, a V1 certificate is created. If the extension section -is present (even if it is empty), then a V3 certificate is created. See the:w +is present (even if it is empty), then a V3 certificate is created. See the L<x509v3_config(5)> manual page for details of the extension section format. @@ -475,7 +475,7 @@ the B<-selfsign> command line option. Note that it is valid in some circumstances for certificates to be created without any subject. In the case where there are multiple certificates without -subjects this does not count as a duplicate. +subjects this does not count as a duplicate. =item B<serial> @@ -753,7 +753,7 @@ L<config(5)>, L<x509v3_config(5)> =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man1/ciphers.pod b/crypto/openssl/doc/man1/ciphers.pod index 3aea982384ec..faf9e538146a 100644 --- a/crypto/openssl/doc/man1/ciphers.pod +++ b/crypto/openssl/doc/man1/ciphers.pod @@ -762,7 +762,7 @@ The B<-V> option for the B<ciphers> command was added in OpenSSL 1.0.0. The B<-stdname> is only available if OpenSSL is built with tracing enabled (B<enable-ssl-trace> argument to Configure) before OpenSSL 1.1.1. -The B<-convert> was added in OpenSSL 1.1.1. +The B<-convert> option was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man1/cms.pod b/crypto/openssl/doc/man1/cms.pod index 60ee3b505e1e..72cd9b5d4e9e 100644 --- a/crypto/openssl/doc/man1/cms.pod +++ b/crypto/openssl/doc/man1/cms.pod @@ -724,14 +724,14 @@ No revocation checking is done on the signer's certificate. The use of multiple B<-signer> options and the B<-resign> command were first added in OpenSSL 1.0.0. -The B<keyopt> option was first added in OpenSSL 1.0.2. +The B<keyopt> option was added in OpenSSL 1.0.2. -Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.0.2. +Support for RSA-OAEP and RSA-PSS was added in OpenSSL 1.0.2. -The use of non-RSA keys with B<-encrypt> and B<-decrypt> was first added -to OpenSSL 1.0.2. +The use of non-RSA keys with B<-encrypt> and B<-decrypt> +was added in OpenSSL 1.0.2. -The -no_alt_chains options was first added to OpenSSL 1.0.2b. +The -no_alt_chains option was added in OpenSSL 1.0.2b. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man1/dgst.pod b/crypto/openssl/doc/man1/dgst.pod index 47e163b17001..66a6697eb10e 100644 --- a/crypto/openssl/doc/man1/dgst.pod +++ b/crypto/openssl/doc/man1/dgst.pod @@ -230,12 +230,12 @@ prior to verification. =head1 HISTORY -The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0 -The FIPS-related options were removed in OpenSSL 1.1.0 +The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0. +The FIPS-related options were removed in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man1/ec.pod b/crypto/openssl/doc/man1/ec.pod index 0b836603cab1..4d368e20ae19 100644 --- a/crypto/openssl/doc/man1/ec.pod +++ b/crypto/openssl/doc/man1/ec.pod @@ -101,10 +101,6 @@ Prints out the public, private key components and parameters. This option prevents output of the encoded version of the key. -=item B<-modulus> - -This option prints out the value of the public key component of the key. - =item B<-pubin> By default, a private key is read from the input file. With this option a @@ -197,7 +193,7 @@ L<ecparam(1)>, L<dsa(1)>, L<rsa(1)> =head1 COPYRIGHT -Copyright 2003-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2003-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man1/enc.pod b/crypto/openssl/doc/man1/enc.pod index 2136a9497849..a3e0b03b2000 100644 --- a/crypto/openssl/doc/man1/enc.pod +++ b/crypto/openssl/doc/man1/enc.pod @@ -417,7 +417,7 @@ certain parameters. So if, for example, you want to use RC2 with a =head1 HISTORY -The default digest was changed from MD5 to SHA256 in Openssl 1.1.0. +The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man1/genpkey.pod b/crypto/openssl/doc/man1/genpkey.pod index fa62973abdd9..202e531c7e07 100644 --- a/crypto/openssl/doc/man1/genpkey.pod +++ b/crypto/openssl/doc/man1/genpkey.pod @@ -319,9 +319,9 @@ Generate an ED448 private key: =head1 HISTORY The ability to use NIST curve names, and to generate an EC key directly, -were added in OpenSSL 1.0.2. The ability to generate X25519 keys was added in -OpenSSL 1.1.0. The ability to generate X448, ED25519 and ED448 keys was added in -OpenSSL 1.1.1. +were added in OpenSSL 1.0.2. +The ability to generate X25519 keys was added in OpenSSL 1.1.0. +The ability to generate X448, ED25519 and ED448 keys was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man1/ocsp.pod b/crypto/openssl/doc/man1/ocsp.pod index c9feef8f0e47..736055b1b669 100644 --- a/crypto/openssl/doc/man1/ocsp.pod +++ b/crypto/openssl/doc/man1/ocsp.pod @@ -486,7 +486,7 @@ to a second file. =head1 HISTORY -The -no_alt_chains options was first added to OpenSSL 1.1.0. +The -no_alt_chains option was added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man1/pkcs12.pod b/crypto/openssl/doc/man1/pkcs12.pod index 3389e595fed7..6f890c120f3c 100644 --- a/crypto/openssl/doc/man1/pkcs12.pod +++ b/crypto/openssl/doc/man1/pkcs12.pod @@ -154,7 +154,8 @@ Don't attempt to verify the integrity MAC before reading the file. Prompt for separate integrity and encryption passwords: most software always assumes these are the same so this option will render such -PKCS#12 files unreadable. +PKCS#12 files unreadable. Cannot be used in combination with the options +-password, -passin (if importing) or -passout (if exporting). =back @@ -381,7 +382,7 @@ L<pkcs8(1)> =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man1/pkcs8.pod b/crypto/openssl/doc/man1/pkcs8.pod index 9c923b87c939..b079885d2fc7 100644 --- a/crypto/openssl/doc/man1/pkcs8.pod +++ b/crypto/openssl/doc/man1/pkcs8.pod @@ -305,7 +305,7 @@ L<gendsa(1)> =head1 HISTORY -The B<-iter> option was added to OpenSSL 1.1.0. +The B<-iter> option was added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man1/req.pod b/crypto/openssl/doc/man1/req.pod index c76d63d6fd81..a9b5b1690a5c 100644 --- a/crypto/openssl/doc/man1/req.pod +++ b/crypto/openssl/doc/man1/req.pod @@ -502,7 +502,7 @@ The actual permitted field names are any object identifier short or long names. These are compiled into OpenSSL and include the usual values such as commonName, countryName, localityName, organizationName, organizationalUnitName, stateOrProvinceName. Additionally emailAddress -is include as well as name, surname, givenName initials and dnQualifier. +is included as well as name, surname, givenName, initials, and dnQualifier. Additional object identifiers can be defined with the B<oid_file> or B<oid_section> options in the configuration file. Any additional fields diff --git a/crypto/openssl/doc/man1/s_client.pod b/crypto/openssl/doc/man1/s_client.pod index fa5cb0a92da1..81d516ace146 100644 --- a/crypto/openssl/doc/man1/s_client.pod +++ b/crypto/openssl/doc/man1/s_client.pod @@ -100,6 +100,7 @@ B<openssl> B<s_client> [B<-dtls1>] [B<-dtls1_2>] [B<-sctp>] +[B<-sctp_label_bug>] [B<-fallback_scsv>] [B<-async>] [B<-max_send_frag>] @@ -190,14 +191,17 @@ Use IPv6 only. =item B<-servername name> Set the TLS SNI (Server Name Indication) extension in the ClientHello message to -the given value. If both this option and the B<-noservername> are not given, the -TLS SNI extension is still set to the hostname provided to the B<-connect> option, -or "localhost" if B<-connect> has not been supplied. This is default since OpenSSL -1.1.1. +the given value. +If B<-servername> is not provided, the TLS SNI extension will be populated with +the name given to B<-connect> if it follows a DNS name format. If B<-connect> is +not provided either, the SNI is set to "localhost". +This is the default since OpenSSL 1.1.1. -Even though SNI name should normally be a DNS name and not an IP address, this -option will not make the distinction when parsing B<-connect> and will send -IP address if one passed. +Even though SNI should normally be a DNS name and not an IP address, if +B<-servername> is provided then that name will be sent, regardless of whether +it is a DNS name or not. + +This option cannot be used in conjuction with B<-noservername>. =item B<-noservername> @@ -489,6 +493,14 @@ Use SCTP for the transport protocol instead of UDP in DTLS. Must be used in conjunction with B<-dtls>, B<-dtls1> or B<-dtls1_2>. This option is only available where OpenSSL has support for SCTP enabled. +=item B<-sctp_label_bug> + +Use the incorrect behaviour of older OpenSSL implementations when computing +endpoint-pair shared secrets for DTLS/SCTP. This allows communication with +older broken implementations but breaks interoperability with correct +implementations. Must be used in conjunction with B<-sctp>. This option is only +available where OpenSSL has support for SCTP enabled. + =item B<-fallback_scsv> Send TLS_FALLBACK_SCSV in the ClientHello. @@ -811,12 +823,12 @@ L<SSL_CTX_set_max_pipelines(3)> =head1 HISTORY -The B<-no_alt_chains> option was first added to OpenSSL 1.1.0. +The B<-no_alt_chains> option was added in OpenSSL 1.1.0. The B<-name> option was added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man1/s_server.pod b/crypto/openssl/doc/man1/s_server.pod index f4c4eda35313..c4c014fdc18b 100644 --- a/crypto/openssl/doc/man1/s_server.pod +++ b/crypto/openssl/doc/man1/s_server.pod @@ -98,6 +98,7 @@ B<openssl> B<s_server> [B<-no_comp>] [B<-comp>] [B<-no_ticket>] +[B<-num_tickets>] [B<-serverpref>] [B<-legacy_renegotiation>] [B<-no_renegotiation>] @@ -172,6 +173,7 @@ B<openssl> B<s_server> [B<-dtls1>] [B<-dtls1_2>] [B<-sctp>] +[B<-sctp_label_bug>] [B<-no_dhe>] [B<-nextprotoneg val>] [B<-use_srtp val>] @@ -558,7 +560,14 @@ OpenSSL 1.1.0. =item B<-no_ticket> -Disable RFC4507bis session ticket support. +Disable RFC4507bis session ticket support. This option has no effect if TLSv1.3 +is negotiated. See B<-num_tickets>. + +=item B<-num_tickets> + +Control the number of tickets that will be sent to the client after a full +handshake in TLSv1.3. The default number of tickets is 2. This option does not +affect the number of tickets sent after a resumption handshake. =item B<-serverpref> @@ -677,6 +686,14 @@ Use SCTP for the transport protocol instead of UDP in DTLS. Must be used in conjunction with B<-dtls>, B<-dtls1> or B<-dtls1_2>. This option is only available where OpenSSL has support for SCTP enabled. +=item B<-sctp_label_bug> + +Use the incorrect behaviour of older OpenSSL implementations when computing +endpoint-pair shared secrets for DTLS/SCTP. This allows communication with +older broken implementations but breaks interoperability with correct +implementations. Must be used in conjunction with B<-sctp>. This option is only +available where OpenSSL has support for SCTP enabled. + =item B<-no_dhe> If this option is set then no DH parameters will be loaded effectively @@ -817,18 +834,18 @@ unknown cipher suites a client says it supports. L<SSL_CONF_cmd(3)>, L<sess_id(1)>, L<s_client(1)>, L<ciphers(1)> L<SSL_CTX_set_max_send_fragment(3)>, L<SSL_CTX_set_split_send_fragment(3)>, -L<SSL_CTX_set_max_pipelines(3)> +L<SSL_CTX_set_max_pipelines(3)> =head1 HISTORY -The -no_alt_chains option was first added to OpenSSL 1.1.0. +The -no_alt_chains option was added in OpenSSL 1.1.0. -The -allow-no-dhe-kex and -prioritize_chacha options were first added to -OpenSSL 1.1.1. +The +-allow-no-dhe-kex and -prioritize_chacha options were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man1/smime.pod b/crypto/openssl/doc/man1/smime.pod index 0acdd08254a5..7f224fdc5e9d 100644 --- a/crypto/openssl/doc/man1/smime.pod +++ b/crypto/openssl/doc/man1/smime.pod @@ -510,7 +510,7 @@ structures may cause parsing errors. The use of multiple B<-signer> options and the B<-resign> command were first added in OpenSSL 1.0.0 -The -no_alt_chains options was first added to OpenSSL 1.1.0. +The -no_alt_chains option was added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man1/storeutl.pod b/crypto/openssl/doc/man1/storeutl.pod index 083f0282469e..a8d82bfb612b 100644 --- a/crypto/openssl/doc/man1/storeutl.pod +++ b/crypto/openssl/doc/man1/storeutl.pod @@ -119,7 +119,7 @@ L<openssl(1)> =head1 HISTORY -B<openssl> B<storeutl> was added to OpenSSL 1.1.1. +The B<openssl> B<storeutl> app was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man1/verify.pod b/crypto/openssl/doc/man1/verify.pod index b67890af3c34..63ba850b915d 100644 --- a/crypto/openssl/doc/man1/verify.pod +++ b/crypto/openssl/doc/man1/verify.pod @@ -762,7 +762,7 @@ L<x509(1)> =head1 HISTORY -The B<-show_chain> option was first added to OpenSSL 1.1.0. +The B<-show_chain> option was added in OpenSSL 1.1.0. The B<-issuer_checks> option is deprecated as of OpenSSL 1.1.0 and is silently ignored. diff --git a/crypto/openssl/doc/man1/x509.pod b/crypto/openssl/doc/man1/x509.pod index 547da5da2368..7878753414da 100644 --- a/crypto/openssl/doc/man1/x509.pod +++ b/crypto/openssl/doc/man1/x509.pod @@ -173,7 +173,7 @@ options. See the B<TEXT OPTIONS> section for more information. =item B<-noout> -This option prevents output of the encoded version of the request. +This option prevents output of the encoded version of the certificate. =item B<-pubkey> @@ -925,7 +925,7 @@ the old form must have their links rebuilt using B<c_rehash> or similar. =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/ASN1_INTEGER_get_int64.pod b/crypto/openssl/doc/man3/ASN1_INTEGER_get_int64.pod index d0a6a3c810a1..9b73290742d4 100644 --- a/crypto/openssl/doc/man3/ASN1_INTEGER_get_int64.pod +++ b/crypto/openssl/doc/man3/ASN1_INTEGER_get_int64.pod @@ -119,7 +119,7 @@ L<ERR_get_error(3)> ASN1_INTEGER_set_int64(), ASN1_INTEGER_get_int64(), ASN1_ENUMERATED_set_int64() and ASN1_ENUMERATED_get_int64() -were added to OpenSSL 1.1.0. +were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/ASYNC_WAIT_CTX_new.pod b/crypto/openssl/doc/man3/ASYNC_WAIT_CTX_new.pod index 204280210e04..e4d809c08fd1 100644 --- a/crypto/openssl/doc/man3/ASYNC_WAIT_CTX_new.pod +++ b/crypto/openssl/doc/man3/ASYNC_WAIT_CTX_new.pod @@ -127,10 +127,10 @@ L<crypto(7)>, L<ASYNC_start_job(3)> =head1 HISTORY -ASYNC_WAIT_CTX_new, ASYNC_WAIT_CTX_free, ASYNC_WAIT_CTX_set_wait_fd, -ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds, -ASYNC_WAIT_CTX_get_changed_fds, ASYNC_WAIT_CTX_clear_fd were first added to -OpenSSL 1.1.0. +ASYNC_WAIT_CTX_new(), ASYNC_WAIT_CTX_free(), ASYNC_WAIT_CTX_set_wait_fd(), +ASYNC_WAIT_CTX_get_fd(), ASYNC_WAIT_CTX_get_all_fds(), +ASYNC_WAIT_CTX_get_changed_fds() and ASYNC_WAIT_CTX_clear_fd() +were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/ASYNC_start_job.pod b/crypto/openssl/doc/man3/ASYNC_start_job.pod index 21b77a96b95e..9bd1044b266a 100644 --- a/crypto/openssl/doc/man3/ASYNC_start_job.pod +++ b/crypto/openssl/doc/man3/ASYNC_start_job.pod @@ -317,7 +317,7 @@ L<crypto(7)>, L<ERR_print_errors(3)> ASYNC_init_thread, ASYNC_cleanup_thread, ASYNC_start_job, ASYNC_pause_job, ASYNC_get_current_job, ASYNC_get_wait_ctx(), ASYNC_block_pause(), ASYNC_unblock_pause() and ASYNC_is_capable() were first -added to OpenSSL 1.1.0. +added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/BIO_new_CMS.pod b/crypto/openssl/doc/man3/BIO_new_CMS.pod index b06c224f7180..f8d4c3bde6ee 100644 --- a/crypto/openssl/doc/man3/BIO_new_CMS.pod +++ b/crypto/openssl/doc/man3/BIO_new_CMS.pod @@ -61,7 +61,7 @@ L<CMS_encrypt(3)> =head1 HISTORY -BIO_new_CMS() was added to OpenSSL 1.0.0 +The BIO_new_CMS() function was added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/BN_generate_prime.pod b/crypto/openssl/doc/man3/BN_generate_prime.pod index b505841832ec..b6e9145106be 100644 --- a/crypto/openssl/doc/man3/BN_generate_prime.pod +++ b/crypto/openssl/doc/man3/BN_generate_prime.pod @@ -197,8 +197,8 @@ L<RSA_generate_key(3)>, L<ERR_get_error(3)>, L<RAND_bytes(3)> =head1 HISTORY -BN_GENCB_new(), BN_GENCB_free(), -and BN_GENCB_get_arg() were added in OpenSSL 1.1.0 +The BN_GENCB_new(), BN_GENCB_free(), +and BN_GENCB_get_arg() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/BN_rand.pod b/crypto/openssl/doc/man3/BN_rand.pod index eb0a6b13862f..90b50ffc311e 100644 --- a/crypto/openssl/doc/man3/BN_rand.pod +++ b/crypto/openssl/doc/man3/BN_rand.pod @@ -73,7 +73,8 @@ a future release. =item * -BN_priv_rand() and BN_priv_rand_range() were added in OpenSSL 1.1.1. +The +BN_priv_rand() and BN_priv_rand_range() functions were added in OpenSSL 1.1.1. =back diff --git a/crypto/openssl/doc/man3/BN_security_bits.pod b/crypto/openssl/doc/man3/BN_security_bits.pod index 1aed85a71a9c..f6e5857a4eed 100644 --- a/crypto/openssl/doc/man3/BN_security_bits.pod +++ b/crypto/openssl/doc/man3/BN_security_bits.pod @@ -33,7 +33,7 @@ function. The symmetric algorithms are not covered neither. =head1 HISTORY -BN_security_bits() was added in OpenSSL 1.1.0. +The BN_security_bits() function was added in OpenSSL 1.1.0. =head1 SEE ALSO diff --git a/crypto/openssl/doc/man3/BUF_MEM_new.pod b/crypto/openssl/doc/man3/BUF_MEM_new.pod index 61922502a3f1..0c68f3776f7c 100644 --- a/crypto/openssl/doc/man3/BUF_MEM_new.pod +++ b/crypto/openssl/doc/man3/BUF_MEM_new.pod @@ -61,7 +61,7 @@ L<CRYPTO_secure_malloc(3)>. =head1 HISTORY -BUF_MEM_new_ex() was added in OpenSSL 1.1.0. +The BUF_MEM_new_ex() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/CMS_get0_type.pod b/crypto/openssl/doc/man3/CMS_get0_type.pod index cad8d3f66280..bc38a09bdcbc 100644 --- a/crypto/openssl/doc/man3/CMS_get0_type.pod +++ b/crypto/openssl/doc/man3/CMS_get0_type.pod @@ -16,11 +16,12 @@ CMS_get0_type, CMS_set1_eContentType, CMS_get0_eContentType, CMS_get0_content - =head1 DESCRIPTION CMS_get0_type() returns the content type of a CMS_ContentInfo structure as -and ASN1_OBJECT pointer. An application can then decide how to process the +an ASN1_OBJECT pointer. An application can then decide how to process the CMS_ContentInfo structure based on this value. CMS_set1_eContentType() sets the embedded content type of a CMS_ContentInfo -structure. It should be called with CMS functions with the B<CMS_PARTIAL> +structure. It should be called with CMS functions (such as L<CMS_sign>, L<CMS_encrypt>) +with the B<CMS_PARTIAL> flag and B<before> the structure is finalised, otherwise the results are undefined. @@ -60,7 +61,7 @@ embedded content as it is normally set by higher level functions. =head1 RETURN VALUES -CMS_get0_type() and CMS_get0_eContentType() return and ASN1_OBJECT structure. +CMS_get0_type() and CMS_get0_eContentType() return an ASN1_OBJECT structure. CMS_set1_eContentType() returns 1 for success or 0 if an error occurred. The error can be obtained from ERR_get_error(3). @@ -71,7 +72,7 @@ L<ERR_get_error(3)> =head1 COPYRIGHT -Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/CONF_modules_load_file.pod b/crypto/openssl/doc/man3/CONF_modules_load_file.pod index ecf294a2c60d..485cf797b12e 100644 --- a/crypto/openssl/doc/man3/CONF_modules_load_file.pod +++ b/crypto/openssl/doc/man3/CONF_modules_load_file.pod @@ -28,13 +28,21 @@ reads configuration information from B<cnf>. The following B<flags> are currently recognized: -B<CONF_MFLAGS_IGNORE_ERRORS> if set errors returned by individual +If B<CONF_MFLAGS_IGNORE_ERRORS> is set errors returned by individual configuration modules are ignored. If not set the first module error is considered fatal and no further modules are loaded. Normally any modules errors will add error information to the error queue. If B<CONF_MFLAGS_SILENT> is set no error information is added. +If B<CONF_MFLAGS_IGNORE_RETURN_CODES> is set the function unconditionally +returns success. +This is used by default in L<OPENSSL_init_crypto(3)> to ignore any errors in +the default system-wide configuration file, as having all OpenSSL applications +fail to start when there are potentially minor issues in the file is too risky. +Applications calling B<CONF_modules_load_file> explicitly should not generally +set this flag. + If B<CONF_MFLAGS_NO_DSO> is set configuration module loading from DSOs is disabled. @@ -126,7 +134,7 @@ L<config(5)>, L<OPENSSL_config(3)> =head1 COPYRIGHT -Copyright 2004-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/CRYPTO_get_ex_new_index.pod b/crypto/openssl/doc/man3/CRYPTO_get_ex_new_index.pod index 4d5a2b93a082..b2d33ef90d9e 100644 --- a/crypto/openssl/doc/man3/CRYPTO_get_ex_new_index.pod +++ b/crypto/openssl/doc/man3/CRYPTO_get_ex_new_index.pod @@ -100,7 +100,7 @@ to avoid likely double-free crashes. The function B<CRYPTO_free_ex_data> is used to free all exdata attached to a structure. The appropriate type-specific routine must be used. The B<class_index> identifies the structure type, the B<obj> is -be the pointer to the actual structure, and B<r> is a pointer to the +a pointer to the actual structure, and B<r> is a pointer to the structure's exdata field. =head2 Callback Functions @@ -157,7 +157,7 @@ dup_func() should return 0 for failure and 1 for success. =head1 COPYRIGHT -Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/CTLOG_STORE_get0_log_by_id.pod b/crypto/openssl/doc/man3/CTLOG_STORE_get0_log_by_id.pod index 36063b62e858..86696a559462 100644 --- a/crypto/openssl/doc/man3/CTLOG_STORE_get0_log_by_id.pod +++ b/crypto/openssl/doc/man3/CTLOG_STORE_get0_log_by_id.pod @@ -35,7 +35,7 @@ L<CTLOG_STORE_new(3)> =head1 HISTORY -This function was added in OpenSSL 1.1.0. +The CTLOG_STORE_get0_log_by_id() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/DH_size.pod b/crypto/openssl/doc/man3/DH_size.pod index 3b65d7ea6d6b..3cbdbc67da1c 100644 --- a/crypto/openssl/doc/man3/DH_size.pod +++ b/crypto/openssl/doc/man3/DH_size.pod @@ -43,7 +43,7 @@ L<BN_num_bits(3)> =head1 HISTORY -DH_bits() was added in OpenSSL 1.1.0. +The DH_bits() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/DTLS_get_data_mtu.pod b/crypto/openssl/doc/man3/DTLS_get_data_mtu.pod index ab7147217ac1..81b945f134a6 100644 --- a/crypto/openssl/doc/man3/DTLS_get_data_mtu.pod +++ b/crypto/openssl/doc/man3/DTLS_get_data_mtu.pod @@ -22,7 +22,7 @@ Returns the maximum data payload size on success, or 0 on failure. =head1 HISTORY -This function was added in OpenSSL 1.1.1 +The DTLS_get_data_mtu() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/DTLS_set_timer_cb.pod b/crypto/openssl/doc/man3/DTLS_set_timer_cb.pod index 6e1347213e6f..c5154dca3570 100644 --- a/crypto/openssl/doc/man3/DTLS_set_timer_cb.pod +++ b/crypto/openssl/doc/man3/DTLS_set_timer_cb.pod @@ -26,7 +26,7 @@ Returns void. =head1 HISTORY -This function was added in OpenSSL 1.1.1 +The DTLS_set_timer_cb() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/DTLSv1_listen.pod b/crypto/openssl/doc/man3/DTLSv1_listen.pod index 858e39316105..76be40b68f10 100644 --- a/crypto/openssl/doc/man3/DTLSv1_listen.pod +++ b/crypto/openssl/doc/man3/DTLSv1_listen.pod @@ -117,10 +117,10 @@ L<ssl(7)>, L<bio(7)> =head1 HISTORY -SSL_stateless() was first added in OpenSSL 1.1.1. +The SSL_stateless() function was added in OpenSSL 1.1.1. -DTLSv1_listen() return codes were clarified in OpenSSL 1.1.0. The type of "peer" -also changed in OpenSSL 1.1.0. +The DTLSv1_listen() return codes were clarified in OpenSSL 1.1.0. +The type of "peer" also changed in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/EC_GROUP_copy.pod b/crypto/openssl/doc/man3/EC_GROUP_copy.pod index ee20f9526adc..7bf350062375 100644 --- a/crypto/openssl/doc/man3/EC_GROUP_copy.pod +++ b/crypto/openssl/doc/man3/EC_GROUP_copy.pod @@ -89,7 +89,7 @@ named curve form is used and the parameters must have a corresponding named curve NID set. If asn1_flags is B<OPENSSL_EC_EXPLICIT_CURVE> the parameters are explicitly encoded. The functions EC_GROUP_get_asn1_flag and EC_GROUP_set_asn1_flag get and set the status of the asn1_flag for the curve. -Note: B<OPENSSL_EC_EXPLICIT_CURVE> was first added to OpenSSL 1.1.0, for +Note: B<OPENSSL_EC_EXPLICIT_CURVE> was added in OpenSSL 1.1.0, for previous versions of OpenSSL the value 0 must be used instead. Before OpenSSL 1.1.0 the default form was to use explicit parameters (meaning that applications would have to explicitly set the named curve form) in OpenSSL @@ -175,7 +175,7 @@ and EC_GROUP_get_degree return the order, cofactor, curve name (NID), ASN1 flag, specified curve respectively. If there is no curve name associated with a curve then EC_GROUP_get_curve_name will return 0. EC_GROUP_get0_order() returns an internal pointer to the group order. -EC_GROUP_get_order_bits() returns the number of bits in the group order. +EC_GROUP_order_bits() returns the number of bits in the group order. EC_GROUP_get0_cofactor() returns an internal pointer to the group cofactor. EC_GROUP_get0_seed returns a pointer to the seed that was used to generate the parameter b, or NULL if the seed is not diff --git a/crypto/openssl/doc/man3/EVP_DigestInit.pod b/crypto/openssl/doc/man3/EVP_DigestInit.pod index 5ecbcc5e8992..37bc10d38056 100644 --- a/crypto/openssl/doc/man3/EVP_DigestInit.pod +++ b/crypto/openssl/doc/man3/EVP_DigestInit.pod @@ -369,15 +369,15 @@ L<EVP_whirlpool(3)> =head1 HISTORY -EVP_MD_CTX_create() and EVP_MD_CTX_destroy() were renamed to -EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1.0. +The EVP_MD_CTX_create() and EVP_MD_CTX_destroy() functions were renamed to +EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1.0, respectively. The link between digests and signing algorithms was fixed in OpenSSL 1.0 and later, so now EVP_sha1() can be used with RSA and DSA. -EVP_dss1() was removed in OpenSSL 1.1.0. +The EVP_dss1() function was removed in OpenSSL 1.1.0. -EVP_MD_CTX_set_pkey_ctx() was added in 1.1.1. +The EVP_MD_CTX_set_pkey_ctx() function was added in 1.1.1. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/EVP_DigestSignInit.pod b/crypto/openssl/doc/man3/EVP_DigestSignInit.pod index 773de87efac4..7b74a23cbcf2 100644 --- a/crypto/openssl/doc/man3/EVP_DigestSignInit.pod +++ b/crypto/openssl/doc/man3/EVP_DigestSignInit.pod @@ -152,7 +152,7 @@ L<SHA1(3)>, L<dgst(1)> =head1 HISTORY EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal() -were first added to OpenSSL 1.0.0. +were added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/EVP_DigestVerifyInit.pod b/crypto/openssl/doc/man3/EVP_DigestVerifyInit.pod index e93ac2ef0810..98a0987a3aaa 100644 --- a/crypto/openssl/doc/man3/EVP_DigestVerifyInit.pod +++ b/crypto/openssl/doc/man3/EVP_DigestVerifyInit.pod @@ -98,7 +98,7 @@ L<SHA1(3)>, L<dgst(1)> =head1 HISTORY EVP_DigestVerifyInit(), EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal() -were first added to OpenSSL 1.0.0. +were added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/EVP_EncryptInit.pod b/crypto/openssl/doc/man3/EVP_EncryptInit.pod index 5fdbc33ac10f..b43a3e5468ca 100644 --- a/crypto/openssl/doc/man3/EVP_EncryptInit.pod +++ b/crypto/openssl/doc/man3/EVP_EncryptInit.pod @@ -632,7 +632,7 @@ L<EVP_sm4(3)> =head1 HISTORY -Support for OCB mode was added in OpenSSL 1.1.0 +Support for OCB mode was added in OpenSSL 1.1.0. B<EVP_CIPHER_CTX> was made opaque in OpenSSL 1.1.0. As a result, EVP_CIPHER_CTX_reset() appeared and EVP_CIPHER_CTX_cleanup() diff --git a/crypto/openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod b/crypto/openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod index 4982e9205305..75fad0f70ce0 100644 --- a/crypto/openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod +++ b/crypto/openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod @@ -359,7 +359,7 @@ B<param_enc> when generating EC parameters or an EC key. The encoding can be B<OPENSSL_EC_EXPLICIT_CURVE> for explicit parameters (the default in versions of OpenSSL before 1.1.0) or B<OPENSSL_EC_NAMED_CURVE> to use named curve form. For maximum compatibility the named curve form should be used. Note: the -B<OPENSSL_EC_NAMED_CURVE> value was only added to OpenSSL 1.1.0; previous +B<OPENSSL_EC_NAMED_CURVE> value was added in OpenSSL 1.1.0; previous versions should use 0 instead. =head2 ECDH parameters @@ -439,8 +439,9 @@ L<EVP_PKEY_keygen(3)> =head1 HISTORY +The EVP_PKEY_CTX_set1_id(), EVP_PKEY_CTX_get1_id() and EVP_PKEY_CTX_get1_id_len() -macros were added in 1.1.1, other functions were first added to OpenSSL 1.0.0. +macros were added in 1.1.1, other functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/EVP_PKEY_CTX_new.pod b/crypto/openssl/doc/man3/EVP_PKEY_CTX_new.pod index eff94cd94364..f01fc9752297 100644 --- a/crypto/openssl/doc/man3/EVP_PKEY_CTX_new.pod +++ b/crypto/openssl/doc/man3/EVP_PKEY_CTX_new.pod @@ -48,7 +48,7 @@ L<EVP_PKEY_new(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/EVP_PKEY_asn1_get_count.pod b/crypto/openssl/doc/man3/EVP_PKEY_asn1_get_count.pod index 9ad2daed4f5b..cd99e4d75786 100644 --- a/crypto/openssl/doc/man3/EVP_PKEY_asn1_get_count.pod +++ b/crypto/openssl/doc/man3/EVP_PKEY_asn1_get_count.pod @@ -48,7 +48,7 @@ engine that implements it. EVP_PKEY_asn1_get0_info() returns the public key ID, base public key ID (both NIDs), any flags, the method description and PEM type string -associated with the public key ASN.1 method B<*ameth>. +associated with the public key ASN.1 method B<*ameth>. EVP_PKEY_asn1_count(), EVP_PKEY_asn1_get0(), EVP_PKEY_asn1_find() and EVP_PKEY_asn1_find_str() are not thread safe, but as long as all @@ -70,7 +70,7 @@ L<EVP_PKEY_asn1_new(3)>, L<EVP_PKEY_asn1_add0(3)> =head1 COPYRIGHT -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/EVP_PKEY_decrypt.pod b/crypto/openssl/doc/man3/EVP_PKEY_decrypt.pod index 2a691a61773b..2e3d266541a6 100644 --- a/crypto/openssl/doc/man3/EVP_PKEY_decrypt.pod +++ b/crypto/openssl/doc/man3/EVP_PKEY_decrypt.pod @@ -91,7 +91,7 @@ L<EVP_PKEY_derive(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/EVP_PKEY_derive.pod b/crypto/openssl/doc/man3/EVP_PKEY_derive.pod index 8cd0b54740d4..a74065e31f3b 100644 --- a/crypto/openssl/doc/man3/EVP_PKEY_derive.pod +++ b/crypto/openssl/doc/man3/EVP_PKEY_derive.pod @@ -89,7 +89,7 @@ L<EVP_PKEY_verify_recover(3)>, =head1 HISTORY -These functions were first added to OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/EVP_PKEY_encrypt.pod b/crypto/openssl/doc/man3/EVP_PKEY_encrypt.pod index 4e9a34e740f3..371891046473 100644 --- a/crypto/openssl/doc/man3/EVP_PKEY_encrypt.pod +++ b/crypto/openssl/doc/man3/EVP_PKEY_encrypt.pod @@ -96,7 +96,7 @@ L<EVP_PKEY_derive(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/EVP_PKEY_get_default_digest_nid.pod b/crypto/openssl/doc/man3/EVP_PKEY_get_default_digest_nid.pod index da76677044c2..ed52e9696c9f 100644 --- a/crypto/openssl/doc/man3/EVP_PKEY_get_default_digest_nid.pod +++ b/crypto/openssl/doc/man3/EVP_PKEY_get_default_digest_nid.pod @@ -37,7 +37,7 @@ L<EVP_PKEY_verify_recover(3)>, =head1 HISTORY -This function was first added to OpenSSL 1.0.0. +This function was added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/EVP_PKEY_keygen.pod b/crypto/openssl/doc/man3/EVP_PKEY_keygen.pod index 0b86eaaaa3db..83cebe7ce2f4 100644 --- a/crypto/openssl/doc/man3/EVP_PKEY_keygen.pod +++ b/crypto/openssl/doc/man3/EVP_PKEY_keygen.pod @@ -189,7 +189,7 @@ L<EVP_PKEY_derive(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. EVP_PKEY_check(), EVP_PKEY_public_check() and EVP_PKEY_param_check() were added in OpenSSL 1.1.1. diff --git a/crypto/openssl/doc/man3/EVP_PKEY_new.pod b/crypto/openssl/doc/man3/EVP_PKEY_new.pod index a3532a359632..ebe20986dba1 100644 --- a/crypto/openssl/doc/man3/EVP_PKEY_new.pod +++ b/crypto/openssl/doc/man3/EVP_PKEY_new.pod @@ -114,12 +114,15 @@ L<EVP_PKEY_set1_EC_KEY> =head1 HISTORY -EVP_PKEY_new() and EVP_PKEY_free() exist in all versions of OpenSSL. +The +EVP_PKEY_new() and EVP_PKEY_free() functions exist in all versions of OpenSSL. -EVP_PKEY_up_ref() was first added to OpenSSL 1.1.0. +The EVP_PKEY_up_ref() function was added in OpenSSL 1.1.0. + +The EVP_PKEY_new_raw_private_key(), EVP_PKEY_new_raw_public_key(), EVP_PKEY_new_CMAC_key(), EVP_PKEY_new_raw_private_key() and -EVP_PKEY_get_raw_public_key() were first added to OpenSSL 1.1.1. +EVP_PKEY_get_raw_public_key() functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/EVP_PKEY_print_private.pod b/crypto/openssl/doc/man3/EVP_PKEY_print_private.pod index 3ebd086a1c19..e0750c7eedbb 100644 --- a/crypto/openssl/doc/man3/EVP_PKEY_print_private.pod +++ b/crypto/openssl/doc/man3/EVP_PKEY_print_private.pod @@ -47,7 +47,7 @@ L<EVP_PKEY_keygen(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/EVP_PKEY_sign.pod b/crypto/openssl/doc/man3/EVP_PKEY_sign.pod index bdebf0b9241f..1672831ff015 100644 --- a/crypto/openssl/doc/man3/EVP_PKEY_sign.pod +++ b/crypto/openssl/doc/man3/EVP_PKEY_sign.pod @@ -101,7 +101,7 @@ L<EVP_PKEY_derive(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/EVP_PKEY_verify.pod b/crypto/openssl/doc/man3/EVP_PKEY_verify.pod index 57d7f8cf86f8..cdbb80b99df8 100644 --- a/crypto/openssl/doc/man3/EVP_PKEY_verify.pod +++ b/crypto/openssl/doc/man3/EVP_PKEY_verify.pod @@ -89,7 +89,7 @@ L<EVP_PKEY_derive(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/EVP_PKEY_verify_recover.pod b/crypto/openssl/doc/man3/EVP_PKEY_verify_recover.pod index 85d76f84ac37..251360656167 100644 --- a/crypto/openssl/doc/man3/EVP_PKEY_verify_recover.pod +++ b/crypto/openssl/doc/man3/EVP_PKEY_verify_recover.pod @@ -100,7 +100,7 @@ L<EVP_PKEY_derive(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/EVP_SignInit.pod b/crypto/openssl/doc/man3/EVP_SignInit.pod index 12e67f8cbf86..86fec82fb007 100644 --- a/crypto/openssl/doc/man3/EVP_SignInit.pod +++ b/crypto/openssl/doc/man3/EVP_SignInit.pod @@ -17,7 +17,7 @@ functions void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type); - int EVP_PKEY_size(EVP_PKEY *pkey); + int EVP_PKEY_size(const EVP_PKEY *pkey); int EVP_PKEY_security_bits(const EVP_PKEY *pkey); =head1 DESCRIPTION diff --git a/crypto/openssl/doc/man3/HMAC.pod b/crypto/openssl/doc/man3/HMAC.pod index c480a9c9ebef..65386a7baa31 100644 --- a/crypto/openssl/doc/man3/HMAC.pod +++ b/crypto/openssl/doc/man3/HMAC.pod @@ -91,7 +91,7 @@ because reuse of an existing key with a different digest is not supported. HMAC_Init() initializes a B<HMAC_CTX> structure to use the hash function B<evp_md> and the key B<key> which is B<key_len> bytes -long. +long. HMAC_Update() can be called repeatedly with chunks of the message to be authenticated (B<len> bytes at B<data>). @@ -147,7 +147,7 @@ OpenSSL before version 1.0.0. =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/OPENSSL_init_crypto.pod b/crypto/openssl/doc/man3/OPENSSL_init_crypto.pod index a259539f0552..c7823e32d6df 100644 --- a/crypto/openssl/doc/man3/OPENSSL_init_crypto.pod +++ b/crypto/openssl/doc/man3/OPENSSL_init_crypto.pod @@ -2,10 +2,11 @@ =head1 NAME -OPENSSL_INIT_new, OPENSSL_INIT_set_config_appname, OPENSSL_INIT_free, -OPENSSL_init_crypto, OPENSSL_cleanup, -OPENSSL_atexit, OPENSSL_thread_stop - OpenSSL -initialisation and deinitialisation functions +OPENSSL_INIT_new, OPENSSL_INIT_set_config_filename, +OPENSSL_INIT_set_config_appname, OPENSSL_INIT_set_config_file_flags, +OPENSSL_INIT_free, OPENSSL_init_crypto, OPENSSL_cleanup, OPENSSL_atexit, +OPENSSL_thread_stop - OpenSSL initialisation +and deinitialisation functions =head1 SYNOPSIS @@ -17,6 +18,10 @@ initialisation and deinitialisation functions void OPENSSL_thread_stop(void); OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void); + int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *init, + const char* filename); + int OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *init, + unsigned long flags); int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *init, const char* name); void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init); @@ -33,7 +38,7 @@ As of version 1.1.0 OpenSSL will automatically allocate all resources that it needs so no explicit initialisation is required. Similarly it will also automatically deinitialise as required. -However, there way be situations when explicit initialisation is desirable or +However, there may be situations when explicit initialisation is desirable or needed, for example when some non-default initialisation is required. The function OPENSSL_init_crypto() can be used for this purpose for libcrypto (see also L<OPENSSL_init_ssl(3)> for the libssl @@ -96,7 +101,7 @@ B<OPENSSL_INIT_ADD_ALL_DIGESTS> will be ignored. With this option an OpenSSL configuration file will be automatically loaded and used by calling OPENSSL_config(). This is not a default option for libcrypto. -From OpenSSL 1.1.1 this is a default option for libssl (see +As of OpenSSL 1.1.1 this is a default option for libssl (see L<OPENSSL_init_ssl(3)> for further details about libssl initialisation). See the description of OPENSSL_INIT_new(), below. @@ -157,6 +162,13 @@ engines. This not a default option. With this option the library will register its fork handlers. See OPENSSL_fork_prepare(3) for details. +=item OPENSSL_INIT_NO_ATEXIT + +By default OpenSSL will attempt to clean itself up when the process exits via an +"atexit" handler. Using this option suppresses that behaviour. This means that +the application will have to clean up OpenSSL explicitly using +OPENSSL_cleanup(). + =back Multiple options may be combined together in a single call to @@ -196,12 +208,22 @@ the library when the thread exits. This should only be called directly if resources should be freed at an earlier time, or under the circumstances described in the NOTES section below. -The B<OPENSSL_INIT_LOAD_CONFIG> flag will load a default configuration -file. For optional configuration file settings, an B<OPENSSL_INIT_SETTINGS> -must be created and used. -The routines OPENSSL_init_new() and OPENSSL_INIT_set_config_appname() can -be used to allocate the object and set the application name, and then the -object can be released with OPENSSL_INIT_free() when done. +The B<OPENSSL_INIT_LOAD_CONFIG> flag will load a configuration file, as with +L<CONF_modules_load_file(3)> with NULL filename and application name and the +B<CONF_MFLAGS_IGNORE_MISSING_FILE>, B<CONF_MFLAGS_IGNORE_RETURN_CODES> and +B<CONF_MFLAGS_DEFAULT_SECTION> flags. +The filename, application name, and flags can be customized by providing a +non-null B<OPENSSL_INIT_SETTINGS> object. +The object can be allocated via B<OPENSSL_init_new()>. +The B<OPENSSL_INIT_set_config_filename()> function can be used to specify a +non-default filename, which is copied and need not refer to persistent storage. +Similarly, OPENSSL_INIT_set_config_appname() can be used to specify a +non-default application name. +Finally, OPENSSL_INIT_set_file_flags can be used to specify non-default flags. +If the B<CONF_MFLAGS_IGNORE_RETURN_CODES> flag is not included, any errors in +the configuration file will cause an error return from B<OPENSSL_init_crypto> +or indirectly L<OPENSSL_init_ssl(3)>. +The object can be released with OPENSSL_INIT_free() when done. =head1 NOTES @@ -242,7 +264,7 @@ and OPENSSL_INIT_free() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/OPENSSL_malloc.pod b/crypto/openssl/doc/man3/OPENSSL_malloc.pod index 049a12556ae7..2d678c951f0a 100644 --- a/crypto/openssl/doc/man3/OPENSSL_malloc.pod +++ b/crypto/openssl/doc/man3/OPENSSL_malloc.pod @@ -90,10 +90,8 @@ generally macro's that add the standard C B<__FILE__> and B<__LINE__> parameters and call a lower-level B<CRYPTO_xxx> API. Some functions do not add those parameters, but exist for consistency. -OPENSSL_malloc_init() sets the lower-level memory allocation functions -to their default implementation. -It is generally not necessary to call this, except perhaps in certain -shared-library situations. +OPENSSL_malloc_init() does nothing and does not need to be called. It is +included for compatibility with older versions of OpenSSL. OPENSSL_malloc(), OPENSSL_realloc(), and OPENSSL_free() are like the C malloc(), realloc(), and free() functions. @@ -247,7 +245,7 @@ only, say, the malloc() implementation is outright dangerous.> =head1 COPYRIGHT -Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/OPENSSL_secure_malloc.pod b/crypto/openssl/doc/man3/OPENSSL_secure_malloc.pod index 5a01c8246933..6c395383513b 100644 --- a/crypto/openssl/doc/man3/OPENSSL_secure_malloc.pod +++ b/crypto/openssl/doc/man3/OPENSSL_secure_malloc.pod @@ -120,7 +120,7 @@ L<BN_new(3)> =head1 HISTORY -OPENSSL_secure_clear_free() was added in OpenSSL 1.1.0g. +The OPENSSL_secure_clear_free() function was added in OpenSSL 1.1.0g. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/OSSL_STORE_INFO.pod b/crypto/openssl/doc/man3/OSSL_STORE_INFO.pod index 20d41ac534e7..4c68986c56b2 100644 --- a/crypto/openssl/doc/man3/OSSL_STORE_INFO.pod +++ b/crypto/openssl/doc/man3/OSSL_STORE_INFO.pod @@ -190,7 +190,7 @@ OSSL_STORE_INFO_get0_CERT(), OSSL_STORE_INFO_get0_CRL(), OSSL_STORE_INFO_type_string(), OSSL_STORE_INFO_free(), OSSL_STORE_INFO_new_NAME(), OSSL_STORE_INFO_new_PARAMS(), OSSL_STORE_INFO_new_PKEY(), OSSL_STORE_INFO_new_CERT() and OSSL_STORE_INFO_new_CRL() -were added to OpenSSL 1.1.1. +were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/OSSL_STORE_LOADER.pod b/crypto/openssl/doc/man3/OSSL_STORE_LOADER.pod index 87c135a1275b..150375411452 100644 --- a/crypto/openssl/doc/man3/OSSL_STORE_LOADER.pod +++ b/crypto/openssl/doc/man3/OSSL_STORE_LOADER.pod @@ -250,7 +250,7 @@ OSSL_STORE_LOADER_set_eof(), OSSL_STORE_LOADER_set_close(), OSSL_STORE_LOADER_free(), OSSL_STORE_register_loader(), OSSL_STORE_unregister_loader(), OSSL_STORE_open_fn(), OSSL_STORE_ctrl_fn(), OSSL_STORE_load_fn(), OSSL_STORE_eof_fn() and OSSL_STORE_close_fn() -were added to OpenSSL 1.1.1. +were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/OSSL_STORE_SEARCH.pod b/crypto/openssl/doc/man3/OSSL_STORE_SEARCH.pod index 6d36a190ae5a..0c2dd2bc24c5 100644 --- a/crypto/openssl/doc/man3/OSSL_STORE_SEARCH.pod +++ b/crypto/openssl/doc/man3/OSSL_STORE_SEARCH.pod @@ -179,7 +179,7 @@ OSSL_STORE_SEARCH_get0_name(), OSSL_STORE_SEARCH_get0_serial(), OSSL_STORE_SEARCH_get0_bytes(), and OSSL_STORE_SEARCH_get0_string() -were added to OpenSSL 1.1.1. +were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/OSSL_STORE_expect.pod b/crypto/openssl/doc/man3/OSSL_STORE_expect.pod index e3f06b55be71..154472a76b51 100644 --- a/crypto/openssl/doc/man3/OSSL_STORE_expect.pod +++ b/crypto/openssl/doc/man3/OSSL_STORE_expect.pod @@ -65,7 +65,7 @@ L<OSSL_STORE_load(3)> =head1 HISTORY OSSL_STORE_expect(), OSSL_STORE_supports_search() and OSSL_STORE_find() -were added to OpenSSL 1.1.1. +were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/OSSL_STORE_open.pod b/crypto/openssl/doc/man3/OSSL_STORE_open.pod index b1467f4100a7..1e8ebf7ce1ce 100644 --- a/crypto/openssl/doc/man3/OSSL_STORE_open.pod +++ b/crypto/openssl/doc/man3/OSSL_STORE_open.pod @@ -147,7 +147,7 @@ L<passphrase-encoding(7)> OSSL_STORE_CTX(), OSSL_STORE_post_process_info_fn(), OSSL_STORE_open(), OSSL_STORE_ctrl(), OSSL_STORE_load(), OSSL_STORE_eof() and OSSL_STORE_close() -were added to OpenSSL 1.1.1. +were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/PEM_read_bio_ex.pod b/crypto/openssl/doc/man3/PEM_read_bio_ex.pod index e171bff2453a..a16b0ede5a9c 100644 --- a/crypto/openssl/doc/man3/PEM_read_bio_ex.pod +++ b/crypto/openssl/doc/man3/PEM_read_bio_ex.pod @@ -56,7 +56,7 @@ L<PEM(3)> =head1 HISTORY -PEM_read_bio_ex() was added in OpenSSL 1.1.1. +The PEM_read_bio_ex() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/PEM_write_bio_CMS_stream.pod b/crypto/openssl/doc/man3/PEM_write_bio_CMS_stream.pod index c73fafd44bdc..bc3ee167e0c4 100644 --- a/crypto/openssl/doc/man3/PEM_write_bio_CMS_stream.pod +++ b/crypto/openssl/doc/man3/PEM_write_bio_CMS_stream.pod @@ -36,7 +36,7 @@ L<i2d_CMS_bio_stream(3)> =head1 HISTORY -PEM_write_bio_CMS_stream() was added to OpenSSL 1.0.0 +The PEM_write_bio_CMS_stream() function was added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/PEM_write_bio_PKCS7_stream.pod b/crypto/openssl/doc/man3/PEM_write_bio_PKCS7_stream.pod index 77f97aaa2bbc..32b7ef2ef754 100644 --- a/crypto/openssl/doc/man3/PEM_write_bio_PKCS7_stream.pod +++ b/crypto/openssl/doc/man3/PEM_write_bio_PKCS7_stream.pod @@ -35,7 +35,7 @@ L<i2d_PKCS7_bio_stream(3)> =head1 HISTORY -PEM_write_bio_PKCS7_stream() was added to OpenSSL 1.0.0 +The PEM_write_bio_PKCS7_stream() function was added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/PKCS12_parse.pod b/crypto/openssl/doc/man3/PKCS12_parse.pod index 747a36f5ed04..208644c019bf 100644 --- a/crypto/openssl/doc/man3/PKCS12_parse.pod +++ b/crypto/openssl/doc/man3/PKCS12_parse.pod @@ -8,7 +8,8 @@ PKCS12_parse - parse a PKCS#12 structure #include <openssl/pkcs12.h> -int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca); + int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, + STACK_OF(X509) **ca); =head1 DESCRIPTION diff --git a/crypto/openssl/doc/man3/PKCS7_sign.pod b/crypto/openssl/doc/man3/PKCS7_sign.pod index c1df5f19a070..6fd54777d1f1 100644 --- a/crypto/openssl/doc/man3/PKCS7_sign.pod +++ b/crypto/openssl/doc/man3/PKCS7_sign.pod @@ -108,9 +108,9 @@ L<ERR_get_error(3)>, L<PKCS7_verify(3)> =head1 HISTORY The B<PKCS7_PARTIAL> flag, and the ability for B<certs>, B<signcert>, -and B<pkey> parameters to be B<NULL> to be was added in OpenSSL 1.0.0 +and B<pkey> parameters to be B<NULL> were added in OpenSSL 1.0.0. -The B<PKCS7_STREAM> flag was added in OpenSSL 1.0.0 +The B<PKCS7_STREAM> flag was added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/PKCS7_sign_add_signer.pod b/crypto/openssl/doc/man3/PKCS7_sign_add_signer.pod index 2bc6c40bd2ea..d4a27a2f6194 100644 --- a/crypto/openssl/doc/man3/PKCS7_sign_add_signer.pod +++ b/crypto/openssl/doc/man3/PKCS7_sign_add_signer.pod @@ -83,7 +83,7 @@ L<PKCS7_final(3)>, =head1 HISTORY -PPKCS7_sign_add_signer() was added to OpenSSL 1.0.0 +The PPKCS7_sign_add_signer() function was added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/RAND_bytes.pod b/crypto/openssl/doc/man3/RAND_bytes.pod index fca1ad6961de..f257e050065f 100644 --- a/crypto/openssl/doc/man3/RAND_bytes.pod +++ b/crypto/openssl/doc/man3/RAND_bytes.pod @@ -53,7 +53,7 @@ RAND_pseudo_bytes() was deprecated in OpenSSL 1.1.0; use RAND_bytes() instead. =item * -RAND_priv_bytes() was added in OpenSSL 1.1.1. +The RAND_priv_bytes() function was added in OpenSSL 1.1.1. =back diff --git a/crypto/openssl/doc/man3/RIPEMD160_Init.pod b/crypto/openssl/doc/man3/RIPEMD160_Init.pod index 77ac4fbc122f..d3cdf930d88e 100644 --- a/crypto/openssl/doc/man3/RIPEMD160_Init.pod +++ b/crypto/openssl/doc/man3/RIPEMD160_Init.pod @@ -13,7 +13,7 @@ RIPEMD-160 hash function unsigned char *md); int RIPEMD160_Init(RIPEMD160_CTX *c); - int RIPEMD160_Update(RIPEMD_CTX *c, const void *data, unsigned long len); + int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, unsigned long len); int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); =head1 DESCRIPTION @@ -61,7 +61,7 @@ L<EVP_DigestInit(3)> =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/RSA_get0_key.pod b/crypto/openssl/doc/man3/RSA_get0_key.pod index cb7d0f66db10..358c2de256f9 100644 --- a/crypto/openssl/doc/man3/RSA_get0_key.pod +++ b/crypto/openssl/doc/man3/RSA_get0_key.pod @@ -157,6 +157,7 @@ L<RSA_new(3)>, L<RSA_size(3)> =head1 HISTORY +The RSA_get_multi_prime_extra_count(), RSA_get0_multi_prime_factors(), RSA_get0_multi_prime_crt_params(), RSA_set0_multi_prime_params(), and RSA_get_version() functions were added in OpenSSL 1.1.1. diff --git a/crypto/openssl/doc/man3/RSA_padding_add_PKCS1_type_1.pod b/crypto/openssl/doc/man3/RSA_padding_add_PKCS1_type_1.pod index 93911cac97d6..9ea2634c0346 100644 --- a/crypto/openssl/doc/man3/RSA_padding_add_PKCS1_type_1.pod +++ b/crypto/openssl/doc/man3/RSA_padding_add_PKCS1_type_1.pod @@ -110,7 +110,12 @@ L<ERR_get_error(3)>. The RSA_padding_check_PKCS1_type_2() padding check leaks timing information which can potentially be used to mount a Bleichenbacher padding oracle attack. This is an inherent weakness in the PKCS #1 -v1.5 padding design. Prefer PKCS1_OAEP padding. +v1.5 padding design. Prefer PKCS1_OAEP padding. Otherwise it can +be recommended to pass zero-padded B<f>, so that B<fl> equals to +B<rsa_len>, and if fixed by protocol, B<tlen> being set to the +expected length. In such case leakage would be minimal, it would +take attacker's ability to observe memory access pattern with byte +granilarity as it occurs, post-factum timing analysis won't do. =head1 SEE ALSO diff --git a/crypto/openssl/doc/man3/RSA_size.pod b/crypto/openssl/doc/man3/RSA_size.pod index 022620078a7c..99498650866f 100644 --- a/crypto/openssl/doc/man3/RSA_size.pod +++ b/crypto/openssl/doc/man3/RSA_size.pod @@ -41,7 +41,7 @@ L<BN_num_bits(3)> =head1 HISTORY -RSA_bits() was added in OpenSSL 1.1.0. +The RSA_bits() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/SSL_CIPHER_get_name.pod b/crypto/openssl/doc/man3/SSL_CIPHER_get_name.pod index af59b58946cc..4c12c5ed20d0 100644 --- a/crypto/openssl/doc/man3/SSL_CIPHER_get_name.pod +++ b/crypto/openssl/doc/man3/SSL_CIPHER_get_name.pod @@ -179,19 +179,19 @@ protocol-specific ID. =head1 HISTORY -SSL_CIPHER_get_version() was updated to always return the correct protocol -string in OpenSSL 1.1.0. +The SSL_CIPHER_get_version() function was updated to always return the +correct protocol string in OpenSSL 1.1.0. -SSL_CIPHER_description() was changed to return B<NULL> on error, +The SSL_CIPHER_description() function was changed to return B<NULL> on error, rather than a fixed string, in OpenSSL 1.1.0. -SSL_CIPHER_get_handshake_digest() was added in OpenSSL 1.1.1. +The SSL_CIPHER_get_handshake_digest() function was added in OpenSSL 1.1.1. -SSL_CIPHER_standard_name() was globally available in OpenSSL 1.1.1. Before -OpenSSL 1.1.1, tracing (B<enable-ssl-trace> argument to Configure) was +The SSL_CIPHER_standard_name() function was globally available in OpenSSL 1.1.1. + Before OpenSSL 1.1.1, tracing (B<enable-ssl-trace> argument to Configure) was required to enable this function. -OPENSSL_cipher_name() was added in OpenSSL 1.1.1. +The OPENSSL_cipher_name() function was added in OpenSSL 1.1.1. =head1 SEE ALSO diff --git a/crypto/openssl/doc/man3/SSL_COMP_add_compression_method.pod b/crypto/openssl/doc/man3/SSL_COMP_add_compression_method.pod index 1dc8eb149947..76c036e5ce44 100644 --- a/crypto/openssl/doc/man3/SSL_COMP_add_compression_method.pod +++ b/crypto/openssl/doc/man3/SSL_COMP_add_compression_method.pod @@ -91,9 +91,8 @@ L<ssl(7)> =head1 HISTORY -SSL_COMP_free_compression_methods() was deprecated in OpenSSL 1.1.0; -do not use it. -SSL_COMP_get0_name() and SSL_comp_get_id() were added in OpenSSL 1.1.0d. +The SSL_COMP_free_compression_methods() function was deprecated in OpenSSL 1.1.0. +The SSL_COMP_get0_name() and SSL_comp_get_id() functions were added in OpenSSL 1.1.0d. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/SSL_CONF_CTX_new.pod b/crypto/openssl/doc/man3/SSL_CONF_CTX_new.pod index 79f0bbc7dd5f..df5492f79ba8 100644 --- a/crypto/openssl/doc/man3/SSL_CONF_CTX_new.pod +++ b/crypto/openssl/doc/man3/SSL_CONF_CTX_new.pod @@ -36,7 +36,7 @@ L<SSL_CONF_cmd_argv(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.2 +These functions were added in OpenSSL 1.0.2. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/SSL_CONF_CTX_set1_prefix.pod b/crypto/openssl/doc/man3/SSL_CONF_CTX_set1_prefix.pod index d98647025470..b2eff5bf519f 100644 --- a/crypto/openssl/doc/man3/SSL_CONF_CTX_set1_prefix.pod +++ b/crypto/openssl/doc/man3/SSL_CONF_CTX_set1_prefix.pod @@ -44,7 +44,7 @@ L<SSL_CONF_cmd_argv(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.2 +These functions were added in OpenSSL 1.0.2. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/SSL_CONF_CTX_set_flags.pod b/crypto/openssl/doc/man3/SSL_CONF_CTX_set_flags.pod index 766d984626a9..d6f6ff589758 100644 --- a/crypto/openssl/doc/man3/SSL_CONF_CTX_set_flags.pod +++ b/crypto/openssl/doc/man3/SSL_CONF_CTX_set_flags.pod @@ -70,7 +70,7 @@ L<SSL_CONF_cmd_argv(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.2 +These functions were added in OpenSSL 1.0.2. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod b/crypto/openssl/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod index 7e4120f7ce57..3b001d1686f4 100644 --- a/crypto/openssl/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod +++ b/crypto/openssl/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod @@ -42,7 +42,7 @@ L<SSL_CONF_cmd_argv(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.2 +These functions were added in OpenSSL 1.0.2. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/SSL_CONF_cmd.pod b/crypto/openssl/doc/man3/SSL_CONF_cmd.pod index b399bcf4990c..a74e7284f9de 100644 --- a/crypto/openssl/doc/man3/SSL_CONF_cmd.pod +++ b/crypto/openssl/doc/man3/SSL_CONF_cmd.pod @@ -308,11 +308,6 @@ Attempts to pad TLSv1.3 records so that they are a multiple of B<value> in length on send. A B<value> of 0 or 1 turns off padding. Otherwise, the B<value> must be >1 or <=16384. -=item B<NoRenegotiation> - -Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting -B<SSL_OP_NO_RENEGOTIATION>. - =item B<SignatureAlgorithms> This sets the supported signature algorithms for TLSv1.2 and TLSv1.3. @@ -456,6 +451,9 @@ Only used by servers. B<NoResumptionOnRenegotiation>: set B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> flag. Only used by servers. +B<NoRenegotiation>: disables all attempts at renegotiation in TLSv1.2 and +earlier, same as setting B<SSL_OP_NO_RENEGOTIATION>. + B<UnsafeLegacyRenegotiation>: permits the use of unsafe legacy renegotiation. Equivalent to B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>. @@ -670,12 +668,12 @@ L<SSL_CTX_set_options(3)> =head1 HISTORY -SSL_CONF_cmd() was first added to OpenSSL 1.0.2 +The SSL_CONF_cmd() function was added in OpenSSL 1.0.2. -B<SSL_OP_NO_SSL2> doesn't have effect since 1.1.0, but the macro is retained -for backwards compatibility. +The B<SSL_OP_NO_SSL2> option doesn't have effect since 1.1.0, but the macro +is retained for backwards compatibility. -B<SSL_CONF_TYPE_NONE> was first added to OpenSSL 1.1.0. In earlier versions of +The B<SSL_CONF_TYPE_NONE> was added in OpenSSL 1.1.0. In earlier versions of OpenSSL passing a command which didn't take an argument would return B<SSL_CONF_TYPE_UNKNOWN>. @@ -685,7 +683,7 @@ B<AllowNoDHEKEX> and B<PrioritizeChaCha> were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2012-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_CONF_cmd_argv.pod b/crypto/openssl/doc/man3/SSL_CONF_cmd_argv.pod index 567fa5a5084f..130814803d86 100644 --- a/crypto/openssl/doc/man3/SSL_CONF_cmd_argv.pod +++ b/crypto/openssl/doc/man3/SSL_CONF_cmd_argv.pod @@ -37,7 +37,7 @@ L<SSL_CONF_cmd(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.2 +These functions were added in OpenSSL 1.0.2. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/SSL_CTX_add1_chain_cert.pod b/crypto/openssl/doc/man3/SSL_CTX_add1_chain_cert.pod index 24730024f857..8fe8a7d5e18e 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_add1_chain_cert.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_add1_chain_cert.pod @@ -144,7 +144,7 @@ L<SSL_CTX_add_extra_chain_cert(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.2. +These functions were added in OpenSSL 1.0.2. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/SSL_CTX_config.pod b/crypto/openssl/doc/man3/SSL_CTX_config.pod index 5b2aed76c283..90d86746cec1 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_config.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_config.pod @@ -77,7 +77,7 @@ L<CONF_modules_load_file(3)> =head1 HISTORY -SSL_CTX_config() and SSL_config() were first added to OpenSSL 1.1.0 +The SSL_CTX_config() and SSL_config() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/SSL_CTX_dane_enable.pod b/crypto/openssl/doc/man3/SSL_CTX_dane_enable.pod index d767bb296e83..d1b3c1aad7d3 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_dane_enable.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_dane_enable.pod @@ -368,7 +368,7 @@ L<EVP_PKEY_free(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.1.0. +These functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/SSL_CTX_get0_param.pod b/crypto/openssl/doc/man3/SSL_CTX_get0_param.pod index 6b9373745880..8b99dc330ad9 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_get0_param.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_get0_param.pod @@ -50,7 +50,7 @@ L<X509_VERIFY_PARAM_set_flags(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.2. +These functions were added in OpenSSL 1.0.2. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/SSL_CTX_set0_CA_list.pod b/crypto/openssl/doc/man3/SSL_CTX_set0_CA_list.pod index d7ed89775b2e..b483f83b7182 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set0_CA_list.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set0_CA_list.pod @@ -101,7 +101,7 @@ set CA names using the "client CA list" functions and then get them using the used on the server side then the "client CA list" functions take precedence. Typically, on the server side, the "client CA list " functions should be used in preference. As noted above in most cases it is not necessary to set CA names on -the client side. +the client side. SSL_CTX_set0_CA_list() sets the list of CAs to be sent to the peer to B<name_list>. Ownership of B<name_list> is transferred to B<ctx> and @@ -178,7 +178,7 @@ L<SSL_CTX_load_verify_locations(3)> =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_CTX_set1_curves.pod b/crypto/openssl/doc/man3/SSL_CTX_set1_curves.pod index 7dca0e0161d9..6c3d4fc9e912 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set1_curves.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set1_curves.pod @@ -97,8 +97,8 @@ L<SSL_CTX_add_extra_chain_cert(3)> =head1 HISTORY -The curve functions were first added to OpenSSL 1.0.2. The equivalent group -functions were first added to OpenSSL 1.1.1. +The curve functions were added in OpenSSL 1.0.2. The equivalent group +functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/SSL_CTX_set1_verify_cert_store.pod b/crypto/openssl/doc/man3/SSL_CTX_set1_verify_cert_store.pod index bfe8b70af902..b42f2a499f13 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set1_verify_cert_store.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set1_verify_cert_store.pod @@ -86,7 +86,7 @@ L<SSL_build_cert_chain(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.2. +These functions were added in OpenSSL 1.0.2. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_ctlog_list_file.pod b/crypto/openssl/doc/man3/SSL_CTX_set_ctlog_list_file.pod index 275831ab1550..5fb0feb45183 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set_ctlog_list_file.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set_ctlog_list_file.pod @@ -24,7 +24,7 @@ See L<CTLOG_STORE_new(3)> for the file format. =head1 NOTES These functions will not clear the existing CT log list - it will be appended -to. To replace the existing list, use L<SSL_CTX_set0_ctlog_store> first. +to. To replace the existing list, use L<SSL_CTX_set0_ctlog_store> first. If an error occurs whilst parsing a particular log entry in the file, that log entry will be skipped. @@ -43,7 +43,7 @@ L<CTLOG_STORE_new(3)> =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_default_passwd_cb.pod b/crypto/openssl/doc/man3/SSL_CTX_set_default_passwd_cb.pod index c7bdc9b92a04..999a70c8c366 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set_default_passwd_cb.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set_default_passwd_cb.pod @@ -94,7 +94,7 @@ truncated. SSL_CTX_get_default_passwd_cb(), SSL_CTX_get_default_passwd_cb_userdata(), SSL_set_default_passwd_cb() and SSL_set_default_passwd_cb_userdata() were -first added to OpenSSL 1.1.0 +added in OpenSSL 1.1.0. =head1 SEE ALSO diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_info_callback.pod b/crypto/openssl/doc/man3/SSL_CTX_set_info_callback.pod index f01ca66fce7c..01b03f9a59ae 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set_info_callback.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set_info_callback.pod @@ -92,17 +92,13 @@ Callback has been called due to an alert being sent or received. =item SSL_CB_HANDSHAKE_START -Callback has been called because a new handshake is started. In TLSv1.3 this is -also used for the start of post-handshake message exchanges such as for the -exchange of session tickets, or for key updates. It also occurs when resuming a -handshake following a pause to handle early data. +Callback has been called because a new handshake is started. It also occurs when +resuming a handshake following a pause to handle early data. -=item SSL_CB_HANDSHAKE_DONE 0x20 +=item SSL_CB_HANDSHAKE_DONE -Callback has been called because a handshake is finished. In TLSv1.3 this is -also used at the end of an exchange of post-handshake messages such as for -session tickets or key updates. It also occurs if the handshake is paused to -allow the exchange of early data. +Callback has been called because a handshake is finished. It also occurs if the +handshake is paused to allow the exchange of early data. =back @@ -160,7 +156,7 @@ L<SSL_alert_type_string(3)> =head1 COPYRIGHT -Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_mode.pod b/crypto/openssl/doc/man3/SSL_CTX_set_mode.pod index 8f8edcf05420..387d1ec1ef04 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set_mode.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set_mode.pod @@ -105,6 +105,15 @@ Enable asynchronous processing. TLS I/O operations may indicate a retry with SSL_ERROR_WANT_ASYNC with this mode set if an asynchronous capable engine is used to perform cryptographic operations. See L<SSL_get_error(3)>. +=item SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG + +Older versions of OpenSSL had a bug in the computation of the label length +used for computing the endpoint-pair shared secret. The bug was that the +terminating zero was included in the length of the label. Setting this option +enables this behaviour to allow interoperability with such broken +implementations. Please note that setting this option breaks interoperability +with correct implementations. This option only applies to DTLS over SCTP. + =back All modes are off by default except for SSL_MODE_AUTO_RETRY which is on by @@ -124,11 +133,11 @@ L<SSL_write(3)>, L<SSL_get_error(3)> =head1 HISTORY -SSL_MODE_ASYNC was first added to OpenSSL 1.1.0. +SSL_MODE_ASYNC was added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_msg_callback.pod b/crypto/openssl/doc/man3/SSL_CTX_set_msg_callback.pod index bbc78b64b9c5..8cf77cc553a1 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set_msg_callback.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set_msg_callback.pod @@ -128,8 +128,7 @@ L<ssl(7)>, L<SSL_new(3)> =head1 HISTORY -The pseudo content type B<SSL3_RT_INNER_CONTENT_TYPE> was added in OpenSSL -1.1.1. +The pseudo content type B<SSL3_RT_INNER_CONTENT_TYPE> was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_num_tickets.pod b/crypto/openssl/doc/man3/SSL_CTX_set_num_tickets.pod index b6b0e3ebee74..ad13ed15f406 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set_num_tickets.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set_num_tickets.pod @@ -20,10 +20,10 @@ SSL_CTX_get_num_tickets =head1 DESCRIPTION SSL_CTX_set_num_tickets() and SSL_set_num_tickets() can be called for a server -application and set the number of session tickets that will be sent to the -client after a full handshake. Set the desired value (which could be 0) in the -B<num_tickets> argument. Typically these functions should be called before the -start of the handshake. +application and set the number of TLSv1.3 session tickets that will be sent to +the client after a full handshake. Set the desired value (which could be 0) in +the B<num_tickets> argument. Typically these functions should be called before +the start of the handshake. The default number of tickets is 2; the default number of tickets sent following a resumption handshake is 1 but this cannot be changed using these functions. diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_options.pod b/crypto/openssl/doc/man3/SSL_CTX_set_options.pod index ae5ca1bd5d23..2d840b62cb24 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set_options.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set_options.pod @@ -361,10 +361,10 @@ L<dhparam(1)> =head1 HISTORY The attempt to always try to use secure renegotiation was added in -Openssl 0.9.8m. +OpenSSL 0.9.8m. -B<SSL_OP_PRIORITIZE_CHACHA> and B<SSL_OP_NO_RENEGOTIATION> were added in -OpenSSL 1.1.1. +The B<SSL_OP_PRIORITIZE_CHACHA> and B<SSL_OP_NO_RENEGOTIATION> options +were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_record_padding_callback.pod b/crypto/openssl/doc/man3/SSL_CTX_set_record_padding_callback.pod index d0b2e30f2571..13e56f0c57f6 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set_record_padding_callback.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set_record_padding_callback.pod @@ -19,10 +19,10 @@ SSL_set_block_padding - install callback to specify TLS 1.3 record padding void SSL_set_record_padding_callback(SSL *ssl, size_t (*cb)(SSL *s, int type, size_t len, void *arg)); void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg); - void *SSL_CTX_get_record_padding_callback_arg(SSL_CTX *ctx); + void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx); void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg); - void *SSL_get_record_padding_callback_arg(SSL *ssl); + void *SSL_get_record_padding_callback_arg(const SSL *ssl); int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size); int SSL_set_block_padding(SSL *ssl, size_t block_size); @@ -86,7 +86,7 @@ The record padding API was added for TLS 1.3 support in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_security_level.pod b/crypto/openssl/doc/man3/SSL_CTX_set_security_level.pod index 8baaaffec5c8..0cb6c1f52a22 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set_security_level.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set_security_level.pod @@ -176,7 +176,7 @@ data pointer or NULL if the ex data is not set. =head1 HISTORY -These functions were first added to OpenSSL 1.1.0 +These functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_session_ticket_cb.pod b/crypto/openssl/doc/man3/SSL_CTX_set_session_ticket_cb.pod index 8f98c6f1c99e..f3dfb62c231c 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set_session_ticket_cb.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set_session_ticket_cb.pod @@ -177,8 +177,8 @@ L<SSL_get_session(3)> =head1 HISTORY -SSL_CTX_set_session_ticket_cb(), SSSL_SESSION_set1_ticket_appdata() and -SSL_SESSION_get_ticket_appdata() were added to OpenSSL 1.1.1. +The SSL_CTX_set_session_ticket_cb(), SSSL_SESSION_set1_ticket_appdata() +and SSL_SESSION_get_ticket_appdata() functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_split_send_fragment.pod b/crypto/openssl/doc/man3/SSL_CTX_set_split_send_fragment.pod index ef5e7cda35a2..877b4aecd949 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set_split_send_fragment.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set_split_send_fragment.pod @@ -169,8 +169,8 @@ SSL_CTX_set_split_send_fragment(), SSL_set_split_send_fragment(), SSL_CTX_set_default_read_buffer_len() and SSL_set_default_read_buffer_len() functions were added in OpenSSL 1.1.0. -SSL_CTX_set_tlsext_max_fragment_length(), SSL_set_tlsext_max_fragment_length() -and SSL_SESSION_get_max_fragment_length() were added in OpenSSL 1.1.1. +The SSL_CTX_set_tlsext_max_fragment_length(), SSL_set_tlsext_max_fragment_length() +and SSL_SESSION_get_max_fragment_length() functions were added in OpenSSL 1.1.1. =head1 SEE ALSO diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_ssl_version.pod b/crypto/openssl/doc/man3/SSL_CTX_set_ssl_version.pod index 901c057f453a..6c132756f2ca 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set_ssl_version.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set_ssl_version.pod @@ -11,7 +11,7 @@ SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *method); int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); - const SSL_METHOD *SSL_get_ssl_method(SSL *ssl); + const SSL_METHOD *SSL_get_ssl_method(const SSL *ssl); =head1 DESCRIPTION @@ -60,7 +60,7 @@ L<SSL_set_connect_state(3)> =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_tlsext_status_cb.pod b/crypto/openssl/doc/man3/SSL_CTX_set_tlsext_status_cb.pod index d6c04eced8ce..cb40a9dbcbcb 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set_tlsext_status_cb.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set_tlsext_status_cb.pod @@ -108,8 +108,8 @@ side if the client requested OCSP stapling. Otherwise -1 is returned. =head1 HISTORY -SSL_get_tlsext_status_type(), SSL_CTX_get_tlsext_status_type() and -SSL_CTX_set_tlsext_status_type() were added in OpenSSL 1.1.0. +The SSL_get_tlsext_status_type(), SSL_CTX_get_tlsext_status_type() +and SSL_CTX_set_tlsext_status_type() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod b/crypto/openssl/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod index 9b448db664e1..7a4bb3427027 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod @@ -38,7 +38,7 @@ ticket information or it starts a full TLS handshake to create a new session ticket. Before the callback function is started I<ctx> and I<hctx> have been -initialised with EVP_CIPHER_CTX_init and HMAC_CTX_init respectively. +initialised with L<EVP_CIPHER_CTX_reset(3)> and L<HMAC_CTX_reset(3)> respectively. For new sessions tickets, when the client doesn't present a session ticket, or an attempted retrieval of the ticket failed, or a renew option was indicated, diff --git a/crypto/openssl/doc/man3/SSL_SESSION_free.pod b/crypto/openssl/doc/man3/SSL_SESSION_free.pod index 87a1cab1b462..9a3bf3ec988e 100644 --- a/crypto/openssl/doc/man3/SSL_SESSION_free.pod +++ b/crypto/openssl/doc/man3/SSL_SESSION_free.pod @@ -73,7 +73,7 @@ L<d2i_SSL_SESSION(3)> =head1 HISTORY -SSL_SESSION_dup() was added in OpenSSL 1.1.1. +The SSL_SESSION_dup() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/SSL_SESSION_get0_cipher.pod b/crypto/openssl/doc/man3/SSL_SESSION_get0_cipher.pod index 60f66a2d2b9d..5ef754c4a841 100644 --- a/crypto/openssl/doc/man3/SSL_SESSION_get0_cipher.pod +++ b/crypto/openssl/doc/man3/SSL_SESSION_get0_cipher.pod @@ -43,8 +43,8 @@ L<SSL_CTX_set_psk_use_session_callback(3)> =head1 HISTORY -SSL_SESSION_get0_cipher() was first added to OpenSSL 1.1.0. -SSL_SESSION_set_cipher() was first added to OpenSSL 1.1.1. +The SSL_SESSION_get0_cipher() function was added in OpenSSL 1.1.0. +The SSL_SESSION_set_cipher() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/SSL_SESSION_get0_hostname.pod b/crypto/openssl/doc/man3/SSL_SESSION_get0_hostname.pod index c35c89279520..989c997882ca 100644 --- a/crypto/openssl/doc/man3/SSL_SESSION_get0_hostname.pod +++ b/crypto/openssl/doc/man3/SSL_SESSION_get0_hostname.pod @@ -59,8 +59,8 @@ L<SSL_SESSION_free(3)> =head1 HISTORY -SSL_SESSION_set1_hostname(), SSL_SESSION_get0_alpn_selected() and -SSL_SESSION_set1_alpn_selected() were added in OpenSSL 1.1.1. +The SSL_SESSION_set1_hostname(), SSL_SESSION_get0_alpn_selected() and +SSL_SESSION_set1_alpn_selected() functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/SSL_SESSION_get0_id_context.pod b/crypto/openssl/doc/man3/SSL_SESSION_get0_id_context.pod index 69619a72b434..99b21bd126e9 100644 --- a/crypto/openssl/doc/man3/SSL_SESSION_get0_id_context.pod +++ b/crypto/openssl/doc/man3/SSL_SESSION_get0_id_context.pod @@ -42,7 +42,7 @@ L<SSL_set_session_id_context(3)> =head1 HISTORY -SSL_SESSION_get0_id_context() was first added to OpenSSL 1.1.0 +The SSL_SESSION_get0_id_context() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/SSL_SESSION_get_protocol_version.pod b/crypto/openssl/doc/man3/SSL_SESSION_get_protocol_version.pod index 84c9ac173b5c..961ed3e923c7 100644 --- a/crypto/openssl/doc/man3/SSL_SESSION_get_protocol_version.pod +++ b/crypto/openssl/doc/man3/SSL_SESSION_get_protocol_version.pod @@ -41,8 +41,8 @@ L<SSL_CTX_set_psk_use_session_callback(3)> =head1 HISTORY -SSL_SESSION_get_protocol_version() was first added to OpenSSL 1.1.0. -SSL_SESSION_set_protocol_version() was first added to OpenSSL 1.1.1. +The SSL_SESSION_get_protocol_version() function was added in OpenSSL 1.1.0. +The SSL_SESSION_set_protocol_version() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/SSL_SESSION_has_ticket.pod b/crypto/openssl/doc/man3/SSL_SESSION_has_ticket.pod index 7197382369de..6fb41b75cb60 100644 --- a/crypto/openssl/doc/man3/SSL_SESSION_has_ticket.pod +++ b/crypto/openssl/doc/man3/SSL_SESSION_has_ticket.pod @@ -44,8 +44,8 @@ L<SSL_SESSION_free(3)> =head1 HISTORY -SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint and -SSL_SESSION_get0_ticket were added in OpenSSL 1.1.0. +The SSL_SESSION_has_ticket(), SSL_SESSION_get_ticket_lifetime_hint() +and SSL_SESSION_get0_ticket() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/SSL_SESSION_is_resumable.pod b/crypto/openssl/doc/man3/SSL_SESSION_is_resumable.pod index 729479a99b48..8e47eee09ac7 100644 --- a/crypto/openssl/doc/man3/SSL_SESSION_is_resumable.pod +++ b/crypto/openssl/doc/man3/SSL_SESSION_is_resumable.pod @@ -30,7 +30,7 @@ L<SSL_CTX_sess_set_new_cb(3)> =head1 HISTORY -SSL_SESSION_is_resumable() was first added to OpenSSL 1.1.1 +The SSL_SESSION_is_resumable() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/SSL_SESSION_set1_id.pod b/crypto/openssl/doc/man3/SSL_SESSION_set1_id.pod index f0b131d6a1f6..deafdf1ea579 100644 --- a/crypto/openssl/doc/man3/SSL_SESSION_set1_id.pod +++ b/crypto/openssl/doc/man3/SSL_SESSION_set1_id.pod @@ -36,7 +36,7 @@ L<ssl(7)> =head1 HISTORY -SSL_SESSION_set1_id() was first added to OpenSSL 1.1.0 +The SSL_SESSION_set1_id() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/SSL_export_keying_material.pod b/crypto/openssl/doc/man3/SSL_export_keying_material.pod index abebf911fc32..c6b9229cbf16 100644 --- a/crypto/openssl/doc/man3/SSL_export_keying_material.pod +++ b/crypto/openssl/doc/man3/SSL_export_keying_material.pod @@ -59,7 +59,8 @@ B<label> and should be B<llen> bytes long. Typically this will be a value from the IANA Exporter Label Registry (L<https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#exporter-labels>). Alternatively labels beginning with "EXPERIMENTAL" are permitted by the standard -to be used without registration. +to be used without registration. TLSv1.3 imposes a maximum label length of +249 bytes. Note that this function is only defined for TLSv1.0 and above, and DTLSv1.0 and above. Attempting to use it in SSLv3 will result in an error. @@ -72,7 +73,7 @@ SSL_export_keying_material_early() returns 0 on failure or 1 on success. =head1 HISTORY -SSL_export_keying_material_early() was first added in OpenSSL 1.1.1. +The SSL_export_keying_material_early() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/SSL_extension_supported.pod b/crypto/openssl/doc/man3/SSL_extension_supported.pod index 51ff6beeb513..df23ac6551ba 100644 --- a/crypto/openssl/doc/man3/SSL_extension_supported.pod +++ b/crypto/openssl/doc/man3/SSL_extension_supported.pod @@ -277,7 +277,7 @@ internally by OpenSSL and 0 otherwise. =head1 HISTORY -The function SSL_CTX_add_custom_ext() was added in OpenSSL 1.1.1. +The SSL_CTX_add_custom_ext() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/SSL_get_all_async_fds.pod b/crypto/openssl/doc/man3/SSL_get_all_async_fds.pod index fd4515db5561..5b17f091e353 100644 --- a/crypto/openssl/doc/man3/SSL_get_all_async_fds.pod +++ b/crypto/openssl/doc/man3/SSL_get_all_async_fds.pod @@ -73,8 +73,8 @@ L<SSL_get_error(3)>, L<SSL_CTX_set_mode(3)> =head1 HISTORY -SSL_waiting_for_async(), SSL_get_all_async_fds() and SSL_get_changed_async_fds() -were first added to OpenSSL 1.1.0. +The SSL_waiting_for_async(), SSL_get_all_async_fds() +and SSL_get_changed_async_fds() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/SSL_get_error.pod b/crypto/openssl/doc/man3/SSL_get_error.pod index b3ab50568731..5a7a4b7058ef 100644 --- a/crypto/openssl/doc/man3/SSL_get_error.pod +++ b/crypto/openssl/doc/man3/SSL_get_error.pod @@ -138,17 +138,20 @@ Details depend on the application. =item SSL_ERROR_SYSCALL -Some non-recoverable I/O error occurred. -The OpenSSL error queue may contain more information on the error. -For socket I/O on Unix systems, consult B<errno> for details. +Some non-recoverable, fatal I/O error occurred. The OpenSSL error queue may +contain more information on the error. For socket I/O on Unix systems, consult +B<errno> for details. If this error occurs then no further I/O operations should +be performed on the connection and SSL_shutdown() must not be called. This value can also be returned for other errors, check the error queue for details. =item SSL_ERROR_SSL -A failure in the SSL library occurred, usually a protocol error. The -OpenSSL error queue contains more information on the error. +A non-recoverable, fatal error in the SSL library occurred, usually a protocol +error. The OpenSSL error queue contains more information on the error. If this +error occurs then no further I/O operations should be performed on the +connection and SSL_shutdown() must not be called. =back @@ -158,8 +161,8 @@ L<ssl(7)> =head1 HISTORY -SSL_ERROR_WANT_ASYNC was added in OpenSSL 1.1.0. -SSL_ERROR_WANT_CLIENT_HELLO_CB was added in OpenSSL 1.1.1. +The SSL_ERROR_WANT_ASYNC error code was added in OpenSSL 1.1.0. +The SSL_ERROR_WANT_CLIENT_HELLO_CB error code was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/SSL_get_version.pod b/crypto/openssl/doc/man3/SSL_get_version.pod index b0aaba3a59d7..5507ff3f3de9 100644 --- a/crypto/openssl/doc/man3/SSL_get_version.pod +++ b/crypto/openssl/doc/man3/SSL_get_version.pod @@ -97,7 +97,7 @@ L<ssl(7)> =head1 HISTORY -SSL_is_dtls() was added in OpenSSL 1.1.0. +The SSL_is_dtls() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/SSL_key_update.pod b/crypto/openssl/doc/man3/SSL_key_update.pod index 7772b70bc69e..068ace597836 100644 --- a/crypto/openssl/doc/man3/SSL_key_update.pod +++ b/crypto/openssl/doc/man3/SSL_key_update.pod @@ -14,11 +14,11 @@ SSL_renegotiate_pending #include <openssl/ssl.h> int SSL_key_update(SSL *s, int updatetype); - int SSL_get_key_update_type(SSL *s); + int SSL_get_key_update_type(const SSL *s); int SSL_renegotiate(SSL *s); int SSL_renegotiate_abbreviated(SSL *s); - int SSL_renegotiate_pending(SSL *s); + int SSL_renegotiate_pending(const SSL *s); =head1 DESCRIPTION @@ -100,7 +100,7 @@ OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_read.pod b/crypto/openssl/doc/man3/SSL_read.pod index e671b8eb794a..1410a0228c30 100644 --- a/crypto/openssl/doc/man3/SSL_read.pod +++ b/crypto/openssl/doc/man3/SSL_read.pod @@ -128,7 +128,7 @@ You should instead call SSL_get_error() to find out if it's retryable. =head1 HISTORY -SSL_read_ex() and SSL_peek_ex() were added in OpenSSL 1.1.1. +The SSL_read_ex() and SSL_peek_ex() functions were added in OpenSSL 1.1.1. =head1 SEE ALSO diff --git a/crypto/openssl/doc/man3/SSL_read_early_data.pod b/crypto/openssl/doc/man3/SSL_read_early_data.pod index 9769aa72e4a0..c51fe1359dc3 100644 --- a/crypto/openssl/doc/man3/SSL_read_early_data.pod +++ b/crypto/openssl/doc/man3/SSL_read_early_data.pod @@ -93,7 +93,7 @@ the server. A client uses the function SSL_write_early_data() to send early data. This function is similar to the L<SSL_write_ex(3)> function, but with the following differences. See L<SSL_write_ex(3)> for information on how to write bytes to -the underlying connection, and how to handle any errors that may arise. This +the underlying connection, and how to handle any errors that may arise. This page describes the differences between SSL_write_early_data() and L<SSL_write_ex(3)>. @@ -364,7 +364,7 @@ All of the functions described above were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_set1_host.pod b/crypto/openssl/doc/man3/SSL_set1_host.pod index 3ca3c6b0136b..a2c9f133eed3 100644 --- a/crypto/openssl/doc/man3/SSL_set1_host.pod +++ b/crypto/openssl/doc/man3/SSL_set1_host.pod @@ -104,7 +104,7 @@ L<SSL_dane_enable(3)>. =head1 HISTORY -These functions were first added to OpenSSL 1.1.0. +These functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/SSL_shutdown.pod b/crypto/openssl/doc/man3/SSL_shutdown.pod index 0a3d6d370d8b..551fff6308b6 100644 --- a/crypto/openssl/doc/man3/SSL_shutdown.pod +++ b/crypto/openssl/doc/man3/SSL_shutdown.pod @@ -22,6 +22,10 @@ Whether the operation succeeds or not, the SSL_SENT_SHUTDOWN flag is set and a currently open session is considered closed and good and will be kept in the session cache for further reuse. +Note that SSL_shutdown() must not be called if a previous fatal error has +occurred on a connection i.e. if SSL_get_error() has returned SSL_ERROR_SYSCALL +or SSL_ERROR_SSL. + The shutdown procedure consists of two steps: sending of the close_notify shutdown alert, and reception of the peer's close_notify shutdown alert. The order of those two steps depends on the application. diff --git a/crypto/openssl/doc/man3/SSL_want.pod b/crypto/openssl/doc/man3/SSL_want.pod index ef4b2183e08d..6840ccbfb626 100644 --- a/crypto/openssl/doc/man3/SSL_want.pod +++ b/crypto/openssl/doc/man3/SSL_want.pod @@ -101,7 +101,8 @@ L<ssl(7)>, L<SSL_get_error(3)> =head1 HISTORY -SSL_want_client_hello_cb() and SSL_CLIENT_HELLO_CB were added in OpenSSL 1.1.1. +The SSL_want_client_hello_cb() function and the SSL_CLIENT_HELLO_CB return value +were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/SSL_write.pod b/crypto/openssl/doc/man3/SSL_write.pod index 4dffd1fefc8a..3956f1def387 100644 --- a/crypto/openssl/doc/man3/SSL_write.pod +++ b/crypto/openssl/doc/man3/SSL_write.pod @@ -106,7 +106,7 @@ You should instead call SSL_get_error() to find out if it's retryable. =head1 HISTORY -SSL_write_ex() was added in OpenSSL 1.1.1. +The SSL_write_ex() function was added in OpenSSL 1.1.1. =head1 SEE ALSO diff --git a/crypto/openssl/doc/man3/UI_create_method.pod b/crypto/openssl/doc/man3/UI_create_method.pod index aefd41dac396..a01e1012dcf9 100644 --- a/crypto/openssl/doc/man3/UI_create_method.pod +++ b/crypto/openssl/doc/man3/UI_create_method.pod @@ -205,9 +205,8 @@ L<UI(3)>, L<CRYPTO_get_ex_data(3)>, L<UI_STRING(3)> =head1 HISTORY -UI_method_set_data_duplicator(), UI_method_get_data_duplicator() and -UI_method_get_data_destructor() -were added in OpenSSL 1.1.1. +The UI_method_set_data_duplicator(), UI_method_get_data_duplicator() +and UI_method_get_data_destructor() functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/UI_new.pod b/crypto/openssl/doc/man3/UI_new.pod index dd1b80ec635d..3042b13f1f1a 100644 --- a/crypto/openssl/doc/man3/UI_new.pod +++ b/crypto/openssl/doc/man3/UI_new.pod @@ -233,14 +233,13 @@ UI_process() returns 0 on success or a negative value on error. UI_ctrl() returns a mask on success or -1 on error. -UI_get_default_method(), UI_get_method(), UI_Openssl(), UI_null() and +UI_get_default_method(), UI_get_method(), UI_OpenSSL(), UI_null() and UI_set_method() return either a valid B<UI_METHOD> structure or NULL respectively. =head1 HISTORY -UI_dup_user_data() -was added in OpenSSL 1.1.1. +The UI_dup_user_data() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/X509_NAME_ENTRY_get_object.pod b/crypto/openssl/doc/man3/X509_NAME_ENTRY_get_object.pod index 5de1b88b9945..74f1a96d07ef 100644 --- a/crypto/openssl/doc/man3/X509_NAME_ENTRY_get_object.pod +++ b/crypto/openssl/doc/man3/X509_NAME_ENTRY_get_object.pod @@ -51,9 +51,6 @@ X509_NAME_ENTRY_get_object() and X509_NAME_ENTRY_get_data() can be used to examine an B<X509_NAME_ENTRY> function as returned by X509_NAME_get_entry() for example. -X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID(), -and X509_NAME_ENTRY_create_by_OBJ() create and return an - X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_OBJ(), X509_NAME_ENTRY_create_by_NID() and X509_NAME_ENTRY_set_data() are seldom used in practice because B<X509_NAME_ENTRY> structures diff --git a/crypto/openssl/doc/man3/X509_STORE_CTX_new.pod b/crypto/openssl/doc/man3/X509_STORE_CTX_new.pod index 2828ed75d2a9..472db508bc4e 100644 --- a/crypto/openssl/doc/man3/X509_STORE_CTX_new.pod +++ b/crypto/openssl/doc/man3/X509_STORE_CTX_new.pod @@ -159,8 +159,8 @@ L<X509_VERIFY_PARAM_set_flags(3)> =head1 HISTORY -X509_STORE_CTX_set0_crls() was first added to OpenSSL 1.0.0 -X509_STORE_CTX_get_num_untrusted() was first added to OpenSSL 1.1.0 +The X509_STORE_CTX_set0_crls() function was added in OpenSSL 1.0.0. +The X509_STORE_CTX_get_num_untrusted() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/X509_STORE_CTX_set_verify_cb.pod b/crypto/openssl/doc/man3/X509_STORE_CTX_set_verify_cb.pod index 5688ab79a77e..647ed2f17401 100644 --- a/crypto/openssl/doc/man3/X509_STORE_CTX_set_verify_cb.pod +++ b/crypto/openssl/doc/man3/X509_STORE_CTX_set_verify_cb.pod @@ -192,12 +192,13 @@ L<X509_STORE_CTX_get_ex_new_index(3)> =head1 HISTORY +The X509_STORE_CTX_get_get_issuer(), X509_STORE_CTX_get_check_issued(), X509_STORE_CTX_get_check_revocation(), X509_STORE_CTX_get_get_crl(), X509_STORE_CTX_get_check_crl(), X509_STORE_CTX_get_cert_crl(), X509_STORE_CTX_get_check_policy(), X509_STORE_CTX_get_lookup_certs(), X509_STORE_CTX_get_lookup_crls() -and X509_STORE_CTX_get_cleanup() were added in OpenSSL 1.1.0. +and X509_STORE_CTX_get_cleanup() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/X509_STORE_new.pod b/crypto/openssl/doc/man3/X509_STORE_new.pod index f7a5c81416b3..b3bc96e20b59 100644 --- a/crypto/openssl/doc/man3/X509_STORE_new.pod +++ b/crypto/openssl/doc/man3/X509_STORE_new.pod @@ -44,7 +44,7 @@ L<X509_STORE_get0_param(3)> =head1 HISTORY The X509_STORE_up_ref(), X509_STORE_lock() and X509_STORE_unlock() -functions were added in OpenSSL 1.1.0 +functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/X509_STORE_set_verify_cb_func.pod b/crypto/openssl/doc/man3/X509_STORE_set_verify_cb_func.pod index 12a464674191..d16881edd83d 100644 --- a/crypto/openssl/doc/man3/X509_STORE_set_verify_cb_func.pod +++ b/crypto/openssl/doc/man3/X509_STORE_set_verify_cb_func.pod @@ -237,8 +237,9 @@ L<CMS_verify(3)> =head1 HISTORY -X509_STORE_set_verify_cb() was added to OpenSSL 1.0.0. +The X509_STORE_set_verify_cb() function was added in OpenSSL 1.0.0. +The functions X509_STORE_set_verify_cb(), X509_STORE_get_verify_cb(), X509_STORE_set_verify(), X509_STORE_CTX_get_verify(), X509_STORE_set_get_issuer(), X509_STORE_get_get_issuer(), @@ -250,8 +251,8 @@ X509_STORE_set_cert_crl(), X509_STORE_get_cert_crl(), X509_STORE_set_check_policy(), X509_STORE_get_check_policy(), X509_STORE_set_lookup_certs(), X509_STORE_get_lookup_certs(), X509_STORE_set_lookup_crls(), X509_STORE_get_lookup_crls(), -X509_STORE_set_cleanup() and X509_STORE_get_cleanup() were added in -OpenSSL 1.1.0. +X509_STORE_set_cleanup() and X509_STORE_get_cleanup() +were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/crypto/openssl/doc/man3/X509_VERIFY_PARAM_set_flags.pod index 9b64e0a915a2..f45467cacecc 100644 --- a/crypto/openssl/doc/man3/X509_VERIFY_PARAM_set_flags.pod +++ b/crypto/openssl/doc/man3/X509_VERIFY_PARAM_set_flags.pod @@ -368,11 +368,11 @@ L<x509(1)> =head1 HISTORY -The B<X509_V_FLAG_NO_ALT_CHAINS> flag was added in OpenSSL 1.1.0 -The flag B<X509_V_FLAG_CB_ISSUER_CHECK> was deprecated in -OpenSSL 1.1.0, and has no effect. +The B<X509_V_FLAG_NO_ALT_CHAINS> flag was added in OpenSSL 1.1.0. +The flag B<X509_V_FLAG_CB_ISSUER_CHECK> was deprecated in OpenSSL 1.1.0 +and has no effect. -X509_VERIFY_PARAM_get_hostflags() was added in OpenSSL 1.1.0i. +The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/X509_get0_signature.pod b/crypto/openssl/doc/man3/X509_get0_signature.pod index f63c5a5b689e..4133bc37a9af 100644 --- a/crypto/openssl/doc/man3/X509_get0_signature.pod +++ b/crypto/openssl/doc/man3/X509_get0_signature.pod @@ -109,12 +109,14 @@ L<X509_verify_cert(3)> =head1 HISTORY -X509_get0_signature() and X509_get_signature_nid() were first added to -OpenSSL 1.0.2. +The +X509_get0_signature() and X509_get_signature_nid() functions were +added in OpenSSL 1.0.2. +The X509_REQ_get0_signature(), X509_REQ_get_signature_nid(), -X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were first added -to OpenSSL 1.1.0. +X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were +added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/X509_get_serialNumber.pod b/crypto/openssl/doc/man3/X509_get_serialNumber.pod index 2e81c623969e..684adb7578b9 100644 --- a/crypto/openssl/doc/man3/X509_get_serialNumber.pod +++ b/crypto/openssl/doc/man3/X509_get_serialNumber.pod @@ -56,8 +56,9 @@ L<X509_verify_cert(3)> =head1 HISTORY -X509_get_serialNumber() and X509_set_serialNumber() are available in -all versions of OpenSSL. X509_get0_serialNumber() was added in OpenSSL 1.1.0. +The X509_get_serialNumber() and X509_set_serialNumber() functions are +available in all versions of OpenSSL. +The X509_get0_serialNumber() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/X509_get_subject_name.pod b/crypto/openssl/doc/man3/X509_get_subject_name.pod index 2107c1d0905e..7c4a499225ec 100644 --- a/crypto/openssl/doc/man3/X509_get_subject_name.pod +++ b/crypto/openssl/doc/man3/X509_get_subject_name.pod @@ -53,8 +53,8 @@ and X509_CRL_set_issuer_name() return 1 for success and 0 for failure. X509_REQ_get_subject_name() is a function in OpenSSL 1.1.0 and a macro in earlier versions. -X509_CRL_get_issuer() is a function in OpenSSL 1.1.0. It was first added -to OpenSSL 1.0.0 as a macro. +X509_CRL_get_issuer() is a function in OpenSSL 1.1.0. It was previously +added in OpenSSL 1.0.0 as a macro. =head1 SEE ALSO diff --git a/crypto/openssl/doc/man3/X509_sign.pod b/crypto/openssl/doc/man3/X509_sign.pod index 994fd438811a..8794c57e8d57 100644 --- a/crypto/openssl/doc/man3/X509_sign.pod +++ b/crypto/openssl/doc/man3/X509_sign.pod @@ -81,11 +81,11 @@ L<X509_verify_cert(3)> =head1 HISTORY -X509_sign(), X509_REQ_sign() and X509_CRL_sign() are available in all -versions of OpenSSL. +The X509_sign(), X509_REQ_sign() and X509_CRL_sign() functions are +available in all versions of OpenSSL. -X509_sign_ctx(), X509_REQ_sign_ctx() and X509_CRL_sign_ctx() were first added -to OpenSSL 1.0.1. +The X509_sign_ctx(), X509_REQ_sign_ctx() +and X509_CRL_sign_ctx() functions were added OpenSSL 1.0.1. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/d2i_PrivateKey.pod b/crypto/openssl/doc/man3/d2i_PrivateKey.pod index 13415d5488e8..4e3f20f8b324 100644 --- a/crypto/openssl/doc/man3/d2i_PrivateKey.pod +++ b/crypto/openssl/doc/man3/d2i_PrivateKey.pod @@ -50,15 +50,19 @@ If the B<*a> is not NULL when calling d2i_PrivateKey() or d2i_AutoPrivateKey() (i.e. an existing structure is being reused) and the key format is PKCS#8 then B<*a> will be freed and replaced on a successful call. +To decode a key with type B<EVP_PKEY_EC>, d2i_PublicKey() requires B<*a> to be +a non-NULL EVP_PKEY structure assigned an EC_KEY structure referencing the proper +EC_GROUP. + =head1 RETURN VALUES -d2i_PrivateKey() and d2i_AutoPrivateKey() return a valid B<EVP_KEY> structure -or B<NULL> if an error occurs. The error code can be obtained by calling -L<ERR_get_error(3)>. +The d2i_PrivateKey(), d2i_AutoPrivateKey(), d2i_PrivateKey_bio(), d2i_PrivateKey_fp(), +and d2i_PublicKey() functions return a valid B<EVP_KEY> structure or B<NULL> if an +error occurs. The error code can be obtained by calling L<ERR_get_error(3)>. -i2d_PrivateKey() returns the number of bytes successfully encoded or a -negative value if an error occurs. The error code can be obtained by calling -L<ERR_get_error(3)>. +i2d_PrivateKey() and i2d_PublicKey() return the number of bytes successfully +encoded or a negative value if an error occurs. The error code can be obtained +by calling L<ERR_get_error(3)>. =head1 SEE ALSO @@ -67,7 +71,7 @@ L<d2i_PKCS8PrivateKey_bio(3)> =head1 COPYRIGHT -Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/i2d_CMS_bio_stream.pod b/crypto/openssl/doc/man3/i2d_CMS_bio_stream.pod index ece7a4800eee..dd2bd213f1e1 100644 --- a/crypto/openssl/doc/man3/i2d_CMS_bio_stream.pod +++ b/crypto/openssl/doc/man3/i2d_CMS_bio_stream.pod @@ -39,7 +39,7 @@ L<PEM_write_bio_CMS_stream(3)> =head1 HISTORY -i2d_CMS_bio_stream() was added to OpenSSL 1.0.0 +The i2d_CMS_bio_stream() function was added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/i2d_PKCS7_bio_stream.pod b/crypto/openssl/doc/man3/i2d_PKCS7_bio_stream.pod index b42940a83cfa..a33aa08f2d32 100644 --- a/crypto/openssl/doc/man3/i2d_PKCS7_bio_stream.pod +++ b/crypto/openssl/doc/man3/i2d_PKCS7_bio_stream.pod @@ -39,7 +39,7 @@ L<PEM_write_bio_PKCS7_stream(3)> =head1 HISTORY -i2d_PKCS7_bio_stream() was added to OpenSSL 1.0.0 +The i2d_PKCS7_bio_stream() function was added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man5/config.pod b/crypto/openssl/doc/man5/config.pod index 3e110b03135b..992fdfccf917 100644 --- a/crypto/openssl/doc/man5/config.pod +++ b/crypto/openssl/doc/man5/config.pod @@ -42,6 +42,13 @@ working directory so unless the configuration file containing the B<.include> directive is application specific the inclusion will not work as expected. +There can be optional B<=> character and whitespace characters between +B<.include> directive and the path which can be useful in cases the +configuration file needs to be loaded by old OpenSSL versions which do +not support the B<.include> syntax. They would bail out with error +if the B<=> character is not present but with it they just ignore +the include. + Each section in a configuration file consists of a number of name and value pairs of the form B<name=value> @@ -419,7 +426,7 @@ L<x509(1)>, L<req(1)>, L<ca(1)> =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man7/ct.pod b/crypto/openssl/doc/man7/ct.pod index 355204d2a632..9f82c0ba44be 100644 --- a/crypto/openssl/doc/man7/ct.pod +++ b/crypto/openssl/doc/man7/ct.pod @@ -15,7 +15,7 @@ clients, as defined in RFC 6962. This verification can provide some confidence that a certificate has been publicly logged in a set of CT logs. By default, these checks are disabled. They can be enabled using -SSL_CTX_ct_enable() or SSL_ct_enable(). +L<SSL_CTX_enable_ct(3)> or L<SSL_enable_ct(3)>. This library can also be used to parse and examine CT data structures, such as Signed Certificate Timestamps (SCTs), or to read a list of CT logs. There are @@ -39,7 +39,7 @@ L<SSL_CTX_set_ct_validation_callback(3)> =head1 HISTORY -This library was added in OpenSSL 1.1.0. +The ct library was added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/crypto/openssl/e_os.h b/crypto/openssl/e_os.h index 534059382b0a..8e6efa9616cf 100644 --- a/crypto/openssl/e_os.h +++ b/crypto/openssl/e_os.h @@ -49,6 +49,7 @@ # define get_last_sys_error() errno # define clear_sys_error() errno=0 +# define set_sys_error(e) errno=(e) /******************************************************************** The Microsoft section @@ -66,8 +67,10 @@ # ifdef WIN32 # undef get_last_sys_error # undef clear_sys_error +# undef set_sys_error # define get_last_sys_error() GetLastError() # define clear_sys_error() SetLastError(0) +# define set_sys_error(e) SetLastError(e) # if !defined(WINNT) # define WIN_CONSOLE_BUG # endif diff --git a/crypto/openssl/engines/e_dasync.c b/crypto/openssl/engines/e_dasync.c index b005f421a660..5cdacb66a043 100644 --- a/crypto/openssl/engines/e_dasync.c +++ b/crypto/openssl/engines/e_dasync.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -138,7 +138,6 @@ struct dasync_pipeline_ctx { unsigned char **inbufs; unsigned char **outbufs; size_t *lens; - int enc; unsigned char tlsaad[SSL_MAX_PIPELINES][EVP_AEAD_TLS1_AAD_LEN]; unsigned int aadctr; }; @@ -156,6 +155,14 @@ static const EVP_CIPHER *dasync_aes_128_cbc(void) /* * Holds the EVP_CIPHER object for aes_128_cbc_hmac_sha1 in this engine. Set up * once only during engine bind and can then be reused many times. + * + * This 'stitched' cipher depends on the EVP_aes_128_cbc_hmac_sha1() cipher, + * which is implemented only if the AES-NI instruction set extension is available + * (see OPENSSL_IA32CAP(3)). If that's not the case, then this cipher will not + * be available either. + * + * Note: Since it is a legacy mac-then-encrypt cipher, modern TLS peers (which + * negotiate the encrypt-then-mac extension) won't negotiate it anyway. */ static EVP_CIPHER *_hidden_aes_128_cbc_hmac_sha1 = NULL; static const EVP_CIPHER *dasync_aes_128_cbc_hmac_sha1(void) @@ -603,7 +610,7 @@ static int dasync_cipher_ctrl_helper(EVP_CIPHER_CTX *ctx, int type, int arg, len = p[arg - 2] << 8 | p[arg - 1]; - if (pipe_ctx->enc) { + if (EVP_CIPHER_CTX_encrypting(ctx)) { if ((p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { if (len < AES_BLOCK_SIZE) return 0; @@ -752,6 +759,10 @@ static int dasync_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *iv, int enc) { + /* + * We can safely assume that EVP_aes_128_cbc_hmac_sha1() != NULL, + * see comment before the definition of dasync_aes_128_cbc_hmac_sha1(). + */ return dasync_cipher_init_key_helper(ctx, key, iv, enc, EVP_aes_128_cbc_hmac_sha1()); } @@ -766,5 +777,9 @@ static int dasync_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, static int dasync_aes128_cbc_hmac_sha1_cleanup(EVP_CIPHER_CTX *ctx) { + /* + * We can safely assume that EVP_aes_128_cbc_hmac_sha1() != NULL, + * see comment before the definition of dasync_aes_128_cbc_hmac_sha1(). + */ return dasync_cipher_cleanup_helper(ctx, EVP_aes_128_cbc_hmac_sha1()); } diff --git a/crypto/openssl/include/internal/conf.h b/crypto/openssl/include/internal/conf.h index dc1e72508ace..29bc9f963c91 100644 --- a/crypto/openssl/include/internal/conf.h +++ b/crypto/openssl/include/internal/conf.h @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,11 +12,18 @@ #include <openssl/conf.h> +#define DEFAULT_CONF_MFLAGS \ + (CONF_MFLAGS_DEFAULT_SECTION | \ + CONF_MFLAGS_IGNORE_MISSING_FILE | \ + CONF_MFLAGS_IGNORE_RETURN_CODES) + struct ossl_init_settings_st { + char *filename; char *appname; + unsigned long flags; }; -void openssl_config_int(const char *appname); +int openssl_config_int(const OPENSSL_INIT_SETTINGS *); void openssl_no_config_int(void); void conf_modules_free_int(void); diff --git a/crypto/openssl/include/internal/constant_time_locl.h b/crypto/openssl/include/internal/constant_time_locl.h index 82ff74652ecc..cde30f4067ef 100644 --- a/crypto/openssl/include/internal/constant_time_locl.h +++ b/crypto/openssl/include/internal/constant_time_locl.h @@ -324,4 +324,10 @@ static ossl_inline void constant_time_lookup(void *out, } } +/* + * Expected usage pattern is to unconditionally set error and then + * wipe it if there was no actual error. |clear| is 1 or 0. + */ +void err_clear_last_constant_time(int clear); + #endif /* HEADER_CONSTANT_TIME_LOCL_H */ diff --git a/crypto/openssl/include/internal/cryptlib.h b/crypto/openssl/include/internal/cryptlib.h index 329ef62014f6..b4d76d5f2ed7 100644 --- a/crypto/openssl/include/internal/cryptlib.h +++ b/crypto/openssl/include/internal/cryptlib.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -92,5 +92,7 @@ void *openssl_fopen(const char *filename, const char *mode); # endif uint32_t OPENSSL_rdtsc(void); +size_t OPENSSL_instrument_bus(unsigned int *, size_t); +size_t OPENSSL_instrument_bus2(unsigned int *, size_t, size_t); #endif diff --git a/crypto/openssl/include/internal/sockets.h b/crypto/openssl/include/internal/sockets.h index a6026dad081e..5bb0355f07ed 100644 --- a/crypto/openssl/include/internal/sockets.h +++ b/crypto/openssl/include/internal/sockets.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -72,11 +72,7 @@ struct servent *PASCAL getservbyname(const char *, const char *); # else # include <sys/socket.h> # ifndef NO_SYS_UN_H -# ifdef OPENSSL_SYS_VXWORKS -# include <streams/un.h> -# else -# include <sys/un.h> -# endif +# include <sys/un.h> # ifndef UNIX_PATH_MAX # define UNIX_PATH_MAX sizeof(((struct sockaddr_un *)NULL)->sun_path) # endif diff --git a/crypto/openssl/include/internal/thread_once.h b/crypto/openssl/include/internal/thread_once.h index 224244353ab4..8a25d04d2d4d 100644 --- a/crypto/openssl/include/internal/thread_once.h +++ b/crypto/openssl/include/internal/thread_once.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,6 +9,20 @@ #include <openssl/crypto.h> +/* + * DEFINE_RUN_ONCE: Define an initialiser function that should be run exactly + * once. It takes no arguments and returns and int result (1 for success or + * 0 for failure). Typical usage might be: + * + * DEFINE_RUN_ONCE(myinitfunc) + * { + * do_some_initialisation(); + * if (init_is_successful()) + * return 1; + * + * return 0; + * } + */ #define DEFINE_RUN_ONCE(init) \ static int init(void); \ int init##_ossl_ret_ = 0; \ @@ -17,10 +31,30 @@ init##_ossl_ret_ = init(); \ } \ static int init(void) + +/* + * DECLARE_RUN_ONCE: Declare an initialiser function that should be run exactly + * once that has been defined in another file via DEFINE_RUN_ONCE(). + */ #define DECLARE_RUN_ONCE(init) \ extern int init##_ossl_ret_; \ void init##_ossl_(void); +/* + * DEFINE_RUN_ONCE_STATIC: Define an initialiser function that should be run + * exactly once. This function will be declared as static within the file. It + * takes no arguments and returns and int result (1 for success or 0 for + * failure). Typical usage might be: + * + * DEFINE_RUN_ONCE_STATIC(myinitfunc) + * { + * do_some_initialisation(); + * if (init_is_successful()) + * return 1; + * + * return 0; + * } + */ #define DEFINE_RUN_ONCE_STATIC(init) \ static int init(void); \ static int init##_ossl_ret_ = 0; \ @@ -31,6 +65,46 @@ static int init(void) /* + * DEFINE_RUN_ONCE_STATIC_ALT: Define an alternative initialiser function. This + * function will be declared as static within the file. It takes no arguments + * and returns an int result (1 for success or 0 for failure). An alternative + * initialiser function is expected to be associated with a primary initialiser + * function defined via DEFINE_ONCE_STATIC where both functions use the same + * CRYPTO_ONCE object to synchronise. Where an alternative initialiser function + * is used only one of the primary or the alternative initialiser function will + * ever be called - and that function will be called exactly once. Definitition + * of an alternative initialiser function MUST occur AFTER the definition of the + * primary initialiser function. + * + * Typical usage might be: + * + * DEFINE_RUN_ONCE_STATIC(myinitfunc) + * { + * do_some_initialisation(); + * if (init_is_successful()) + * return 1; + * + * return 0; + * } + * + * DEFINE_RUN_ONCE_STATIC_ALT(myaltinitfunc, myinitfunc) + * { + * do_some_alternative_initialisation(); + * if (init_is_successful()) + * return 1; + * + * return 0; + * } + */ +#define DEFINE_RUN_ONCE_STATIC_ALT(initalt, init) \ + static int initalt(void); \ + static void initalt##_ossl_(void) \ + { \ + init##_ossl_ret_ = initalt(); \ + } \ + static int initalt(void) + +/* * RUN_ONCE - use CRYPTO_THREAD_run_once, and check if the init succeeded * @once: pointer to static object of type CRYPTO_ONCE * @init: function name that was previously given to DEFINE_RUN_ONCE, @@ -43,3 +117,21 @@ */ #define RUN_ONCE(once, init) \ (CRYPTO_THREAD_run_once(once, init##_ossl_) ? init##_ossl_ret_ : 0) + +/* + * RUN_ONCE_ALT - use CRYPTO_THREAD_run_once, to run an alternative initialiser + * function and check if that initialisation succeeded + * @once: pointer to static object of type CRYPTO_ONCE + * @initalt: alternative initialiser function name that was previously given to + * DEFINE_RUN_ONCE_STATIC_ALT. This function must return 1 for + * success or 0 for failure. + * @init: primary initialiser function name that was previously given to + * DEFINE_RUN_ONCE_STATIC. This function must return 1 for success or + * 0 for failure. + * + * The return value is 1 on success (*) or 0 in case of error. + * + * (*) by convention, since the init function must return 1 on success. + */ +#define RUN_ONCE_ALT(once, initalt, init) \ + (CRYPTO_THREAD_run_once(once, initalt##_ossl_) ? init##_ossl_ret_ : 0) diff --git a/crypto/openssl/include/internal/tsan_assist.h b/crypto/openssl/include/internal/tsan_assist.h index f30ffe398ac7..38ba0c7ebbf3 100644 --- a/crypto/openssl/include/internal/tsan_assist.h +++ b/crypto/openssl/include/internal/tsan_assist.h @@ -1,12 +1,12 @@ /* - * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ - + /* * Contemporary compilers implement lock-free atomic memory access * primitives that facilitate writing "thread-opportunistic" or even real diff --git a/crypto/openssl/include/openssl/crypto.h b/crypto/openssl/include/openssl/crypto.h index 7e50b1bf4694..7d0b526236f8 100644 --- a/crypto/openssl/include/openssl/crypto.h +++ b/crypto/openssl/include/openssl/crypto.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -109,13 +109,8 @@ DEFINE_STACK_OF(void) # define CRYPTO_EX_INDEX_DRBG 15 # define CRYPTO_EX_INDEX__COUNT 16 -/* - * This is the default callbacks, but we can have others as well: this is - * needed in Win32 where the application malloc and the library malloc may - * not be the same. - */ -#define OPENSSL_malloc_init() \ - CRYPTO_set_mem_functions(CRYPTO_malloc, CRYPTO_realloc, CRYPTO_free) +/* No longer needed, so this is a no-op */ +#define OPENSSL_malloc_init() while(0) continue int CRYPTO_mem_ctrl(int mode); @@ -377,6 +372,7 @@ int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len); /* OPENSSL_INIT_ZLIB 0x00010000L */ # define OPENSSL_INIT_ATFORK 0x00020000L /* OPENSSL_INIT_BASE_ONLY 0x00040000L */ +# define OPENSSL_INIT_NO_ATEXIT 0x00080000L /* OPENSSL_INIT flag range 0xfff00000 reserved for OPENSSL_init_ssl() */ /* Max OPENSSL_INIT flag value is 0x80000000 */ @@ -396,8 +392,12 @@ void OPENSSL_thread_stop(void); /* Low-level control of initialization */ OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void); # ifndef OPENSSL_NO_STDIO +int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings, + const char *config_filename); +void OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *settings, + unsigned long flags); int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings, - const char *config_file); + const char *config_appname); # endif void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings); diff --git a/crypto/openssl/include/openssl/e_os2.h b/crypto/openssl/include/openssl/e_os2.h index eeae21544529..97a776cdacc7 100644 --- a/crypto/openssl/include/openssl/e_os2.h +++ b/crypto/openssl/include/openssl/e_os2.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -287,6 +287,13 @@ typedef unsigned __int64 uint64_t; # define ossl_noreturn # endif +/* ossl_unused: portable unused attribute for use in public headers */ +# if defined(__GNUC__) +# define ossl_unused __attribute__((unused)) +# else +# define ossl_unused +# endif + #ifdef __cplusplus } #endif diff --git a/crypto/openssl/include/openssl/ecerr.h b/crypto/openssl/include/openssl/ecerr.h index 8d429387a2a2..be313d2856b8 100644 --- a/crypto/openssl/include/openssl/ecerr.h +++ b/crypto/openssl/include/openssl/ecerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -62,6 +62,7 @@ int ERR_load_EC_strings(void); # define EC_F_EC_ASN1_GROUP2CURVE 153 # define EC_F_EC_ASN1_GROUP2FIELDID 154 # define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY 208 +# define EC_F_EC_GF2M_SIMPLE_FIELD_INV 296 # define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT 159 # define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE 195 # define EC_F_EC_GF2M_SIMPLE_LADDER_POST 285 @@ -74,6 +75,7 @@ int ERR_load_EC_strings(void); # define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES 164 # define EC_F_EC_GFP_MONT_FIELD_DECODE 133 # define EC_F_EC_GFP_MONT_FIELD_ENCODE 134 +# define EC_F_EC_GFP_MONT_FIELD_INV 297 # define EC_F_EC_GFP_MONT_FIELD_MUL 131 # define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE 209 # define EC_F_EC_GFP_MONT_FIELD_SQR 132 @@ -91,6 +93,7 @@ int ERR_load_EC_strings(void); # define EC_F_EC_GFP_NIST_FIELD_SQR 201 # define EC_F_EC_GFP_NIST_GROUP_SET_CURVE 202 # define EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES 287 +# define EC_F_EC_GFP_SIMPLE_FIELD_INV 298 # define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT 165 # define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE 166 # define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE 102 @@ -202,6 +205,7 @@ int ERR_load_EC_strings(void); # define EC_R_BAD_SIGNATURE 156 # define EC_R_BIGNUM_OUT_OF_RANGE 144 # define EC_R_BUFFER_TOO_SMALL 100 +# define EC_R_CANNOT_INVERT 165 # define EC_R_COORDINATES_OUT_OF_RANGE 146 # define EC_R_CURVE_DOES_NOT_SUPPORT_ECDH 160 # define EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING 159 diff --git a/crypto/openssl/include/openssl/evp.h b/crypto/openssl/include/openssl/evp.h index 8c8051993ffe..9f05b5a3b7f5 100644 --- a/crypto/openssl/include/openssl/evp.h +++ b/crypto/openssl/include/openssl/evp.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -945,14 +945,9 @@ const EVP_CIPHER *EVP_sm4_ctr(void); | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) # ifdef OPENSSL_LOAD_CONF -# define OpenSSL_add_all_algorithms() \ - OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ - | OPENSSL_INIT_ADD_ALL_DIGESTS \ - | OPENSSL_INIT_LOAD_CONFIG, NULL) +# define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_conf() # else -# define OpenSSL_add_all_algorithms() \ - OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ - | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) +# define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_noconf() # endif # define OpenSSL_add_all_ciphers() \ @@ -994,7 +989,7 @@ int EVP_PKEY_id(const EVP_PKEY *pkey); int EVP_PKEY_base_id(const EVP_PKEY *pkey); int EVP_PKEY_bits(const EVP_PKEY *pkey); int EVP_PKEY_security_bits(const EVP_PKEY *pkey); -int EVP_PKEY_size(EVP_PKEY *pkey); +int EVP_PKEY_size(const EVP_PKEY *pkey); int EVP_PKEY_set_type(EVP_PKEY *pkey, int type); int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type); diff --git a/crypto/openssl/include/openssl/evperr.h b/crypto/openssl/include/openssl/evperr.h index 3484fa841d15..84f03eb3c45f 100644 --- a/crypto/openssl/include/openssl/evperr.h +++ b/crypto/openssl/include/openssl/evperr.h @@ -47,6 +47,7 @@ int ERR_load_EVP_strings(void); # define EVP_F_EVP_DECRYPTUPDATE 166 # define EVP_F_EVP_DIGESTFINALXOF 174 # define EVP_F_EVP_DIGESTINIT_EX 128 +# define EVP_F_EVP_ENCRYPTDECRYPTUPDATE 219 # define EVP_F_EVP_ENCRYPTFINAL_EX 127 # define EVP_F_EVP_ENCRYPTUPDATE 167 # define EVP_F_EVP_MD_CTX_COPY_EX 110 diff --git a/crypto/openssl/include/openssl/lhash.h b/crypto/openssl/include/openssl/lhash.h index 88d7d977b9ec..47b99d17fb8a 100644 --- a/crypto/openssl/include/openssl/lhash.h +++ b/crypto/openssl/include/openssl/lhash.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -127,52 +127,52 @@ void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out); return (LHASH_OF(type) *) \ OPENSSL_LH_new((OPENSSL_LH_HASHFUNC)hfn, (OPENSSL_LH_COMPFUNC)cfn); \ } \ - static ossl_inline void lh_##type##_free(LHASH_OF(type) *lh) \ + static ossl_unused ossl_inline void lh_##type##_free(LHASH_OF(type) *lh) \ { \ OPENSSL_LH_free((OPENSSL_LHASH *)lh); \ } \ - static ossl_inline type *lh_##type##_insert(LHASH_OF(type) *lh, type *d) \ + static ossl_unused ossl_inline type *lh_##type##_insert(LHASH_OF(type) *lh, type *d) \ { \ return (type *)OPENSSL_LH_insert((OPENSSL_LHASH *)lh, d); \ } \ - static ossl_inline type *lh_##type##_delete(LHASH_OF(type) *lh, const type *d) \ + static ossl_unused ossl_inline type *lh_##type##_delete(LHASH_OF(type) *lh, const type *d) \ { \ return (type *)OPENSSL_LH_delete((OPENSSL_LHASH *)lh, d); \ } \ - static ossl_inline type *lh_##type##_retrieve(LHASH_OF(type) *lh, const type *d) \ + static ossl_unused ossl_inline type *lh_##type##_retrieve(LHASH_OF(type) *lh, const type *d) \ { \ return (type *)OPENSSL_LH_retrieve((OPENSSL_LHASH *)lh, d); \ } \ - static ossl_inline int lh_##type##_error(LHASH_OF(type) *lh) \ + static ossl_unused ossl_inline int lh_##type##_error(LHASH_OF(type) *lh) \ { \ return OPENSSL_LH_error((OPENSSL_LHASH *)lh); \ } \ - static ossl_inline unsigned long lh_##type##_num_items(LHASH_OF(type) *lh) \ + static ossl_unused ossl_inline unsigned long lh_##type##_num_items(LHASH_OF(type) *lh) \ { \ return OPENSSL_LH_num_items((OPENSSL_LHASH *)lh); \ } \ - static ossl_inline void lh_##type##_node_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ + static ossl_unused ossl_inline void lh_##type##_node_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ { \ OPENSSL_LH_node_stats_bio((const OPENSSL_LHASH *)lh, out); \ } \ - static ossl_inline void lh_##type##_node_usage_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ + static ossl_unused ossl_inline void lh_##type##_node_usage_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ { \ OPENSSL_LH_node_usage_stats_bio((const OPENSSL_LHASH *)lh, out); \ } \ - static ossl_inline void lh_##type##_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ + static ossl_unused ossl_inline void lh_##type##_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ { \ OPENSSL_LH_stats_bio((const OPENSSL_LHASH *)lh, out); \ } \ - static ossl_inline unsigned long lh_##type##_get_down_load(LHASH_OF(type) *lh) \ + static ossl_unused ossl_inline unsigned long lh_##type##_get_down_load(LHASH_OF(type) *lh) \ { \ return OPENSSL_LH_get_down_load((OPENSSL_LHASH *)lh); \ } \ - static ossl_inline void lh_##type##_set_down_load(LHASH_OF(type) *lh, unsigned long dl) \ + static ossl_unused ossl_inline void lh_##type##_set_down_load(LHASH_OF(type) *lh, unsigned long dl) \ { \ OPENSSL_LH_set_down_load((OPENSSL_LHASH *)lh, dl); \ } \ - static ossl_inline void lh_##type##_doall(LHASH_OF(type) *lh, \ - void (*doall)(type *)) \ + static ossl_unused ossl_inline void lh_##type##_doall(LHASH_OF(type) *lh, \ + void (*doall)(type *)) \ { \ OPENSSL_LH_doall((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNC)doall); \ } \ @@ -185,7 +185,7 @@ void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out); int_implement_lhash_doall(type, argtype, type) #define int_implement_lhash_doall(type, argtype, cbargtype) \ - static ossl_inline void \ + static ossl_unused ossl_inline void \ lh_##type##_doall_##argtype(LHASH_OF(type) *lh, \ void (*fn)(cbargtype *, argtype *), \ argtype *arg) \ @@ -210,6 +210,31 @@ DEFINE_LHASH_OF(OPENSSL_CSTRING); # pragma warning (pop) # endif +/* + * If called without higher optimization (min. -xO3) the Oracle Developer + * Studio compiler generates code for the defined (static inline) functions + * above. + * This would later lead to the linker complaining about missing symbols when + * this header file is included but the resulting object is not linked against + * the Crypto library (openssl#6912). + */ +# ifdef __SUNPRO_C +# pragma weak OPENSSL_LH_new +# pragma weak OPENSSL_LH_free +# pragma weak OPENSSL_LH_insert +# pragma weak OPENSSL_LH_delete +# pragma weak OPENSSL_LH_retrieve +# pragma weak OPENSSL_LH_error +# pragma weak OPENSSL_LH_num_items +# pragma weak OPENSSL_LH_node_stats_bio +# pragma weak OPENSSL_LH_node_usage_stats_bio +# pragma weak OPENSSL_LH_stats_bio +# pragma weak OPENSSL_LH_get_down_load +# pragma weak OPENSSL_LH_set_down_load +# pragma weak OPENSSL_LH_doall +# pragma weak OPENSSL_LH_doall_arg +# endif /* __SUNPRO_C */ + #ifdef __cplusplus } #endif diff --git a/crypto/openssl/include/openssl/obj_mac.h b/crypto/openssl/include/openssl/obj_mac.h index 80ff5a7c8697..31fad4640fe4 100644 --- a/crypto/openssl/include/openssl/obj_mac.h +++ b/crypto/openssl/include/openssl/obj_mac.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/objects/objects.pl * - * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at diff --git a/crypto/openssl/include/openssl/opensslv.h b/crypto/openssl/include/openssl/opensslv.h index e8790316eabd..e1e4f224e58b 100644 --- a/crypto/openssl/include/openssl/opensslv.h +++ b/crypto/openssl/include/openssl/opensslv.h @@ -39,8 +39,8 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x1010101fL -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1a-freebsd 20 Nov 2018" +# define OPENSSL_VERSION_NUMBER 0x1010102fL +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1b-freebsd 26 Feb 2019" /*- * The macros below are to be used for shared library (.so, .dll, ...) diff --git a/crypto/openssl/include/openssl/safestack.h b/crypto/openssl/include/openssl/safestack.h index 7438b193608c..38b5578978cb 100644 --- a/crypto/openssl/include/openssl/safestack.h +++ b/crypto/openssl/include/openssl/safestack.h @@ -1,5 +1,5 @@ /* - * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -24,96 +24,96 @@ extern "C" { typedef int (*sk_##t1##_compfunc)(const t3 * const *a, const t3 *const *b); \ typedef void (*sk_##t1##_freefunc)(t3 *a); \ typedef t3 * (*sk_##t1##_copyfunc)(const t3 *a); \ - static ossl_inline int sk_##t1##_num(const STACK_OF(t1) *sk) \ + static ossl_unused ossl_inline int sk_##t1##_num(const STACK_OF(t1) *sk) \ { \ return OPENSSL_sk_num((const OPENSSL_STACK *)sk); \ } \ - static ossl_inline t2 *sk_##t1##_value(const STACK_OF(t1) *sk, int idx) \ + static ossl_unused ossl_inline t2 *sk_##t1##_value(const STACK_OF(t1) *sk, int idx) \ { \ return (t2 *)OPENSSL_sk_value((const OPENSSL_STACK *)sk, idx); \ } \ - static ossl_inline STACK_OF(t1) *sk_##t1##_new(sk_##t1##_compfunc compare) \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new(sk_##t1##_compfunc compare) \ { \ return (STACK_OF(t1) *)OPENSSL_sk_new((OPENSSL_sk_compfunc)compare); \ } \ - static ossl_inline STACK_OF(t1) *sk_##t1##_new_null(void) \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new_null(void) \ { \ return (STACK_OF(t1) *)OPENSSL_sk_new_null(); \ } \ - static ossl_inline STACK_OF(t1) *sk_##t1##_new_reserve(sk_##t1##_compfunc compare, int n) \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new_reserve(sk_##t1##_compfunc compare, int n) \ { \ return (STACK_OF(t1) *)OPENSSL_sk_new_reserve((OPENSSL_sk_compfunc)compare, n); \ } \ - static ossl_inline int sk_##t1##_reserve(STACK_OF(t1) *sk, int n) \ + static ossl_unused ossl_inline int sk_##t1##_reserve(STACK_OF(t1) *sk, int n) \ { \ return OPENSSL_sk_reserve((OPENSSL_STACK *)sk, n); \ } \ - static ossl_inline void sk_##t1##_free(STACK_OF(t1) *sk) \ + static ossl_unused ossl_inline void sk_##t1##_free(STACK_OF(t1) *sk) \ { \ OPENSSL_sk_free((OPENSSL_STACK *)sk); \ } \ - static ossl_inline void sk_##t1##_zero(STACK_OF(t1) *sk) \ + static ossl_unused ossl_inline void sk_##t1##_zero(STACK_OF(t1) *sk) \ { \ OPENSSL_sk_zero((OPENSSL_STACK *)sk); \ } \ - static ossl_inline t2 *sk_##t1##_delete(STACK_OF(t1) *sk, int i) \ + static ossl_unused ossl_inline t2 *sk_##t1##_delete(STACK_OF(t1) *sk, int i) \ { \ return (t2 *)OPENSSL_sk_delete((OPENSSL_STACK *)sk, i); \ } \ - static ossl_inline t2 *sk_##t1##_delete_ptr(STACK_OF(t1) *sk, t2 *ptr) \ + static ossl_unused ossl_inline t2 *sk_##t1##_delete_ptr(STACK_OF(t1) *sk, t2 *ptr) \ { \ return (t2 *)OPENSSL_sk_delete_ptr((OPENSSL_STACK *)sk, \ (const void *)ptr); \ } \ - static ossl_inline int sk_##t1##_push(STACK_OF(t1) *sk, t2 *ptr) \ + static ossl_unused ossl_inline int sk_##t1##_push(STACK_OF(t1) *sk, t2 *ptr) \ { \ return OPENSSL_sk_push((OPENSSL_STACK *)sk, (const void *)ptr); \ } \ - static ossl_inline int sk_##t1##_unshift(STACK_OF(t1) *sk, t2 *ptr) \ + static ossl_unused ossl_inline int sk_##t1##_unshift(STACK_OF(t1) *sk, t2 *ptr) \ { \ return OPENSSL_sk_unshift((OPENSSL_STACK *)sk, (const void *)ptr); \ } \ - static ossl_inline t2 *sk_##t1##_pop(STACK_OF(t1) *sk) \ + static ossl_unused ossl_inline t2 *sk_##t1##_pop(STACK_OF(t1) *sk) \ { \ return (t2 *)OPENSSL_sk_pop((OPENSSL_STACK *)sk); \ } \ - static ossl_inline t2 *sk_##t1##_shift(STACK_OF(t1) *sk) \ + static ossl_unused ossl_inline t2 *sk_##t1##_shift(STACK_OF(t1) *sk) \ { \ return (t2 *)OPENSSL_sk_shift((OPENSSL_STACK *)sk); \ } \ - static ossl_inline void sk_##t1##_pop_free(STACK_OF(t1) *sk, sk_##t1##_freefunc freefunc) \ + static ossl_unused ossl_inline void sk_##t1##_pop_free(STACK_OF(t1) *sk, sk_##t1##_freefunc freefunc) \ { \ OPENSSL_sk_pop_free((OPENSSL_STACK *)sk, (OPENSSL_sk_freefunc)freefunc); \ } \ - static ossl_inline int sk_##t1##_insert(STACK_OF(t1) *sk, t2 *ptr, int idx) \ + static ossl_unused ossl_inline int sk_##t1##_insert(STACK_OF(t1) *sk, t2 *ptr, int idx) \ { \ return OPENSSL_sk_insert((OPENSSL_STACK *)sk, (const void *)ptr, idx); \ } \ - static ossl_inline t2 *sk_##t1##_set(STACK_OF(t1) *sk, int idx, t2 *ptr) \ + static ossl_unused ossl_inline t2 *sk_##t1##_set(STACK_OF(t1) *sk, int idx, t2 *ptr) \ { \ return (t2 *)OPENSSL_sk_set((OPENSSL_STACK *)sk, idx, (const void *)ptr); \ } \ - static ossl_inline int sk_##t1##_find(STACK_OF(t1) *sk, t2 *ptr) \ + static ossl_unused ossl_inline int sk_##t1##_find(STACK_OF(t1) *sk, t2 *ptr) \ { \ return OPENSSL_sk_find((OPENSSL_STACK *)sk, (const void *)ptr); \ } \ - static ossl_inline int sk_##t1##_find_ex(STACK_OF(t1) *sk, t2 *ptr) \ + static ossl_unused ossl_inline int sk_##t1##_find_ex(STACK_OF(t1) *sk, t2 *ptr) \ { \ return OPENSSL_sk_find_ex((OPENSSL_STACK *)sk, (const void *)ptr); \ } \ - static ossl_inline void sk_##t1##_sort(STACK_OF(t1) *sk) \ + static ossl_unused ossl_inline void sk_##t1##_sort(STACK_OF(t1) *sk) \ { \ OPENSSL_sk_sort((OPENSSL_STACK *)sk); \ } \ - static ossl_inline int sk_##t1##_is_sorted(const STACK_OF(t1) *sk) \ + static ossl_unused ossl_inline int sk_##t1##_is_sorted(const STACK_OF(t1) *sk) \ { \ return OPENSSL_sk_is_sorted((const OPENSSL_STACK *)sk); \ } \ - static ossl_inline STACK_OF(t1) * sk_##t1##_dup(const STACK_OF(t1) *sk) \ + static ossl_unused ossl_inline STACK_OF(t1) * sk_##t1##_dup(const STACK_OF(t1) *sk) \ { \ return (STACK_OF(t1) *)OPENSSL_sk_dup((const OPENSSL_STACK *)sk); \ } \ - static ossl_inline STACK_OF(t1) *sk_##t1##_deep_copy(const STACK_OF(t1) *sk, \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_deep_copy(const STACK_OF(t1) *sk, \ sk_##t1##_copyfunc copyfunc, \ sk_##t1##_freefunc freefunc) \ { \ @@ -121,7 +121,7 @@ extern "C" { (OPENSSL_sk_copyfunc)copyfunc, \ (OPENSSL_sk_freefunc)freefunc); \ } \ - static ossl_inline sk_##t1##_compfunc sk_##t1##_set_cmp_func(STACK_OF(t1) *sk, sk_##t1##_compfunc compare) \ + static ossl_unused ossl_inline sk_##t1##_compfunc sk_##t1##_set_cmp_func(STACK_OF(t1) *sk, sk_##t1##_compfunc compare) \ { \ return (sk_##t1##_compfunc)OPENSSL_sk_set_cmp_func((OPENSSL_STACK *)sk, (OPENSSL_sk_compfunc)compare); \ } @@ -166,6 +166,41 @@ DEFINE_SPECIAL_STACK_OF_CONST(OPENSSL_CSTRING, char) typedef void *OPENSSL_BLOCK; DEFINE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) +/* + * If called without higher optimization (min. -xO3) the Oracle Developer + * Studio compiler generates code for the defined (static inline) functions + * above. + * This would later lead to the linker complaining about missing symbols when + * this header file is included but the resulting object is not linked against + * the Crypto library (openssl#6912). + */ +# ifdef __SUNPRO_C +# pragma weak OPENSSL_sk_num +# pragma weak OPENSSL_sk_value +# pragma weak OPENSSL_sk_new +# pragma weak OPENSSL_sk_new_null +# pragma weak OPENSSL_sk_new_reserve +# pragma weak OPENSSL_sk_reserve +# pragma weak OPENSSL_sk_free +# pragma weak OPENSSL_sk_zero +# pragma weak OPENSSL_sk_delete +# pragma weak OPENSSL_sk_delete_ptr +# pragma weak OPENSSL_sk_push +# pragma weak OPENSSL_sk_unshift +# pragma weak OPENSSL_sk_pop +# pragma weak OPENSSL_sk_shift +# pragma weak OPENSSL_sk_pop_free +# pragma weak OPENSSL_sk_insert +# pragma weak OPENSSL_sk_set +# pragma weak OPENSSL_sk_find +# pragma weak OPENSSL_sk_find_ex +# pragma weak OPENSSL_sk_sort +# pragma weak OPENSSL_sk_is_sorted +# pragma weak OPENSSL_sk_dup +# pragma weak OPENSSL_sk_deep_copy +# pragma weak OPENSSL_sk_set_cmp_func +# endif /* __SUNPRO_C */ + # ifdef __cplusplus } # endif diff --git a/crypto/openssl/include/openssl/ssl.h b/crypto/openssl/include/openssl/ssl.h index d6b1b4e6a670..48e1152a27e2 100644 --- a/crypto/openssl/include/openssl/ssl.h +++ b/crypto/openssl/include/openssl/ssl.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -494,6 +494,19 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); */ # define SSL_MODE_ASYNC 0x00000100U +/* + * When using DTLS/SCTP, include the terminating zero in the label + * used for computing the endpoint-pair shared secret. Required for + * interoperability with implementations having this bug like these + * older version of OpenSSL: + * - OpenSSL 1.0.0 series + * - OpenSSL 1.0.1 series + * - OpenSSL 1.0.2 series + * - OpenSSL 1.1.0 series + * - OpenSSL 1.1.1 and 1.1.1a + */ +# define SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG 0x00000400U + /* Cert related flags */ /* * Many implementations ignore some aspects of the TLS standards such as @@ -1904,17 +1917,17 @@ __owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); __owur int SSL_do_handshake(SSL *s); int SSL_key_update(SSL *s, int updatetype); -int SSL_get_key_update_type(SSL *s); +int SSL_get_key_update_type(const SSL *s); int SSL_renegotiate(SSL *s); int SSL_renegotiate_abbreviated(SSL *s); -__owur int SSL_renegotiate_pending(SSL *s); +__owur int SSL_renegotiate_pending(const SSL *s); int SSL_shutdown(SSL *s); __owur int SSL_verify_client_post_handshake(SSL *s); void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val); void SSL_set_post_handshake_auth(SSL *s, int val); -__owur const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx); -__owur const SSL_METHOD *SSL_get_ssl_method(SSL *s); +__owur const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx); +__owur const SSL_METHOD *SSL_get_ssl_method(const SSL *s); __owur int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); __owur const char *SSL_alert_type_string_long(int value); __owur const char *SSL_alert_type_string(int value); @@ -2062,8 +2075,8 @@ void SSL_set_tmp_dh_callback(SSL *ssl, int keylength)); # endif -__owur const COMP_METHOD *SSL_get_current_compression(SSL *s); -__owur const COMP_METHOD *SSL_get_current_expansion(SSL *s); +__owur const COMP_METHOD *SSL_get_current_compression(const SSL *s); +__owur const COMP_METHOD *SSL_get_current_expansion(const SSL *s); __owur const char *SSL_COMP_get_name(const COMP_METHOD *comp); __owur const char *SSL_COMP_get0_name(const SSL_COMP *comp); __owur int SSL_COMP_get_id(const SSL_COMP *comp); @@ -2107,20 +2120,20 @@ void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, size_t (*cb) (SSL *ssl, int type, size_t len, void *arg)); void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg); -void *SSL_CTX_get_record_padding_callback_arg(SSL_CTX *ctx); +void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx); int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size); void SSL_set_record_padding_callback(SSL *ssl, size_t (*cb) (SSL *ssl, int type, size_t len, void *arg)); void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg); -void *SSL_get_record_padding_callback_arg(SSL *ssl); +void *SSL_get_record_padding_callback_arg(const SSL *ssl); int SSL_set_block_padding(SSL *ssl, size_t block_size); int SSL_set_num_tickets(SSL *s, size_t num_tickets); -size_t SSL_get_num_tickets(SSL *s); +size_t SSL_get_num_tickets(const SSL *s); int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); -size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx); +size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx); # if OPENSSL_API_COMPAT < 0x10100000L # define SSL_cache_hit(s) SSL_session_reused(s) diff --git a/crypto/openssl/include/openssl/sslerr.h b/crypto/openssl/include/openssl/sslerr.h index 87b295c9f93b..a50a075b42ec 100644 --- a/crypto/openssl/include/openssl/sslerr.h +++ b/crypto/openssl/include/openssl/sslerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -596,6 +596,7 @@ int ERR_load_SSL_strings(void); # define SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION 209 # define SSL_R_MISSING_TMP_DH_KEY 171 # define SSL_R_MISSING_TMP_ECDH_KEY 311 +# define SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA 293 # define SSL_R_NOT_ON_RECORD_BOUNDARY 182 # define SSL_R_NOT_REPLACING_CERTIFICATE 289 # define SSL_R_NOT_SERVER 284 diff --git a/crypto/openssl/include/openssl/x509_vfy.h b/crypto/openssl/include/openssl/x509_vfy.h index 2adb1559700f..adb8bce7cb43 100644 --- a/crypto/openssl/include/openssl/x509_vfy.h +++ b/crypto/openssl/include/openssl/x509_vfy.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -362,7 +362,11 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx); # define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted # define X509_STORE_CTX_trusted_stack X509_STORE_CTX_set0_trusted_stack # define X509_STORE_get_by_subject X509_STORE_CTX_get_by_subject +# define X509_STORE_get1_certs X509_STORE_CTX_get1_certs +# define X509_STORE_get1_crls X509_STORE_CTX_get1_crls +/* the following macro is misspelled; use X509_STORE_get1_certs instead */ # define X509_STORE_get1_cert X509_STORE_CTX_get1_certs +/* the following macro is misspelled; use X509_STORE_get1_crls instead */ # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls #endif diff --git a/crypto/openssl/ssl/record/rec_layer_d1.c b/crypto/openssl/ssl/record/rec_layer_d1.c index 1f9b31969d82..cb5d54ef5a8f 100644 --- a/crypto/openssl/ssl/record/rec_layer_d1.c +++ b/crypto/openssl/ssl/record/rec_layer_d1.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -440,19 +440,6 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, && SSL3_RECORD_get_length(rr) != 0) s->rlayer.alert_count = 0; - if (SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE - && SSL3_RECORD_get_type(rr) != SSL3_RT_CHANGE_CIPHER_SPEC - && !SSL_in_init(s) - && (s->d1->next_timeout.tv_sec != 0 - || s->d1->next_timeout.tv_usec != 0)) { - /* - * The timer is still running but we've received something that isn't - * handshake data - so the peer must have finished processing our - * last handshake flight. Stop the timer. - */ - dtls1_stop_timer(s); - } - /* we now have a packet which can be read and processed */ if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, diff --git a/crypto/openssl/ssl/record/rec_layer_s3.c b/crypto/openssl/ssl/record/rec_layer_s3.c index 6d495715b22a..b2f97ef905a4 100644 --- a/crypto/openssl/ssl/record/rec_layer_s3.c +++ b/crypto/openssl/ssl/record/rec_layer_s3.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1315,6 +1315,14 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } while (num_recs == 0); rr = &rr[curr_rec]; + if (s->rlayer.handshake_fragment_len > 0 + && SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE + && SSL_IS_TLS13(s)) { + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES, + SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA); + return -1; + } + /* * Reset the count of consecutive warning alerts if we've got a non-empty * record that isn't an alert. diff --git a/crypto/openssl/ssl/s3_enc.c b/crypto/openssl/ssl/s3_enc.c index fca84ef99acf..2e185e9fba9a 100644 --- a/crypto/openssl/ssl/s3_enc.c +++ b/crypto/openssl/ssl/s3_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -90,8 +90,6 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) int ssl3_change_cipher_state(SSL *s, int which) { unsigned char *p, *mac_secret; - unsigned char exp_key[EVP_MAX_KEY_LENGTH]; - unsigned char exp_iv[EVP_MAX_IV_LENGTH]; unsigned char *ms, *key, *iv; EVP_CIPHER_CTX *dd; const EVP_CIPHER *c; @@ -239,12 +237,8 @@ int ssl3_change_cipher_state(SSL *s, int which) } s->statem.enc_write_state = ENC_WRITE_STATE_VALID; - OPENSSL_cleanse(exp_key, sizeof(exp_key)); - OPENSSL_cleanse(exp_iv, sizeof(exp_iv)); return 1; err: - OPENSSL_cleanse(exp_key, sizeof(exp_key)); - OPENSSL_cleanse(exp_iv, sizeof(exp_iv)); return 0; } diff --git a/crypto/openssl/ssl/s3_lib.c b/crypto/openssl/ssl/s3_lib.c index 866ca4dfa9b0..99ae48199c2d 100644 --- a/crypto/openssl/ssl/s3_lib.c +++ b/crypto/openssl/ssl/s3_lib.c @@ -3781,7 +3781,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) EVP_PKEY_security_bits(pkdh), 0, pkdh)) { SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL); EVP_PKEY_free(pkdh); - return 1; + return 0; } EVP_PKEY_free(ctx->cert->dh_tmp); ctx->cert->dh_tmp = pkdh; diff --git a/crypto/openssl/ssl/ssl_ciph.c b/crypto/openssl/ssl/ssl_ciph.c index 14066d0ea451..b60d67aa0dcb 100644 --- a/crypto/openssl/ssl/ssl_ciph.c +++ b/crypto/openssl/ssl/ssl_ciph.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -171,6 +171,8 @@ static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = { EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef, /* GOST2012_512 */ EVP_PKEY_HMAC, + /* MD5/SHA1, SHA224, SHA512 */ + NID_undef, NID_undef, NID_undef }; static size_t ssl_mac_secret_size[SSL_MD_NUM_IDX]; diff --git a/crypto/openssl/ssl/ssl_err.c b/crypto/openssl/ssl/ssl_err.c index 11331ce41fd3..4b12ed1485d9 100644 --- a/crypto/openssl/ssl/ssl_err.c +++ b/crypto/openssl/ssl/ssl_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -965,6 +965,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_TMP_DH_KEY), "missing tmp dh key"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_TMP_ECDH_KEY), "missing tmp ecdh key"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA), + "mixed handshake and non handshake data"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_ON_RECORD_BOUNDARY), "not on record boundary"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_REPLACING_CERTIFICATE), diff --git a/crypto/openssl/ssl/ssl_init.c b/crypto/openssl/ssl/ssl_init.c index c0ccb9304a63..f0969fa9b1af 100644 --- a/crypto/openssl/ssl/ssl_init.c +++ b/crypto/openssl/ssl/ssl_init.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -134,7 +134,8 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings) return 1; } -DEFINE_RUN_ONCE_STATIC(ossl_init_no_load_ssl_strings) +DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_ssl_strings, + ossl_init_load_ssl_strings) { /* Do nothing in this case */ return 1; @@ -194,20 +195,22 @@ int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS * settings) return 0; } - if (!OPENSSL_init_crypto(opts + opts |= OPENSSL_INIT_ADD_ALL_CIPHERS + | OPENSSL_INIT_ADD_ALL_DIGESTS; #ifndef OPENSSL_NO_AUTOLOAD_CONFIG - | OPENSSL_INIT_LOAD_CONFIG + if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG) == 0) + opts |= OPENSSL_INIT_LOAD_CONFIG; #endif - | OPENSSL_INIT_ADD_ALL_CIPHERS - | OPENSSL_INIT_ADD_ALL_DIGESTS, - settings)) + + if (!OPENSSL_init_crypto(opts, settings)) return 0; if (!RUN_ONCE(&ssl_base, ossl_init_ssl_base)) return 0; if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS) - && !RUN_ONCE(&ssl_strings, ossl_init_no_load_ssl_strings)) + && !RUN_ONCE_ALT(&ssl_strings, ossl_init_no_load_ssl_strings, + ossl_init_load_ssl_strings)) return 0; if ((opts & OPENSSL_INIT_LOAD_SSL_STRINGS) diff --git a/crypto/openssl/ssl/ssl_lib.c b/crypto/openssl/ssl/ssl_lib.c index 61a0ea2cc974..4440a9ffe9be 100644 --- a/crypto/openssl/ssl/ssl_lib.c +++ b/crypto/openssl/ssl/ssl_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -2107,7 +2107,7 @@ int SSL_key_update(SSL *s, int updatetype) return 1; } -int SSL_get_key_update_type(SSL *s) +int SSL_get_key_update_type(const SSL *s) { return s->key_update; } @@ -2148,7 +2148,7 @@ int SSL_renegotiate_abbreviated(SSL *s) return s->method->ssl_renegotiate(s); } -int SSL_renegotiate_pending(SSL *s) +int SSL_renegotiate_pending(const SSL *s) { /* * becomes true when negotiation is requested; false again once a @@ -2508,6 +2508,26 @@ STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) return NULL; } +/* + * Distinguish between ciphers controlled by set_ciphersuite() and + * set_cipher_list() when counting. + */ +static int cipher_list_tls12_num(STACK_OF(SSL_CIPHER) *sk) +{ + int i, num = 0; + const SSL_CIPHER *c; + + if (sk == NULL) + return 0; + for (i = 0; i < sk_SSL_CIPHER_num(sk); ++i) { + c = sk_SSL_CIPHER_value(sk, i); + if (c->min_tls >= TLS1_3_VERSION) + continue; + num++; + } + return num; +} + /** specify the ciphers to be used by default by the SSL_CTX */ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) { @@ -2525,7 +2545,7 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) */ if (sk == NULL) return 0; - else if (sk_SSL_CIPHER_num(sk) == 0) { + else if (cipher_list_tls12_num(sk) == 0) { SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); return 0; } @@ -2543,7 +2563,7 @@ int SSL_set_cipher_list(SSL *s, const char *str) /* see comment in SSL_CTX_set_cipher_list */ if (sk == NULL) return 0; - else if (sk_SSL_CIPHER_num(sk) == 0) { + else if (cipher_list_tls12_num(sk) == 0) { SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); return 0; } @@ -3428,12 +3448,12 @@ void ssl_update_cache(SSL *s, int mode) } } -const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx) +const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx) { return ctx->method; } -const SSL_METHOD *SSL_get_ssl_method(SSL *s) +const SSL_METHOD *SSL_get_ssl_method(const SSL *s) { return s->method; } @@ -3871,7 +3891,7 @@ const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s) return s->s3->tmp.new_cipher; } -const COMP_METHOD *SSL_get_current_compression(SSL *s) +const COMP_METHOD *SSL_get_current_compression(const SSL *s) { #ifndef OPENSSL_NO_COMP return s->compress ? COMP_CTX_get_method(s->compress) : NULL; @@ -3880,7 +3900,7 @@ const COMP_METHOD *SSL_get_current_compression(SSL *s) #endif } -const COMP_METHOD *SSL_get_current_expansion(SSL *s) +const COMP_METHOD *SSL_get_current_expansion(const SSL *s) { #ifndef OPENSSL_NO_COMP return s->expand ? COMP_CTX_get_method(s->expand) : NULL; @@ -4328,7 +4348,7 @@ void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg) ctx->record_padding_arg = arg; } -void *SSL_CTX_get_record_padding_callback_arg(SSL_CTX *ctx) +void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx) { return ctx->record_padding_arg; } @@ -4357,7 +4377,7 @@ void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg) ssl->record_padding_arg = arg; } -void *SSL_get_record_padding_callback_arg(SSL *ssl) +void *SSL_get_record_padding_callback_arg(const SSL *ssl) { return ssl->record_padding_arg; } @@ -4381,7 +4401,7 @@ int SSL_set_num_tickets(SSL *s, size_t num_tickets) return 1; } -size_t SSL_get_num_tickets(SSL *s) +size_t SSL_get_num_tickets(const SSL *s) { return s->num_tickets; } @@ -4393,7 +4413,7 @@ int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets) return 1; } -size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx) +size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx) { return ctx->num_tickets; } diff --git a/crypto/openssl/ssl/ssl_locl.h b/crypto/openssl/ssl/ssl_locl.h index 70e5a1740f9c..f326399e03a0 100644 --- a/crypto/openssl/ssl/ssl_locl.h +++ b/crypto/openssl/ssl/ssl_locl.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -1170,8 +1170,6 @@ struct ssl_st { EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ unsigned char write_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static write IV */ EVP_MD_CTX *write_hash; /* used for mac generation */ - /* Count of how many KeyUpdate messages we have received */ - unsigned int key_update_count; /* session info */ /* client cert? */ /* This is used to hold the server certificate used */ @@ -2461,7 +2459,7 @@ __owur int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, const unsigned char *label, size_t labellen, const unsigned char *data, size_t datalen, - unsigned char *out, size_t outlen); + unsigned char *out, size_t outlen, int fatal); __owur int tls13_derive_key(SSL *s, const EVP_MD *md, const unsigned char *secret, unsigned char *key, size_t keylen); diff --git a/crypto/openssl/ssl/statem/extensions.c b/crypto/openssl/ssl/statem/extensions.c index 63e61c6184ac..c3d3441a1c63 100644 --- a/crypto/openssl/ssl/statem/extensions.c +++ b/crypto/openssl/ssl/statem/extensions.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -348,10 +348,12 @@ static const EXTENSION_DEFINITION ext_defs[] = { { /* * Special unsolicited ServerHello extension only used when - * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set + * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set. We allow it in a ClientHello but + * ignore it. */ TLSEXT_TYPE_cryptopro_bug, - SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_TLS1_2_AND_BELOW_ONLY, + SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_TLS1_2_AND_BELOW_ONLY, NULL, NULL, NULL, tls_construct_stoc_cryptopro_bug, NULL, NULL }, { @@ -623,7 +625,12 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, && type != TLSEXT_TYPE_cookie && type != TLSEXT_TYPE_renegotiate && type != TLSEXT_TYPE_signed_certificate_timestamp - && (s->ext.extflags[idx] & SSL_EXT_FLAG_SENT) == 0) { + && (s->ext.extflags[idx] & SSL_EXT_FLAG_SENT) == 0 +#ifndef OPENSSL_NO_GOST + && !((context & SSL_EXT_TLS1_2_SERVER_HELLO) != 0 + && type == TLSEXT_TYPE_cryptopro_bug) +#endif + ) { SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, SSL_F_TLS_COLLECT_EXTENSIONS, SSL_R_UNSOLICITED_EXTENSION); goto err; @@ -1506,7 +1513,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, /* Generate the binder key */ if (!tls13_hkdf_expand(s, md, early_secret, label, labelsize, hash, - hashsize, binderkey, hashsize)) { + hashsize, binderkey, hashsize, 1)) { /* SSLfatal() already called */ goto err; } diff --git a/crypto/openssl/ssl/statem/statem.c b/crypto/openssl/ssl/statem/statem.c index f76c0e48034b..e3c5ec003874 100644 --- a/crypto/openssl/ssl/statem/statem.c +++ b/crypto/openssl/ssl/statem/statem.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -342,8 +342,10 @@ static int state_machine(SSL *s, int server) } s->server = server; - if (cb != NULL) - cb(s, SSL_CB_HANDSHAKE_START, 1); + if (cb != NULL) { + if (SSL_IS_FIRST_HANDSHAKE(s) || !SSL_IS_TLS13(s)) + cb(s, SSL_CB_HANDSHAKE_START, 1); + } /* * Fatal errors in this block don't send an alert because we have diff --git a/crypto/openssl/ssl/statem/statem_clnt.c b/crypto/openssl/ssl/statem/statem_clnt.c index 0a11b88183e3..e56d24dfff60 100644 --- a/crypto/openssl/ssl/statem/statem_clnt.c +++ b/crypto/openssl/ssl/statem/statem_clnt.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -1112,13 +1112,6 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt) SSL_SESSION *sess = s->session; unsigned char *session_id; - if (!WPACKET_set_max_size(pkt, SSL3_RT_MAX_PLAIN_LENGTH)) { - /* Should not happen */ - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); - return 0; - } - /* Work out what SSL/TLS/DTLS version to use */ protverr = ssl_set_client_hello_version(s); if (protverr != 0) { @@ -1714,6 +1707,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) if (SSL_IS_DTLS(s) && s->hit) { unsigned char sctpauthkey[64]; char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)]; + size_t labellen; /* * Add new shared key for SCTP-Auth, will be ignored if @@ -1722,10 +1716,15 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL, sizeof(DTLS1_SCTP_AUTH_LABEL)); + /* Don't include the terminating zero. */ + labellen = sizeof(labelbuffer) - 1; + if (s->mode & SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG) + labellen += 1; + if (SSL_export_keying_material(s, sctpauthkey, sizeof(sctpauthkey), labelbuffer, - sizeof(labelbuffer), NULL, 0, 0) <= 0) { + labellen, NULL, 0, 0) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO, ERR_R_INTERNAL_ERROR); goto err; @@ -2353,7 +2352,8 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) } #ifdef SSL_DEBUG if (SSL_USE_SIGALGS(s)) - fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md)); + fprintf(stderr, "USING TLSv1.2 HASH %s\n", + md == NULL ? "n/a" : EVP_MD_name(md)); #endif if (!PACKET_get_length_prefixed_2(pkt, &signature) @@ -2739,7 +2739,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) PACKET_data(&nonce), PACKET_remaining(&nonce), s->session->master_key, - hashlen)) { + hashlen, 1)) { /* SSLfatal() already called */ goto err; } @@ -3403,6 +3403,7 @@ int tls_client_key_exchange_post_work(SSL *s) if (SSL_IS_DTLS(s)) { unsigned char sctpauthkey[64]; char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)]; + size_t labellen; /* * Add new shared key for SCTP-Auth, will be ignored if no SCTP @@ -3411,9 +3412,14 @@ int tls_client_key_exchange_post_work(SSL *s) memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL, sizeof(DTLS1_SCTP_AUTH_LABEL)); + /* Don't include the terminating zero. */ + labellen = sizeof(labelbuffer) - 1; + if (s->mode & SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG) + labellen += 1; + if (SSL_export_keying_material(s, sctpauthkey, sizeof(sctpauthkey), labelbuffer, - sizeof(labelbuffer), NULL, 0, 0) <= 0) { + labellen, NULL, 0, 0) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK, ERR_R_INTERNAL_ERROR); diff --git a/crypto/openssl/ssl/statem/statem_lib.c b/crypto/openssl/ssl/statem/statem_lib.c index 4324896f500a..c0482b0a9056 100644 --- a/crypto/openssl/ssl/statem/statem_lib.c +++ b/crypto/openssl/ssl/statem/statem_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -396,7 +396,8 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) #ifdef SSL_DEBUG if (SSL_USE_SIGALGS(s)) - fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md)); + fprintf(stderr, "USING TLSv1.2 HASH %s\n", + md == NULL ? "n/a" : EVP_MD_name(md)); #endif /* Check for broken implementations of GOST ciphersuites */ @@ -439,7 +440,8 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) } #ifdef SSL_DEBUG - fprintf(stderr, "Using client verify alg %s\n", EVP_MD_name(md)); + fprintf(stderr, "Using client verify alg %s\n", + md == NULL ? "n/a" : EVP_MD_name(md)); #endif if (EVP_DigestVerifyInit(mctx, &pctx, md, NULL, pkey) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, @@ -612,13 +614,6 @@ MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt) { unsigned int updatetype; - s->key_update_count++; - if (s->key_update_count > MAX_KEY_UPDATE_MESSAGES) { - SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_KEY_UPDATE, - SSL_R_TOO_MANY_KEY_UPDATES); - return MSG_PROCESS_ERROR; - } - /* * A KeyUpdate message signals a key change so the end of the message must * be on a record boundary. @@ -1028,6 +1023,7 @@ unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk) WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop) { void (*cb) (const SSL *ssl, int type, int val) = NULL; + int cleanuphand = s->statem.cleanuphand; if (clearbufs) { if (!SSL_IS_DTLS(s)) { @@ -1054,7 +1050,7 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop) * Only set if there was a Finished message and this isn't after a TLSv1.3 * post handshake exchange */ - if (s->statem.cleanuphand) { + if (cleanuphand) { /* skipped if we just sent a HelloRequest */ s->renegotiate = 0; s->new_session = 0; @@ -1074,15 +1070,6 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop) /* N.B. s->ctx may not equal s->session_ctx */ tsan_counter(&s->ctx->stats.sess_accept_good); s->handshake_func = ossl_statem_accept; - - if (SSL_IS_DTLS(s) && !s->hit) { - /* - * We are finishing after the client. We start the timer going - * in case there are any retransmits of our final flight - * required. - */ - dtls1_start_timer(s); - } } else { if (SSL_IS_TLS13(s)) { /* @@ -1104,15 +1091,6 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop) s->handshake_func = ossl_statem_connect; tsan_counter(&s->session_ctx->stats.sess_connect_good); - - if (SSL_IS_DTLS(s) && s->hit) { - /* - * We are finishing after the server. We start the timer going - * in case there are any retransmits of our final flight - * required. - */ - dtls1_start_timer(s); - } } if (SSL_IS_DTLS(s)) { @@ -1132,8 +1110,12 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop) /* The callback may expect us to not be in init at handshake done */ ossl_statem_set_in_init(s, 0); - if (cb != NULL) - cb(s, SSL_CB_HANDSHAKE_DONE, 1); + if (cb != NULL) { + if (cleanuphand + || !SSL_IS_TLS13(s) + || SSL_IS_FIRST_HANDSHAKE(s)) + cb(s, SSL_CB_HANDSHAKE_DONE, 1); + } if (!stop) { /* If we've got more work to do we go back into init */ diff --git a/crypto/openssl/ssl/statem/statem_locl.h b/crypto/openssl/ssl/statem/statem_locl.h index 6b8cf37faa01..e27c0c13a2bb 100644 --- a/crypto/openssl/ssl/statem/statem_locl.h +++ b/crypto/openssl/ssl/statem/statem_locl.h @@ -1,5 +1,5 @@ /* - * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -29,9 +29,6 @@ /* Max should actually be 36 but we are generous */ #define FINISHED_MAX_LENGTH 64 -/* The maximum number of incoming KeyUpdate messages we will accept */ -#define MAX_KEY_UPDATE_MESSAGES 32 - /* Dummy message type */ #define SSL3_MT_DUMMY -1 diff --git a/crypto/openssl/ssl/statem/statem_srvr.c b/crypto/openssl/ssl/statem/statem_srvr.c index e7c11c4bea4d..6b8aae62ccd8 100644 --- a/crypto/openssl/ssl/statem/statem_srvr.c +++ b/crypto/openssl/ssl/statem/statem_srvr.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -830,6 +830,7 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst) if (SSL_IS_DTLS(s) && s->hit) { unsigned char sctpauthkey[64]; char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)]; + size_t labellen; /* * Add new shared key for SCTP-Auth, will be ignored if no @@ -838,9 +839,14 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst) memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL, sizeof(DTLS1_SCTP_AUTH_LABEL)); + /* Don't include the terminating zero. */ + labellen = sizeof(labelbuffer) - 1; + if (s->mode & SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG) + labellen += 1; + if (SSL_export_keying_material(s, sctpauthkey, sizeof(sctpauthkey), labelbuffer, - sizeof(labelbuffer), NULL, 0, + labellen, NULL, 0, 0) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_OSSL_STATEM_SERVER_POST_WORK, @@ -3500,6 +3506,7 @@ WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst) if (SSL_IS_DTLS(s)) { unsigned char sctpauthkey[64]; char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)]; + size_t labellen; /* * Add new shared key for SCTP-Auth, will be ignored if no SCTP * used. @@ -3507,9 +3514,14 @@ WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst) memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL, sizeof(DTLS1_SCTP_AUTH_LABEL)); + /* Don't include the terminating zero. */ + labellen = sizeof(labelbuffer) - 1; + if (s->mode & SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG) + labellen += 1; + if (SSL_export_keying_material(s, sctpauthkey, sizeof(sctpauthkey), labelbuffer, - sizeof(labelbuffer), NULL, 0, + labellen, NULL, 0, 0) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE, @@ -4028,7 +4040,6 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) uint64_t nonce; static const unsigned char nonce_label[] = "resumption"; const EVP_MD *md = ssl_handshake_md(s); - void (*cb) (const SSL *ssl, int type, int val) = NULL; int hashleni = EVP_MD_size(md); /* Ensure cast to size_t is safe */ @@ -4040,24 +4051,6 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) } hashlen = (size_t)hashleni; - if (s->info_callback != NULL) - cb = s->info_callback; - else if (s->ctx->info_callback != NULL) - cb = s->ctx->info_callback; - - if (cb != NULL) { - /* - * We don't start and stop the handshake in between each ticket when - * sending more than one - but it should appear that way to the info - * callback. - */ - if (s->sent_tickets != 0) { - ossl_statem_set_in_init(s, 0); - cb(s, SSL_CB_HANDSHAKE_DONE, 1); - ossl_statem_set_in_init(s, 1); - } - cb(s, SSL_CB_HANDSHAKE_START, 1); - } /* * If we already sent one NewSessionTicket, or we resumed then * s->session may already be in a cache and so we must not modify it. @@ -4099,7 +4092,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) tick_nonce, TICKET_NONCE_SIZE, s->session->master_key, - hashlen)) { + hashlen, 1)) { /* SSLfatal() already called */ goto err; } diff --git a/crypto/openssl/ssl/t1_enc.c b/crypto/openssl/ssl/t1_enc.c index 2db913fb0687..57fb17a66031 100644 --- a/crypto/openssl/ssl/t1_enc.c +++ b/crypto/openssl/ssl/t1_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -81,10 +81,6 @@ static int tls1_generate_key_block(SSL *s, unsigned char *km, size_t num) int tls1_change_cipher_state(SSL *s, int which) { unsigned char *p, *mac_secret; - unsigned char tmp1[EVP_MAX_KEY_LENGTH]; - unsigned char tmp2[EVP_MAX_KEY_LENGTH]; - unsigned char iv1[EVP_MAX_IV_LENGTH * 2]; - unsigned char iv2[EVP_MAX_IV_LENGTH * 2]; unsigned char *ms, *key, *iv; EVP_CIPHER_CTX *dd; const EVP_CIPHER *c; @@ -334,16 +330,8 @@ int tls1_change_cipher_state(SSL *s, int which) printf("\n"); #endif - OPENSSL_cleanse(tmp1, sizeof(tmp1)); - OPENSSL_cleanse(tmp2, sizeof(tmp1)); - OPENSSL_cleanse(iv1, sizeof(iv1)); - OPENSSL_cleanse(iv2, sizeof(iv2)); return 1; err: - OPENSSL_cleanse(tmp1, sizeof(tmp1)); - OPENSSL_cleanse(tmp2, sizeof(tmp1)); - OPENSSL_cleanse(iv1, sizeof(iv1)); - OPENSSL_cleanse(iv2, sizeof(iv2)); return 0; } diff --git a/crypto/openssl/ssl/t1_lib.c b/crypto/openssl/ssl/t1_lib.c index fc41ed90e710..68cb237ea95e 100644 --- a/crypto/openssl/ssl/t1_lib.c +++ b/crypto/openssl/ssl/t1_lib.c @@ -2537,7 +2537,8 @@ static int tls12_get_cert_sigalg_idx(const SSL *s, const SIGALG_LOOKUP *lu) static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx) { const SIGALG_LOOKUP *lu; - int mdnid, pknid; + int mdnid, pknid, default_mdnid; + int mandatory_md = 0; size_t i; /* TLS 1.2 callers can override lu->sig_idx, but not TLS 1.3 callers. */ @@ -2545,12 +2546,26 @@ static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx) idx = sig->sig_idx; if (!ssl_has_cert(s, idx)) return 0; + /* If the EVP_PKEY reports a mandatory digest, allow nothing else. */ + ERR_set_mark(); + switch (EVP_PKEY_get_default_digest_nid(s->cert->pkeys[idx].privatekey, + &default_mdnid)) { + case 2: + mandatory_md = 1; + break; + case 1: + break; + default: /* If it didn't report a mandatory NID, for whatever reasons, + * just clear the error and allow all hashes to be used. */ + ERR_pop_to_mark(); + } if (s->s3->tmp.peer_cert_sigalgs != NULL) { for (i = 0; i < s->s3->tmp.peer_cert_sigalgslen; i++) { lu = tls1_lookup_sigalg(s->s3->tmp.peer_cert_sigalgs[i]); if (lu == NULL || !X509_get_signature_info(s->cert->pkeys[idx].x509, &mdnid, - &pknid, NULL, NULL)) + &pknid, NULL, NULL) + || (mandatory_md && mdnid != default_mdnid)) continue; /* * TODO this does not differentiate between the @@ -2563,7 +2578,7 @@ static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx) } return 0; } - return 1; + return !mandatory_md || sig->hash == default_mdnid; } /* diff --git a/crypto/openssl/ssl/tls13_enc.c b/crypto/openssl/ssl/tls13_enc.c index b6825d20c2dc..1f956e61e9c1 100644 --- a/crypto/openssl/ssl/tls13_enc.c +++ b/crypto/openssl/ssl/tls13_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,14 +13,7 @@ #include <openssl/evp.h> #include <openssl/kdf.h> -/* - * RFC 8446, 7.1 Key Schedule, says: - * Note: With common hash functions, any label longer than 12 characters - * requires an additional iteration of the hash function to compute. - * The labels in this specification have all been chosen to fit within - * this limit. - */ -#define TLS13_MAX_LABEL_LEN 12 +#define TLS13_MAX_LABEL_LEN 249 /* Always filled with zeros */ static const unsigned char default_zeros[EVP_MAX_MD_SIZE]; @@ -29,12 +22,13 @@ static const unsigned char default_zeros[EVP_MAX_MD_SIZE]; * Given a |secret|; a |label| of length |labellen|; and |data| of length * |datalen| (e.g. typically a hash of the handshake messages), derive a new * secret |outlen| bytes long and store it in the location pointed to be |out|. - * The |data| value may be zero length. Returns 1 on success 0 on failure. + * The |data| value may be zero length. Any errors will be treated as fatal if + * |fatal| is set. Returns 1 on success 0 on failure. */ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, const unsigned char *label, size_t labellen, const unsigned char *data, size_t datalen, - unsigned char *out, size_t outlen) + unsigned char *out, size_t outlen, int fatal) { static const unsigned char label_prefix[] = "tls13 "; EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); @@ -47,13 +41,28 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, * + bytes for the hash itself */ unsigned char hkdflabel[sizeof(uint16_t) + sizeof(uint8_t) + - + sizeof(label_prefix) + TLS13_MAX_LABEL_LEN - + EVP_MAX_MD_SIZE]; + + (sizeof(label_prefix) - 1) + TLS13_MAX_LABEL_LEN + + 1 + EVP_MAX_MD_SIZE]; WPACKET pkt; if (pctx == NULL) return 0; + if (labellen > TLS13_MAX_LABEL_LEN) { + if (fatal) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND, + ERR_R_INTERNAL_ERROR); + } else { + /* + * Probably we have been called from SSL_export_keying_material(), + * or SSL_export_keying_material_early(). + */ + SSLerr(SSL_F_TLS13_HKDF_EXPAND, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL); + } + EVP_PKEY_CTX_free(pctx); + return 0; + } + hashlen = EVP_MD_size(md); if (!WPACKET_init_static_len(&pkt, hkdflabel, sizeof(hkdflabel), 0) @@ -67,8 +76,11 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, || !WPACKET_finish(&pkt)) { EVP_PKEY_CTX_free(pctx); WPACKET_cleanup(&pkt); - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND, - ERR_R_INTERNAL_ERROR); + if (fatal) + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND, + ERR_R_INTERNAL_ERROR); + else + SSLerr(SSL_F_TLS13_HKDF_EXPAND, ERR_R_INTERNAL_ERROR); return 0; } @@ -82,9 +94,13 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, EVP_PKEY_CTX_free(pctx); - if (ret != 0) - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND, - ERR_R_INTERNAL_ERROR); + if (ret != 0) { + if (fatal) + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND, + ERR_R_INTERNAL_ERROR); + else + SSLerr(SSL_F_TLS13_HKDF_EXPAND, ERR_R_INTERNAL_ERROR); + } return ret == 0; } @@ -99,7 +115,7 @@ int tls13_derive_key(SSL *s, const EVP_MD *md, const unsigned char *secret, static const unsigned char keylabel[] = "key"; return tls13_hkdf_expand(s, md, secret, keylabel, sizeof(keylabel) - 1, - NULL, 0, key, keylen); + NULL, 0, key, keylen, 1); } /* @@ -112,7 +128,7 @@ int tls13_derive_iv(SSL *s, const EVP_MD *md, const unsigned char *secret, static const unsigned char ivlabel[] = "iv"; return tls13_hkdf_expand(s, md, secret, ivlabel, sizeof(ivlabel) - 1, - NULL, 0, iv, ivlen); + NULL, 0, iv, ivlen, 1); } int tls13_derive_finishedkey(SSL *s, const EVP_MD *md, @@ -122,7 +138,7 @@ int tls13_derive_finishedkey(SSL *s, const EVP_MD *md, static const unsigned char finishedlabel[] = "finished"; return tls13_hkdf_expand(s, md, secret, finishedlabel, - sizeof(finishedlabel) - 1, NULL, 0, fin, finlen); + sizeof(finishedlabel) - 1, NULL, 0, fin, finlen, 1); } /* @@ -185,7 +201,7 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md, if (!tls13_hkdf_expand(s, md, prevsecret, (unsigned char *)derived_secret_label, sizeof(derived_secret_label) - 1, hash, mdlen, - preextractsec, mdlen)) { + preextractsec, mdlen, 1)) { /* SSLfatal() already called */ EVP_PKEY_CTX_free(pctx); return 0; @@ -307,11 +323,9 @@ int tls13_setup_key_block(SSL *s) { const EVP_CIPHER *c; const EVP_MD *hash; - int mac_type = NID_undef; s->session->cipher = s->s3->tmp.new_cipher; - if (!ssl_cipher_get_evp - (s->session, &c, &hash, &mac_type, NULL, NULL, 0)) { + if (!ssl_cipher_get_evp(s->session, &c, &hash, NULL, NULL, NULL, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_SETUP_KEY_BLOCK, SSL_R_CIPHER_OR_HASH_UNAVAILABLE); return 0; @@ -345,7 +359,7 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, hashlen = (size_t)hashleni; if (!tls13_hkdf_expand(s, md, insecret, label, labellen, hash, hashlen, - secret, hashlen)) { + secret, hashlen, 1)) { /* SSLfatal() already called */ goto err; } @@ -525,7 +539,8 @@ int tls13_change_cipher_state(SSL *s, int which) early_exporter_master_secret, sizeof(early_exporter_master_secret) - 1, hashval, hashlen, - s->early_exporter_master_secret, hashlen)) { + s->early_exporter_master_secret, hashlen, + 1)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); goto err; @@ -612,7 +627,7 @@ int tls13_change_cipher_state(SSL *s, int which) resumption_master_secret, sizeof(resumption_master_secret) - 1, hashval, hashlen, s->resumption_master_secret, - hashlen)) { + hashlen, 1)) { /* SSLfatal() already called */ goto err; } @@ -632,7 +647,7 @@ int tls13_change_cipher_state(SSL *s, int which) exporter_master_secret, sizeof(exporter_master_secret) - 1, hash, hashlen, s->exporter_master_secret, - hashlen)) { + hashlen, 1)) { /* SSLfatal() already called */ goto err; } @@ -746,10 +761,10 @@ int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen, || EVP_DigestFinal_ex(ctx, data, &datalen) <= 0 || !tls13_hkdf_expand(s, md, s->exporter_master_secret, (const unsigned char *)label, llen, - data, datalen, exportsecret, hashsize) + data, datalen, exportsecret, hashsize, 0) || !tls13_hkdf_expand(s, md, exportsecret, exporterlabel, sizeof(exporterlabel) - 1, hash, hashsize, - out, olen)) + out, olen, 0)) goto err; ret = 1; @@ -805,10 +820,10 @@ int tls13_export_keying_material_early(SSL *s, unsigned char *out, size_t olen, || EVP_DigestFinal_ex(ctx, data, &datalen) <= 0 || !tls13_hkdf_expand(s, md, s->early_exporter_master_secret, (const unsigned char *)label, llen, - data, datalen, exportsecret, hashsize) + data, datalen, exportsecret, hashsize, 0) || !tls13_hkdf_expand(s, md, exportsecret, exporterlabel, sizeof(exporterlabel) - 1, hash, hashsize, - out, olen)) + out, olen, 0)) goto err; ret = 1; diff --git a/secure/lib/libcrypto/Makefile.inc b/secure/lib/libcrypto/Makefile.inc index ef8c131ff32c..39e90a52b3b9 100644 --- a/secure/lib/libcrypto/Makefile.inc +++ b/secure/lib/libcrypto/Makefile.inc @@ -3,8 +3,8 @@ .include <bsd.own.mk> # OpenSSL version used for manual page generation -OPENSSL_VER= 1.1.1a -OPENSSL_DATE= 2018-11-20 +OPENSSL_VER= 1.1.1b +OPENSSL_DATE= 2019-02-26 LCRYPTO_SRC= ${SRCTOP}/crypto/openssl LCRYPTO_DOC= ${LCRYPTO_SRC}/doc diff --git a/secure/lib/libcrypto/Makefile.man b/secure/lib/libcrypto/Makefile.man index 61d6d071d96e..b0a8508ef809 100644 --- a/secure/lib/libcrypto/Makefile.man +++ b/secure/lib/libcrypto/Makefile.man @@ -1969,6 +1969,8 @@ MLINKS+= OPENSSL_fork_prepare.3 OPENSSL_fork_parent.3 MLINKS+= OPENSSL_init_crypto.3 OPENSSL_INIT_free.3 MLINKS+= OPENSSL_init_crypto.3 OPENSSL_INIT_new.3 MLINKS+= OPENSSL_init_crypto.3 OPENSSL_INIT_set_config_appname.3 +MLINKS+= OPENSSL_init_crypto.3 OPENSSL_INIT_set_config_file_flags.3 +MLINKS+= OPENSSL_init_crypto.3 OPENSSL_INIT_set_config_filename.3 MLINKS+= OPENSSL_init_crypto.3 OPENSSL_atexit.3 MLINKS+= OPENSSL_init_crypto.3 OPENSSL_cleanup.3 MLINKS+= OPENSSL_init_crypto.3 OPENSSL_thread_stop.3 diff --git a/secure/lib/libcrypto/aarch64/aesv8-armx.S b/secure/lib/libcrypto/aarch64/aesv8-armx.S index 076071ce631c..d8eb85a9840e 100644 --- a/secure/lib/libcrypto/aarch64/aesv8-armx.S +++ b/secure/lib/libcrypto/aarch64/aesv8-armx.S @@ -181,6 +181,7 @@ aes_v8_set_encrypt_key: .type aes_v8_set_decrypt_key,%function .align 5 aes_v8_set_decrypt_key: +.inst 0xd503233f // paciasp stp x29,x30,[sp,#-16]! add x29,sp,#0 bl .Lenc_key @@ -214,6 +215,7 @@ aes_v8_set_decrypt_key: eor x0,x0,x0 // return value .Ldec_key_abort: ldp x29,x30,[sp],#16 +.inst 0xd50323bf // autiasp ret .size aes_v8_set_decrypt_key,.-aes_v8_set_decrypt_key .globl aes_v8_encrypt diff --git a/secure/lib/libcrypto/aarch64/armv8-mont.S b/secure/lib/libcrypto/aarch64/armv8-mont.S index 13725c7751cb..55c1f76ecd69 100644 --- a/secure/lib/libcrypto/aarch64/armv8-mont.S +++ b/secure/lib/libcrypto/aarch64/armv8-mont.S @@ -211,6 +211,7 @@ __bn_sqr8x_mont: cmp x1,x2 b.ne __bn_mul4x_mont .Lsqr8x_mont: +.inst 0xd503233f // paciasp stp x29,x30,[sp,#-128]! add x29,sp,#0 stp x19,x20,[sp,#16] @@ -961,11 +962,13 @@ __bn_sqr8x_mont: ldp x25,x26,[x29,#64] ldp x27,x28,[x29,#80] ldr x29,[sp],#128 +.inst 0xd50323bf // autiasp ret .size __bn_sqr8x_mont,.-__bn_sqr8x_mont .type __bn_mul4x_mont,%function .align 5 __bn_mul4x_mont: +.inst 0xd503233f // paciasp stp x29,x30,[sp,#-128]! add x29,sp,#0 stp x19,x20,[sp,#16] @@ -1399,6 +1402,7 @@ __bn_mul4x_mont: ldp x25,x26,[x29,#64] ldp x27,x28,[x29,#80] ldr x29,[sp],#128 +.inst 0xd50323bf // autiasp ret .size __bn_mul4x_mont,.-__bn_mul4x_mont .byte 77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 diff --git a/secure/lib/libcrypto/aarch64/chacha-armv8.S b/secure/lib/libcrypto/aarch64/chacha-armv8.S index 5b452b5797a4..0208c2030fae 100644 --- a/secure/lib/libcrypto/aarch64/chacha-armv8.S +++ b/secure/lib/libcrypto/aarch64/chacha-armv8.S @@ -38,6 +38,7 @@ ChaCha20_ctr32: b.ne ChaCha20_neon .Lshort: +.inst 0xd503233f // paciasp stp x29,x30,[sp,#-96]! add x29,sp,#0 @@ -249,6 +250,7 @@ ChaCha20_ctr32: ldp x25,x26,[x29,#64] ldp x27,x28,[x29,#80] ldp x29,x30,[sp],#96 +.inst 0xd50323bf // autiasp .Labort: ret @@ -305,12 +307,14 @@ ChaCha20_ctr32: ldp x25,x26,[x29,#64] ldp x27,x28,[x29,#80] ldp x29,x30,[sp],#96 +.inst 0xd50323bf // autiasp ret .size ChaCha20_ctr32,.-ChaCha20_ctr32 .type ChaCha20_neon,%function .align 5 ChaCha20_neon: +.inst 0xd503233f // paciasp stp x29,x30,[sp,#-96]! add x29,sp,#0 @@ -690,6 +694,7 @@ ChaCha20_neon: ldp x25,x26,[x29,#64] ldp x27,x28,[x29,#80] ldp x29,x30,[sp],#96 +.inst 0xd50323bf // autiasp ret .Ltail_neon: @@ -799,11 +804,13 @@ ChaCha20_neon: ldp x25,x26,[x29,#64] ldp x27,x28,[x29,#80] ldp x29,x30,[sp],#96 +.inst 0xd50323bf // autiasp ret .size ChaCha20_neon,.-ChaCha20_neon .type ChaCha20_512_neon,%function .align 5 ChaCha20_512_neon: +.inst 0xd503233f // paciasp stp x29,x30,[sp,#-96]! add x29,sp,#0 @@ -1966,5 +1973,6 @@ ChaCha20_512_neon: ldp x25,x26,[x29,#64] ldp x27,x28,[x29,#80] ldp x29,x30,[sp],#96 +.inst 0xd50323bf // autiasp ret .size ChaCha20_512_neon,.-ChaCha20_512_neon diff --git a/secure/lib/libcrypto/aarch64/ecp_nistz256-armv8.S b/secure/lib/libcrypto/aarch64/ecp_nistz256-armv8.S index 52c11e9549c9..c0b5f8cede17 100644 --- a/secure/lib/libcrypto/aarch64/ecp_nistz256-armv8.S +++ b/secure/lib/libcrypto/aarch64/ecp_nistz256-armv8.S @@ -2397,6 +2397,7 @@ ecp_nistz256_precomputed: .type ecp_nistz256_to_mont,%function .align 6 ecp_nistz256_to_mont: +.inst 0xd503233f // paciasp stp x29,x30,[sp,#-32]! add x29,sp,#0 stp x19,x20,[sp,#16] @@ -2412,6 +2413,7 @@ ecp_nistz256_to_mont: ldp x19,x20,[sp,#16] ldp x29,x30,[sp],#32 +.inst 0xd50323bf // autiasp ret .size ecp_nistz256_to_mont,.-ecp_nistz256_to_mont @@ -2420,6 +2422,7 @@ ecp_nistz256_to_mont: .type ecp_nistz256_from_mont,%function .align 4 ecp_nistz256_from_mont: +.inst 0xd503233f // paciasp stp x29,x30,[sp,#-32]! add x29,sp,#0 stp x19,x20,[sp,#16] @@ -2435,6 +2438,7 @@ ecp_nistz256_from_mont: ldp x19,x20,[sp,#16] ldp x29,x30,[sp],#32 +.inst 0xd50323bf // autiasp ret .size ecp_nistz256_from_mont,.-ecp_nistz256_from_mont @@ -2444,6 +2448,7 @@ ecp_nistz256_from_mont: .type ecp_nistz256_mul_mont,%function .align 4 ecp_nistz256_mul_mont: +.inst 0xd503233f // paciasp stp x29,x30,[sp,#-32]! add x29,sp,#0 stp x19,x20,[sp,#16] @@ -2458,6 +2463,7 @@ ecp_nistz256_mul_mont: ldp x19,x20,[sp,#16] ldp x29,x30,[sp],#32 +.inst 0xd50323bf // autiasp ret .size ecp_nistz256_mul_mont,.-ecp_nistz256_mul_mont @@ -2466,6 +2472,7 @@ ecp_nistz256_mul_mont: .type ecp_nistz256_sqr_mont,%function .align 4 ecp_nistz256_sqr_mont: +.inst 0xd503233f // paciasp stp x29,x30,[sp,#-32]! add x29,sp,#0 stp x19,x20,[sp,#16] @@ -2479,6 +2486,7 @@ ecp_nistz256_sqr_mont: ldp x19,x20,[sp,#16] ldp x29,x30,[sp],#32 +.inst 0xd50323bf // autiasp ret .size ecp_nistz256_sqr_mont,.-ecp_nistz256_sqr_mont @@ -2488,6 +2496,7 @@ ecp_nistz256_sqr_mont: .type ecp_nistz256_add,%function .align 4 ecp_nistz256_add: +.inst 0xd503233f // paciasp stp x29,x30,[sp,#-16]! add x29,sp,#0 @@ -2501,6 +2510,7 @@ ecp_nistz256_add: bl __ecp_nistz256_add ldp x29,x30,[sp],#16 +.inst 0xd50323bf // autiasp ret .size ecp_nistz256_add,.-ecp_nistz256_add @@ -2509,6 +2519,7 @@ ecp_nistz256_add: .type ecp_nistz256_div_by_2,%function .align 4 ecp_nistz256_div_by_2: +.inst 0xd503233f // paciasp stp x29,x30,[sp,#-16]! add x29,sp,#0 @@ -2520,6 +2531,7 @@ ecp_nistz256_div_by_2: bl __ecp_nistz256_div_by_2 ldp x29,x30,[sp],#16 +.inst 0xd50323bf // autiasp ret .size ecp_nistz256_div_by_2,.-ecp_nistz256_div_by_2 @@ -2528,6 +2540,7 @@ ecp_nistz256_div_by_2: .type ecp_nistz256_mul_by_2,%function .align 4 ecp_nistz256_mul_by_2: +.inst 0xd503233f // paciasp stp x29,x30,[sp,#-16]! add x29,sp,#0 @@ -2543,6 +2556,7 @@ ecp_nistz256_mul_by_2: bl __ecp_nistz256_add // ret = a+a // 2*a ldp x29,x30,[sp],#16 +.inst 0xd50323bf // autiasp ret .size ecp_nistz256_mul_by_2,.-ecp_nistz256_mul_by_2 @@ -2551,6 +2565,7 @@ ecp_nistz256_mul_by_2: .type ecp_nistz256_mul_by_3,%function .align 4 ecp_nistz256_mul_by_3: +.inst 0xd503233f // paciasp stp x29,x30,[sp,#-16]! add x29,sp,#0 @@ -2577,6 +2592,7 @@ ecp_nistz256_mul_by_3: bl __ecp_nistz256_add // ret += a // 2*a+a=3*a ldp x29,x30,[sp],#16 +.inst 0xd50323bf // autiasp ret .size ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3 @@ -2586,6 +2602,7 @@ ecp_nistz256_mul_by_3: .type ecp_nistz256_sub,%function .align 4 ecp_nistz256_sub: +.inst 0xd503233f // paciasp stp x29,x30,[sp,#-16]! add x29,sp,#0 @@ -2597,6 +2614,7 @@ ecp_nistz256_sub: bl __ecp_nistz256_sub_from ldp x29,x30,[sp],#16 +.inst 0xd50323bf // autiasp ret .size ecp_nistz256_sub,.-ecp_nistz256_sub @@ -2605,6 +2623,7 @@ ecp_nistz256_sub: .type ecp_nistz256_neg,%function .align 4 ecp_nistz256_neg: +.inst 0xd503233f // paciasp stp x29,x30,[sp,#-16]! add x29,sp,#0 @@ -2619,6 +2638,7 @@ ecp_nistz256_neg: bl __ecp_nistz256_sub_from ldp x29,x30,[sp],#16 +.inst 0xd50323bf // autiasp ret .size ecp_nistz256_neg,.-ecp_nistz256_neg @@ -2996,6 +3016,7 @@ __ecp_nistz256_div_by_2: .type ecp_nistz256_point_double,%function .align 5 ecp_nistz256_point_double: +.inst 0xd503233f // paciasp stp x29,x30,[sp,#-80]! add x29,sp,#0 stp x19,x20,[sp,#16] @@ -3130,12 +3151,14 @@ ecp_nistz256_point_double: ldp x19,x20,[x29,#16] ldp x21,x22,[x29,#32] ldp x29,x30,[sp],#80 +.inst 0xd50323bf // autiasp ret .size ecp_nistz256_point_double,.-ecp_nistz256_point_double .globl ecp_nistz256_point_add .type ecp_nistz256_point_add,%function .align 5 ecp_nistz256_point_add: +.inst 0xd503233f // paciasp stp x29,x30,[sp,#-80]! add x29,sp,#0 stp x19,x20,[sp,#16] @@ -3385,18 +3408,20 @@ ecp_nistz256_point_add: stp x16,x17,[x21,#64+16] .Ladd_done: - add sp,x29,#0 // destroy frame + add sp,x29,#0 // destroy frame ldp x19,x20,[x29,#16] ldp x21,x22,[x29,#32] ldp x23,x24,[x29,#48] ldp x25,x26,[x29,#64] ldp x29,x30,[sp],#80 +.inst 0xd50323bf // autiasp ret .size ecp_nistz256_point_add,.-ecp_nistz256_point_add .globl ecp_nistz256_point_add_affine .type ecp_nistz256_point_add_affine,%function .align 5 ecp_nistz256_point_add_affine: +.inst 0xd503233f // paciasp stp x29,x30,[sp,#-80]! add x29,sp,#0 stp x19,x20,[sp,#16] @@ -3595,6 +3620,7 @@ ecp_nistz256_point_add_affine: ldp x23,x24,[x29,#48] ldp x25,x26,[x29,#64] ldp x29,x30,[sp],#80 +.inst 0xd50323bf // autiasp ret .size ecp_nistz256_point_add_affine,.-ecp_nistz256_point_add_affine //////////////////////////////////////////////////////////////////////// diff --git a/secure/lib/libcrypto/aarch64/keccak1600-armv8.S b/secure/lib/libcrypto/aarch64/keccak1600-armv8.S index 50bf2fb4a8ec..ff3f7f83e527 100644 --- a/secure/lib/libcrypto/aarch64/keccak1600-armv8.S +++ b/secure/lib/libcrypto/aarch64/keccak1600-armv8.S @@ -36,6 +36,7 @@ iotas: .align 5 KeccakF1600_int: adr x28,iotas +.inst 0xd503233f // paciasp stp x28,x30,[sp,#16] // 32 bytes on top are mine b .Loop .align 4 @@ -199,12 +200,14 @@ KeccakF1600_int: bne .Loop ldr x30,[sp,#24] +.inst 0xd50323bf // autiasp ret .size KeccakF1600_int,.-KeccakF1600_int .type KeccakF1600,%function .align 5 KeccakF1600: +.inst 0xd503233f // paciasp stp x29,x30,[sp,#-128]! add x29,sp,#0 stp x19,x20,[sp,#16] @@ -254,6 +257,7 @@ KeccakF1600: ldp x25,x26,[x29,#64] ldp x27,x28,[x29,#80] ldp x29,x30,[sp],#128 +.inst 0xd50323bf // autiasp ret .size KeccakF1600,.-KeccakF1600 @@ -261,6 +265,7 @@ KeccakF1600: .type SHA3_absorb,%function .align 5 SHA3_absorb: +.inst 0xd503233f // paciasp stp x29,x30,[sp,#-128]! add x29,sp,#0 stp x19,x20,[sp,#16] @@ -494,12 +499,14 @@ SHA3_absorb: ldp x25,x26,[x29,#64] ldp x27,x28,[x29,#80] ldp x29,x30,[sp],#128 +.inst 0xd50323bf // autiasp ret .size SHA3_absorb,.-SHA3_absorb .globl SHA3_squeeze .type SHA3_squeeze,%function .align 5 SHA3_squeeze: +.inst 0xd503233f // paciasp stp x29,x30,[sp,#-48]! add x29,sp,#0 stp x19,x20,[sp,#16] @@ -562,6 +569,7 @@ SHA3_squeeze: ldp x19,x20,[sp,#16] ldp x21,x22,[sp,#32] ldp x29,x30,[sp],#48 +.inst 0xd50323bf // autiasp ret .size SHA3_squeeze,.-SHA3_squeeze .type KeccakF1600_ce,%function @@ -755,6 +763,7 @@ KeccakF1600_ce: .type KeccakF1600_cext,%function .align 5 KeccakF1600_cext: +.inst 0xd503233f // paciasp stp x29,x30,[sp,#-80]! add x29,sp,#0 stp d8,d9,[sp,#16] // per ABI requirement @@ -795,12 +804,14 @@ KeccakF1600_cext: ldp d12,d13,[sp,#48] ldp d14,d15,[sp,#64] ldr x29,[sp],#80 +.inst 0xd50323bf // autiasp ret .size KeccakF1600_cext,.-KeccakF1600_cext .globl SHA3_absorb_cext .type SHA3_absorb_cext,%function .align 5 SHA3_absorb_cext: +.inst 0xd503233f // paciasp stp x29,x30,[sp,#-80]! add x29,sp,#0 stp d8,d9,[sp,#16] // per ABI requirement @@ -1016,12 +1027,14 @@ SHA3_absorb_cext: ldp d12,d13,[sp,#48] ldp d14,d15,[sp,#64] ldp x29,x30,[sp],#80 +.inst 0xd50323bf // autiasp ret .size SHA3_absorb_cext,.-SHA3_absorb_cext .globl SHA3_squeeze_cext .type SHA3_squeeze_cext,%function .align 5 SHA3_squeeze_cext: +.inst 0xd503233f // paciasp stp x29,x30,[sp,#-16]! add x29,sp,#0 mov x9,x0 @@ -1077,6 +1090,7 @@ SHA3_squeeze_cext: .Lsqueeze_done_ce: ldr x29,[sp],#16 +.inst 0xd50323bf // autiasp ret .size SHA3_squeeze_cext,.-SHA3_squeeze_cext .byte 75,101,99,99,97,107,45,49,54,48,48,32,97,98,115,111,114,98,32,97,110,100,32,115,113,117,101,101,122,101,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 diff --git a/secure/lib/libcrypto/aarch64/poly1305-armv8.S b/secure/lib/libcrypto/aarch64/poly1305-armv8.S index 022d84526a52..5e145838fe34 100644 --- a/secure/lib/libcrypto/aarch64/poly1305-armv8.S +++ b/secure/lib/libcrypto/aarch64/poly1305-armv8.S @@ -228,6 +228,7 @@ poly1305_blocks_neon: cbz x17,poly1305_blocks .Lblocks_neon: +.inst 0xd503233f // paciasp stp x29,x30,[sp,#-80]! add x29,sp,#0 @@ -796,6 +797,7 @@ poly1305_blocks_neon: st1 {v23.s}[0],[x0] .Lno_data_neon: +.inst 0xd50323bf // autiasp ldr x29,[sp],#80 ret .size poly1305_blocks_neon,.-poly1305_blocks_neon diff --git a/secure/lib/libcrypto/aarch64/sha256-armv8.S b/secure/lib/libcrypto/aarch64/sha256-armv8.S index 2d620be8bb5f..40d1fb269b35 100644 --- a/secure/lib/libcrypto/aarch64/sha256-armv8.S +++ b/secure/lib/libcrypto/aarch64/sha256-armv8.S @@ -1,6 +1,6 @@ /* $FreeBSD$ */ /* Do not modify. This file is auto-generated from sha512-armv8.pl. */ -// Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. +// Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved. // // Licensed under the OpenSSL license (the "License"). You may not use // this file except in compliance with the License. You can obtain a copy @@ -79,6 +79,7 @@ sha256_block_data_order: tst w16,#ARMV7_NEON b.ne .Lneon_entry #endif +.inst 0xd503233f // paciasp stp x29,x30,[sp,#-128]! add x29,sp,#0 @@ -1038,6 +1039,7 @@ sha256_block_data_order: ldp x25,x26,[x29,#64] ldp x27,x28,[x29,#80] ldp x29,x30,[sp],#128 +.inst 0xd50323bf // autiasp ret .size sha256_block_data_order,.-sha256_block_data_order diff --git a/secure/lib/libcrypto/aarch64/sha512-armv8.S b/secure/lib/libcrypto/aarch64/sha512-armv8.S index 094441cfd4ec..a2a2b030ef4c 100644 --- a/secure/lib/libcrypto/aarch64/sha512-armv8.S +++ b/secure/lib/libcrypto/aarch64/sha512-armv8.S @@ -1,6 +1,6 @@ /* $FreeBSD$ */ /* Do not modify. This file is auto-generated from sha512-armv8.pl. */ -// Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. +// Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved. // // Licensed under the OpenSSL license (the "License"). You may not use // this file except in compliance with the License. You can obtain a copy @@ -77,6 +77,7 @@ sha512_block_data_order: tst w16,#ARMV8_SHA512 b.ne .Lv8_entry #endif +.inst 0xd503233f // paciasp stp x29,x30,[sp,#-128]! add x29,sp,#0 @@ -1036,6 +1037,7 @@ sha512_block_data_order: ldp x25,x26,[x29,#64] ldp x27,x28,[x29,#80] ldp x29,x30,[sp],#128 +.inst 0xd50323bf // autiasp ret .size sha512_block_data_order,.-sha512_block_data_order diff --git a/secure/lib/libcrypto/aarch64/vpaes-armv8.S b/secure/lib/libcrypto/aarch64/vpaes-armv8.S index cc9bc79012ab..390125ff0521 100644 --- a/secure/lib/libcrypto/aarch64/vpaes-armv8.S +++ b/secure/lib/libcrypto/aarch64/vpaes-armv8.S @@ -197,6 +197,7 @@ _vpaes_encrypt_core: .type vpaes_encrypt,%function .align 4 vpaes_encrypt: +.inst 0xd503233f // paciasp stp x29,x30,[sp,#-16]! add x29,sp,#0 @@ -206,6 +207,7 @@ vpaes_encrypt: st1 {v0.16b}, [x1] ldp x29,x30,[sp],#16 +.inst 0xd50323bf // autiasp ret .size vpaes_encrypt,.-vpaes_encrypt @@ -428,6 +430,7 @@ _vpaes_decrypt_core: .type vpaes_decrypt,%function .align 4 vpaes_decrypt: +.inst 0xd503233f // paciasp stp x29,x30,[sp,#-16]! add x29,sp,#0 @@ -437,6 +440,7 @@ vpaes_decrypt: st1 {v0.16b}, [x1] ldp x29,x30,[sp],#16 +.inst 0xd50323bf // autiasp ret .size vpaes_decrypt,.-vpaes_decrypt @@ -600,6 +604,7 @@ _vpaes_key_preheat: .type _vpaes_schedule_core,%function .align 4 _vpaes_schedule_core: +.inst 0xd503233f // paciasp stp x29, x30, [sp,#-16]! add x29,sp,#0 @@ -764,6 +769,7 @@ _vpaes_schedule_core: eor v6.16b, v6.16b, v6.16b // vpxor %xmm6, %xmm6, %xmm6 eor v7.16b, v7.16b, v7.16b // vpxor %xmm7, %xmm7, %xmm7 ldp x29, x30, [sp],#16 +.inst 0xd50323bf // autiasp ret .size _vpaes_schedule_core,.-_vpaes_schedule_core @@ -976,6 +982,7 @@ _vpaes_schedule_mangle: .type vpaes_set_encrypt_key,%function .align 4 vpaes_set_encrypt_key: +.inst 0xd503233f // paciasp stp x29,x30,[sp,#-16]! add x29,sp,#0 stp d8,d9,[sp,#-16]! // ABI spec says so @@ -991,6 +998,7 @@ vpaes_set_encrypt_key: ldp d8,d9,[sp],#16 ldp x29,x30,[sp],#16 +.inst 0xd50323bf // autiasp ret .size vpaes_set_encrypt_key,.-vpaes_set_encrypt_key @@ -998,6 +1006,7 @@ vpaes_set_encrypt_key: .type vpaes_set_decrypt_key,%function .align 4 vpaes_set_decrypt_key: +.inst 0xd503233f // paciasp stp x29,x30,[sp,#-16]! add x29,sp,#0 stp d8,d9,[sp,#-16]! // ABI spec says so @@ -1017,6 +1026,7 @@ vpaes_set_decrypt_key: ldp d8,d9,[sp],#16 ldp x29,x30,[sp],#16 +.inst 0xd50323bf // autiasp ret .size vpaes_set_decrypt_key,.-vpaes_set_decrypt_key .globl vpaes_cbc_encrypt @@ -1027,6 +1037,7 @@ vpaes_cbc_encrypt: cmp w5, #0 // check direction b.eq vpaes_cbc_decrypt +.inst 0xd503233f // paciasp stp x29,x30,[sp,#-16]! add x29,sp,#0 @@ -1049,6 +1060,7 @@ vpaes_cbc_encrypt: st1 {v0.16b}, [x4] // write ivec ldp x29,x30,[sp],#16 +.inst 0xd50323bf // autiasp .Lcbc_abort: ret .size vpaes_cbc_encrypt,.-vpaes_cbc_encrypt @@ -1056,6 +1068,7 @@ vpaes_cbc_encrypt: .type vpaes_cbc_decrypt,%function .align 4 vpaes_cbc_decrypt: +.inst 0xd503233f // paciasp stp x29,x30,[sp,#-16]! add x29,sp,#0 stp d8,d9,[sp,#-16]! // ABI spec says so @@ -1097,12 +1110,14 @@ vpaes_cbc_decrypt: ldp d10,d11,[sp],#16 ldp d8,d9,[sp],#16 ldp x29,x30,[sp],#16 +.inst 0xd50323bf // autiasp ret .size vpaes_cbc_decrypt,.-vpaes_cbc_decrypt .globl vpaes_ecb_encrypt .type vpaes_ecb_encrypt,%function .align 4 vpaes_ecb_encrypt: +.inst 0xd503233f // paciasp stp x29,x30,[sp,#-16]! add x29,sp,#0 stp d8,d9,[sp,#-16]! // ABI spec says so @@ -1136,6 +1151,7 @@ vpaes_ecb_encrypt: ldp d10,d11,[sp],#16 ldp d8,d9,[sp],#16 ldp x29,x30,[sp],#16 +.inst 0xd50323bf // autiasp ret .size vpaes_ecb_encrypt,.-vpaes_ecb_encrypt @@ -1143,6 +1159,7 @@ vpaes_ecb_encrypt: .type vpaes_ecb_decrypt,%function .align 4 vpaes_ecb_decrypt: +.inst 0xd503233f // paciasp stp x29,x30,[sp,#-16]! add x29,sp,#0 stp d8,d9,[sp,#-16]! // ABI spec says so @@ -1176,5 +1193,6 @@ vpaes_ecb_decrypt: ldp d10,d11,[sp],#16 ldp d8,d9,[sp],#16 ldp x29,x30,[sp],#16 +.inst 0xd50323bf // autiasp ret .size vpaes_ecb_decrypt,.-vpaes_ecb_decrypt diff --git a/secure/lib/libcrypto/amd64/aes-x86_64.S b/secure/lib/libcrypto/amd64/aes-x86_64.S index f7750aea410b..38627ac0363b 100644 --- a/secure/lib/libcrypto/amd64/aes-x86_64.S +++ b/secure/lib/libcrypto/amd64/aes-x86_64.S @@ -157,6 +157,7 @@ _x86_64_AES_encrypt: .type _x86_64_AES_encrypt_compact,@function .align 16 _x86_64_AES_encrypt_compact: +.cfi_startproc leaq 128(%r14),%r8 movl 0-128(%r8),%edi movl 32-128(%r8),%ebp @@ -326,6 +327,7 @@ _x86_64_AES_encrypt_compact: xorl 8(%r15),%ecx xorl 12(%r15),%edx .byte 0xf3,0xc3 +.cfi_endproc .size _x86_64_AES_encrypt_compact,.-_x86_64_AES_encrypt_compact .globl AES_encrypt .type AES_encrypt,@function @@ -570,6 +572,7 @@ _x86_64_AES_decrypt: .type _x86_64_AES_decrypt_compact,@function .align 16 _x86_64_AES_decrypt_compact: +.cfi_startproc leaq 128(%r14),%r8 movl 0-128(%r8),%edi movl 32-128(%r8),%ebp @@ -791,6 +794,7 @@ _x86_64_AES_decrypt_compact: xorl 8(%r15),%ecx xorl 12(%r15),%edx .byte 0xf3,0xc3 +.cfi_endproc .size _x86_64_AES_decrypt_compact,.-_x86_64_AES_decrypt_compact .globl AES_decrypt .type AES_decrypt,@function @@ -922,6 +926,7 @@ AES_set_encrypt_key: .type _x86_64_AES_set_encrypt_key,@function .align 16 _x86_64_AES_set_encrypt_key: +.cfi_startproc movl %esi,%ecx movq %rdi,%rsi movq %rdx,%rdi @@ -1157,6 +1162,7 @@ _x86_64_AES_set_encrypt_key: movq $-1,%rax .Lexit: .byte 0xf3,0xc3 +.cfi_endproc .size _x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key .globl AES_set_decrypt_key .type AES_set_decrypt_key,@function @@ -1379,8 +1385,9 @@ AES_cbc_encrypt: cmpq $0,%rdx je .Lcbc_epilogue pushfq + + .cfi_adjust_cfa_offset 8 -.cfi_offset 49,-16 pushq %rbx .cfi_adjust_cfa_offset 8 .cfi_offset %rbx,-24 @@ -1409,6 +1416,7 @@ AES_cbc_encrypt: cmpq $0,%r9 cmoveq %r10,%r14 +.cfi_remember_state movl OPENSSL_ia32cap_P(%rip),%r10d cmpq $512,%rdx jb .Lcbc_slow_prologue @@ -1644,6 +1652,7 @@ AES_cbc_encrypt: .align 16 .Lcbc_slow_prologue: +.cfi_restore_state leaq -88(%rsp),%rbp andq $-64,%rbp @@ -1655,8 +1664,10 @@ AES_cbc_encrypt: subq %r10,%rbp xchgq %rsp,%rbp +.cfi_def_cfa_register %rbp movq %rbp,16(%rsp) +.cfi_escape 0x0f,0x05,0x77,0x10,0x06,0x23,0x40 .Lcbc_slow_body: @@ -1845,8 +1856,9 @@ AES_cbc_encrypt: .cfi_def_cfa %rsp,16 .Lcbc_popfq: popfq + + .cfi_adjust_cfa_offset -8 -.cfi_restore 49 .Lcbc_epilogue: .byte 0xf3,0xc3 .cfi_endproc diff --git a/secure/lib/libcrypto/amd64/aesni-x86_64.S b/secure/lib/libcrypto/amd64/aesni-x86_64.S index b4cb5b92f6af..e2ef2d6666cb 100644 --- a/secure/lib/libcrypto/amd64/aesni-x86_64.S +++ b/secure/lib/libcrypto/amd64/aesni-x86_64.S @@ -6,6 +6,7 @@ .type aesni_encrypt,@function .align 16 aesni_encrypt: +.cfi_startproc movups (%rdi),%xmm2 movl 240(%rdx),%eax movups (%rdx),%xmm0 @@ -24,12 +25,14 @@ aesni_encrypt: movups %xmm2,(%rsi) pxor %xmm2,%xmm2 .byte 0xf3,0xc3 +.cfi_endproc .size aesni_encrypt,.-aesni_encrypt .globl aesni_decrypt .type aesni_decrypt,@function .align 16 aesni_decrypt: +.cfi_startproc movups (%rdi),%xmm2 movl 240(%rdx),%eax movups (%rdx),%xmm0 @@ -48,10 +51,12 @@ aesni_decrypt: movups %xmm2,(%rsi) pxor %xmm2,%xmm2 .byte 0xf3,0xc3 +.cfi_endproc .size aesni_decrypt, .-aesni_decrypt .type _aesni_encrypt2,@function .align 16 _aesni_encrypt2: +.cfi_startproc movups (%rcx),%xmm0 shll $4,%eax movups 16(%rcx),%xmm1 @@ -77,10 +82,12 @@ _aesni_encrypt2: .byte 102,15,56,221,208 .byte 102,15,56,221,216 .byte 0xf3,0xc3 +.cfi_endproc .size _aesni_encrypt2,.-_aesni_encrypt2 .type _aesni_decrypt2,@function .align 16 _aesni_decrypt2: +.cfi_startproc movups (%rcx),%xmm0 shll $4,%eax movups 16(%rcx),%xmm1 @@ -106,10 +113,12 @@ _aesni_decrypt2: .byte 102,15,56,223,208 .byte 102,15,56,223,216 .byte 0xf3,0xc3 +.cfi_endproc .size _aesni_decrypt2,.-_aesni_decrypt2 .type _aesni_encrypt3,@function .align 16 _aesni_encrypt3: +.cfi_startproc movups (%rcx),%xmm0 shll $4,%eax movups 16(%rcx),%xmm1 @@ -140,10 +149,12 @@ _aesni_encrypt3: .byte 102,15,56,221,216 .byte 102,15,56,221,224 .byte 0xf3,0xc3 +.cfi_endproc .size _aesni_encrypt3,.-_aesni_encrypt3 .type _aesni_decrypt3,@function .align 16 _aesni_decrypt3: +.cfi_startproc movups (%rcx),%xmm0 shll $4,%eax movups 16(%rcx),%xmm1 @@ -174,10 +185,12 @@ _aesni_decrypt3: .byte 102,15,56,223,216 .byte 102,15,56,223,224 .byte 0xf3,0xc3 +.cfi_endproc .size _aesni_decrypt3,.-_aesni_decrypt3 .type _aesni_encrypt4,@function .align 16 _aesni_encrypt4: +.cfi_startproc movups (%rcx),%xmm0 shll $4,%eax movups 16(%rcx),%xmm1 @@ -214,10 +227,12 @@ _aesni_encrypt4: .byte 102,15,56,221,224 .byte 102,15,56,221,232 .byte 0xf3,0xc3 +.cfi_endproc .size _aesni_encrypt4,.-_aesni_encrypt4 .type _aesni_decrypt4,@function .align 16 _aesni_decrypt4: +.cfi_startproc movups (%rcx),%xmm0 shll $4,%eax movups 16(%rcx),%xmm1 @@ -254,10 +269,12 @@ _aesni_decrypt4: .byte 102,15,56,223,224 .byte 102,15,56,223,232 .byte 0xf3,0xc3 +.cfi_endproc .size _aesni_decrypt4,.-_aesni_decrypt4 .type _aesni_encrypt6,@function .align 16 _aesni_encrypt6: +.cfi_startproc movups (%rcx),%xmm0 shll $4,%eax movups 16(%rcx),%xmm1 @@ -308,10 +325,12 @@ _aesni_encrypt6: .byte 102,15,56,221,240 .byte 102,15,56,221,248 .byte 0xf3,0xc3 +.cfi_endproc .size _aesni_encrypt6,.-_aesni_encrypt6 .type _aesni_decrypt6,@function .align 16 _aesni_decrypt6: +.cfi_startproc movups (%rcx),%xmm0 shll $4,%eax movups 16(%rcx),%xmm1 @@ -362,10 +381,12 @@ _aesni_decrypt6: .byte 102,15,56,223,240 .byte 102,15,56,223,248 .byte 0xf3,0xc3 +.cfi_endproc .size _aesni_decrypt6,.-_aesni_decrypt6 .type _aesni_encrypt8,@function .align 16 _aesni_encrypt8: +.cfi_startproc movups (%rcx),%xmm0 shll $4,%eax movups 16(%rcx),%xmm1 @@ -426,10 +447,12 @@ _aesni_encrypt8: .byte 102,68,15,56,221,192 .byte 102,68,15,56,221,200 .byte 0xf3,0xc3 +.cfi_endproc .size _aesni_encrypt8,.-_aesni_encrypt8 .type _aesni_decrypt8,@function .align 16 _aesni_decrypt8: +.cfi_startproc movups (%rcx),%xmm0 shll $4,%eax movups 16(%rcx),%xmm1 @@ -490,11 +513,13 @@ _aesni_decrypt8: .byte 102,68,15,56,223,192 .byte 102,68,15,56,223,200 .byte 0xf3,0xc3 +.cfi_endproc .size _aesni_decrypt8,.-_aesni_decrypt8 .globl aesni_ecb_encrypt .type aesni_ecb_encrypt,@function .align 16 aesni_ecb_encrypt: +.cfi_startproc andq $-16,%rdx jz .Lecb_ret @@ -832,6 +857,7 @@ aesni_ecb_encrypt: xorps %xmm0,%xmm0 pxor %xmm1,%xmm1 .byte 0xf3,0xc3 +.cfi_endproc .size aesni_ecb_encrypt,.-aesni_ecb_encrypt .globl aesni_ccm64_encrypt_blocks .type aesni_ccm64_encrypt_blocks,@function diff --git a/secure/lib/libcrypto/amd64/bsaes-x86_64.S b/secure/lib/libcrypto/amd64/bsaes-x86_64.S index dcd0eb5c0ea1..8b68f80dbc9b 100644 --- a/secure/lib/libcrypto/amd64/bsaes-x86_64.S +++ b/secure/lib/libcrypto/amd64/bsaes-x86_64.S @@ -8,6 +8,7 @@ .type _bsaes_encrypt8,@function .align 64 _bsaes_encrypt8: +.cfi_startproc leaq .LBS0(%rip),%r11 movdqa (%rax),%xmm8 @@ -475,11 +476,13 @@ _bsaes_encrypt8_bitslice: pxor %xmm7,%xmm15 pxor %xmm7,%xmm0 .byte 0xf3,0xc3 +.cfi_endproc .size _bsaes_encrypt8,.-_bsaes_encrypt8 .type _bsaes_decrypt8,@function .align 64 _bsaes_decrypt8: +.cfi_startproc leaq .LBS0(%rip),%r11 movdqa (%rax),%xmm8 @@ -981,10 +984,12 @@ _bsaes_decrypt8: pxor %xmm7,%xmm15 pxor %xmm7,%xmm0 .byte 0xf3,0xc3 +.cfi_endproc .size _bsaes_decrypt8,.-_bsaes_decrypt8 .type _bsaes_key_convert,@function .align 16 _bsaes_key_convert: +.cfi_startproc leaq .Lmasks(%rip),%r11 movdqu (%rcx),%xmm7 leaq 16(%rcx),%rcx @@ -1063,6 +1068,7 @@ _bsaes_key_convert: movdqa 80(%r11),%xmm7 .byte 0xf3,0xc3 +.cfi_endproc .size _bsaes_key_convert,.-_bsaes_key_convert .globl bsaes_cbc_encrypt diff --git a/secure/lib/libcrypto/amd64/ecp_nistz256-x86_64.S b/secure/lib/libcrypto/amd64/ecp_nistz256-x86_64.S index b8de76454af4..1176feea40c2 100644 --- a/secure/lib/libcrypto/amd64/ecp_nistz256-x86_64.S +++ b/secure/lib/libcrypto/amd64/ecp_nistz256-x86_64.S @@ -3961,6 +3961,7 @@ ecp_nistz256_mul_mont: .type __ecp_nistz256_mul_montq,@function .align 32 __ecp_nistz256_mul_montq: +.cfi_startproc movq %rax,%rbp @@ -4172,6 +4173,7 @@ __ecp_nistz256_mul_montq: movq %r9,24(%rdi) .byte 0xf3,0xc3 +.cfi_endproc .size __ecp_nistz256_mul_montq,.-__ecp_nistz256_mul_montq @@ -4249,6 +4251,7 @@ ecp_nistz256_sqr_mont: .type __ecp_nistz256_sqr_montq,@function .align 32 __ecp_nistz256_sqr_montq: +.cfi_startproc movq %rax,%r13 mulq %r14 movq %rax,%r9 @@ -4406,10 +4409,12 @@ __ecp_nistz256_sqr_montq: movq %r15,24(%rdi) .byte 0xf3,0xc3 +.cfi_endproc .size __ecp_nistz256_sqr_montq,.-__ecp_nistz256_sqr_montq .type __ecp_nistz256_mul_montx,@function .align 32 __ecp_nistz256_mul_montx: +.cfi_startproc mulxq %r9,%r8,%r9 @@ -4572,11 +4577,13 @@ __ecp_nistz256_mul_montx: movq %r9,24(%rdi) .byte 0xf3,0xc3 +.cfi_endproc .size __ecp_nistz256_mul_montx,.-__ecp_nistz256_mul_montx .type __ecp_nistz256_sqr_montx,@function .align 32 __ecp_nistz256_sqr_montx: +.cfi_startproc mulxq %r14,%r9,%r10 mulxq %r15,%rcx,%r11 xorl %eax,%eax @@ -4700,6 +4707,7 @@ __ecp_nistz256_sqr_montx: movq %r15,24(%rdi) .byte 0xf3,0xc3 +.cfi_endproc .size __ecp_nistz256_sqr_montx,.-__ecp_nistz256_sqr_montx @@ -4839,6 +4847,7 @@ ecp_nistz256_scatter_w5: .type ecp_nistz256_gather_w5,@function .align 32 ecp_nistz256_gather_w5: +.cfi_startproc movl OPENSSL_ia32cap_P+8(%rip),%eax testl $32,%eax jnz .Lavx2_gather_w5 @@ -4893,6 +4902,7 @@ ecp_nistz256_gather_w5: movdqu %xmm6,64(%rdi) movdqu %xmm7,80(%rdi) .byte 0xf3,0xc3 +.cfi_endproc .LSEH_end_ecp_nistz256_gather_w5: .size ecp_nistz256_gather_w5,.-ecp_nistz256_gather_w5 @@ -4921,6 +4931,7 @@ ecp_nistz256_scatter_w7: .type ecp_nistz256_gather_w7,@function .align 32 ecp_nistz256_gather_w7: +.cfi_startproc movl OPENSSL_ia32cap_P+8(%rip),%eax testl $32,%eax jnz .Lavx2_gather_w7 @@ -4964,6 +4975,7 @@ ecp_nistz256_gather_w7: movdqu %xmm4,32(%rdi) movdqu %xmm5,48(%rdi) .byte 0xf3,0xc3 +.cfi_endproc .LSEH_end_ecp_nistz256_gather_w7: .size ecp_nistz256_gather_w7,.-ecp_nistz256_gather_w7 @@ -4971,6 +4983,7 @@ ecp_nistz256_gather_w7: .type ecp_nistz256_avx2_gather_w5,@function .align 32 ecp_nistz256_avx2_gather_w5: +.cfi_startproc .Lavx2_gather_w5: vzeroupper vmovdqa .LTwo(%rip),%ymm0 @@ -5025,6 +5038,7 @@ ecp_nistz256_avx2_gather_w5: vmovdqu %ymm4,64(%rdi) vzeroupper .byte 0xf3,0xc3 +.cfi_endproc .LSEH_end_ecp_nistz256_avx2_gather_w5: .size ecp_nistz256_avx2_gather_w5,.-ecp_nistz256_avx2_gather_w5 @@ -5034,6 +5048,7 @@ ecp_nistz256_avx2_gather_w5: .type ecp_nistz256_avx2_gather_w7,@function .align 32 ecp_nistz256_avx2_gather_w7: +.cfi_startproc .Lavx2_gather_w7: vzeroupper vmovdqa .LThree(%rip),%ymm0 @@ -5103,11 +5118,13 @@ ecp_nistz256_avx2_gather_w7: vmovdqu %ymm3,32(%rdi) vzeroupper .byte 0xf3,0xc3 +.cfi_endproc .LSEH_end_ecp_nistz256_avx2_gather_w7: .size ecp_nistz256_avx2_gather_w7,.-ecp_nistz256_avx2_gather_w7 .type __ecp_nistz256_add_toq,@function .align 32 __ecp_nistz256_add_toq: +.cfi_startproc xorq %r11,%r11 addq 0(%rbx),%r12 adcq 8(%rbx),%r13 @@ -5135,11 +5152,13 @@ __ecp_nistz256_add_toq: movq %r9,24(%rdi) .byte 0xf3,0xc3 +.cfi_endproc .size __ecp_nistz256_add_toq,.-__ecp_nistz256_add_toq .type __ecp_nistz256_sub_fromq,@function .align 32 __ecp_nistz256_sub_fromq: +.cfi_startproc subq 0(%rbx),%r12 sbbq 8(%rbx),%r13 movq %r12,%rax @@ -5166,11 +5185,13 @@ __ecp_nistz256_sub_fromq: movq %r9,24(%rdi) .byte 0xf3,0xc3 +.cfi_endproc .size __ecp_nistz256_sub_fromq,.-__ecp_nistz256_sub_fromq .type __ecp_nistz256_subq,@function .align 32 __ecp_nistz256_subq: +.cfi_startproc subq %r12,%rax sbbq %r13,%rbp movq %rax,%r12 @@ -5193,11 +5214,13 @@ __ecp_nistz256_subq: cmovnzq %r10,%r9 .byte 0xf3,0xc3 +.cfi_endproc .size __ecp_nistz256_subq,.-__ecp_nistz256_subq .type __ecp_nistz256_mul_by_2q,@function .align 32 __ecp_nistz256_mul_by_2q: +.cfi_startproc xorq %r11,%r11 addq %r12,%r12 adcq %r13,%r13 @@ -5225,6 +5248,7 @@ __ecp_nistz256_mul_by_2q: movq %r9,24(%rdi) .byte 0xf3,0xc3 +.cfi_endproc .size __ecp_nistz256_mul_by_2q,.-__ecp_nistz256_mul_by_2q .globl ecp_nistz256_point_double .type ecp_nistz256_point_double,@function @@ -5657,7 +5681,9 @@ ecp_nistz256_point_add: .byte 102,72,15,126,206 .byte 102,72,15,126,199 addq $416,%rsp +.cfi_adjust_cfa_offset -416 jmp .Lpoint_double_shortcutq +.cfi_adjust_cfa_offset 416 .align 32 .Ladd_proceedq: @@ -6219,6 +6245,7 @@ ecp_nistz256_point_add_affine: .type __ecp_nistz256_add_tox,@function .align 32 __ecp_nistz256_add_tox: +.cfi_startproc xorq %r11,%r11 adcq 0(%rbx),%r12 adcq 8(%rbx),%r13 @@ -6247,11 +6274,13 @@ __ecp_nistz256_add_tox: movq %r9,24(%rdi) .byte 0xf3,0xc3 +.cfi_endproc .size __ecp_nistz256_add_tox,.-__ecp_nistz256_add_tox .type __ecp_nistz256_sub_fromx,@function .align 32 __ecp_nistz256_sub_fromx: +.cfi_startproc xorq %r11,%r11 sbbq 0(%rbx),%r12 sbbq 8(%rbx),%r13 @@ -6280,11 +6309,13 @@ __ecp_nistz256_sub_fromx: movq %r9,24(%rdi) .byte 0xf3,0xc3 +.cfi_endproc .size __ecp_nistz256_sub_fromx,.-__ecp_nistz256_sub_fromx .type __ecp_nistz256_subx,@function .align 32 __ecp_nistz256_subx: +.cfi_startproc xorq %r11,%r11 sbbq %r12,%rax sbbq %r13,%rbp @@ -6309,11 +6340,13 @@ __ecp_nistz256_subx: cmovcq %r10,%r9 .byte 0xf3,0xc3 +.cfi_endproc .size __ecp_nistz256_subx,.-__ecp_nistz256_subx .type __ecp_nistz256_mul_by_2x,@function .align 32 __ecp_nistz256_mul_by_2x: +.cfi_startproc xorq %r11,%r11 adcq %r12,%r12 adcq %r13,%r13 @@ -6342,6 +6375,7 @@ __ecp_nistz256_mul_by_2x: movq %r9,24(%rdi) .byte 0xf3,0xc3 +.cfi_endproc .size __ecp_nistz256_mul_by_2x,.-__ecp_nistz256_mul_by_2x .type ecp_nistz256_point_doublex,@function .align 32 @@ -6766,7 +6800,9 @@ ecp_nistz256_point_addx: .byte 102,72,15,126,206 .byte 102,72,15,126,199 addq $416,%rsp +.cfi_adjust_cfa_offset -416 jmp .Lpoint_double_shortcutx +.cfi_adjust_cfa_offset 416 .align 32 .Ladd_proceedx: diff --git a/secure/lib/libcrypto/amd64/ghash-x86_64.S b/secure/lib/libcrypto/amd64/ghash-x86_64.S index 9d83bd9f1975..078353528d5f 100644 --- a/secure/lib/libcrypto/amd64/ghash-x86_64.S +++ b/secure/lib/libcrypto/amd64/ghash-x86_64.S @@ -707,6 +707,7 @@ gcm_ghash_4bit: .type gcm_init_clmul,@function .align 16 gcm_init_clmul: +.cfi_startproc .L_init_clmul: movdqu (%rsi),%xmm2 pshufd $78,%xmm2,%xmm2 @@ -858,11 +859,13 @@ gcm_init_clmul: .byte 102,15,58,15,227,8 movdqu %xmm4,80(%rdi) .byte 0xf3,0xc3 +.cfi_endproc .size gcm_init_clmul,.-gcm_init_clmul .globl gcm_gmult_clmul .type gcm_gmult_clmul,@function .align 16 gcm_gmult_clmul: +.cfi_startproc .L_gmult_clmul: movdqu (%rdi),%xmm0 movdqa .Lbswap_mask(%rip),%xmm5 @@ -909,11 +912,13 @@ gcm_gmult_clmul: .byte 102,15,56,0,197 movdqu %xmm0,(%rdi) .byte 0xf3,0xc3 +.cfi_endproc .size gcm_gmult_clmul,.-gcm_gmult_clmul .globl gcm_ghash_clmul .type gcm_ghash_clmul,@function .align 32 gcm_ghash_clmul: +.cfi_startproc .L_ghash_clmul: movdqa .Lbswap_mask(%rip),%xmm10 @@ -1292,11 +1297,13 @@ gcm_ghash_clmul: .byte 102,65,15,56,0,194 movdqu %xmm0,(%rdi) .byte 0xf3,0xc3 +.cfi_endproc .size gcm_ghash_clmul,.-gcm_ghash_clmul .globl gcm_init_avx .type gcm_init_avx,@function .align 32 gcm_init_avx: +.cfi_startproc vzeroupper vmovdqu (%rsi),%xmm2 @@ -1399,17 +1406,21 @@ gcm_init_avx: vzeroupper .byte 0xf3,0xc3 +.cfi_endproc .size gcm_init_avx,.-gcm_init_avx .globl gcm_gmult_avx .type gcm_gmult_avx,@function .align 32 gcm_gmult_avx: +.cfi_startproc jmp .L_gmult_clmul +.cfi_endproc .size gcm_gmult_avx,.-gcm_gmult_avx .globl gcm_ghash_avx .type gcm_ghash_avx,@function .align 32 gcm_ghash_avx: +.cfi_startproc vzeroupper vmovdqu (%rdi),%xmm10 @@ -1781,6 +1792,7 @@ gcm_ghash_avx: vmovdqu %xmm10,(%rdi) vzeroupper .byte 0xf3,0xc3 +.cfi_endproc .size gcm_ghash_avx,.-gcm_ghash_avx .align 64 .Lbswap_mask: diff --git a/secure/lib/libcrypto/amd64/rsaz-avx2.S b/secure/lib/libcrypto/amd64/rsaz-avx2.S index 4e186e11e870..3075a52d2eec 100644 --- a/secure/lib/libcrypto/amd64/rsaz-avx2.S +++ b/secure/lib/libcrypto/amd64/rsaz-avx2.S @@ -1214,6 +1214,7 @@ rsaz_1024_mul_avx2: .type rsaz_1024_red2norm_avx2,@function .align 32 rsaz_1024_red2norm_avx2: +.cfi_startproc subq $-128,%rsi xorq %rax,%rax movq -128(%rsi),%r8 @@ -1405,12 +1406,14 @@ rsaz_1024_red2norm_avx2: movq %rax,120(%rdi) movq %r11,%rax .byte 0xf3,0xc3 +.cfi_endproc .size rsaz_1024_red2norm_avx2,.-rsaz_1024_red2norm_avx2 .globl rsaz_1024_norm2red_avx2 .type rsaz_1024_norm2red_avx2,@function .align 32 rsaz_1024_norm2red_avx2: +.cfi_startproc subq $-128,%rdi movq (%rsi),%r8 movl $0x1fffffff,%eax @@ -1563,11 +1566,13 @@ rsaz_1024_norm2red_avx2: movq %r8,176(%rdi) movq %r8,184(%rdi) .byte 0xf3,0xc3 +.cfi_endproc .size rsaz_1024_norm2red_avx2,.-rsaz_1024_norm2red_avx2 .globl rsaz_1024_scatter5_avx2 .type rsaz_1024_scatter5_avx2,@function .align 32 rsaz_1024_scatter5_avx2: +.cfi_startproc vzeroupper vmovdqu .Lscatter_permd(%rip),%ymm5 shll $4,%edx @@ -1587,6 +1592,7 @@ rsaz_1024_scatter5_avx2: vzeroupper .byte 0xf3,0xc3 +.cfi_endproc .size rsaz_1024_scatter5_avx2,.-rsaz_1024_scatter5_avx2 .globl rsaz_1024_gather5_avx2 diff --git a/secure/lib/libcrypto/amd64/vpaes-x86_64.S b/secure/lib/libcrypto/amd64/vpaes-x86_64.S index 7b0ef0dd0477..b9c6f7e98a69 100644 --- a/secure/lib/libcrypto/amd64/vpaes-x86_64.S +++ b/secure/lib/libcrypto/amd64/vpaes-x86_64.S @@ -20,6 +20,7 @@ .type _vpaes_encrypt_core,@function .align 16 _vpaes_encrypt_core: +.cfi_startproc movq %rdx,%r9 movq $16,%r11 movl 240(%rdx),%eax @@ -100,6 +101,7 @@ _vpaes_encrypt_core: pxor %xmm4,%xmm0 .byte 102,15,56,0,193 .byte 0xf3,0xc3 +.cfi_endproc .size _vpaes_encrypt_core,.-_vpaes_encrypt_core @@ -110,6 +112,7 @@ _vpaes_encrypt_core: .type _vpaes_decrypt_core,@function .align 16 _vpaes_decrypt_core: +.cfi_startproc movq %rdx,%r9 movl 240(%rdx),%eax movdqa %xmm9,%xmm1 @@ -206,6 +209,7 @@ _vpaes_decrypt_core: pxor %xmm4,%xmm0 .byte 102,15,56,0,194 .byte 0xf3,0xc3 +.cfi_endproc .size _vpaes_decrypt_core,.-_vpaes_decrypt_core @@ -216,6 +220,7 @@ _vpaes_decrypt_core: .type _vpaes_schedule_core,@function .align 16 _vpaes_schedule_core: +.cfi_startproc @@ -382,6 +387,7 @@ _vpaes_schedule_core: pxor %xmm6,%xmm6 pxor %xmm7,%xmm7 .byte 0xf3,0xc3 +.cfi_endproc .size _vpaes_schedule_core,.-_vpaes_schedule_core @@ -401,6 +407,7 @@ _vpaes_schedule_core: .type _vpaes_schedule_192_smear,@function .align 16 _vpaes_schedule_192_smear: +.cfi_startproc pshufd $0x80,%xmm6,%xmm1 pshufd $0xFE,%xmm7,%xmm0 pxor %xmm1,%xmm6 @@ -409,6 +416,7 @@ _vpaes_schedule_192_smear: movdqa %xmm6,%xmm0 movhlps %xmm1,%xmm6 .byte 0xf3,0xc3 +.cfi_endproc .size _vpaes_schedule_192_smear,.-_vpaes_schedule_192_smear @@ -432,6 +440,7 @@ _vpaes_schedule_192_smear: .type _vpaes_schedule_round,@function .align 16 _vpaes_schedule_round: +.cfi_startproc pxor %xmm1,%xmm1 .byte 102,65,15,58,15,200,15 @@ -485,6 +494,7 @@ _vpaes_schedule_low_round: pxor %xmm7,%xmm0 movdqa %xmm0,%xmm7 .byte 0xf3,0xc3 +.cfi_endproc .size _vpaes_schedule_round,.-_vpaes_schedule_round @@ -499,6 +509,7 @@ _vpaes_schedule_low_round: .type _vpaes_schedule_transform,@function .align 16 _vpaes_schedule_transform: +.cfi_startproc movdqa %xmm9,%xmm1 pandn %xmm0,%xmm1 psrld $4,%xmm1 @@ -509,6 +520,7 @@ _vpaes_schedule_transform: .byte 102,15,56,0,193 pxor %xmm2,%xmm0 .byte 0xf3,0xc3 +.cfi_endproc .size _vpaes_schedule_transform,.-_vpaes_schedule_transform @@ -537,6 +549,7 @@ _vpaes_schedule_transform: .type _vpaes_schedule_mangle,@function .align 16 _vpaes_schedule_mangle: +.cfi_startproc movdqa %xmm0,%xmm4 movdqa .Lk_mc_forward(%rip),%xmm5 testq %rcx,%rcx @@ -601,6 +614,7 @@ _vpaes_schedule_mangle: andq $0x30,%r8 movdqu %xmm3,(%rdx) .byte 0xf3,0xc3 +.cfi_endproc .size _vpaes_schedule_mangle,.-_vpaes_schedule_mangle @@ -610,6 +624,7 @@ _vpaes_schedule_mangle: .type vpaes_set_encrypt_key,@function .align 16 vpaes_set_encrypt_key: +.cfi_startproc movl %esi,%eax shrl $5,%eax addl $5,%eax @@ -620,12 +635,14 @@ vpaes_set_encrypt_key: call _vpaes_schedule_core xorl %eax,%eax .byte 0xf3,0xc3 +.cfi_endproc .size vpaes_set_encrypt_key,.-vpaes_set_encrypt_key .globl vpaes_set_decrypt_key .type vpaes_set_decrypt_key,@function .align 16 vpaes_set_decrypt_key: +.cfi_startproc movl %esi,%eax shrl $5,%eax addl $5,%eax @@ -641,33 +658,39 @@ vpaes_set_decrypt_key: call _vpaes_schedule_core xorl %eax,%eax .byte 0xf3,0xc3 +.cfi_endproc .size vpaes_set_decrypt_key,.-vpaes_set_decrypt_key .globl vpaes_encrypt .type vpaes_encrypt,@function .align 16 vpaes_encrypt: +.cfi_startproc movdqu (%rdi),%xmm0 call _vpaes_preheat call _vpaes_encrypt_core movdqu %xmm0,(%rsi) .byte 0xf3,0xc3 +.cfi_endproc .size vpaes_encrypt,.-vpaes_encrypt .globl vpaes_decrypt .type vpaes_decrypt,@function .align 16 vpaes_decrypt: +.cfi_startproc movdqu (%rdi),%xmm0 call _vpaes_preheat call _vpaes_decrypt_core movdqu %xmm0,(%rsi) .byte 0xf3,0xc3 +.cfi_endproc .size vpaes_decrypt,.-vpaes_decrypt .globl vpaes_cbc_encrypt .type vpaes_cbc_encrypt,@function .align 16 vpaes_cbc_encrypt: +.cfi_startproc xchgq %rcx,%rdx subq $16,%rcx jc .Lcbc_abort @@ -703,6 +726,7 @@ vpaes_cbc_encrypt: movdqu %xmm6,(%r8) .Lcbc_abort: .byte 0xf3,0xc3 +.cfi_endproc .size vpaes_cbc_encrypt,.-vpaes_cbc_encrypt @@ -713,6 +737,7 @@ vpaes_cbc_encrypt: .type _vpaes_preheat,@function .align 16 _vpaes_preheat: +.cfi_startproc leaq .Lk_s0F(%rip),%r10 movdqa -32(%r10),%xmm10 movdqa -16(%r10),%xmm11 @@ -722,6 +747,7 @@ _vpaes_preheat: movdqa 80(%r10),%xmm15 movdqa 96(%r10),%xmm14 .byte 0xf3,0xc3 +.cfi_endproc .size _vpaes_preheat,.-_vpaes_preheat diff --git a/secure/lib/libcrypto/amd64/x86_64-mont5.S b/secure/lib/libcrypto/amd64/x86_64-mont5.S index 87894fc63ffd..85686f2aa4a2 100644 --- a/secure/lib/libcrypto/amd64/x86_64-mont5.S +++ b/secure/lib/libcrypto/amd64/x86_64-mont5.S @@ -2895,6 +2895,7 @@ bn_powerx5: .align 32 bn_sqrx8x_internal: __bn_sqrx8x_internal: +.cfi_startproc @@ -3506,6 +3507,7 @@ __bn_sqrx8x_reduction: cmpq 8+8(%rsp),%r8 jb .Lsqrx8x_reduction_loop .byte 0xf3,0xc3 +.cfi_endproc .size bn_sqrx8x_internal,.-bn_sqrx8x_internal .align 32 __bn_postx4x_internal: diff --git a/secure/lib/libcrypto/man/ADMISSIONS.3 b/secure/lib/libcrypto/man/ADMISSIONS.3 index dd9b4240f99e..5d43e1ae32d2 100644 --- a/secure/lib/libcrypto/man/ADMISSIONS.3 +++ b/secure/lib/libcrypto/man/ADMISSIONS.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ADMISSIONS 3" -.TH ADMISSIONS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH ADMISSIONS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -204,58 +208,58 @@ by <https://www.t7ev.org>. Knowledge of those structures and their semantics is assumed. .PP The conventional routines to convert between \s-1DER\s0 and the local format -are described in \fId2i_X509\fR\|(3). +are described in \fBd2i_X509\fR\|(3). The conventional routines to allocate and free the types are defined -in \fIX509_dup\fR\|(3). +in \fBX509_dup\fR\|(3). .PP The \fB\s-1PROFESSION_INFOS\s0\fR type is a stack of \fB\s-1PROFESSION_INFO\s0\fR; see -\&\s-1\fIDEFINE_STACK_OF\s0\fR\|(3) for details. +\&\s-1\fBDEFINE_STACK_OF\s0\fR\|(3) for details. .PP The \fB\s-1NAMING_AUTHORITY\s0\fR type has an authority \s-1ID\s0 and \s-1URL,\s0 and text fields. -The \fINAMING_AUTHORITY_get0_authorityId()\fR, -\&\fINAMING_AUTHORITY_get0_get0_authorityURL()\fR, and -\&\fINAMING_AUTHORITY_get0_get0_authorityText()\fR, functions return pointers +The \fBNAMING_AUTHORITY_get0_authorityId()\fR, +\&\fBNAMING_AUTHORITY_get0_get0_authorityURL()\fR, and +\&\fBNAMING_AUTHORITY_get0_get0_authorityText()\fR, functions return pointers to those values within the object. -The \fINAMING_AUTHORITY_set0_authorityId()\fR, -\&\fINAMING_AUTHORITY_set0_get0_authorityURL()\fR, and -\&\fINAMING_AUTHORITY_set0_get0_authorityText()\fR, +The \fBNAMING_AUTHORITY_set0_authorityId()\fR, +\&\fBNAMING_AUTHORITY_set0_get0_authorityURL()\fR, and +\&\fBNAMING_AUTHORITY_set0_get0_authorityText()\fR, functions free any existing value and set the pointer to the specified value. .PP The \fB\s-1ADMISSION_SYNTAX\s0\fR type has an authority name and a stack of \&\fB\s-1ADMISSION\s0\fR objects. -The \fIADMISSION_SYNTAX_get0_admissionAuthority()\fR -and \fIADMISSION_SYNTAX_get0_contentsOfAdmissions()\fR functions return pointers +The \fBADMISSION_SYNTAX_get0_admissionAuthority()\fR +and \fBADMISSION_SYNTAX_get0_contentsOfAdmissions()\fR functions return pointers to those values within the object. The -\&\fIADMISSION_SYNTAX_set0_admissionAuthority()\fR and -\&\fIADMISSION_SYNTAX_set0_contentsOfAdmissions()\fR +\&\fBADMISSION_SYNTAX_set0_admissionAuthority()\fR and +\&\fBADMISSION_SYNTAX_set0_contentsOfAdmissions()\fR functions free any existing value and set the pointer to the specified value. .PP The \fB\s-1ADMISSION\s0\fR type has an authority name, authority object, and a stack of \fB\s-1PROFSSION_INFO\s0\fR items. -The \fIADMISSIONS_get0_admissionAuthority()\fR, \fIADMISSIONS_get0_namingAuthority()\fR, -and \fIADMISSIONS_get0_professionInfos()\fR +The \fBADMISSIONS_get0_admissionAuthority()\fR, \fBADMISSIONS_get0_namingAuthority()\fR, +and \fBADMISSIONS_get0_professionInfos()\fR functions return pointers to those values within the object. The -\&\fIADMISSIONS_set0_admissionAuthority()\fR, -\&\fIADMISSIONS_set0_namingAuthority()\fR, and -\&\fIADMISSIONS_set0_professionInfos()\fR +\&\fBADMISSIONS_set0_admissionAuthority()\fR, +\&\fBADMISSIONS_set0_namingAuthority()\fR, and +\&\fBADMISSIONS_set0_professionInfos()\fR functions free any existing value and set the pointer to the specified value. .PP The \fB\s-1PROFESSION_INFO\s0\fR type has a name authority, stacks of profession Items and OIDs, a registration number, and additional profession info. -The functions \fIPROFESSION_INFO_get0_addProfessionInfo()\fR, -\&\fIPROFESSION_INFO_get0_namingAuthority()\fR, \fIPROFESSION_INFO_get0_professionItems()\fR, -\&\fIPROFESSION_INFO_get0_professionOIDs()\fR, and -\&\fIPROFESSION_INFO_get0_registrationNumber()\fR +The functions \fBPROFESSION_INFO_get0_addProfessionInfo()\fR, +\&\fBPROFESSION_INFO_get0_namingAuthority()\fR, \fBPROFESSION_INFO_get0_professionItems()\fR, +\&\fBPROFESSION_INFO_get0_professionOIDs()\fR, and +\&\fBPROFESSION_INFO_get0_registrationNumber()\fR functions return pointers to those values within the object. The -\&\fIPROFESSION_INFO_set0_addProfessionInfo()\fR, -\&\fIPROFESSION_INFO_set0_namingAuthority()\fR, -\&\fIPROFESSION_INFO_set0_professionItems()\fR, -\&\fIPROFESSION_INFO_set0_professionOIDs()\fR, and -\&\fIPROFESSION_INFO_set0_registrationNumber()\fR +\&\fBPROFESSION_INFO_set0_addProfessionInfo()\fR, +\&\fBPROFESSION_INFO_set0_namingAuthority()\fR, +\&\fBPROFESSION_INFO_set0_professionItems()\fR, +\&\fBPROFESSION_INFO_set0_professionOIDs()\fR, and +\&\fBPROFESSION_INFO_set0_registrationNumber()\fR functions free any existing value and set the pointer to the specified value. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -264,8 +268,8 @@ Note that all of the \fIget0\fR functions return a pointer to the internal data structure and must not be freed. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIX509_dup\fR\|(3), -\&\fId2i_X509\fR\|(3), +\&\fBX509_dup\fR\|(3), +\&\fBd2i_X509\fR\|(3), .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/ASN1_INTEGER_get_int64.3 b/secure/lib/libcrypto/man/ASN1_INTEGER_get_int64.3 index 2d382df14f87..5740ecd32b05 100644 --- a/secure/lib/libcrypto/man/ASN1_INTEGER_get_int64.3 +++ b/secure/lib/libcrypto/man/ASN1_INTEGER_get_int64.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_INTEGER_GET_INT64 3" -.TH ASN1_INTEGER_GET_INT64 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH ASN1_INTEGER_GET_INT64 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -167,45 +171,45 @@ ASN1_INTEGER_get_uint64, ASN1_INTEGER_set_uint64, ASN1_INTEGER_get_int64, ASN1_I These functions convert to and from \fB\s-1ASN1_INTEGER\s0\fR and \fB\s-1ASN1_ENUMERATED\s0\fR structures. .PP -\&\fIASN1_INTEGER_get_int64()\fR converts an \fB\s-1ASN1_INTEGER\s0\fR into an \fBint64_t\fR type +\&\fBASN1_INTEGER_get_int64()\fR converts an \fB\s-1ASN1_INTEGER\s0\fR into an \fBint64_t\fR type If successful it returns 1 and sets \fB*pr\fR to the value of \fBa\fR. If it fails (due to invalid type or the value being too big to fit into an \fBint64_t\fR type) it returns 0. .PP -\&\fIASN1_INTEGER_get_uint64()\fR is similar to \fIASN1_INTEGER_get_int64_t()\fR except it +\&\fBASN1_INTEGER_get_uint64()\fR is similar to \fBASN1_INTEGER_get_int64_t()\fR except it converts to a \fBuint64_t\fR type and an error is returned if the passed integer is negative. .PP -\&\fIASN1_INTEGER_get()\fR also returns the value of \fBa\fR but it returns 0 if \fBa\fR is +\&\fBASN1_INTEGER_get()\fR also returns the value of \fBa\fR but it returns 0 if \fBa\fR is \&\s-1NULL\s0 and \-1 on error (which is ambiguous because \-1 is a legitimate value for -an \fB\s-1ASN1_INTEGER\s0\fR). New applications should use \fIASN1_INTEGER_get_int64()\fR +an \fB\s-1ASN1_INTEGER\s0\fR). New applications should use \fBASN1_INTEGER_get_int64()\fR instead. .PP -\&\fIASN1_INTEGER_set_int64()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fBa\fR to the +\&\fBASN1_INTEGER_set_int64()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fBa\fR to the \&\fBint64_t\fR value \fBr\fR. .PP -\&\fIASN1_INTEGER_set_uint64()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fBa\fR to the +\&\fBASN1_INTEGER_set_uint64()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fBa\fR to the \&\fBuint64_t\fR value \fBr\fR. .PP -\&\fIASN1_INTEGER_set()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fBa\fR to the \fBlong\fR value +\&\fBASN1_INTEGER_set()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fBa\fR to the \fBlong\fR value \&\fBv\fR. .PP -\&\fIBN_to_ASN1_INTEGER()\fR converts \fB\s-1BIGNUM\s0\fR \fBbn\fR to an \fB\s-1ASN1_INTEGER\s0\fR. If \fBai\fR +\&\fBBN_to_ASN1_INTEGER()\fR converts \fB\s-1BIGNUM\s0\fR \fBbn\fR to an \fB\s-1ASN1_INTEGER\s0\fR. If \fBai\fR is \s-1NULL\s0 a new \fB\s-1ASN1_INTEGER\s0\fR structure is returned. If \fBai\fR is not \s-1NULL\s0 then the existing structure will be used instead. .PP -\&\fIASN1_INTEGER_to_BN()\fR converts \s-1ASN1_INTEGER\s0 \fBai\fR into a \fB\s-1BIGNUM\s0\fR. If \fBbn\fR is +\&\fBASN1_INTEGER_to_BN()\fR converts \s-1ASN1_INTEGER\s0 \fBai\fR into a \fB\s-1BIGNUM\s0\fR. If \fBbn\fR is \&\s-1NULL\s0 a new \fB\s-1BIGNUM\s0\fR structure is returned. If \fBbn\fR is not \s-1NULL\s0 then the existing structure will be used instead. .PP -\&\fIASN1_ENUMERATED_get_int64()\fR, \fIASN1_ENUMERATED_set_int64()\fR, -\&\fIASN1_ENUMERATED_set()\fR, \fIBN_to_ASN1_ENUMERATED()\fR and \fIASN1_ENUMERATED_to_BN()\fR +\&\fBASN1_ENUMERATED_get_int64()\fR, \fBASN1_ENUMERATED_set_int64()\fR, +\&\fBASN1_ENUMERATED_set()\fR, \fBBN_to_ASN1_ENUMERATED()\fR and \fBASN1_ENUMERATED_to_BN()\fR behave in an identical way to their \s-1ASN1_INTEGER\s0 counterparts except they operate on an \fB\s-1ASN1_ENUMERATED\s0\fR value. .PP -\&\fIASN1_ENUMERATED_get()\fR returns the value of \fBa\fR in a similar way to -\&\fIASN1_INTEGER_get()\fR but it returns \fB0xffffffffL\fR if the value of \fBa\fR will not -fit in a long type. New applications should use \fIASN1_ENUMERATED_get_int64()\fR +\&\fBASN1_ENUMERATED_get()\fR returns the value of \fBa\fR in a similar way to +\&\fBASN1_INTEGER_get()\fR but it returns \fB0xffffffffL\fR if the value of \fBa\fR will not +fit in a long type. New applications should use \fBASN1_ENUMERATED_get_int64()\fR instead. .SH "NOTES" .IX Header "NOTES" @@ -216,36 +220,36 @@ represent small integers which can be more easily manipulated if converted to an appropriate C integer type. .SH "BUGS" .IX Header "BUGS" -The ambiguous return values of \fIASN1_INTEGER_get()\fR and \fIASN1_ENUMERATED_get()\fR +The ambiguous return values of \fBASN1_INTEGER_get()\fR and \fBASN1_ENUMERATED_get()\fR mean these functions should be avoided if possible. They are retained for compatibility. Normally the ambiguous return values are not legitimate values for the fields they represent. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIASN1_INTEGER_set_int64()\fR, \fIASN1_INTEGER_set()\fR, \fIASN1_ENUMERATED_set_int64()\fR and -\&\fIASN1_ENUMERATED_set()\fR return 1 for success and 0 for failure. They will only +\&\fBASN1_INTEGER_set_int64()\fR, \fBASN1_INTEGER_set()\fR, \fBASN1_ENUMERATED_set_int64()\fR and +\&\fBASN1_ENUMERATED_set()\fR return 1 for success and 0 for failure. They will only fail if a memory allocation error occurs. .PP -\&\fIASN1_INTEGER_get_int64()\fR and \fIASN1_ENUMERATED_get_int64()\fR return 1 for success +\&\fBASN1_INTEGER_get_int64()\fR and \fBASN1_ENUMERATED_get_int64()\fR return 1 for success and 0 for failure. They will fail if the passed type is incorrect (this will only happen if there is a programming error) or if the value exceeds the range of an \fBint64_t\fR type. .PP -\&\fIBN_to_ASN1_INTEGER()\fR and \fIBN_to_ASN1_ENUMERATED()\fR return an \fB\s-1ASN1_INTEGER\s0\fR or +\&\fBBN_to_ASN1_INTEGER()\fR and \fBBN_to_ASN1_ENUMERATED()\fR return an \fB\s-1ASN1_INTEGER\s0\fR or \&\fB\s-1ASN1_ENUMERATED\s0\fR structure respectively or \s-1NULL\s0 if an error occurs. They will only fail due to a memory allocation error. .PP -\&\fIASN1_INTEGER_to_BN()\fR and \fIASN1_ENUMERATED_to_BN()\fR return a \fB\s-1BIGNUM\s0\fR structure +\&\fBASN1_INTEGER_to_BN()\fR and \fBASN1_ENUMERATED_to_BN()\fR return a \fB\s-1BIGNUM\s0\fR structure of \s-1NULL\s0 if an error occurs. They can fail if the passed type is incorrect (due to programming error) or due to a memory allocation failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3) +\&\fBERR_get_error\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIASN1_INTEGER_set_int64()\fR, \fIASN1_INTEGER_get_int64()\fR, -\&\fIASN1_ENUMERATED_set_int64()\fR and \fIASN1_ENUMERATED_get_int64()\fR -were added to OpenSSL 1.1.0. +\&\fBASN1_INTEGER_set_int64()\fR, \fBASN1_INTEGER_get_int64()\fR, +\&\fBASN1_ENUMERATED_set_int64()\fR and \fBASN1_ENUMERATED_get_int64()\fR +were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/ASN1_ITEM_lookup.3 b/secure/lib/libcrypto/man/ASN1_ITEM_lookup.3 index cdf3d6727894..ff74ed9b4468 100644 --- a/secure/lib/libcrypto/man/ASN1_ITEM_lookup.3 +++ b/secure/lib/libcrypto/man/ASN1_ITEM_lookup.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_ITEM_LOOKUP 3" -.TH ASN1_ITEM_LOOKUP 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH ASN1_ITEM_LOOKUP 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,17 +150,17 @@ ASN1_ITEM_lookup, ASN1_ITEM_get \- lookup ASN.1 structures .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIASN1_ITEM_lookup()\fR returns the \fB\s-1ASN1_ITEM\s0 name\fR. +\&\fBASN1_ITEM_lookup()\fR returns the \fB\s-1ASN1_ITEM\s0 name\fR. .PP -\&\fIASN1_ITEM_get()\fR returns the \fB\s-1ASN1_ITEM\s0\fR with index \fBi\fR. This function +\&\fBASN1_ITEM_get()\fR returns the \fB\s-1ASN1_ITEM\s0\fR with index \fBi\fR. This function returns \fB\s-1NULL\s0\fR if the index \fBi\fR is out of range. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIASN1_ITEM_lookup()\fR and \fIASN1_ITEM_get()\fR return a valid \fB\s-1ASN1_ITEM\s0\fR structure +\&\fBASN1_ITEM_lookup()\fR and \fBASN1_ITEM_get()\fR return a valid \fB\s-1ASN1_ITEM\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3) +\&\fBERR_get_error\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 index 6b7017deb6b2..599a3d045a98 100644 --- a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 +++ b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_OBJECT_NEW 3" -.TH ASN1_OBJECT_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH ASN1_OBJECT_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,25 +153,25 @@ ASN1_OBJECT_new, ASN1_OBJECT_free \- object allocation functions The \s-1ASN1_OBJECT\s0 allocation routines, allocate and free an \&\s-1ASN1_OBJECT\s0 structure, which represents an \s-1ASN1 OBJECT IDENTIFIER.\s0 .PP -\&\fIASN1_OBJECT_new()\fR allocates and initializes an \s-1ASN1_OBJECT\s0 structure. +\&\fBASN1_OBJECT_new()\fR allocates and initializes an \s-1ASN1_OBJECT\s0 structure. .PP -\&\fIASN1_OBJECT_free()\fR frees up the \fB\s-1ASN1_OBJECT\s0\fR structure \fBa\fR. +\&\fBASN1_OBJECT_free()\fR frees up the \fB\s-1ASN1_OBJECT\s0\fR structure \fBa\fR. If \fBa\fR is \s-1NULL,\s0 nothing is done. .SH "NOTES" .IX Header "NOTES" -Although \fIASN1_OBJECT_new()\fR allocates a new \s-1ASN1_OBJECT\s0 structure it +Although \fBASN1_OBJECT_new()\fR allocates a new \s-1ASN1_OBJECT\s0 structure it is almost never used in applications. The \s-1ASN1\s0 object utility functions -such as \fIOBJ_nid2obj()\fR are used instead. +such as \fBOBJ_nid2obj()\fR are used instead. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -If the allocation fails, \fIASN1_OBJECT_new()\fR returns \fB\s-1NULL\s0\fR and sets an error -code that can be obtained by \fIERR_get_error\fR\|(3). +If the allocation fails, \fBASN1_OBJECT_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by \fBERR_get_error\fR\|(3). Otherwise it returns a pointer to the newly allocated structure. .PP -\&\fIASN1_OBJECT_free()\fR returns no value. +\&\fBASN1_OBJECT_free()\fR returns no value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fId2i_ASN1_OBJECT\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBd2i_ASN1_OBJECT\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/ASN1_STRING_TABLE_add.3 b/secure/lib/libcrypto/man/ASN1_STRING_TABLE_add.3 index ab97f42b67b3..201e5ac0bdfc 100644 --- a/secure/lib/libcrypto/man/ASN1_STRING_TABLE_add.3 +++ b/secure/lib/libcrypto/man/ASN1_STRING_TABLE_add.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_TABLE_ADD 3" -.TH ASN1_STRING_TABLE_ADD 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH ASN1_STRING_TABLE_ADD 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,7 +160,7 @@ ASN1_STRING_TABLE, ASN1_STRING_TABLE_add, ASN1_STRING_TABLE_get, ASN1_STRING_TAB (basically minimum size, maximum size, type and etc) for a \s-1NID\s0 object. .SS "Functions" .IX Subsection "Functions" -\&\fIASN1_STRING_TABLE_add()\fR adds a new \fB\s-1ASN1_STRING_TABLE\s0\fR item into the +\&\fBASN1_STRING_TABLE_add()\fR adds a new \fB\s-1ASN1_STRING_TABLE\s0\fR item into the local \s-1ASN1\s0 string table based on the \fBnid\fR along with other parameters. .PP If the item is already in the table, fields of \fB\s-1ASN1_STRING_TABLE\s0\fR are @@ -165,22 +169,22 @@ and \fBmaxsize\fR >= 0, \fBmask\fR and \fBflags\fR != 0). If the \fBnid\fR is st a copy of the standard \fB\s-1ASN1_STRING_TABLE\s0\fR is created and updated with other parameters. .PP -\&\fIASN1_STRING_TABLE_get()\fR searches for an \fB\s-1ASN1_STRING_TABLE\s0\fR item based +\&\fBASN1_STRING_TABLE_get()\fR searches for an \fB\s-1ASN1_STRING_TABLE\s0\fR item based on \fBnid\fR. It will search the local table first, then the standard one. .PP -\&\fIASN1_STRING_TABLE_cleanup()\fR frees all \fB\s-1ASN1_STRING_TABLE\s0\fR items added -by \fIASN1_STRING_TABLE_add()\fR. +\&\fBASN1_STRING_TABLE_cleanup()\fR frees all \fB\s-1ASN1_STRING_TABLE\s0\fR items added +by \fBASN1_STRING_TABLE_add()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIASN1_STRING_TABLE_add()\fR returns 1 on success, 0 if an error occurred. +\&\fBASN1_STRING_TABLE_add()\fR returns 1 on success, 0 if an error occurred. .PP -\&\fIASN1_STRING_TABLE_get()\fR returns a valid \fB\s-1ASN1_STRING_TABLE\s0\fR structure +\&\fBASN1_STRING_TABLE_get()\fR returns a valid \fB\s-1ASN1_STRING_TABLE\s0\fR structure or \fB\s-1NULL\s0\fR if nothing is found. .PP -\&\fIASN1_STRING_TABLE_cleanup()\fR does not return a value. +\&\fBASN1_STRING_TABLE_cleanup()\fR does not return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3) +\&\fBERR_get_error\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/ASN1_STRING_length.3 b/secure/lib/libcrypto/man/ASN1_STRING_length.3 index 6d35b461eb48..fc5792b1f1b4 100644 --- a/secure/lib/libcrypto/man/ASN1_STRING_length.3 +++ b/secure/lib/libcrypto/man/ASN1_STRING_length.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_LENGTH 3" -.TH ASN1_STRING_LENGTH 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH ASN1_STRING_LENGTH 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -159,32 +163,32 @@ ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length, ASN1_STRI .IX Header "DESCRIPTION" These functions allow an \fB\s-1ASN1_STRING\s0\fR structure to be manipulated. .PP -\&\fIASN1_STRING_length()\fR returns the length of the content of \fBx\fR. +\&\fBASN1_STRING_length()\fR returns the length of the content of \fBx\fR. .PP -\&\fIASN1_STRING_get0_data()\fR returns an internal pointer to the data of \fBx\fR. +\&\fBASN1_STRING_get0_data()\fR returns an internal pointer to the data of \fBx\fR. Since this is an internal pointer it should \fBnot\fR be freed or modified in any way. .PP -\&\fIASN1_STRING_data()\fR is similar to \fIASN1_STRING_get0_data()\fR except the +\&\fBASN1_STRING_data()\fR is similar to \fBASN1_STRING_get0_data()\fR except the returned value is not constant. This function is deprecated: -applications should use \fIASN1_STRING_get0_data()\fR instead. +applications should use \fBASN1_STRING_get0_data()\fR instead. .PP -\&\fIASN1_STRING_dup()\fR returns a copy of the structure \fBa\fR. +\&\fBASN1_STRING_dup()\fR returns a copy of the structure \fBa\fR. .PP -\&\fIASN1_STRING_cmp()\fR compares \fBa\fR and \fBb\fR returning 0 if the two +\&\fBASN1_STRING_cmp()\fR compares \fBa\fR and \fBb\fR returning 0 if the two are identical. The string types and content are compared. .PP -\&\fIASN1_STRING_set()\fR sets the data of string \fBstr\fR to the buffer +\&\fBASN1_STRING_set()\fR sets the data of string \fBstr\fR to the buffer \&\fBdata\fR or length \fBlen\fR. The supplied data is copied. If \fBlen\fR is \-1 then the length is determined by strlen(data). .PP -\&\fIASN1_STRING_type()\fR returns the type of \fBx\fR, using standard constants +\&\fBASN1_STRING_type()\fR returns the type of \fBx\fR, using standard constants such as \fBV_ASN1_OCTET_STRING\fR. .PP -\&\fIASN1_STRING_to_UTF8()\fR converts the string \fBin\fR to \s-1UTF8\s0 format, the +\&\fBASN1_STRING_to_UTF8()\fR converts the string \fBin\fR to \s-1UTF8\s0 format, the converted data is allocated in a buffer in \fB*out\fR. The length of \&\fBout\fR is returned or a negative error code. The buffer \fB*out\fR -should be freed using \fIOPENSSL_free()\fR. +should be freed using \fBOPENSSL_free()\fR. .SH "NOTES" .IX Header "NOTES" Almost all \s-1ASN1\s0 types in OpenSSL are represented as an \fB\s-1ASN1_STRING\s0\fR @@ -198,36 +202,36 @@ These functions should \fBnot\fR be used to examine or modify \fB\s-1ASN1_INTEGE or \fB\s-1ASN1_ENUMERATED\s0\fR types: the relevant \fB\s-1INTEGER\s0\fR or \fB\s-1ENUMERATED\s0\fR utility functions should be used instead. .PP -In general it cannot be assumed that the data returned by \fIASN1_STRING_data()\fR +In general it cannot be assumed that the data returned by \fBASN1_STRING_data()\fR is null terminated or does not contain embedded nulls. The actual format of the data will depend on the actual string type itself: for example for an IA5String the data will be \s-1ASCII,\s0 for a BMPString two bytes per character in big endian format, and for an UTF8String it will be in \s-1UTF8\s0 format. .PP Similar care should be take to ensure the data is in the correct format -when calling \fIASN1_STRING_set()\fR. +when calling \fBASN1_STRING_set()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIASN1_STRING_length()\fR returns the length of the content of \fBx\fR. +\&\fBASN1_STRING_length()\fR returns the length of the content of \fBx\fR. .PP -\&\fIASN1_STRING_get0_data()\fR and \fIASN1_STRING_data()\fR return an internal pointer to +\&\fBASN1_STRING_get0_data()\fR and \fBASN1_STRING_data()\fR return an internal pointer to the data of \fBx\fR. .PP -\&\fIASN1_STRING_dup()\fR returns a valid \fB\s-1ASN1_STRING\s0\fR structure or \fB\s-1NULL\s0\fR if an +\&\fBASN1_STRING_dup()\fR returns a valid \fB\s-1ASN1_STRING\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. .PP -\&\fIASN1_STRING_cmp()\fR returns an integer greater than, equal to, or less than 0, +\&\fBASN1_STRING_cmp()\fR returns an integer greater than, equal to, or less than 0, according to whether \fBa\fR is greater than, equal to, or less than \fBb\fR. .PP -\&\fIASN1_STRING_set()\fR returns 1 on success or 0 on error. +\&\fBASN1_STRING_set()\fR returns 1 on success or 0 on error. .PP -\&\fIASN1_STRING_type()\fR returns the type of \fBx\fR. +\&\fBASN1_STRING_type()\fR returns the type of \fBx\fR. .PP -\&\fIASN1_STRING_to_UTF8()\fR returns the number of bytes in output string \fBout\fR or a +\&\fBASN1_STRING_to_UTF8()\fR returns the number of bytes in output string \fBout\fR or a negative value if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3) +\&\fBERR_get_error\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/ASN1_STRING_new.3 b/secure/lib/libcrypto/man/ASN1_STRING_new.3 index ce33ba401a8e..30b1e62bfb8f 100644 --- a/secure/lib/libcrypto/man/ASN1_STRING_new.3 +++ b/secure/lib/libcrypto/man/ASN1_STRING_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_NEW 3" -.TH ASN1_STRING_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH ASN1_STRING_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,27 +151,27 @@ ASN1_STRING_new, ASN1_STRING_type_new, ASN1_STRING_free \- ASN1_STRING allocatio .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIASN1_STRING_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure. Its type +\&\fBASN1_STRING_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure. Its type is undefined. .PP -\&\fIASN1_STRING_type_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure of +\&\fBASN1_STRING_type_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure of type \fBtype\fR. .PP -\&\fIASN1_STRING_free()\fR frees up \fBa\fR. +\&\fBASN1_STRING_free()\fR frees up \fBa\fR. If \fBa\fR is \s-1NULL\s0 nothing is done. .SH "NOTES" .IX Header "NOTES" Other string types call the \fB\s-1ASN1_STRING\s0\fR functions. For example -\&\fIASN1_OCTET_STRING_new()\fR calls ASN1_STRING_type(V_ASN1_OCTET_STRING). +\&\fBASN1_OCTET_STRING_new()\fR calls ASN1_STRING_type(V_ASN1_OCTET_STRING). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIASN1_STRING_new()\fR and \fIASN1_STRING_type_new()\fR return a valid +\&\fBASN1_STRING_new()\fR and \fBASN1_STRING_type_new()\fR return a valid \&\s-1ASN1_STRING\s0 structure or \fB\s-1NULL\s0\fR if an error occurred. .PP -\&\fIASN1_STRING_free()\fR does not return a value. +\&\fBASN1_STRING_free()\fR does not return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3) +\&\fBERR_get_error\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 index 47ac8ec74a6c..47b5deff4c4f 100644 --- a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 +++ b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_PRINT_EX 3" -.TH ASN1_STRING_PRINT_EX 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH ASN1_STRING_PRINT_EX 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -152,19 +156,19 @@ ASN1_tag2str, ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp, ASN1_STRING_print \ These functions output an \fB\s-1ASN1_STRING\s0\fR structure. \fB\s-1ASN1_STRING\s0\fR is used to represent all the \s-1ASN1\s0 string types. .PP -\&\fIASN1_STRING_print_ex()\fR outputs \fBstr\fR to \fBout\fR, the format is determined by -the options \fBflags\fR. \fIASN1_STRING_print_ex_fp()\fR is identical except it outputs +\&\fBASN1_STRING_print_ex()\fR outputs \fBstr\fR to \fBout\fR, the format is determined by +the options \fBflags\fR. \fBASN1_STRING_print_ex_fp()\fR is identical except it outputs to \fBfp\fR instead. .PP -\&\fIASN1_STRING_print()\fR prints \fBstr\fR to \fBout\fR but using a different format to -\&\fIASN1_STRING_print_ex()\fR. It replaces unprintable characters (other than \s-1CR, LF\s0) +\&\fBASN1_STRING_print()\fR prints \fBstr\fR to \fBout\fR but using a different format to +\&\fBASN1_STRING_print_ex()\fR. It replaces unprintable characters (other than \s-1CR, LF\s0) with '.'. .PP -\&\fIASN1_tag2str()\fR returns a human-readable name of the specified \s-1ASN.1\s0 \fBtag\fR. +\&\fBASN1_tag2str()\fR returns a human-readable name of the specified \s-1ASN.1\s0 \fBtag\fR. .SH "NOTES" .IX Header "NOTES" -\&\fIASN1_STRING_print()\fR is a deprecated function which should be avoided; use -\&\fIASN1_STRING_print_ex()\fR instead. +\&\fBASN1_STRING_print()\fR is a deprecated function which should be avoided; use +\&\fBASN1_STRING_print_ex()\fR instead. .PP Although there are a large number of options frequently \fB\s-1ASN1_STRFLGS_RFC2253\s0\fR is suitable, or on \s-1UTF8\s0 terminals \fB\s-1ASN1_STRFLGS_RFC2253 &\s0 ~ASN1_STRFLGS_ESC_MSB\fR. @@ -199,7 +203,7 @@ all: everything is assumed to be one byte per character. This is primarily for debugging purposes and can result in confusing output in multi character strings. .PP If \fB\s-1ASN1_STRFLGS_SHOW_TYPE\s0\fR is set then the string type itself is printed out -before its value (for example \*(L"\s-1BMPSTRING\*(R"\s0), this actually uses \fIASN1_tag2str()\fR. +before its value (for example \*(L"\s-1BMPSTRING\*(R"\s0), this actually uses \fBASN1_tag2str()\fR. .PP The content of a string instead of being interpreted can be \*(L"dumped\*(R": this just outputs the value of the string using the form #XXXX using hex format for each @@ -221,16 +225,16 @@ equivalent to: \s-1ASN1_STRFLGS_UTF8_CONVERT\s0 | \s-1ASN1_STRFLGS_DUMP_UNKNOWN ASN1_STRFLGS_DUMP_DER\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIASN1_STRING_print_ex()\fR and \fIASN1_STRING_print_ex_fp()\fR return the number of +\&\fBASN1_STRING_print_ex()\fR and \fBASN1_STRING_print_ex_fp()\fR return the number of characters written or \-1 if an error occurred. .PP -\&\fIASN1_STRING_print()\fR returns 1 on success or 0 on error. +\&\fBASN1_STRING_print()\fR returns 1 on success or 0 on error. .PP -\&\fIASN1_tag2str()\fR returns a human-readable name of the specified \s-1ASN.1\s0 \fBtag\fR. +\&\fBASN1_tag2str()\fR returns a human-readable name of the specified \s-1ASN.1\s0 \fBtag\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIX509_NAME_print_ex\fR\|(3), -\&\fIASN1_tag2str\fR\|(3) +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBASN1_tag2str\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/ASN1_TIME_set.3 b/secure/lib/libcrypto/man/ASN1_TIME_set.3 index 1a1f2d2633cb..5930c55905e4 100644 --- a/secure/lib/libcrypto/man/ASN1_TIME_set.3 +++ b/secure/lib/libcrypto/man/ASN1_TIME_set.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_TIME_SET 3" -.TH ASN1_TIME_SET 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH ASN1_TIME_SET 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -182,11 +186,11 @@ ASN1_TIME_set, ASN1_UTCTIME_set, ASN1_GENERALIZEDTIME_set, ASN1_TIME_adj, ASN1_U .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIASN1_TIME_set()\fR, \fIASN1_UTCTIME_set()\fR and \fIASN1_GENERALIZEDTIME_set()\fR +The \fBASN1_TIME_set()\fR, \fBASN1_UTCTIME_set()\fR and \fBASN1_GENERALIZEDTIME_set()\fR functions set the structure \fBs\fR to the time represented by the time_t value \fBt\fR. If \fBs\fR is \s-1NULL\s0 a new time structure is allocated and returned. .PP -The \fIASN1_TIME_adj()\fR, \fIASN1_UTCTIME_adj()\fR and \fIASN1_GENERALIZEDTIME_adj()\fR +The \fBASN1_TIME_adj()\fR, \fBASN1_UTCTIME_adj()\fR and \fBASN1_GENERALIZEDTIME_adj()\fR functions set the time structure \fBs\fR to the time represented by the time \fBoffset_day\fR and \fBoffset_sec\fR after the time_t value \fBt\fR. The values of \fBoffset_day\fR or \fBoffset_sec\fR can be negative to set a @@ -194,29 +198,29 @@ time before \fBt\fR. The \fBoffset_sec\fR value can also exceed the number of seconds in a day. If \fBs\fR is \s-1NULL\s0 a new structure is allocated and returned. .PP -The \fIASN1_TIME_set_string()\fR, \fIASN1_UTCTIME_set_string()\fR and -\&\fIASN1_GENERALIZEDTIME_set_string()\fR functions set the time structure \fBs\fR +The \fBASN1_TIME_set_string()\fR, \fBASN1_UTCTIME_set_string()\fR and +\&\fBASN1_GENERALIZEDTIME_set_string()\fR functions set the time structure \fBs\fR to the time represented by string \fBstr\fR which must be in appropriate \s-1ASN.1\s0 time format (for example \s-1YYMMDDHHMMSSZ\s0 or \s-1YYYYMMDDHHMMSSZ\s0). If \fBs\fR is \s-1NULL\s0 this function performs a format check on \fBstr\fR only. The string \fBstr\fR is copied into \fBs\fR. .PP -\&\fIASN1_TIME_set_string_X509()\fR sets \s-1ASN1_TIME\s0 structure \fBs\fR to the time +\&\fBASN1_TIME_set_string_X509()\fR sets \s-1ASN1_TIME\s0 structure \fBs\fR to the time represented by string \fBstr\fR which must be in appropriate time format that \s-1RFC 5280\s0 requires, which means it only allows \s-1YYMMDDHHMMSSZ\s0 and \&\s-1YYYYMMDDHHMMSSZ\s0 (leap second is rejected), all other \s-1ASN.1\s0 time format are not allowed. If \fBs\fR is \s-1NULL\s0 this function performs a format check on \fBstr\fR only. .PP -The \fIASN1_TIME_normalize()\fR function converts an \s-1ASN1_GENERALIZEDTIME\s0 or +The \fBASN1_TIME_normalize()\fR function converts an \s-1ASN1_GENERALIZEDTIME\s0 or \&\s-1ASN1_UTCTIME\s0 into a time value that can be used in a certificate. It -should be used after the \fIASN1_TIME_set_string()\fR functions and before -\&\fIASN1_TIME_print()\fR functions to get consistent (i.e. \s-1GMT\s0) results. +should be used after the \fBASN1_TIME_set_string()\fR functions and before +\&\fBASN1_TIME_print()\fR functions to get consistent (i.e. \s-1GMT\s0) results. .PP -The \fIASN1_TIME_check()\fR, \fIASN1_UTCTIME_check()\fR and \fIASN1_GENERALIZEDTIME_check()\fR +The \fBASN1_TIME_check()\fR, \fBASN1_UTCTIME_check()\fR and \fBASN1_GENERALIZEDTIME_check()\fR functions check the syntax of the time structure \fBs\fR. .PP -The \fIASN1_TIME_print()\fR, \fIASN1_UTCTIME_print()\fR and \fIASN1_GENERALIZEDTIME_print()\fR +The \fBASN1_TIME_print()\fR, \fBASN1_UTCTIME_print()\fR and \fBASN1_GENERALIZEDTIME_print()\fR functions print the time structure \fBs\fR to \s-1BIO\s0 \fBb\fR in human readable format. It will be of the format \s-1MMM DD HH:MM:SS YYYY\s0 [\s-1GMT\s0], for example \&\*(L"Feb 3 00:55:52 2015 \s-1GMT\*(R"\s0 it does not include a newline. If the time @@ -224,7 +228,7 @@ structure has invalid format it prints out \*(L"Bad time value\*(R" and returns an error. The output for generalized time may include a fractional part following the second. .PP -\&\fIASN1_TIME_to_tm()\fR converts the time \fBs\fR to the standard \fBtm\fR structure. +\&\fBASN1_TIME_to_tm()\fR converts the time \fBs\fR to the standard \fBtm\fR structure. If \fBs\fR is \s-1NULL,\s0 then the current time is converted. The output time is \s-1GMT.\s0 The \fBtm_sec\fR, \fBtm_min\fR, \fBtm_hour\fR, \fBtm_mday\fR, \fBtm_wday\fR, \fBtm_yday\fR, \&\fBtm_mon\fR and \fBtm_year\fR fields of \fBtm\fR structure are set to proper values, @@ -233,7 +237,7 @@ a format check on \fBs\fR only. If \fBs\fR is in Generalized format with fractio seconds, e.g. \s-1YYYYMMDDHHMMSS.SSSZ,\s0 the fractional seconds will be lost while converting \fBs\fR to \fBtm\fR structure. .PP -\&\fIASN1_TIME_diff()\fR sets \fB*pday\fR and \fB*psec\fR to the time difference between +\&\fBASN1_TIME_diff()\fR sets \fB*pday\fR and \fB*psec\fR to the time difference between \&\fBfrom\fR and \fBto\fR. If \fBto\fR represents a time later than \fBfrom\fR then one or both (depending on the time difference) of \fB*pday\fR and \fB*psec\fR will be positive. If \fBto\fR represents a time earlier than \fBfrom\fR then @@ -243,13 +247,13 @@ If both \fB*pday\fR and \fB*psec\fR are non-zero they will always have the same sign. The value of \fB*psec\fR will always be less than the number of seconds in a day. If \fBfrom\fR or \fBto\fR is \s-1NULL\s0 the current time is used. .PP -The \fIASN1_TIME_cmp_time_t()\fR and \fIASN1_UTCTIME_cmp_time_t()\fR functions compare +The \fBASN1_TIME_cmp_time_t()\fR and \fBASN1_UTCTIME_cmp_time_t()\fR functions compare the two times represented by the time structure \fBs\fR and the time_t \fBt\fR. .PP -The \fIASN1_TIME_compare()\fR function compares the two times represented by the +The \fBASN1_TIME_compare()\fR function compares the two times represented by the time structures \fBa\fR and \fBb\fR. .PP -The \fIASN1_TIME_to_generalizedtime()\fR function converts an \s-1ASN1_TIME\s0 to an +The \fBASN1_TIME_to_generalizedtime()\fR function converts an \s-1ASN1_TIME\s0 to an \&\s-1ASN1_GENERALIZEDTIME,\s0 regardless of year. If either \fBout\fR or \&\fB*out\fR are \s-1NULL,\s0 then a new object is allocated and must be freed after use. .SH "NOTES" @@ -260,7 +264,7 @@ in \s-1RFC5280:\s0 if the date can be represented by UTCTime it is used, else GeneralizedTime is used. .PP The \s-1ASN1_TIME, ASN1_UTCTIME\s0 and \s-1ASN1_GENERALIZEDTIME\s0 structures are represented -as an \s-1ASN1_STRING\s0 internally and can be freed up using \fIASN1_STRING_free()\fR. +as an \s-1ASN1_STRING\s0 internally and can be freed up using \fBASN1_STRING_free()\fR. .PP The \s-1ASN1_TIME\s0 structure can represent years from 0000 to 9999 but no attempt is made to correct ancient calendar changes (for example from Julian to @@ -269,15 +273,15 @@ Gregorian calendars). \&\s-1ASN1_UTCTIME\s0 is limited to a year range of 1950 through 2049. .PP Some applications add offset times directly to a time_t value and pass the -results to \fIASN1_TIME_set()\fR (or equivalent). This can cause problems as the +results to \fBASN1_TIME_set()\fR (or equivalent). This can cause problems as the time_t value can overflow on some systems resulting in unexpected results. -New applications should use \fIASN1_TIME_adj()\fR instead and pass the offset value +New applications should use \fBASN1_TIME_adj()\fR instead and pass the offset value in the \fBoffset_sec\fR and \fBoffset_day\fR parameters instead of directly manipulating a time_t value. .PP -\&\fIASN1_TIME_adj()\fR may change the type from \s-1ASN1_GENERALIZEDTIME\s0 to \s-1ASN1_UTCTIME,\s0 -or vice versa, based on the resulting year. The \fIASN1_GENERALIZEDTIME_adj()\fR and -\&\fIASN1_UTCTIME_adj()\fR functions will not modify the type of the return structure. +\&\fBASN1_TIME_adj()\fR may change the type from \s-1ASN1_GENERALIZEDTIME\s0 to \s-1ASN1_UTCTIME,\s0 +or vice versa, based on the resulting year. The \fBASN1_GENERALIZEDTIME_adj()\fR and +\&\fBASN1_UTCTIME_adj()\fR functions will not modify the type of the return structure. .PP It is recommended that functions starting with \s-1ASN1_TIME\s0 be used instead of those starting with \s-1ASN1_UTCTIME\s0 or \s-1ASN1_GENERALIZEDTIME.\s0 The functions @@ -286,11 +290,11 @@ time format. The functions starting with \s-1ASN1_TIME\s0 will operate on either format. .SH "BUGS" .IX Header "BUGS" -\&\fIASN1_TIME_print()\fR, \fIASN1_UTCTIME_print()\fR and \fIASN1_GENERALIZEDTIME_print()\fR +\&\fBASN1_TIME_print()\fR, \fBASN1_UTCTIME_print()\fR and \fBASN1_GENERALIZEDTIME_print()\fR do not print out the time zone: it either prints out \*(L"\s-1GMT\*(R"\s0 or nothing. But all certificates complying with \s-1RFC5280\s0 et al use \s-1GMT\s0 anyway. .PP -Use the \fIASN1_TIME_normalize()\fR function to normalize the time value before +Use the \fBASN1_TIME_normalize()\fR function to normalize the time value before printing to get \s-1GMT\s0 results. .SH "EXAMPLES" .IX Header "EXAMPLES" @@ -329,43 +333,43 @@ Determine if one time is later or sooner than the current time: .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIASN1_TIME_set()\fR, \fIASN1_UTCTIME_set()\fR, \fIASN1_GENERALIZEDTIME_set()\fR, \fIASN1_TIME_adj()\fR, +\&\fBASN1_TIME_set()\fR, \fBASN1_UTCTIME_set()\fR, \fBASN1_GENERALIZEDTIME_set()\fR, \fBASN1_TIME_adj()\fR, ASN1_UTCTIME_adj and ASN1_GENERALIZEDTIME_set return a pointer to a time structure or \s-1NULL\s0 if an error occurred. .PP -\&\fIASN1_TIME_set_string()\fR, \fIASN1_UTCTIME_set_string()\fR, \fIASN1_GENERALIZEDTIME_set_string()\fR -\&\fIASN1_TIME_set_string_X509()\fR return 1 if the time value is successfully set and 0 otherwise. +\&\fBASN1_TIME_set_string()\fR, \fBASN1_UTCTIME_set_string()\fR, \fBASN1_GENERALIZEDTIME_set_string()\fR +\&\fBASN1_TIME_set_string_X509()\fR return 1 if the time value is successfully set and 0 otherwise. .PP -\&\fIASN1_TIME_normalize()\fR returns 1 on success, and 0 on error. +\&\fBASN1_TIME_normalize()\fR returns 1 on success, and 0 on error. .PP -\&\fIASN1_TIME_check()\fR, ASN1_UTCTIME_check and \fIASN1_GENERALIZEDTIME_check()\fR return 1 +\&\fBASN1_TIME_check()\fR, ASN1_UTCTIME_check and \fBASN1_GENERALIZEDTIME_check()\fR return 1 if the structure is syntactically correct and 0 otherwise. .PP -\&\fIASN1_TIME_print()\fR, \fIASN1_UTCTIME_print()\fR and \fIASN1_GENERALIZEDTIME_print()\fR return 1 +\&\fBASN1_TIME_print()\fR, \fBASN1_UTCTIME_print()\fR and \fBASN1_GENERALIZEDTIME_print()\fR return 1 if the time is successfully printed out and 0 if an error occurred (I/O error or invalid time format). .PP -\&\fIASN1_TIME_to_tm()\fR returns 1 if the time is successfully parsed and 0 if an +\&\fBASN1_TIME_to_tm()\fR returns 1 if the time is successfully parsed and 0 if an error occurred (invalid time format). .PP -\&\fIASN1_TIME_diff()\fR returns 1 for success and 0 for failure. It can fail if the +\&\fBASN1_TIME_diff()\fR returns 1 for success and 0 for failure. It can fail if the passed-in time structure has invalid syntax, for example. .PP -\&\fIASN1_TIME_cmp_time_t()\fR and \fIASN1_UTCTIME_cmp_time_t()\fR return \-1 if \fBs\fR is +\&\fBASN1_TIME_cmp_time_t()\fR and \fBASN1_UTCTIME_cmp_time_t()\fR return \-1 if \fBs\fR is before \fBt\fR, 0 if \fBs\fR equals \fBt\fR, or 1 if \fBs\fR is after \fBt\fR. \-2 is returned on error. .PP -\&\fIASN1_TIME_compare()\fR returns \-1 if \fBa\fR is before \fBb\fR, 0 if \fBa\fR equals \fBb\fR, or 1 if \fBa\fR is after \fBb\fR. \-2 is returned on error. +\&\fBASN1_TIME_compare()\fR returns \-1 if \fBa\fR is before \fBb\fR, 0 if \fBa\fR equals \fBb\fR, or 1 if \fBa\fR is after \fBb\fR. \-2 is returned on error. .PP -\&\fIASN1_TIME_to_generalizedtime()\fR returns a pointer to +\&\fBASN1_TIME_to_generalizedtime()\fR returns a pointer to the appropriate time structure on success or \s-1NULL\s0 if an error occurred. .SH "HISTORY" .IX Header "HISTORY" -The \fIASN1_TIME_to_tm()\fR function was added in OpenSSL 1.1.1. -The \fIASN1_TIME_set_string_X509()\fR function was added in OpenSSL 1.1.1. -The \fIASN1_TIME_normalize()\fR function was added in OpenSSL 1.1.1. -The \fIASN1_TIME_cmp_time_t()\fR function was added in OpenSSL 1.1.1. -The \fIASN1_TIME_compare()\fR function was added in OpenSSL 1.1.1. +The \fBASN1_TIME_to_tm()\fR function was added in OpenSSL 1.1.1. +The \fBASN1_TIME_set_string_X509()\fR function was added in OpenSSL 1.1.1. +The \fBASN1_TIME_normalize()\fR function was added in OpenSSL 1.1.1. +The \fBASN1_TIME_cmp_time_t()\fR function was added in OpenSSL 1.1.1. +The \fBASN1_TIME_compare()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/ASN1_TYPE_get.3 b/secure/lib/libcrypto/man/ASN1_TYPE_get.3 index 8fdf9ee50422..aacace731a63 100644 --- a/secure/lib/libcrypto/man/ASN1_TYPE_get.3 +++ b/secure/lib/libcrypto/man/ASN1_TYPE_get.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_TYPE_GET 3" -.TH ASN1_TYPE_GET 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH ASN1_TYPE_GET 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,31 +160,31 @@ These functions allow an \s-1ASN1_TYPE\s0 structure to be manipulated. The \&\s-1ASN1_TYPE\s0 structure can contain any \s-1ASN.1\s0 type or constructed type such as a \s-1SEQUENCE:\s0 it is effectively equivalent to the \s-1ASN.1 ANY\s0 type. .PP -\&\fIASN1_TYPE_get()\fR returns the type of \fBa\fR. +\&\fBASN1_TYPE_get()\fR returns the type of \fBa\fR. .PP -\&\fIASN1_TYPE_set()\fR sets the value of \fBa\fR to \fBtype\fR and \fBvalue\fR. This +\&\fBASN1_TYPE_set()\fR sets the value of \fBa\fR to \fBtype\fR and \fBvalue\fR. This function uses the pointer \fBvalue\fR internally so it must \fBnot\fR be freed up after the call. .PP -\&\fIASN1_TYPE_set1()\fR sets the value of \fBa\fR to \fBtype\fR a copy of \fBvalue\fR. +\&\fBASN1_TYPE_set1()\fR sets the value of \fBa\fR to \fBtype\fR a copy of \fBvalue\fR. .PP -\&\fIASN1_TYPE_cmp()\fR compares \s-1ASN.1\s0 types \fBa\fR and \fBb\fR and returns 0 if +\&\fBASN1_TYPE_cmp()\fR compares \s-1ASN.1\s0 types \fBa\fR and \fBb\fR and returns 0 if they are identical and non-zero otherwise. .PP -\&\fIASN1_TYPE_unpack_sequence()\fR attempts to parse the \s-1SEQUENCE\s0 present in +\&\fBASN1_TYPE_unpack_sequence()\fR attempts to parse the \s-1SEQUENCE\s0 present in \&\fBt\fR using the \s-1ASN.1\s0 structure \fBit\fR. If successful it returns a pointer to the \s-1ASN.1\s0 structure corresponding to \fBit\fR which must be freed by the caller. If it fails it return \s-1NULL.\s0 .PP -\&\fIASN1_TYPE_pack_sequence()\fR attempts to encode the \s-1ASN.1\s0 structure \fBs\fR +\&\fBASN1_TYPE_pack_sequence()\fR attempts to encode the \s-1ASN.1\s0 structure \fBs\fR corresponding to \fBit\fR into an \s-1ASN1_TYPE.\s0 If successful the encoded \&\s-1ASN1_TYPE\s0 is returned. If \fBt\fR and \fB*t\fR are not \s-1NULL\s0 the encoded type is written to \fBt\fR overwriting any existing data. If \fBt\fR is not \s-1NULL\s0 but \fB*t\fR is \s-1NULL\s0 the returned \s-1ASN1_TYPE\s0 is written to \fB*t\fR. .SH "NOTES" .IX Header "NOTES" -The type and meaning of the \fBvalue\fR parameter for \fIASN1_TYPE_set()\fR and -\&\fIASN1_TYPE_set1()\fR is determined by the \fBtype\fR parameter. +The type and meaning of the \fBvalue\fR parameter for \fBASN1_TYPE_set()\fR and +\&\fBASN1_TYPE_set1()\fR is determined by the \fBtype\fR parameter. If \fBtype\fR is V_ASN1_NULL \fBvalue\fR is ignored. If \fBtype\fR is V_ASN1_BOOLEAN then the boolean is set to \s-1TRUE\s0 if \fBvalue\fR is not \s-1NULL.\s0 If \fBtype\fR is V_ASN1_OBJECT then value is an \s-1ASN1_OBJECT\s0 structure. Otherwise \fBtype\fR @@ -191,12 +195,12 @@ a tagged type (V_ASN1_SEQUENCE, V_ASN1_SET or V_ASN1_OTHER) then the \&\s-1ASN1_STRING\s0 contains the entire \s-1ASN.1\s0 encoding verbatim (including tag and length octets). .PP -\&\fIASN1_TYPE_cmp()\fR may not return zero if two types are equivalent but have +\&\fBASN1_TYPE_cmp()\fR may not return zero if two types are equivalent but have different encodings. For example the single content octet of the boolean \s-1TRUE\s0 -value under \s-1BER\s0 can have any non-zero encoding but \fIASN1_TYPE_cmp()\fR will +value under \s-1BER\s0 can have any non-zero encoding but \fBASN1_TYPE_cmp()\fR will only return zero if the values are the same. .PP -If either or both of the parameters passed to \fIASN1_TYPE_cmp()\fR is \s-1NULL\s0 the +If either or both of the parameters passed to \fBASN1_TYPE_cmp()\fR is \s-1NULL\s0 the return value is non-zero. Technically if both parameters are \s-1NULL\s0 the two types could be absent \s-1OPTIONAL\s0 fields and so should match, however passing \&\s-1NULL\s0 values could also indicate a programming error (for example an @@ -204,18 +208,18 @@ unparseable type which returns \s-1NULL\s0) for types which do \fBnot\fR match. applications should handle the case of two absent values separately. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIASN1_TYPE_get()\fR returns the type of the \s-1ASN1_TYPE\s0 argument. +\&\fBASN1_TYPE_get()\fR returns the type of the \s-1ASN1_TYPE\s0 argument. .PP -\&\fIASN1_TYPE_set()\fR does not return a value. +\&\fBASN1_TYPE_set()\fR does not return a value. .PP -\&\fIASN1_TYPE_set1()\fR returns 1 for success and 0 for failure. +\&\fBASN1_TYPE_set1()\fR returns 1 for success and 0 for failure. .PP -\&\fIASN1_TYPE_cmp()\fR returns 0 if the types are identical and non-zero otherwise. +\&\fBASN1_TYPE_cmp()\fR returns 0 if the types are identical and non-zero otherwise. .PP -\&\fIASN1_TYPE_unpack_sequence()\fR returns a pointer to an \s-1ASN.1\s0 structure or +\&\fBASN1_TYPE_unpack_sequence()\fR returns a pointer to an \s-1ASN.1\s0 structure or \&\s-1NULL\s0 on failure. .PP -\&\fIASN1_TYPE_pack_sequence()\fR return an \s-1ASN1_TYPE\s0 structure if it succeeds or +\&\fBASN1_TYPE_pack_sequence()\fR return an \s-1ASN1_TYPE\s0 structure if it succeeds or \&\s-1NULL\s0 on failure. .SH "COPYRIGHT" .IX Header "COPYRIGHT" diff --git a/secure/lib/libcrypto/man/ASN1_generate_nconf.3 b/secure/lib/libcrypto/man/ASN1_generate_nconf.3 index f4f64a5405f0..0a0afc8955da 100644 --- a/secure/lib/libcrypto/man/ASN1_generate_nconf.3 +++ b/secure/lib/libcrypto/man/ASN1_generate_nconf.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_GENERATE_NCONF 3" -.TH ASN1_GENERATE_NCONF 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH ASN1_GENERATE_NCONF 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -360,13 +364,13 @@ structure: .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIASN1_generate_nconf()\fR and \fIASN1_generate_v3()\fR return the encoded +\&\fBASN1_generate_nconf()\fR and \fBASN1_generate_v3()\fR return the encoded data as an \fB\s-1ASN1_TYPE\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. .PP -The error codes that can be obtained by \fIERR_get_error\fR\|(3). +The error codes that can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3) +\&\fBERR_get_error\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/ASYNC_WAIT_CTX_new.3 b/secure/lib/libcrypto/man/ASYNC_WAIT_CTX_new.3 index b24f5c7e9d91..cb14f266a847 100644 --- a/secure/lib/libcrypto/man/ASYNC_WAIT_CTX_new.3 +++ b/secure/lib/libcrypto/man/ASYNC_WAIT_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASYNC_WAIT_CTX_NEW 3" -.TH ASYNC_WAIT_CTX_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH ASYNC_WAIT_CTX_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -160,25 +164,25 @@ ASYNC_WAIT_CTX_new, ASYNC_WAIT_CTX_free, ASYNC_WAIT_CTX_set_wait_fd, ASYNC_WAIT_ .SH "DESCRIPTION" .IX Header "DESCRIPTION" For an overview of how asynchronous operations are implemented in OpenSSL see -\&\fIASYNC_start_job\fR\|(3). An \s-1ASYNC_WAIT_CTX\s0 object represents an asynchronous +\&\fBASYNC_start_job\fR\|(3). An \s-1ASYNC_WAIT_CTX\s0 object represents an asynchronous \&\*(L"session\*(R", i.e. a related set of crypto operations. For example in \s-1SSL\s0 terms this would have a one-to-one correspondence with an \s-1SSL\s0 connection. .PP -Application code must create an \s-1ASYNC_WAIT_CTX\s0 using the \fIASYNC_WAIT_CTX_new()\fR -function prior to calling \fIASYNC_start_job()\fR (see \fIASYNC_start_job\fR\|(3)). When +Application code must create an \s-1ASYNC_WAIT_CTX\s0 using the \fBASYNC_WAIT_CTX_new()\fR +function prior to calling \fBASYNC_start_job()\fR (see \fBASYNC_start_job\fR\|(3)). When the job is started it is associated with the \s-1ASYNC_WAIT_CTX\s0 for the duration of that job. An \s-1ASYNC_WAIT_CTX\s0 should only be used for one \s-1ASYNC_JOB\s0 at any one time, but can be reused after an \s-1ASYNC_JOB\s0 has finished for a subsequent \&\s-1ASYNC_JOB.\s0 When the session is complete (e.g. the \s-1SSL\s0 connection is closed), -application code cleans up with \fIASYNC_WAIT_CTX_free()\fR. +application code cleans up with \fBASYNC_WAIT_CTX_free()\fR. .PP ASYNC_WAIT_CTXs can have \*(L"wait\*(R" file descriptors associated with them. Calling -\&\fIASYNC_WAIT_CTX_get_all_fds()\fR and passing in a pointer to an \s-1ASYNC_WAIT_CTX\s0 in +\&\fBASYNC_WAIT_CTX_get_all_fds()\fR and passing in a pointer to an \s-1ASYNC_WAIT_CTX\s0 in the \fBctx\fR parameter will return the wait file descriptors associated with that job in \fB*fd\fR. The number of file descriptors returned will be stored in \&\fB*numfds\fR. It is the caller's responsibility to ensure that sufficient memory has been allocated in \fB*fd\fR to receive all the file descriptors. Calling -\&\fIASYNC_WAIT_CTX_get_all_fds()\fR with a \s-1NULL\s0 \fBfd\fR value will return no file +\&\fBASYNC_WAIT_CTX_get_all_fds()\fR with a \s-1NULL\s0 \fBfd\fR value will return no file descriptors but will still populate \fB*numfds\fR. Therefore application code is typically expected to call this function twice: once to get the number of fds, and then again when sufficient memory has been allocated. If only one @@ -186,13 +190,13 @@ asynchronous engine is being used then normally this call will only ever return one fd. If multiple asynchronous engines are being used then more could be returned. .PP -The function \fIASYNC_WAIT_CTX_get_changed_fds()\fR can be used to detect if any fds -have changed since the last call time \fIASYNC_start_job()\fR returned an \s-1ASYNC_PAUSE\s0 +The function \fBASYNC_WAIT_CTX_get_changed_fds()\fR can be used to detect if any fds +have changed since the last call time \fBASYNC_start_job()\fR returned an \s-1ASYNC_PAUSE\s0 result (or since the \s-1ASYNC_WAIT_CTX\s0 was created if no \s-1ASYNC_PAUSE\s0 result has been received). The \fBnumaddfds\fR and \fBnumdelfds\fR parameters will be populated with the number of fds added or deleted respectively. \fB*addfd\fR and \fB*delfd\fR will be populated with the list of added and deleted fds respectively. Similarly -to \fIASYNC_WAIT_CTX_get_all_fds()\fR either of these can be \s-1NULL,\s0 but if they are not +to \fBASYNC_WAIT_CTX_get_all_fds()\fR either of these can be \s-1NULL,\s0 but if they are not \&\s-1NULL\s0 then the caller is responsible for ensuring sufficient memory is allocated. .PP Implementors of async aware code (e.g. engines) are encouraged to return a @@ -207,25 +211,25 @@ application will have to periodically \*(L"poll\*(R" the job by attempting to re to see if it is ready to continue. .PP Async aware code (e.g. engines) can get the current \s-1ASYNC_WAIT_CTX\s0 from the job -via \fIASYNC_get_wait_ctx\fR\|(3) and provide a file descriptor to use for waiting -on by calling \fIASYNC_WAIT_CTX_set_wait_fd()\fR. Typically this would be done by an -engine immediately prior to calling \fIASYNC_pause_job()\fR and not by end user code. +via \fBASYNC_get_wait_ctx\fR\|(3) and provide a file descriptor to use for waiting +on by calling \fBASYNC_WAIT_CTX_set_wait_fd()\fR. Typically this would be done by an +engine immediately prior to calling \fBASYNC_pause_job()\fR and not by end user code. An existing association with a file descriptor can be obtained using -\&\fIASYNC_WAIT_CTX_get_fd()\fR and cleared using \fIASYNC_WAIT_CTX_clear_fd()\fR. Both of +\&\fBASYNC_WAIT_CTX_get_fd()\fR and cleared using \fBASYNC_WAIT_CTX_clear_fd()\fR. Both of these functions requires a \fBkey\fR value which is unique to the async aware code. This could be any unique value but a good candidate might be the \&\fB\s-1ENGINE\s0 *\fR for the engine. The \fBcustom_data\fR parameter can be any value, and -will be returned in a subsequent call to \fIASYNC_WAIT_CTX_get_fd()\fR. The -\&\fIASYNC_WAIT_CTX_set_wait_fd()\fR function also expects a pointer to a \*(L"cleanup\*(R" +will be returned in a subsequent call to \fBASYNC_WAIT_CTX_get_fd()\fR. The +\&\fBASYNC_WAIT_CTX_set_wait_fd()\fR function also expects a pointer to a \*(L"cleanup\*(R" routine. This can be \s-1NULL\s0 but if provided will automatically get called when the \s-1ASYNC_WAIT_CTX\s0 is freed, and gives the engine the opportunity to close the fd or any other resources. Note: The \*(L"cleanup\*(R" routine does not get called if -the fd is cleared directly via a call to \fIASYNC_WAIT_CTX_clear_fd()\fR. +the fd is cleared directly via a call to \fBASYNC_WAIT_CTX_clear_fd()\fR. .PP An example of typical usage might be an async capable engine. User code would initiate cryptographic operations. The engine would initiate those operations -asynchronously and then call \fIASYNC_WAIT_CTX_set_wait_fd()\fR followed by -\&\fIASYNC_pause_job()\fR to return control to the user code. The user code can then +asynchronously and then call \fBASYNC_WAIT_CTX_set_wait_fd()\fR followed by +\&\fBASYNC_pause_job()\fR to return control to the user code. The user code can then perform other tasks or wait for the job to be ready by calling \*(L"select\*(R" or other similar function on the wait file descriptor. The engine can signal to the user code that the job should be resumed by making the wait file descriptor @@ -233,7 +237,7 @@ code that the job should be resumed by making the wait file descriptor file descriptor. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIASYNC_WAIT_CTX_new()\fR returns a pointer to the newly allocated \s-1ASYNC_WAIT_CTX\s0 or +\&\fBASYNC_WAIT_CTX_new()\fR returns a pointer to the newly allocated \s-1ASYNC_WAIT_CTX\s0 or \&\s-1NULL\s0 on error. .PP ASYNC_WAIT_CTX_set_wait_fd, ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds, @@ -249,13 +253,13 @@ it is defined as an application developer's responsibility to include windows.h prior to async.h. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrypto\fR\|(7), \fIASYNC_start_job\fR\|(3) +\&\fBcrypto\fR\|(7), \fBASYNC_start_job\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -ASYNC_WAIT_CTX_new, ASYNC_WAIT_CTX_free, ASYNC_WAIT_CTX_set_wait_fd, -ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds, -ASYNC_WAIT_CTX_get_changed_fds, ASYNC_WAIT_CTX_clear_fd were first added to -OpenSSL 1.1.0. +\&\fBASYNC_WAIT_CTX_new()\fR, \fBASYNC_WAIT_CTX_free()\fR, \fBASYNC_WAIT_CTX_set_wait_fd()\fR, +\&\fBASYNC_WAIT_CTX_get_fd()\fR, \fBASYNC_WAIT_CTX_get_all_fds()\fR, +\&\fBASYNC_WAIT_CTX_get_changed_fds()\fR and \fBASYNC_WAIT_CTX_clear_fd()\fR +were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/ASYNC_start_job.3 b/secure/lib/libcrypto/man/ASYNC_start_job.3 index 2d3a7ebe3a5f..241224ba8b93 100644 --- a/secure/lib/libcrypto/man/ASYNC_start_job.3 +++ b/secure/lib/libcrypto/man/ASYNC_start_job.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASYNC_START_JOB 3" -.TH ASYNC_START_JOB 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH ASYNC_START_JOB 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -166,12 +170,12 @@ The creation of an \s-1ASYNC_JOB\s0 is a relatively expensive operation. Therefo efficiency reasons, jobs can be created up front and reused many times. They are held in a pool until they are needed, at which point they are removed from the pool, used, and then returned to the pool when the job completes. If the user -application is multi-threaded, then \fIASYNC_init_thread()\fR may be called for each +application is multi-threaded, then \fBASYNC_init_thread()\fR may be called for each thread that will initiate asynchronous jobs. Before user code exits per-thread resources need to be cleaned up. This will normally -occur automatically (see \fIOPENSSL_init_crypto\fR\|(3)) but may be explicitly -initiated by using \fIASYNC_cleanup_thread()\fR. No asynchronous jobs must be -outstanding for the thread when \fIASYNC_cleanup_thread()\fR is called. Failing to +occur automatically (see \fBOPENSSL_init_crypto\fR\|(3)) but may be explicitly +initiated by using \fBASYNC_cleanup_thread()\fR. No asynchronous jobs must be +outstanding for the thread when \fBASYNC_cleanup_thread()\fR is called. Failing to ensure this will result in memory leaks. .PP The \fBmax_size\fR argument limits the number of ASYNC_JOBs that will be held in @@ -179,14 +183,14 @@ the pool. If \fBmax_size\fR is set to 0 then no upper limit is set. When an \&\s-1ASYNC_JOB\s0 is needed but there are none available in the pool already then one will be automatically created, as long as the total of ASYNC_JOBs managed by the pool does not exceed \fBmax_size\fR. When the pool is first initialised -\&\fBinit_size\fR ASYNC_JOBs will be created immediately. If \fIASYNC_init_thread()\fR is +\&\fBinit_size\fR ASYNC_JOBs will be created immediately. If \fBASYNC_init_thread()\fR is not called before the pool is first used then it will be called automatically with a \fBmax_size\fR of 0 (no upper limit) and an \fBinit_size\fR of 0 (no ASYNC_JOBs created up front). .PP -An asynchronous job is started by calling the \fIASYNC_start_job()\fR function. +An asynchronous job is started by calling the \fBASYNC_start_job()\fR function. Initially \fB*job\fR should be \s-1NULL.\s0 \fBctx\fR should point to an \s-1ASYNC_WAIT_CTX\s0 -object created through the \fIASYNC_WAIT_CTX_new\fR\|(3) function. \fBret\fR should +object created through the \fBASYNC_WAIT_CTX_new\fR\|(3) function. \fBret\fR should point to a location where the return value of the asynchronous function should be stored on completion of the job. \fBfunc\fR represents the function that should be started asynchronously. The data pointed to by \fBargs\fR and of size \fBsize\fR @@ -195,7 +199,7 @@ ASYNC_start_job will return one of the following values: .IP "\fB\s-1ASYNC_ERR\s0\fR" 4 .IX Item "ASYNC_ERR" An error occurred trying to start the job. Check the OpenSSL error queue (e.g. -see \fIERR_print_errors\fR\|(3)) for more details. +see \fBERR_print_errors\fR\|(3)) for more details. .IP "\fB\s-1ASYNC_NO_JOBS\s0\fR" 4 .IX Item "ASYNC_NO_JOBS" There are no jobs currently available in the pool. This call can be retried @@ -203,11 +207,11 @@ again at a later time. .IP "\fB\s-1ASYNC_PAUSE\s0\fR" 4 .IX Item "ASYNC_PAUSE" The job was successfully started but was \*(L"paused\*(R" before it completed (see -\&\fIASYNC_pause_job()\fR below). A handle to the job is placed in \fB*job\fR. Other work +\&\fBASYNC_pause_job()\fR below). A handle to the job is placed in \fB*job\fR. Other work can be performed (if desired) and the job restarted at a later time. To restart -a job call \fIASYNC_start_job()\fR again passing the job handle in \fB*job\fR. The +a job call \fBASYNC_start_job()\fR again passing the job handle in \fB*job\fR. The \&\fBfunc\fR, \fBargs\fR and \fBsize\fR parameters will be ignored when restarting a job. -When restarting a job \fIASYNC_start_job()\fR \fBmust\fR be called from the same thread +When restarting a job \fBASYNC_start_job()\fR \fBmust\fR be called from the same thread that the job was originally started from. .IP "\fB\s-1ASYNC_FINISH\s0\fR" 4 .IX Item "ASYNC_FINISH" @@ -215,20 +219,20 @@ The job completed. \fB*job\fR will be \s-1NULL\s0 and the return value from \fBf be placed in \fB*ret\fR. .PP At any one time there can be a maximum of one job actively running per thread -(you can have many that are paused). \fIASYNC_get_current_job()\fR can be used to get +(you can have many that are paused). \fBASYNC_get_current_job()\fR can be used to get a pointer to the currently executing \s-1ASYNC_JOB.\s0 If no job is currently executing then this will return \s-1NULL.\s0 .PP If executing within the context of a job (i.e. having been called directly or -indirectly by the function \*(L"func\*(R" passed as an argument to \fIASYNC_start_job()\fR) -then \fIASYNC_pause_job()\fR will immediately return control to the calling -application with \s-1ASYNC_PAUSE\s0 returned from the \fIASYNC_start_job()\fR call. A +indirectly by the function \*(L"func\*(R" passed as an argument to \fBASYNC_start_job()\fR) +then \fBASYNC_pause_job()\fR will immediately return control to the calling +application with \s-1ASYNC_PAUSE\s0 returned from the \fBASYNC_start_job()\fR call. A subsequent call to ASYNC_start_job passing in the relevant \s-1ASYNC_JOB\s0 in the -\&\fB*job\fR parameter will resume execution from the \fIASYNC_pause_job()\fR call. If -\&\fIASYNC_pause_job()\fR is called whilst not within the context of a job then no -action is taken and \fIASYNC_pause_job()\fR returns immediately. +\&\fB*job\fR parameter will resume execution from the \fBASYNC_pause_job()\fR call. If +\&\fBASYNC_pause_job()\fR is called whilst not within the context of a job then no +action is taken and \fBASYNC_pause_job()\fR returns immediately. .PP -\&\fIASYNC_get_wait_ctx()\fR can be used to get a pointer to the \s-1ASYNC_WAIT_CTX\s0 +\&\fBASYNC_get_wait_ctx()\fR can be used to get a pointer to the \s-1ASYNC_WAIT_CTX\s0 for the \fBjob\fR. ASYNC_WAIT_CTXs can have a \*(L"wait\*(R" file descriptor associated with them. Applications can wait for the file descriptor to be ready for \*(L"read\*(R" using a system function call such as select or poll (being ready for \*(L"read\*(R" @@ -238,30 +242,30 @@ attempting to restart it to see if it is ready to continue. .PP An example of typical usage might be an async capable engine. User code would initiate cryptographic operations. The engine would initiate those operations -asynchronously and then call \fIASYNC_WAIT_CTX_set_wait_fd\fR\|(3) followed by -\&\fIASYNC_pause_job()\fR to return control to the user code. The user code can then +asynchronously and then call \fBASYNC_WAIT_CTX_set_wait_fd\fR\|(3) followed by +\&\fBASYNC_pause_job()\fR to return control to the user code. The user code can then perform other tasks or wait for the job to be ready by calling \*(L"select\*(R" or other similar function on the wait file descriptor. The engine can signal to the user code that the job should be resumed by making the wait file descriptor \&\*(L"readable\*(R". Once resumed the engine should clear the wake signal on the wait file descriptor. .PP -The \fIASYNC_block_pause()\fR function will prevent the currently active job from +The \fBASYNC_block_pause()\fR function will prevent the currently active job from pausing. The block will remain in place until a subsequent call to -\&\fIASYNC_unblock_pause()\fR. These functions can be nested, e.g. if you call -\&\fIASYNC_block_pause()\fR twice then you must call \fIASYNC_unblock_pause()\fR twice in +\&\fBASYNC_unblock_pause()\fR. These functions can be nested, e.g. if you call +\&\fBASYNC_block_pause()\fR twice then you must call \fBASYNC_unblock_pause()\fR twice in order to re-enable pausing. If these functions are called while there is no currently active job then they have no effect. This functionality can be useful to avoid deadlock scenarios. For example during the execution of an \s-1ASYNC_JOB\s0 an application acquires a lock. It then calls some cryptographic function which -invokes \fIASYNC_pause_job()\fR. This returns control back to the code that created +invokes \fBASYNC_pause_job()\fR. This returns control back to the code that created the \s-1ASYNC_JOB.\s0 If that code then attempts to acquire the same lock before resuming the original job then a deadlock can occur. By calling -\&\fIASYNC_block_pause()\fR immediately after acquiring the lock and -\&\fIASYNC_unblock_pause()\fR immediately before releasing it then this situation cannot +\&\fBASYNC_block_pause()\fR immediately after acquiring the lock and +\&\fBASYNC_unblock_pause()\fR immediately before releasing it then this situation cannot occur. .PP -Some platforms cannot support async operations. The \fIASYNC_is_capable()\fR function +Some platforms cannot support async operations. The \fBASYNC_is_capable()\fR function can be used to detect whether the current platform is async capable or not. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -277,9 +281,9 @@ returned. ASYNC_get_current_job returns a pointer to the currently executing \s-1ASYNC_JOB\s0 or \&\s-1NULL\s0 if not within the context of a job. .PP -\&\fIASYNC_get_wait_ctx()\fR returns a pointer to the \s-1ASYNC_WAIT_CTX\s0 for the job. +\&\fBASYNC_get_wait_ctx()\fR returns a pointer to the \s-1ASYNC_WAIT_CTX\s0 for the job. .PP -\&\fIASYNC_is_capable()\fR returns 1 if the current platform is async capable or 0 +\&\fBASYNC_is_capable()\fR returns 1 if the current platform is async capable or 0 otherwise. .SH "NOTES" .IX Header "NOTES" @@ -432,13 +436,13 @@ The expected output from executing the above example program is: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrypto\fR\|(7), \fIERR_print_errors\fR\|(3) +\&\fBcrypto\fR\|(7), \fBERR_print_errors\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" ASYNC_init_thread, ASYNC_cleanup_thread, -ASYNC_start_job, ASYNC_pause_job, ASYNC_get_current_job, \fIASYNC_get_wait_ctx()\fR, -\&\fIASYNC_block_pause()\fR, \fIASYNC_unblock_pause()\fR and \fIASYNC_is_capable()\fR were first -added to OpenSSL 1.1.0. +ASYNC_start_job, ASYNC_pause_job, ASYNC_get_current_job, \fBASYNC_get_wait_ctx()\fR, +\&\fBASYNC_block_pause()\fR, \fBASYNC_unblock_pause()\fR and \fBASYNC_is_capable()\fR were first +added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/BF_encrypt.3 b/secure/lib/libcrypto/man/BF_encrypt.3 index 59228ee4e851..8065aa3939ae 100644 --- a/secure/lib/libcrypto/man/BF_encrypt.3 +++ b/secure/lib/libcrypto/man/BF_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BF_ENCRYPT 3" -.TH BF_ENCRYPT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BF_ENCRYPT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -167,59 +171,59 @@ by Counterpane (see http://www.counterpane.com/blowfish.html ). Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data. It uses a variable size key, but typically, 128 bit (16 byte) keys are considered good for strong encryption. Blowfish can be used in the same -modes as \s-1DES\s0 (see \fIdes_modes\fR\|(7)). Blowfish is currently one +modes as \s-1DES\s0 (see \fBdes_modes\fR\|(7)). Blowfish is currently one of the faster block ciphers. It is quite a bit faster than \s-1DES,\s0 and much faster than \s-1IDEA\s0 or \s-1RC2.\s0 .PP Blowfish consists of a key setup phase and the actual encryption or decryption phase. .PP -\&\fIBF_set_key()\fR sets up the \fB\s-1BF_KEY\s0\fR \fBkey\fR using the \fBlen\fR bytes long key +\&\fBBF_set_key()\fR sets up the \fB\s-1BF_KEY\s0\fR \fBkey\fR using the \fBlen\fR bytes long key at \fBdata\fR. .PP -\&\fIBF_ecb_encrypt()\fR is the basic Blowfish encryption and decryption function. +\&\fBBF_ecb_encrypt()\fR is the basic Blowfish encryption and decryption function. It encrypts or decrypts the first 64 bits of \fBin\fR using the key \fBkey\fR, putting the result in \fBout\fR. \fBenc\fR decides if encryption (\fB\s-1BF_ENCRYPT\s0\fR) or decryption (\fB\s-1BF_DECRYPT\s0\fR) shall be performed. The vector pointed at by \&\fBin\fR and \fBout\fR must be 64 bits in length, no less. If they are larger, everything after the first 64 bits is ignored. .PP -The mode functions \fIBF_cbc_encrypt()\fR, \fIBF_cfb64_encrypt()\fR and \fIBF_ofb64_encrypt()\fR +The mode functions \fBBF_cbc_encrypt()\fR, \fBBF_cfb64_encrypt()\fR and \fBBF_ofb64_encrypt()\fR all operate on variable length data. They all take an initialization vector \&\fBivec\fR which needs to be passed along into the next call of the same function for the same message. \fBivec\fR may be initialized with anything, but the recipient needs to know what it was initialized with, or it won't be able to decrypt. Some programs and protocols simplify this, like \s-1SSH,\s0 where \&\fBivec\fR is simply initialized to zero. -\&\fIBF_cbc_encrypt()\fR operates on data that is a multiple of 8 bytes long, while -\&\fIBF_cfb64_encrypt()\fR and \fIBF_ofb64_encrypt()\fR are used to encrypt an variable +\&\fBBF_cbc_encrypt()\fR operates on data that is a multiple of 8 bytes long, while +\&\fBBF_cfb64_encrypt()\fR and \fBBF_ofb64_encrypt()\fR are used to encrypt an variable number of bytes (the amount does not have to be an exact multiple of 8). The purpose of the latter two is to simulate stream ciphers, and therefore, they need the parameter \fBnum\fR, which is a pointer to an integer where the current offset in \fBivec\fR is stored between calls. This integer must be initialized to zero when \fBivec\fR is initialized. .PP -\&\fIBF_cbc_encrypt()\fR is the Cipher Block Chaining function for Blowfish. It +\&\fBBF_cbc_encrypt()\fR is the Cipher Block Chaining function for Blowfish. It encrypts or decrypts the 64 bits chunks of \fBin\fR using the key \fBschedule\fR, putting the result in \fBout\fR. \fBenc\fR decides if encryption (\s-1BF_ENCRYPT\s0) or decryption (\s-1BF_DECRYPT\s0) shall be performed. \fBivec\fR must point at an 8 byte long initialization vector. .PP -\&\fIBF_cfb64_encrypt()\fR is the \s-1CFB\s0 mode for Blowfish with 64 bit feedback. +\&\fBBF_cfb64_encrypt()\fR is the \s-1CFB\s0 mode for Blowfish with 64 bit feedback. It encrypts or decrypts the bytes in \fBin\fR using the key \fBschedule\fR, putting the result in \fBout\fR. \fBenc\fR decides if encryption (\fB\s-1BF_ENCRYPT\s0\fR) or decryption (\fB\s-1BF_DECRYPT\s0\fR) shall be performed. \fBivec\fR must point at an 8 byte long initialization vector. \fBnum\fR must point at an integer which must be initially zero. .PP -\&\fIBF_ofb64_encrypt()\fR is the \s-1OFB\s0 mode for Blowfish with 64 bit feedback. -It uses the same parameters as \fIBF_cfb64_encrypt()\fR, which must be initialized +\&\fBBF_ofb64_encrypt()\fR is the \s-1OFB\s0 mode for Blowfish with 64 bit feedback. +It uses the same parameters as \fBBF_cfb64_encrypt()\fR, which must be initialized the same way. .PP -\&\fIBF_encrypt()\fR and \fIBF_decrypt()\fR are the lowest level functions for Blowfish +\&\fBBF_encrypt()\fR and \fBBF_decrypt()\fR are the lowest level functions for Blowfish encryption. They encrypt/decrypt the first 64 bits of the vector pointed by \&\fBdata\fR, using the key \fBkey\fR. These functions should not be used unless you -implement 'modes' of Blowfish. The alternative is to use \fIBF_ecb_encrypt()\fR. +implement 'modes' of Blowfish. The alternative is to use \fBBF_ecb_encrypt()\fR. If you still want to use these functions, you should be aware that they take each 32\-bit chunk in host-byte order, which is little-endian on little-endian platforms and big-endian on big-endian ones. @@ -229,12 +233,12 @@ None of the functions presented here return any value. .SH "NOTE" .IX Header "NOTE" Applications should use the higher level functions -\&\fIEVP_EncryptInit\fR\|(3) etc. instead of calling these +\&\fBEVP_EncryptInit\fR\|(3) etc. instead of calling these functions directly. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_EncryptInit\fR\|(3), -\&\fIdes_modes\fR\|(7) +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBdes_modes\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/BIO_ADDR.3 b/secure/lib/libcrypto/man/BIO_ADDR.3 index cc36a3cc8506..f6571c41d30e 100644 --- a/secure/lib/libcrypto/man/BIO_ADDR.3 +++ b/secure/lib/libcrypto/man/BIO_ADDR.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_ADDR 3" -.TH BIO_ADDR 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BIO_ADDR 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -163,31 +167,31 @@ addresses that OpenSSL deals with, currently transparently supporting \s-1AF_INET, AF_INET6\s0 and \s-1AF_UNIX\s0 according to what's available on the platform at hand. .PP -\&\fIBIO_ADDR_new()\fR creates a new unfilled \fB\s-1BIO_ADDR\s0\fR, to be used +\&\fBBIO_ADDR_new()\fR creates a new unfilled \fB\s-1BIO_ADDR\s0\fR, to be used with routines that will fill it with information, such as -\&\fIBIO_accept_ex()\fR. +\&\fBBIO_accept_ex()\fR. .PP -\&\fIBIO_ADDR_free()\fR frees a \fB\s-1BIO_ADDR\s0\fR created with \fIBIO_ADDR_new()\fR. +\&\fBBIO_ADDR_free()\fR frees a \fB\s-1BIO_ADDR\s0\fR created with \fBBIO_ADDR_new()\fR. .PP -\&\fIBIO_ADDR_clear()\fR clears any data held within the provided \fB\s-1BIO_ADDR\s0\fR and sets +\&\fBBIO_ADDR_clear()\fR clears any data held within the provided \fB\s-1BIO_ADDR\s0\fR and sets it back to an uninitialised state. .PP -\&\fIBIO_ADDR_rawmake()\fR takes a protocol \fBfamily\fR, an byte array of +\&\fBBIO_ADDR_rawmake()\fR takes a protocol \fBfamily\fR, an byte array of size \fBwherelen\fR with an address in network byte order pointed at by \fBwhere\fR and a port number in network byte order in \fBport\fR (except for the \fB\s-1AF_UNIX\s0\fR protocol family, where \fBport\fR is meaningless and therefore ignored) and populates the given \fB\s-1BIO_ADDR\s0\fR with them. In case this creates a \fB\s-1AF_UNIX\s0\fR \fB\s-1BIO_ADDR\s0\fR, \fBwherelen\fR is expected to be the length of the path string (not including the terminating -\&\s-1NUL,\s0 such as the result of a call to \fIstrlen()\fR). +\&\s-1NUL,\s0 such as the result of a call to \fBstrlen()\fR). \&\fIRead on about the addresses in \*(L"\s-1RAW ADDRESSES\*(R"\s0 below\fR. .PP -\&\fIBIO_ADDR_family()\fR returns the protocol family of the given +\&\fBBIO_ADDR_family()\fR returns the protocol family of the given \&\fB\s-1BIO_ADDR\s0\fR. The possible non-error results are one of the constants \s-1AF_INET, AF_INET6\s0 and \s-1AF_UNIX.\s0 It will also return \s-1AF_UNSPEC\s0 if the \&\s-1BIO_ADDR\s0 has not been initialised. .PP -\&\fIBIO_ADDR_rawaddress()\fR will write the raw address of the given +\&\fBBIO_ADDR_rawaddress()\fR will write the raw address of the given \&\fB\s-1BIO_ADDR\s0\fR in the area pointed at by \fBp\fR if \fBp\fR is non-NULL, and will set \fB*l\fR to be the amount of bytes the raw address takes up if \fBl\fR is non-NULL. @@ -196,41 +200,41 @@ with \fBp\fR set to \fB\s-1NULL\s0\fR. The raw address will be in network byte order, most significant byte first. In case this is a \fB\s-1AF_UNIX\s0\fR \fB\s-1BIO_ADDR\s0\fR, \fBl\fR gets the length of the path string (not including the terminating \s-1NUL,\s0 such as the result of -a call to \fIstrlen()\fR). +a call to \fBstrlen()\fR). \&\fIRead on about the addresses in \*(L"\s-1RAW ADDRESSES\*(R"\s0 below\fR. .PP -\&\fIBIO_ADDR_rawport()\fR returns the raw port of the given \fB\s-1BIO_ADDR\s0\fR. +\&\fBBIO_ADDR_rawport()\fR returns the raw port of the given \fB\s-1BIO_ADDR\s0\fR. The raw port will be in network byte order. .PP -\&\fIBIO_ADDR_hostname_string()\fR returns a character string with the +\&\fBBIO_ADDR_hostname_string()\fR returns a character string with the hostname of the given \fB\s-1BIO_ADDR\s0\fR. If \fBnumeric\fR is 1, the string will contain the numerical form of the address. This only works for \&\fB\s-1BIO_ADDR\s0\fR of the protocol families \s-1AF_INET\s0 and \s-1AF_INET6.\s0 The returned string has been allocated on the heap and must be freed -with \fIOPENSSL_free()\fR. +with \fBOPENSSL_free()\fR. .PP -\&\fIBIO_ADDR_service_string()\fR returns a character string with the +\&\fBBIO_ADDR_service_string()\fR returns a character string with the service name of the port of the given \fB\s-1BIO_ADDR\s0\fR. If \fBnumeric\fR is 1, the string will contain the port number. This only works for \fB\s-1BIO_ADDR\s0\fR of the protocol families \s-1AF_INET\s0 and \s-1AF_INET6.\s0 The returned string has been allocated on the heap and must be freed -with \fIOPENSSL_free()\fR. +with \fBOPENSSL_free()\fR. .PP -\&\fIBIO_ADDR_path_string()\fR returns a character string with the path +\&\fBBIO_ADDR_path_string()\fR returns a character string with the path of the given \fB\s-1BIO_ADDR\s0\fR. This only works for \fB\s-1BIO_ADDR\s0\fR of the protocol family \s-1AF_UNIX.\s0 The returned string has been allocated -on the heap and must be freed with \fIOPENSSL_free()\fR. +on the heap and must be freed with \fBOPENSSL_free()\fR. .SH "RAW ADDRESSES" .IX Header "RAW ADDRESSES" -Both \fIBIO_ADDR_rawmake()\fR and \fIBIO_ADDR_rawaddress()\fR take a pointer to a +Both \fBBIO_ADDR_rawmake()\fR and \fBBIO_ADDR_rawaddress()\fR take a pointer to a network byte order address of a specific site. Internally, those are treated as a pointer to \fBstruct in_addr\fR (for \fB\s-1AF_INET\s0\fR), \fBstruct in6_addr\fR (for \fB\s-1AF_INET6\s0\fR) or \fBchar *\fR (for \fB\s-1AF_UNIX\s0\fR), all depending on the protocol family the address is for. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The string producing functions \fIBIO_ADDR_hostname_string()\fR, -\&\fIBIO_ADDR_service_string()\fR and \fIBIO_ADDR_path_string()\fR will +The string producing functions \fBBIO_ADDR_hostname_string()\fR, +\&\fBBIO_ADDR_service_string()\fR and \fBBIO_ADDR_path_string()\fR will return \fB\s-1NULL\s0\fR on error and leave an error indication on the OpenSSL error stack. .PP @@ -238,7 +242,7 @@ All other functions described here return 0 or \fB\s-1NULL\s0\fR when the information they should return isn't available. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIBIO_connect\fR\|(3), \fIBIO_s_connect\fR\|(3) +\&\fBBIO_connect\fR\|(3), \fBBIO_s_connect\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/BIO_ADDRINFO.3 b/secure/lib/libcrypto/man/BIO_ADDRINFO.3 index c53494d1afeb..932e3c5e352b 100644 --- a/secure/lib/libcrypto/man/BIO_ADDRINFO.3 +++ b/secure/lib/libcrypto/man/BIO_ADDRINFO.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_ADDRINFO 3" -.TH BIO_ADDRINFO 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BIO_ADDRINFO 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -169,7 +173,7 @@ types provided on your platform. \&\fB\s-1BIO_ADDRINFO\s0\fR normally forms a chain of several that can be picked at one by one. .PP -\&\fIBIO_lookup_ex()\fR looks up a specified \fBhost\fR and \fBservice\fR, and +\&\fBBIO_lookup_ex()\fR looks up a specified \fBhost\fR and \fBservice\fR, and uses \fBlookup_type\fR to determine what the default address should be if \fBhost\fR is \fB\s-1NULL\s0\fR. \fBfamily\fR, \fBsocktype\fR and \fBprotocol\fR are used to determine what protocol family, socket type and protocol should be used for @@ -180,36 +184,36 @@ indicates that any type can be used. \fBprotocol\fR specifies a protocol such as used. \fBres\fR points at a pointer to hold the start of a \fB\s-1BIO_ADDRINFO\s0\fR chain. .PP -For the family \fB\s-1AF_UNIX\s0\fR, \fIBIO_lookup_ex()\fR will ignore the \fBservice\fR +For the family \fB\s-1AF_UNIX\s0\fR, \fBBIO_lookup_ex()\fR will ignore the \fBservice\fR parameter and expects the \fBnode\fR parameter to hold the path to the socket file. .PP -\&\fIBIO_lookup()\fR does the same as \fIBIO_lookup_ex()\fR but does not provide the ability +\&\fBBIO_lookup()\fR does the same as \fBBIO_lookup_ex()\fR but does not provide the ability to select based on the protocol (any protocol may be returned). .PP -\&\fIBIO_ADDRINFO_family()\fR returns the family of the given +\&\fBBIO_ADDRINFO_family()\fR returns the family of the given \&\fB\s-1BIO_ADDRINFO\s0\fR. The result will be one of the constants \&\s-1AF_INET, AF_INET6\s0 and \s-1AF_UNIX.\s0 .PP -\&\fIBIO_ADDRINFO_socktype()\fR returns the socket type of the given +\&\fBBIO_ADDRINFO_socktype()\fR returns the socket type of the given \&\fB\s-1BIO_ADDRINFO\s0\fR. The result will be one of the constants \&\s-1SOCK_STREAM\s0 and \s-1SOCK_DGRAM.\s0 .PP -\&\fIBIO_ADDRINFO_protocol()\fR returns the protocol id of the given +\&\fBBIO_ADDRINFO_protocol()\fR returns the protocol id of the given \&\fB\s-1BIO_ADDRINFO\s0\fR. The result will be one of the constants \&\s-1IPPROTO_TCP\s0 and \s-1IPPROTO_UDP.\s0 .PP -\&\fIBIO_ADDRINFO_address()\fR returns the underlying \fB\s-1BIO_ADDR\s0\fR +\&\fBBIO_ADDRINFO_address()\fR returns the underlying \fB\s-1BIO_ADDR\s0\fR of the given \fB\s-1BIO_ADDRINFO\s0\fR. .PP -\&\fIBIO_ADDRINFO_next()\fR returns the next \fB\s-1BIO_ADDRINFO\s0\fR in the chain +\&\fBBIO_ADDRINFO_next()\fR returns the next \fB\s-1BIO_ADDRINFO\s0\fR in the chain from the given one. .PP -\&\fIBIO_ADDRINFO_free()\fR frees the chain of \fB\s-1BIO_ADDRINFO\s0\fR starting +\&\fBBIO_ADDRINFO_free()\fR frees the chain of \fB\s-1BIO_ADDRINFO\s0\fR starting with the given one. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_lookup_ex()\fR and \fIBIO_lookup()\fR return 1 on success and 0 when an error +\&\fBBIO_lookup_ex()\fR and \fBBIO_lookup()\fR return 1 on success and 0 when an error occurred, and will leave an error indication on the OpenSSL error stack in that case. .PP @@ -217,14 +221,14 @@ All other functions described here return 0 or \fB\s-1NULL\s0\fR when the information they should return isn't available. .SH "NOTES" .IX Header "NOTES" -The \fIBIO_lookup_ex()\fR implementation uses the platform provided \fIgetaddrinfo()\fR +The \fBBIO_lookup_ex()\fR implementation uses the platform provided \fBgetaddrinfo()\fR function. On Linux it is known that specifying 0 for the protocol will not -return any \s-1SCTP\s0 based addresses when calling \fIgetaddrinfo()\fR. Therefore if an \s-1SCTP\s0 -address is required then the \fBprotocol\fR parameter to \fIBIO_lookup_ex()\fR should be +return any \s-1SCTP\s0 based addresses when calling \fBgetaddrinfo()\fR. Therefore if an \s-1SCTP\s0 +address is required then the \fBprotocol\fR parameter to \fBBIO_lookup_ex()\fR should be explicitly set to \s-1IPPROTO_SCTP.\s0 The same may be true on other platforms. .SH "HISTORY" .IX Header "HISTORY" -The \fIBIO_lookup_ex()\fR function was added in OpenSSL 1.1.1. +The \fBBIO_lookup_ex()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/BIO_connect.3 b/secure/lib/libcrypto/man/BIO_connect.3 index 6c7d42714b52..a1adc6e97def 100644 --- a/secure/lib/libcrypto/man/BIO_connect.3 +++ b/secure/lib/libcrypto/man/BIO_connect.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_CONNECT 3" -.TH BIO_CONNECT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BIO_CONNECT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,32 +154,32 @@ BIO_socket, BIO_bind, BIO_connect, BIO_listen, BIO_accept_ex, BIO_closesocket \- .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_socket()\fR creates a socket in the domain \fBdomain\fR, of type +\&\fBBIO_socket()\fR creates a socket in the domain \fBdomain\fR, of type \&\fBsocktype\fR and \fBprotocol\fR. Socket \fBoptions\fR are currently unused, but is present for future use. .PP -\&\fIBIO_bind()\fR binds the source address and service to a socket and -may be useful before calling \fIBIO_connect()\fR. The options may include +\&\fBBIO_bind()\fR binds the source address and service to a socket and +may be useful before calling \fBBIO_connect()\fR. The options may include \&\fB\s-1BIO_SOCK_REUSADDR\s0\fR, which is described in \*(L"\s-1FLAGS\*(R"\s0 below. .PP -\&\fIBIO_connect()\fR connects \fBsock\fR to the address and service given by +\&\fBBIO_connect()\fR connects \fBsock\fR to the address and service given by \&\fBaddr\fR. Connection \fBoptions\fR may be zero or any combination of \&\fB\s-1BIO_SOCK_KEEPALIVE\s0\fR, \fB\s-1BIO_SOCK_NONBLOCK\s0\fR and \fB\s-1BIO_SOCK_NODELAY\s0\fR. The flags are described in \*(L"\s-1FLAGS\*(R"\s0 below. .PP -\&\fIBIO_listen()\fR has \fBsock\fR start listening on the address and service +\&\fBBIO_listen()\fR has \fBsock\fR start listening on the address and service given by \fBaddr\fR. Connection \fBoptions\fR may be zero or any combination of \fB\s-1BIO_SOCK_KEEPALIVE\s0\fR, \fB\s-1BIO_SOCK_NONBLOCK\s0\fR, \&\fB\s-1BIO_SOCK_NODELAY\s0\fR, \fB\s-1BIO_SOCK_REUSEADDR\s0\fR and \fB\s-1BIO_SOCK_V6_ONLY\s0\fR. The flags are described in \*(L"\s-1FLAGS\*(R"\s0 below. .PP -\&\fIBIO_accept_ex()\fR waits for an incoming connections on the given +\&\fBBIO_accept_ex()\fR waits for an incoming connections on the given socket \fBaccept_sock\fR. When it gets a connection, the address and port of the peer gets stored in \fBpeer\fR if that one is non-NULL. Accept \fBoptions\fR may be zero or \fB\s-1BIO_SOCK_NONBLOCK\s0\fR, and is applied on the accepted socket. The flags are described in \*(L"\s-1FLAGS\*(R"\s0 below. .PP -\&\fIBIO_closesocket()\fR closes \fBsock\fR. +\&\fBBIO_closesocket()\fR closes \fBsock\fR. .SH "FLAGS" .IX Header "FLAGS" .IP "\s-1BIO_SOCK_KEEPALIVE\s0" 4 @@ -206,26 +210,26 @@ These flags are bit flags, so they are to be combined with the .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_socket()\fR returns the socket number on success or \fB\s-1INVALID_SOCKET\s0\fR +\&\fBBIO_socket()\fR returns the socket number on success or \fB\s-1INVALID_SOCKET\s0\fR (\-1) on error. When an error has occurred, the OpenSSL error stack will hold the error data and errno has the system error. .PP -\&\fIBIO_bind()\fR, \fIBIO_connect()\fR and \fIBIO_listen()\fR return 1 on success or 0 on error. +\&\fBBIO_bind()\fR, \fBBIO_connect()\fR and \fBBIO_listen()\fR return 1 on success or 0 on error. When an error has occurred, the OpenSSL error stack will hold the error data and errno has the system error. .PP -\&\fIBIO_accept_ex()\fR returns the accepted socket on success or +\&\fBBIO_accept_ex()\fR returns the accepted socket on success or \&\fB\s-1INVALID_SOCKET\s0\fR (\-1) on error. When an error has occurred, the OpenSSL error stack will hold the error data and errno has the system error. .SH "HISTORY" .IX Header "HISTORY" -\&\fIBIO_gethostname()\fR, \fIBIO_get_port()\fR, \fIBIO_get_host_ip()\fR, -\&\fIBIO_get_accept_socket()\fR and \fIBIO_accept()\fR were deprecated in +\&\fBBIO_gethostname()\fR, \fBBIO_get_port()\fR, \fBBIO_get_host_ip()\fR, +\&\fBBIO_get_accept_socket()\fR and \fBBIO_accept()\fR were deprecated in OpenSSL 1.1.0. Use the functions described above instead. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fIBIO_ADDR\s0\fR\|(3) +\&\s-1\fBBIO_ADDR\s0\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/BIO_ctrl.3 b/secure/lib/libcrypto/man/BIO_ctrl.3 index ae20965da287..5c0091d90b09 100644 --- a/secure/lib/libcrypto/man/BIO_ctrl.3 +++ b/secure/lib/libcrypto/man/BIO_ctrl.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_CTRL 3" -.TH BIO_CTRL 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BIO_CTRL 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -165,7 +169,7 @@ BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset, BIO_seek, BI .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_ctrl()\fR, \fIBIO_callback_ctrl()\fR, \fIBIO_ptr_ctrl()\fR and \fIBIO_int_ctrl()\fR +\&\fBBIO_ctrl()\fR, \fBBIO_callback_ctrl()\fR, \fBBIO_ptr_ctrl()\fR and \fBBIO_int_ctrl()\fR are \s-1BIO\s0 \*(L"control\*(R" operations taking arguments of various types. These functions are not normally called directly, various macros are used instead. The standard macros are described below, macros @@ -173,82 +177,82 @@ specific to a particular type of \s-1BIO\s0 are described in the specific BIOs manual page as well as any special features of the standard calls. .PP -\&\fIBIO_reset()\fR typically resets a \s-1BIO\s0 to some initial state, in the case +\&\fBBIO_reset()\fR typically resets a \s-1BIO\s0 to some initial state, in the case of file related BIOs for example it rewinds the file pointer to the start of the file. .PP -\&\fIBIO_seek()\fR resets a file related \s-1BIO\s0's (that is file descriptor and +\&\fBBIO_seek()\fR resets a file related \s-1BIO\s0's (that is file descriptor and \&\s-1FILE\s0 BIOs) file position pointer to \fBofs\fR bytes from start of file. .PP -\&\fIBIO_tell()\fR returns the current file position of a file related \s-1BIO.\s0 +\&\fBBIO_tell()\fR returns the current file position of a file related \s-1BIO.\s0 .PP -\&\fIBIO_flush()\fR normally writes out any internally buffered data, in some +\&\fBBIO_flush()\fR normally writes out any internally buffered data, in some cases it is used to signal \s-1EOF\s0 and that no more data will be written. .PP -\&\fIBIO_eof()\fR returns 1 if the \s-1BIO\s0 has read \s-1EOF,\s0 the precise meaning of +\&\fBBIO_eof()\fR returns 1 if the \s-1BIO\s0 has read \s-1EOF,\s0 the precise meaning of \&\*(L"\s-1EOF\*(R"\s0 varies according to the \s-1BIO\s0 type. .PP -\&\fIBIO_set_close()\fR sets the \s-1BIO\s0 \fBb\fR close flag to \fBflag\fR. \fBflag\fR can +\&\fBBIO_set_close()\fR sets the \s-1BIO\s0 \fBb\fR close flag to \fBflag\fR. \fBflag\fR can take the value \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 Typically \s-1BIO_CLOSE\s0 is used in a source/sink \s-1BIO\s0 to indicate that the underlying I/O stream should be closed when the \s-1BIO\s0 is freed. .PP -\&\fIBIO_get_close()\fR returns the BIOs close flag. +\&\fBBIO_get_close()\fR returns the BIOs close flag. .PP -\&\fIBIO_pending()\fR, \fIBIO_ctrl_pending()\fR, \fIBIO_wpending()\fR and \fIBIO_ctrl_wpending()\fR +\&\fBBIO_pending()\fR, \fBBIO_ctrl_pending()\fR, \fBBIO_wpending()\fR and \fBBIO_ctrl_wpending()\fR return the number of pending characters in the BIOs read and write buffers. -Not all BIOs support these calls. \fIBIO_ctrl_pending()\fR and \fIBIO_ctrl_wpending()\fR -return a size_t type and are functions, \fIBIO_pending()\fR and \fIBIO_wpending()\fR are -macros which call \fIBIO_ctrl()\fR. +Not all BIOs support these calls. \fBBIO_ctrl_pending()\fR and \fBBIO_ctrl_wpending()\fR +return a size_t type and are functions, \fBBIO_pending()\fR and \fBBIO_wpending()\fR are +macros which call \fBBIO_ctrl()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_reset()\fR normally returns 1 for success and 0 or \-1 for failure. File +\&\fBBIO_reset()\fR normally returns 1 for success and 0 or \-1 for failure. File BIOs are an exception, they return 0 for success and \-1 for failure. .PP -\&\fIBIO_seek()\fR and \fIBIO_tell()\fR both return the current file position on success -and \-1 for failure, except file BIOs which for \fIBIO_seek()\fR always return 0 +\&\fBBIO_seek()\fR and \fBBIO_tell()\fR both return the current file position on success +and \-1 for failure, except file BIOs which for \fBBIO_seek()\fR always return 0 for success and \-1 for failure. .PP -\&\fIBIO_flush()\fR returns 1 for success and 0 or \-1 for failure. +\&\fBBIO_flush()\fR returns 1 for success and 0 or \-1 for failure. .PP -\&\fIBIO_eof()\fR returns 1 if \s-1EOF\s0 has been reached 0 otherwise. +\&\fBBIO_eof()\fR returns 1 if \s-1EOF\s0 has been reached 0 otherwise. .PP -\&\fIBIO_set_close()\fR always returns 1. +\&\fBBIO_set_close()\fR always returns 1. .PP -\&\fIBIO_get_close()\fR returns the close flag value: \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 +\&\fBBIO_get_close()\fR returns the close flag value: \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 .PP -\&\fIBIO_pending()\fR, \fIBIO_ctrl_pending()\fR, \fIBIO_wpending()\fR and \fIBIO_ctrl_wpending()\fR +\&\fBBIO_pending()\fR, \fBBIO_ctrl_pending()\fR, \fBBIO_wpending()\fR and \fBBIO_ctrl_wpending()\fR return the amount of pending data. .SH "NOTES" .IX Header "NOTES" -\&\fIBIO_flush()\fR, because it can write data may return 0 or \-1 indicating -that the call should be retried later in a similar manner to \fIBIO_write_ex()\fR. -The \fIBIO_should_retry()\fR call should be used and appropriate action taken +\&\fBBIO_flush()\fR, because it can write data may return 0 or \-1 indicating +that the call should be retried later in a similar manner to \fBBIO_write_ex()\fR. +The \fBBIO_should_retry()\fR call should be used and appropriate action taken is the call fails. .PP -The return values of \fIBIO_pending()\fR and \fIBIO_wpending()\fR may not reliably +The return values of \fBBIO_pending()\fR and \fBBIO_wpending()\fR may not reliably determine the amount of pending data in all cases. For example in the case of a file \s-1BIO\s0 some data may be available in the \s-1FILE\s0 structures internal buffers but it is not possible to determine this in a portably way. For other types of \s-1BIO\s0 they may not be supported. .PP -Filter BIOs if they do not internally handle a particular \fIBIO_ctrl()\fR +Filter BIOs if they do not internally handle a particular \fBBIO_ctrl()\fR operation usually pass the operation to the next \s-1BIO\s0 in the chain. This often means there is no need to locate the required \s-1BIO\s0 for a particular operation, it can be called on a chain and it will be automatically passed to the relevant \s-1BIO.\s0 However this can cause unexpected results: for example no current filter BIOs implement -\&\fIBIO_seek()\fR, but this may still succeed if the chain ends in a \s-1FILE\s0 +\&\fBBIO_seek()\fR, but this may still succeed if the chain ends in a \s-1FILE\s0 or file descriptor \s-1BIO.\s0 .PP -Source/sink BIOs return an 0 if they do not recognize the \fIBIO_ctrl()\fR +Source/sink BIOs return an 0 if they do not recognize the \fBBIO_ctrl()\fR operation. .SH "BUGS" .IX Header "BUGS" Some of the return values are ambiguous and care should be taken. In particular a return value of 0 can be returned if an operation is not supported, if an error occurred, if \s-1EOF\s0 has not been reached and in -the case of \fIBIO_seek()\fR on a file \s-1BIO\s0 for a successful operation. +the case of \fBBIO_seek()\fR on a file \s-1BIO\s0 for a successful operation. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/BIO_f_base64.3 b/secure/lib/libcrypto/man/BIO_f_base64.3 index d8c7dd82beb4..b55b5f5eeec3 100644 --- a/secure/lib/libcrypto/man/BIO_f_base64.3 +++ b/secure/lib/libcrypto/man/BIO_f_base64.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_F_BASE64 3" -.TH BIO_F_BASE64 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BIO_F_BASE64 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,17 +150,17 @@ BIO_f_base64 \- base64 BIO filter .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_f_base64()\fR returns the base64 \s-1BIO\s0 method. This is a filter +\&\fBBIO_f_base64()\fR returns the base64 \s-1BIO\s0 method. This is a filter \&\s-1BIO\s0 that base64 encodes any data written through it and decodes any data read through it. .PP -Base64 BIOs do not support \fIBIO_gets()\fR or \fIBIO_puts()\fR. +Base64 BIOs do not support \fBBIO_gets()\fR or \fBBIO_puts()\fR. .PP -\&\fIBIO_flush()\fR on a base64 \s-1BIO\s0 that is being written through is +\&\fBBIO_flush()\fR on a base64 \s-1BIO\s0 that is being written through is used to signal that no more data is to be encoded: this is used to flush the final block through the \s-1BIO.\s0 .PP -The flag \s-1BIO_FLAGS_BASE64_NO_NL\s0 can be set with \fIBIO_set_flags()\fR +The flag \s-1BIO_FLAGS_BASE64_NO_NL\s0 can be set with \fBBIO_set_flags()\fR to encode the data all on one line or expect the data to be all on one line. .SH "NOTES" @@ -165,7 +169,7 @@ Because of the format of base64 encoding the end of the encoded block cannot always be reliably determined. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_f_base64()\fR returns the base64 \s-1BIO\s0 method. +\&\fBBIO_f_base64()\fR returns the base64 \s-1BIO\s0 method. .SH "EXAMPLES" .IX Header "EXAMPLES" Base64 encode the string \*(L"Hello World\en\*(R" and write the result diff --git a/secure/lib/libcrypto/man/BIO_f_buffer.3 b/secure/lib/libcrypto/man/BIO_f_buffer.3 index fd6d4dbe1e8e..cdf8cb39bf53 100644 --- a/secure/lib/libcrypto/man/BIO_f_buffer.3 +++ b/secure/lib/libcrypto/man/BIO_f_buffer.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_F_BUFFER 3" -.TH BIO_F_BUFFER 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BIO_F_BUFFER 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,58 +155,58 @@ BIO_get_buffer_num_lines, BIO_set_read_buffer_size, BIO_set_write_buffer_size, B .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method. +\&\fBBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method. .PP Data written to a buffering \s-1BIO\s0 is buffered and periodically written to the next \s-1BIO\s0 in the chain. Data read from a buffering \s-1BIO\s0 comes from an internal buffer which is filled from the next \s-1BIO\s0 in the chain. -Both \fIBIO_gets()\fR and \fIBIO_puts()\fR are supported. +Both \fBBIO_gets()\fR and \fBBIO_puts()\fR are supported. .PP -Calling \fIBIO_reset()\fR on a buffering \s-1BIO\s0 clears any buffered data. +Calling \fBBIO_reset()\fR on a buffering \s-1BIO\s0 clears any buffered data. .PP -\&\fIBIO_get_buffer_num_lines()\fR returns the number of lines currently buffered. +\&\fBBIO_get_buffer_num_lines()\fR returns the number of lines currently buffered. .PP -\&\fIBIO_set_read_buffer_size()\fR, \fIBIO_set_write_buffer_size()\fR and \fIBIO_set_buffer_size()\fR +\&\fBBIO_set_read_buffer_size()\fR, \fBBIO_set_write_buffer_size()\fR and \fBBIO_set_buffer_size()\fR set the read, write or both read and write buffer sizes to \fBsize\fR. The initial buffer size is \s-1DEFAULT_BUFFER_SIZE,\s0 currently 4096. Any attempt to reduce the buffer size below \s-1DEFAULT_BUFFER_SIZE\s0 is ignored. Any buffered data is cleared when the buffer is resized. .PP -\&\fIBIO_set_buffer_read_data()\fR clears the read buffer and fills it with \fBnum\fR +\&\fBBIO_set_buffer_read_data()\fR clears the read buffer and fills it with \fBnum\fR bytes of \fBbuf\fR. If \fBnum\fR is larger than the current buffer size the buffer is expanded. .SH "NOTES" .IX Header "NOTES" -These functions, other than \fIBIO_f_buffer()\fR, are implemented as macros. +These functions, other than \fBBIO_f_buffer()\fR, are implemented as macros. .PP -Buffering BIOs implement \fIBIO_gets()\fR by using \fIBIO_read_ex()\fR operations on the +Buffering BIOs implement \fBBIO_gets()\fR by using \fBBIO_read_ex()\fR operations on the next \s-1BIO\s0 in the chain. By prepending a buffering \s-1BIO\s0 to a chain it is therefore -possible to provide \fIBIO_gets()\fR functionality if the following BIOs do not +possible to provide \fBBIO_gets()\fR functionality if the following BIOs do not support it (for example \s-1SSL\s0 BIOs). .PP Data is only written to the next \s-1BIO\s0 in the chain when the write buffer fills -or when \fIBIO_flush()\fR is called. It is therefore important to call \fIBIO_flush()\fR +or when \fBBIO_flush()\fR is called. It is therefore important to call \fBBIO_flush()\fR whenever any pending data should be written such as when removing a buffering -\&\s-1BIO\s0 using \fIBIO_pop()\fR. \fIBIO_flush()\fR may need to be retried if the ultimate +\&\s-1BIO\s0 using \fBBIO_pop()\fR. \fBBIO_flush()\fR may need to be retried if the ultimate source/sink \s-1BIO\s0 is non blocking. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method. +\&\fBBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method. .PP -\&\fIBIO_get_buffer_num_lines()\fR returns the number of lines buffered (may be 0). +\&\fBBIO_get_buffer_num_lines()\fR returns the number of lines buffered (may be 0). .PP -\&\fIBIO_set_read_buffer_size()\fR, \fIBIO_set_write_buffer_size()\fR and \fIBIO_set_buffer_size()\fR +\&\fBBIO_set_read_buffer_size()\fR, \fBBIO_set_write_buffer_size()\fR and \fBBIO_set_buffer_size()\fR return 1 if the buffer was successfully resized or 0 for failure. .PP -\&\fIBIO_set_buffer_read_data()\fR returns 1 if the data was set correctly or 0 if +\&\fBBIO_set_buffer_read_data()\fR returns 1 if the data was set correctly or 0 if there was an error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIbio\fR\|(7), -\&\fIBIO_reset\fR\|(3), -\&\fIBIO_flush\fR\|(3), -\&\fIBIO_pop\fR\|(3), -\&\fIBIO_ctrl\fR\|(3). +\&\fBbio\fR\|(7), +\&\fBBIO_reset\fR\|(3), +\&\fBBIO_flush\fR\|(3), +\&\fBBIO_pop\fR\|(3), +\&\fBBIO_ctrl\fR\|(3). .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/BIO_f_cipher.3 b/secure/lib/libcrypto/man/BIO_f_cipher.3 index b823f52d71fa..9686467d8dc7 100644 --- a/secure/lib/libcrypto/man/BIO_f_cipher.3 +++ b/secure/lib/libcrypto/man/BIO_f_cipher.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_F_CIPHER 3" -.TH BIO_F_CIPHER 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BIO_F_CIPHER 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,53 +154,53 @@ BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx \- ciphe .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method. This is a filter +\&\fBBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method. This is a filter \&\s-1BIO\s0 that encrypts any data written through it, and decrypts any data read from it. It is a \s-1BIO\s0 wrapper for the cipher routines -\&\fIEVP_CipherInit()\fR, \fIEVP_CipherUpdate()\fR and \fIEVP_CipherFinal()\fR. +\&\fBEVP_CipherInit()\fR, \fBEVP_CipherUpdate()\fR and \fBEVP_CipherFinal()\fR. .PP -Cipher BIOs do not support \fIBIO_gets()\fR or \fIBIO_puts()\fR. +Cipher BIOs do not support \fBBIO_gets()\fR or \fBBIO_puts()\fR. .PP -\&\fIBIO_flush()\fR on an encryption \s-1BIO\s0 that is being written through is +\&\fBBIO_flush()\fR on an encryption \s-1BIO\s0 that is being written through is used to signal that no more data is to be encrypted: this is used to flush and possibly pad the final block through the \s-1BIO.\s0 .PP -\&\fIBIO_set_cipher()\fR sets the cipher of \s-1BIO\s0 \fBb\fR to \fBcipher\fR using key \fBkey\fR +\&\fBBIO_set_cipher()\fR sets the cipher of \s-1BIO\s0 \fBb\fR to \fBcipher\fR using key \fBkey\fR and \s-1IV\s0 \fBiv\fR. \fBenc\fR should be set to 1 for encryption and zero for decryption. .PP When reading from an encryption \s-1BIO\s0 the final block is automatically -decrypted and checked when \s-1EOF\s0 is detected. \fIBIO_get_cipher_status()\fR -is a \fIBIO_ctrl()\fR macro which can be called to determine whether the +decrypted and checked when \s-1EOF\s0 is detected. \fBBIO_get_cipher_status()\fR +is a \fBBIO_ctrl()\fR macro which can be called to determine whether the decryption operation was successful. .PP -\&\fIBIO_get_cipher_ctx()\fR is a \fIBIO_ctrl()\fR macro which retrieves the internal +\&\fBBIO_get_cipher_ctx()\fR is a \fBBIO_ctrl()\fR macro which retrieves the internal \&\s-1BIO\s0 cipher context. The retrieved context can be used in conjunction with the standard cipher routines to set it up. This is useful when -\&\fIBIO_set_cipher()\fR is not flexible enough for the applications needs. +\&\fBBIO_set_cipher()\fR is not flexible enough for the applications needs. .SH "NOTES" .IX Header "NOTES" -When encrypting \fIBIO_flush()\fR \fBmust\fR be called to flush the final block +When encrypting \fBBIO_flush()\fR \fBmust\fR be called to flush the final block through the \s-1BIO.\s0 If it is not then the final block will fail a subsequent decrypt. .PP When decrypting an error on the final block is signaled by a zero return value from the read operation. A successful decrypt followed -by \s-1EOF\s0 will also return zero for the final read. \fIBIO_get_cipher_status()\fR +by \s-1EOF\s0 will also return zero for the final read. \fBBIO_get_cipher_status()\fR should be called to determine if the decrypt was successful. .PP -As always, if \fIBIO_gets()\fR or \fIBIO_puts()\fR support is needed then it can +As always, if \fBBIO_gets()\fR or \fBBIO_puts()\fR support is needed then it can be achieved by preceding the cipher \s-1BIO\s0 with a buffering \s-1BIO.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method. +\&\fBBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method. .PP -\&\fIBIO_set_cipher()\fR does not return a value. +\&\fBBIO_set_cipher()\fR does not return a value. .PP -\&\fIBIO_get_cipher_status()\fR returns 1 for a successful decrypt and 0 +\&\fBBIO_get_cipher_status()\fR returns 1 for a successful decrypt and 0 for failure. .PP -\&\fIBIO_get_cipher_ctx()\fR currently always returns 1. +\&\fBBIO_get_cipher_ctx()\fR currently always returns 1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/BIO_f_md.3 b/secure/lib/libcrypto/man/BIO_f_md.3 index 44da6c6d9fa7..f6a97e88337d 100644 --- a/secure/lib/libcrypto/man/BIO_f_md.3 +++ b/secure/lib/libcrypto/man/BIO_f_md.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_F_MD 3" -.TH BIO_F_MD 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BIO_F_MD 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,55 +153,55 @@ BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx \- message digest BIO filter .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_f_md()\fR returns the message digest \s-1BIO\s0 method. This is a filter +\&\fBBIO_f_md()\fR returns the message digest \s-1BIO\s0 method. This is a filter \&\s-1BIO\s0 that digests any data passed through it, it is a \s-1BIO\s0 wrapper -for the digest routines \fIEVP_DigestInit()\fR, \fIEVP_DigestUpdate()\fR -and \fIEVP_DigestFinal()\fR. +for the digest routines \fBEVP_DigestInit()\fR, \fBEVP_DigestUpdate()\fR +and \fBEVP_DigestFinal()\fR. .PP -Any data written or read through a digest \s-1BIO\s0 using \fIBIO_read_ex()\fR and -\&\fIBIO_write_ex()\fR is digested. +Any data written or read through a digest \s-1BIO\s0 using \fBBIO_read_ex()\fR and +\&\fBBIO_write_ex()\fR is digested. .PP -\&\fIBIO_gets()\fR, if its \fBsize\fR parameter is large enough finishes the -digest calculation and returns the digest value. \fIBIO_puts()\fR is +\&\fBBIO_gets()\fR, if its \fBsize\fR parameter is large enough finishes the +digest calculation and returns the digest value. \fBBIO_puts()\fR is not supported. .PP -\&\fIBIO_reset()\fR reinitialises a digest \s-1BIO.\s0 +\&\fBBIO_reset()\fR reinitialises a digest \s-1BIO.\s0 .PP -\&\fIBIO_set_md()\fR sets the message digest of \s-1BIO\s0 \fBb\fR to \fBmd\fR: this +\&\fBBIO_set_md()\fR sets the message digest of \s-1BIO\s0 \fBb\fR to \fBmd\fR: this must be called to initialize a digest \s-1BIO\s0 before any data is -passed through it. It is a \fIBIO_ctrl()\fR macro. +passed through it. It is a \fBBIO_ctrl()\fR macro. .PP -\&\fIBIO_get_md()\fR places the a pointer to the digest BIOs digest method -in \fBmdp\fR, it is a \fIBIO_ctrl()\fR macro. +\&\fBBIO_get_md()\fR places the a pointer to the digest BIOs digest method +in \fBmdp\fR, it is a \fBBIO_ctrl()\fR macro. .PP -\&\fIBIO_get_md_ctx()\fR returns the digest BIOs context into \fBmdcp\fR. +\&\fBBIO_get_md_ctx()\fR returns the digest BIOs context into \fBmdcp\fR. .SH "NOTES" .IX Header "NOTES" -The context returned by \fIBIO_get_md_ctx()\fR can be used in calls -to \fIEVP_DigestFinal()\fR and also the signature routines \fIEVP_SignFinal()\fR -and \fIEVP_VerifyFinal()\fR. +The context returned by \fBBIO_get_md_ctx()\fR can be used in calls +to \fBEVP_DigestFinal()\fR and also the signature routines \fBEVP_SignFinal()\fR +and \fBEVP_VerifyFinal()\fR. .PP -The context returned by \fIBIO_get_md_ctx()\fR is an internal context +The context returned by \fBBIO_get_md_ctx()\fR is an internal context structure. Changes made to this context will affect the digest \&\s-1BIO\s0 itself and the context pointer will become invalid when the digest \&\s-1BIO\s0 is freed. .PP After the digest has been retrieved from a digest \s-1BIO\s0 it must be -reinitialized by calling \fIBIO_reset()\fR, or \fIBIO_set_md()\fR before any more +reinitialized by calling \fBBIO_reset()\fR, or \fBBIO_set_md()\fR before any more data is passed through it. .PP -If an application needs to call \fIBIO_gets()\fR or \fIBIO_puts()\fR through +If an application needs to call \fBBIO_gets()\fR or \fBBIO_puts()\fR through a chain containing digest BIOs then this can be done by prepending a buffering \s-1BIO.\s0 .PP -Calling \fIBIO_get_md_ctx()\fR will return the context and initialize the \s-1BIO\s0 +Calling \fBBIO_get_md_ctx()\fR will return the context and initialize the \s-1BIO\s0 state. This allows applications to initialize the context externally -if the standard calls such as \fIBIO_set_md()\fR are not sufficiently flexible. +if the standard calls such as \fBBIO_set_md()\fR are not sufficiently flexible. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_f_md()\fR returns the digest \s-1BIO\s0 method. +\&\fBBIO_f_md()\fR returns the digest \s-1BIO\s0 method. .PP -\&\fIBIO_set_md()\fR, \fIBIO_get_md()\fR and \fIBIO_md_ctx()\fR return 1 for success and +\&\fBBIO_set_md()\fR, \fBBIO_get_md()\fR and \fBBIO_md_ctx()\fR return 1 for success and 0 for failure. .SH "EXAMPLES" .IX Header "EXAMPLES" @@ -272,14 +276,14 @@ outputs them. This could be used with the examples above. .Ve .SH "BUGS" .IX Header "BUGS" -The lack of support for \fIBIO_puts()\fR and the non standard behaviour of -\&\fIBIO_gets()\fR could be regarded as anomalous. It could be argued that \fIBIO_gets()\fR -and \fIBIO_puts()\fR should be passed to the next \s-1BIO\s0 in the chain and digest +The lack of support for \fBBIO_puts()\fR and the non standard behaviour of +\&\fBBIO_gets()\fR could be regarded as anomalous. It could be argued that \fBBIO_gets()\fR +and \fBBIO_puts()\fR should be passed to the next \s-1BIO\s0 in the chain and digest the data passed through and that digests should be retrieved using a -separate \fIBIO_ctrl()\fR call. +separate \fBBIO_ctrl()\fR call. .SH "HISTORY" .IX Header "HISTORY" -Before OpenSSL 1.0.0., the call to \fIBIO_get_md_ctx()\fR would only work if the +Before OpenSSL 1.0.0., the call to \fBBIO_get_md_ctx()\fR would only work if the \&\s-1BIO\s0 was initialized first. .SH "COPYRIGHT" .IX Header "COPYRIGHT" diff --git a/secure/lib/libcrypto/man/BIO_f_null.3 b/secure/lib/libcrypto/man/BIO_f_null.3 index acdcc779a188..5f70deea14f5 100644 --- a/secure/lib/libcrypto/man/BIO_f_null.3 +++ b/secure/lib/libcrypto/man/BIO_f_null.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_F_NULL 3" -.TH BIO_F_NULL 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BIO_F_NULL 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,7 +149,7 @@ BIO_f_null \- null filter .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_f_null()\fR returns the null filter \s-1BIO\s0 method. This is a filter \s-1BIO\s0 +\&\fBBIO_f_null()\fR returns the null filter \s-1BIO\s0 method. This is a filter \s-1BIO\s0 that does nothing. .PP All requests to a null filter \s-1BIO\s0 are passed through to the next \s-1BIO\s0 in @@ -156,7 +160,7 @@ behaves just as though the \s-1BIO\s0 was not there. As may be apparent a null filter \s-1BIO\s0 is not particularly useful. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_f_null()\fR returns the null filter \s-1BIO\s0 method. +\&\fBBIO_f_null()\fR returns the null filter \s-1BIO\s0 method. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/BIO_f_ssl.3 b/secure/lib/libcrypto/man/BIO_f_ssl.3 index 161b72258c69..9027d5191dd8 100644 --- a/secure/lib/libcrypto/man/BIO_f_ssl.3 +++ b/secure/lib/libcrypto/man/BIO_f_ssl.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_F_SSL 3" -.TH BIO_F_SSL 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BIO_F_SSL 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -161,7 +165,7 @@ BIO_do_handshake, BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, BIO_set .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_f_ssl()\fR returns the \s-1SSL BIO\s0 method. This is a filter \s-1BIO\s0 which +\&\fBBIO_f_ssl()\fR returns the \s-1SSL BIO\s0 method. This is a filter \s-1BIO\s0 which is a wrapper round the OpenSSL \s-1SSL\s0 routines adding a \s-1BIO\s0 \*(L"flavour\*(R" to \&\s-1SSL I/O.\s0 .PP @@ -169,63 +173,63 @@ I/O performed on an \s-1SSL BIO\s0 communicates using the \s-1SSL\s0 protocol wi the SSLs read and write BIOs. If an \s-1SSL\s0 connection is not established then an attempt is made to establish one on the first I/O call. .PP -If a \s-1BIO\s0 is appended to an \s-1SSL BIO\s0 using \fIBIO_push()\fR it is automatically +If a \s-1BIO\s0 is appended to an \s-1SSL BIO\s0 using \fBBIO_push()\fR it is automatically used as the \s-1SSL\s0 BIOs read and write BIOs. .PP -Calling \fIBIO_reset()\fR on an \s-1SSL BIO\s0 closes down any current \s-1SSL\s0 connection -by calling \fISSL_shutdown()\fR. \fIBIO_reset()\fR is then sent to the next \s-1BIO\s0 in +Calling \fBBIO_reset()\fR on an \s-1SSL BIO\s0 closes down any current \s-1SSL\s0 connection +by calling \fBSSL_shutdown()\fR. \fBBIO_reset()\fR is then sent to the next \s-1BIO\s0 in the chain: this will typically disconnect the underlying transport. The \s-1SSL BIO\s0 is then reset to the initial accept or connect state. .PP If the close flag is set when an \s-1SSL BIO\s0 is freed then the internal -\&\s-1SSL\s0 structure is also freed using \fISSL_free()\fR. +\&\s-1SSL\s0 structure is also freed using \fBSSL_free()\fR. .PP -\&\fIBIO_set_ssl()\fR sets the internal \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR to \fBssl\fR using +\&\fBBIO_set_ssl()\fR sets the internal \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR to \fBssl\fR using the close flag \fBc\fR. .PP -\&\fIBIO_get_ssl()\fR retrieves the \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR, it can then be +\&\fBBIO_get_ssl()\fR retrieves the \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR, it can then be manipulated using the standard \s-1SSL\s0 library functions. .PP -\&\fIBIO_set_ssl_mode()\fR sets the \s-1SSL BIO\s0 mode to \fBclient\fR. If \fBclient\fR +\&\fBBIO_set_ssl_mode()\fR sets the \s-1SSL BIO\s0 mode to \fBclient\fR. If \fBclient\fR is 1 client mode is set. If \fBclient\fR is 0 server mode is set. .PP -\&\fIBIO_set_ssl_renegotiate_bytes()\fR sets the renegotiate byte count +\&\fBBIO_set_ssl_renegotiate_bytes()\fR sets the renegotiate byte count to \fBnum\fR. When set after every \fBnum\fR bytes of I/O (read and write) the \s-1SSL\s0 session is automatically renegotiated. \fBnum\fR must be at least 512 bytes. .PP -\&\fIBIO_set_ssl_renegotiate_timeout()\fR sets the renegotiate timeout to +\&\fBBIO_set_ssl_renegotiate_timeout()\fR sets the renegotiate timeout to \&\fBseconds\fR. When the renegotiate timeout elapses the session is automatically renegotiated. .PP -\&\fIBIO_get_num_renegotiates()\fR returns the total number of session +\&\fBBIO_get_num_renegotiates()\fR returns the total number of session renegotiations due to I/O or timeout. .PP -\&\fIBIO_new_ssl()\fR allocates an \s-1SSL BIO\s0 using \s-1SSL_CTX\s0 \fBctx\fR and using +\&\fBBIO_new_ssl()\fR allocates an \s-1SSL BIO\s0 using \s-1SSL_CTX\s0 \fBctx\fR and using client mode if \fBclient\fR is non zero. .PP -\&\fIBIO_new_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting of an +\&\fBBIO_new_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting of an \&\s-1SSL BIO\s0 (using \fBctx\fR) followed by a connect \s-1BIO.\s0 .PP -\&\fIBIO_new_buffer_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting +\&\fBBIO_new_buffer_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting of a buffering \s-1BIO,\s0 an \s-1SSL BIO\s0 (using \fBctx\fR) and a connect \&\s-1BIO.\s0 .PP -\&\fIBIO_ssl_copy_session_id()\fR copies an \s-1SSL\s0 session id between +\&\fBBIO_ssl_copy_session_id()\fR copies an \s-1SSL\s0 session id between \&\s-1BIO\s0 chains \fBfrom\fR and \fBto\fR. It does this by locating the -\&\s-1SSL\s0 BIOs in each chain and calling \fISSL_copy_session_id()\fR on +\&\s-1SSL\s0 BIOs in each chain and calling \fBSSL_copy_session_id()\fR on the internal \s-1SSL\s0 pointer. .PP -\&\fIBIO_ssl_shutdown()\fR closes down an \s-1SSL\s0 connection on \s-1BIO\s0 +\&\fBBIO_ssl_shutdown()\fR closes down an \s-1SSL\s0 connection on \s-1BIO\s0 chain \fBbio\fR. It does this by locating the \s-1SSL BIO\s0 in the -chain and calling \fISSL_shutdown()\fR on its internal \s-1SSL\s0 +chain and calling \fBSSL_shutdown()\fR on its internal \s-1SSL\s0 pointer. .PP -\&\fIBIO_do_handshake()\fR attempts to complete an \s-1SSL\s0 handshake on the +\&\fBBIO_do_handshake()\fR attempts to complete an \s-1SSL\s0 handshake on the supplied \s-1BIO\s0 and establish the \s-1SSL\s0 connection. It returns 1 if the connection was established successfully. A zero or negative value is returned if the connection could not be established, the -call \fIBIO_should_retry()\fR should be used for non blocking connect BIOs +call \fBBIO_should_retry()\fR should be used for non blocking connect BIOs to determine if the call should be retried. If an \s-1SSL\s0 connection has already been established this call has no effect. .SH "NOTES" @@ -233,7 +237,7 @@ already been established this call has no effect. \&\s-1SSL\s0 BIOs are exceptional in that if the underlying transport is non blocking they can still request a retry in exceptional circumstances. Specifically this will happen if a session -renegotiation takes place during a \fIBIO_read_ex()\fR operation, one +renegotiation takes place during a \fBBIO_read_ex()\fR operation, one case where this happens is when step up occurs. .PP The \s-1SSL\s0 flag \s-1SSL_AUTO_RETRY\s0 can be @@ -241,23 +245,23 @@ set to disable this behaviour. That is when this flag is set an \s-1SSL BIO\s0 using a blocking transport will never request a retry. .PP -Since unknown \fIBIO_ctrl()\fR operations are sent through filter -BIOs the servers name and port can be set using \fIBIO_set_host()\fR -on the \s-1BIO\s0 returned by \fIBIO_new_ssl_connect()\fR without having +Since unknown \fBBIO_ctrl()\fR operations are sent through filter +BIOs the servers name and port can be set using \fBBIO_set_host()\fR +on the \s-1BIO\s0 returned by \fBBIO_new_ssl_connect()\fR without having to locate the connect \s-1BIO\s0 first. .PP -Applications do not have to call \fIBIO_do_handshake()\fR but may wish +Applications do not have to call \fBBIO_do_handshake()\fR but may wish to do so to separate the handshake process from other I/O processing. .PP -\&\fIBIO_set_ssl()\fR, \fIBIO_get_ssl()\fR, \fIBIO_set_ssl_mode()\fR, -\&\fIBIO_set_ssl_renegotiate_bytes()\fR, \fIBIO_set_ssl_renegotiate_timeout()\fR, -\&\fIBIO_get_num_renegotiates()\fR, and \fIBIO_do_handshake()\fR are implemented as macros. +\&\fBBIO_set_ssl()\fR, \fBBIO_get_ssl()\fR, \fBBIO_set_ssl_mode()\fR, +\&\fBBIO_set_ssl_renegotiate_bytes()\fR, \fBBIO_set_ssl_renegotiate_timeout()\fR, +\&\fBBIO_get_num_renegotiates()\fR, and \fBBIO_do_handshake()\fR are implemented as macros. .SH "EXAMPLE" .IX Header "EXAMPLE" This \s-1SSL/TLS\s0 client example, attempts to retrieve a page from an \&\s-1SSL/TLS\s0 web server. The I/O routines are identical to those of the -unencrypted example in \fIBIO_s_connect\fR\|(3). +unencrypted example in \fBBIO_s_connect\fR\|(3). .PP .Vb 5 \& BIO *sbio, *out; @@ -400,22 +404,22 @@ a client and also echoes the request to standard output. .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_f_ssl()\fR returns the \s-1SSL\s0 \fB\s-1BIO_METHOD\s0\fR structure. +\&\fBBIO_f_ssl()\fR returns the \s-1SSL\s0 \fB\s-1BIO_METHOD\s0\fR structure. .PP -\&\fIBIO_set_ssl()\fR, \fIBIO_get_ssl()\fR, \fIBIO_set_ssl_mode()\fR, \fIBIO_set_ssl_renegotiate_bytes()\fR, -\&\fIBIO_set_ssl_renegotiate_timeout()\fR and \fIBIO_get_num_renegotiates()\fR return 1 on +\&\fBBIO_set_ssl()\fR, \fBBIO_get_ssl()\fR, \fBBIO_set_ssl_mode()\fR, \fBBIO_set_ssl_renegotiate_bytes()\fR, +\&\fBBIO_set_ssl_renegotiate_timeout()\fR and \fBBIO_get_num_renegotiates()\fR return 1 on success or a value which is less than or equal to 0 if an error occurred. .PP -\&\fIBIO_new_ssl()\fR, \fIBIO_new_ssl_connect()\fR and \fIBIO_new_buffer_ssl_connect()\fR return +\&\fBBIO_new_ssl()\fR, \fBBIO_new_ssl_connect()\fR and \fBBIO_new_buffer_ssl_connect()\fR return a valid \fB\s-1BIO\s0\fR structure on success or \fB\s-1NULL\s0\fR if an error occurred. .PP -\&\fIBIO_ssl_copy_session_id()\fR returns 1 on success or 0 on error. +\&\fBBIO_ssl_copy_session_id()\fR returns 1 on success or 0 on error. .PP -\&\fIBIO_do_handshake()\fR returns 1 if the connection was established successfully. +\&\fBBIO_do_handshake()\fR returns 1 if the connection was established successfully. A zero or negative value is returned if the connection could not be established. .SH "HISTORY" .IX Header "HISTORY" -In OpenSSL before 1.0.0 the \fIBIO_pop()\fR call was handled incorrectly, +In OpenSSL before 1.0.0 the \fBBIO_pop()\fR call was handled incorrectly, the I/O \s-1BIO\s0 reference count was incorrectly incremented (instead of decremented) and dissociated with the \s-1SSL BIO\s0 even if the \s-1SSL BIO\s0 was not explicitly being popped (e.g. a pop higher up the chain). Applications which diff --git a/secure/lib/libcrypto/man/BIO_find_type.3 b/secure/lib/libcrypto/man/BIO_find_type.3 index fa8a342ca89e..98556b3c3cad 100644 --- a/secure/lib/libcrypto/man/BIO_find_type.3 +++ b/secure/lib/libcrypto/man/BIO_find_type.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_FIND_TYPE 3" -.TH BIO_FIND_TYPE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BIO_FIND_TYPE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,11 +151,11 @@ BIO_find_type, BIO_next, BIO_method_type \- BIO chain traversal .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIBIO_find_type()\fR searches for a \s-1BIO\s0 of a given type in a chain, starting +The \fBBIO_find_type()\fR searches for a \s-1BIO\s0 of a given type in a chain, starting at \s-1BIO\s0 \fBb\fR. If \fBtype\fR is a specific type (such as \fB\s-1BIO_TYPE_MEM\s0\fR) then a search is made for a \s-1BIO\s0 of that type. If \fBtype\fR is a general type (such as \&\fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR) then the next matching \s-1BIO\s0 of the given general type is -searched for. \fIBIO_find_type()\fR returns the next matching \s-1BIO\s0 or \s-1NULL\s0 if none is +searched for. \fBBIO_find_type()\fR returns the next matching \s-1BIO\s0 or \s-1NULL\s0 if none is found. .PP The following general types are defined: @@ -159,18 +163,18 @@ The following general types are defined: .PP For a list of the specific types, see the \fBopenssl/bio.h\fR header file. .PP -\&\fIBIO_next()\fR returns the next \s-1BIO\s0 in a chain. It can be used to traverse all BIOs -in a chain or used in conjunction with \fIBIO_find_type()\fR to find all BIOs of a +\&\fBBIO_next()\fR returns the next \s-1BIO\s0 in a chain. It can be used to traverse all BIOs +in a chain or used in conjunction with \fBBIO_find_type()\fR to find all BIOs of a certain type. .PP -\&\fIBIO_method_type()\fR returns the type of a \s-1BIO.\s0 +\&\fBBIO_method_type()\fR returns the type of a \s-1BIO.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_find_type()\fR returns a matching \s-1BIO\s0 or \s-1NULL\s0 for no match. +\&\fBBIO_find_type()\fR returns a matching \s-1BIO\s0 or \s-1NULL\s0 for no match. .PP -\&\fIBIO_next()\fR returns the next \s-1BIO\s0 in a chain. +\&\fBBIO_next()\fR returns the next \s-1BIO\s0 in a chain. .PP -\&\fIBIO_method_type()\fR returns the type of the \s-1BIO\s0 \fBb\fR. +\&\fBBIO_method_type()\fR returns the type of the \s-1BIO\s0 \fBb\fR. .SH "EXAMPLE" .IX Header "EXAMPLE" Traverse a chain looking for digest BIOs: diff --git a/secure/lib/libcrypto/man/BIO_get_data.3 b/secure/lib/libcrypto/man/BIO_get_data.3 index 7c4c2e020142..4b2fefffe255 100644 --- a/secure/lib/libcrypto/man/BIO_get_data.3 +++ b/secure/lib/libcrypto/man/BIO_get_data.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_GET_DATA 3" -.TH BIO_GET_DATA 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BIO_GET_DATA 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -152,29 +156,29 @@ BIO_set_data, BIO_get_data, BIO_set_init, BIO_get_init, BIO_set_shutdown, BIO_ge .IX Header "DESCRIPTION" These functions are mainly useful when implementing a custom \s-1BIO.\s0 .PP -The \fIBIO_set_data()\fR function associates the custom data pointed to by \fBptr\fR with -the \s-1BIO.\s0 This data can subsequently be retrieved via a call to \fIBIO_get_data()\fR. +The \fBBIO_set_data()\fR function associates the custom data pointed to by \fBptr\fR with +the \s-1BIO.\s0 This data can subsequently be retrieved via a call to \fBBIO_get_data()\fR. This can be used by custom BIOs for storing implementation specific information. .PP -The \fIBIO_set_init()\fR function sets the value of the \s-1BIO\s0's \*(L"init\*(R" flag to indicate +The \fBBIO_set_init()\fR function sets the value of the \s-1BIO\s0's \*(L"init\*(R" flag to indicate whether initialisation has been completed for this \s-1BIO\s0 or not. A non-zero value indicates that initialisation is complete, whilst zero indicates that it is not. Often initialisation will complete during initial construction of the \s-1BIO.\s0 For some BIOs however, initialisation may not complete until after additional steps -have occurred (for example through calling custom ctrls). The \fIBIO_get_init()\fR +have occurred (for example through calling custom ctrls). The \fBBIO_get_init()\fR function returns the value of the \*(L"init\*(R" flag. .PP -The \fIBIO_set_shutdown()\fR and \fIBIO_get_shutdown()\fR functions set and get the state of +The \fBBIO_set_shutdown()\fR and \fBBIO_get_shutdown()\fR functions set and get the state of this \s-1BIO\s0's shutdown (i.e. \s-1BIO_CLOSE\s0) flag. If set then the underlying resource is also closed when the \s-1BIO\s0 is freed. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_get_data()\fR returns a pointer to the implementation specific custom data +\&\fBBIO_get_data()\fR returns a pointer to the implementation specific custom data associated with this \s-1BIO,\s0 or \s-1NULL\s0 if none has been set. .PP -\&\fIBIO_get_init()\fR returns the state of the \s-1BIO\s0's init flag. +\&\fBBIO_get_init()\fR returns the state of the \s-1BIO\s0's init flag. .PP -\&\fIBIO_get_shutdown()\fR returns the stat of the \s-1BIO\s0's shutdown (i.e. \s-1BIO_CLOSE\s0) flag. +\&\fBBIO_get_shutdown()\fR returns the stat of the \s-1BIO\s0's shutdown (i.e. \s-1BIO_CLOSE\s0) flag. .SH "SEE ALSO" .IX Header "SEE ALSO" bio, BIO_meth_new diff --git a/secure/lib/libcrypto/man/BIO_get_ex_new_index.3 b/secure/lib/libcrypto/man/BIO_get_ex_new_index.3 index 3f7bcb048289..eba80b6b0425 100644 --- a/secure/lib/libcrypto/man/BIO_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/BIO_get_ex_new_index.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_GET_EX_NEW_INDEX 3" -.TH BIO_GET_EX_NEW_INDEX 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BIO_GET_EX_NEW_INDEX 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -154,29 +158,29 @@ BIO_get_ex_new_index, BIO_set_ex_data, BIO_get_ex_data, ENGINE_get_ex_new_index, .IX Header "DESCRIPTION" In the description here, \fI\s-1TYPE\s0\fR is used a placeholder for any of the OpenSSL datatypes listed in -\&\fICRYPTO_get_ex_new_index\fR\|(3). +\&\fBCRYPTO_get_ex_new_index\fR\|(3). .PP These functions handle application-specific data for OpenSSL data structures. .PP -\&\fITYPE_get_new_ex_index()\fR is a macro that calls \fICRYPTO_get_ex_new_index()\fR +\&\fBTYPE_get_new_ex_index()\fR is a macro that calls \fBCRYPTO_get_ex_new_index()\fR with the correct \fBindex\fR value. .PP -\&\fITYPE_set_ex_data()\fR is a function that calls \fICRYPTO_set_ex_data()\fR with +\&\fBTYPE_set_ex_data()\fR is a function that calls \fBCRYPTO_set_ex_data()\fR with an offset into the opaque exdata part of the \s-1TYPE\s0 object. .PP -\&\fITYPE_get_ex_data()\fR is a function that calls \fICRYPTO_get_ex_data()\fR with +\&\fBTYPE_get_ex_data()\fR is a function that calls \fBCRYPTO_get_ex_data()\fR with an offset into the opaque exdata part of the \s-1TYPE\s0 object. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fITYPE_get_new_ex_index()\fR returns a new index on success or \-1 on error. +\&\fBTYPE_get_new_ex_index()\fR returns a new index on success or \-1 on error. .PP -\&\fITYPE_set_ex_data()\fR returns 1 on success or 0 on error. +\&\fBTYPE_set_ex_data()\fR returns 1 on success or 0 on error. .PP -\&\fITYPE_get_ex_data()\fR returns the application data or \s-1NULL\s0 if an error occurred. +\&\fBTYPE_get_ex_data()\fR returns the application data or \s-1NULL\s0 if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fICRYPTO_get_ex_new_index\fR\|(3). +\&\fBCRYPTO_get_ex_new_index\fR\|(3). .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/BIO_meth_new.3 b/secure/lib/libcrypto/man/BIO_meth_new.3 index 8143095162f8..1c6d3c205915 100644 --- a/secure/lib/libcrypto/man/BIO_meth_new.3 +++ b/secure/lib/libcrypto/man/BIO_meth_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_METH_NEW 3" -.TH BIO_METH_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BIO_METH_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -188,9 +192,9 @@ The \fB\s-1BIO_METHOD\s0\fR type is a structure used for the implementation of n types. It provides a set of functions used by OpenSSL for the implementation of the various \s-1BIO\s0 capabilities. See the bio page for more information. .PP -\&\fIBIO_meth_new()\fR creates a new \fB\s-1BIO_METHOD\s0\fR structure. It should be given a +\&\fBBIO_meth_new()\fR creates a new \fB\s-1BIO_METHOD\s0\fR structure. It should be given a unique integer \fBtype\fR and a string that represents its \fBname\fR. -Use \fIBIO_get_new_index()\fR to get the value for \fBtype\fR. +Use \fBBIO_get_new_index()\fR to get the value for \fBtype\fR. .PP The set of standard OpenSSL provided \s-1BIO\s0 types is provided in \fBbio.h\fR. Some examples @@ -201,66 +205,66 @@ based BIOs (e.g. socket, fd, connect, accept etc) should additionally have the \&\*(L"descriptor\*(R" bit set (\fB\s-1BIO_TYPE_DESCRIPTOR\s0\fR). See the BIO_find_type page for more information. .PP -\&\fIBIO_meth_free()\fR destroys a \fB\s-1BIO_METHOD\s0\fR structure and frees up any memory +\&\fBBIO_meth_free()\fR destroys a \fB\s-1BIO_METHOD\s0\fR structure and frees up any memory associated with it. .PP -\&\fIBIO_meth_get_write_ex()\fR and \fIBIO_meth_set_write_ex()\fR get and set the function +\&\fBBIO_meth_get_write_ex()\fR and \fBBIO_meth_set_write_ex()\fR get and set the function used for writing arbitrary length data to the \s-1BIO\s0 respectively. This function -will be called in response to the application calling \fIBIO_write_ex()\fR or -\&\fIBIO_write()\fR. The parameters for the function have the same meaning as for -\&\fIBIO_write_ex()\fR. Older code may call \fIBIO_meth_get_write()\fR and -\&\fIBIO_meth_set_write()\fR instead. Applications should not call both -\&\fIBIO_meth_set_write_ex()\fR and \fIBIO_meth_set_write()\fR or call \fIBIO_meth_get_write()\fR -when the function was set with \fIBIO_meth_set_write_ex()\fR. +will be called in response to the application calling \fBBIO_write_ex()\fR or +\&\fBBIO_write()\fR. The parameters for the function have the same meaning as for +\&\fBBIO_write_ex()\fR. Older code may call \fBBIO_meth_get_write()\fR and +\&\fBBIO_meth_set_write()\fR instead. Applications should not call both +\&\fBBIO_meth_set_write_ex()\fR and \fBBIO_meth_set_write()\fR or call \fBBIO_meth_get_write()\fR +when the function was set with \fBBIO_meth_set_write_ex()\fR. .PP -\&\fIBIO_meth_get_read_ex()\fR and \fIBIO_meth_set_read_ex()\fR get and set the function used +\&\fBBIO_meth_get_read_ex()\fR and \fBBIO_meth_set_read_ex()\fR get and set the function used for reading arbitrary length data from the \s-1BIO\s0 respectively. This function will -be called in response to the application calling \fIBIO_read_ex()\fR or \fIBIO_read()\fR. -The parameters for the function have the same meaning as for \fIBIO_read_ex()\fR. -Older code may call \fIBIO_meth_get_read()\fR and \fIBIO_meth_set_read()\fR instead. -Applications should not call both \fIBIO_meth_set_read_ex()\fR and \fIBIO_meth_set_read()\fR -or call \fIBIO_meth_get_read()\fR when the function was set with -\&\fIBIO_meth_set_read_ex()\fR. +be called in response to the application calling \fBBIO_read_ex()\fR or \fBBIO_read()\fR. +The parameters for the function have the same meaning as for \fBBIO_read_ex()\fR. +Older code may call \fBBIO_meth_get_read()\fR and \fBBIO_meth_set_read()\fR instead. +Applications should not call both \fBBIO_meth_set_read_ex()\fR and \fBBIO_meth_set_read()\fR +or call \fBBIO_meth_get_read()\fR when the function was set with +\&\fBBIO_meth_set_read_ex()\fR. .PP -\&\fIBIO_meth_get_puts()\fR and \fIBIO_meth_set_puts()\fR get and set the function used for +\&\fBBIO_meth_get_puts()\fR and \fBBIO_meth_set_puts()\fR get and set the function used for writing a \s-1NULL\s0 terminated string to the \s-1BIO\s0 respectively. This function will be -called in response to the application calling \fIBIO_puts()\fR. The parameters for -the function have the same meaning as for \fIBIO_puts()\fR. +called in response to the application calling \fBBIO_puts()\fR. The parameters for +the function have the same meaning as for \fBBIO_puts()\fR. .PP -\&\fIBIO_meth_get_gets()\fR and \fIBIO_meth_set_gets()\fR get and set the function typically -used for reading a line of data from the \s-1BIO\s0 respectively (see the \fIBIO_gets\fR\|(3) +\&\fBBIO_meth_get_gets()\fR and \fBBIO_meth_set_gets()\fR get and set the function typically +used for reading a line of data from the \s-1BIO\s0 respectively (see the \fBBIO_gets\fR\|(3) page for more information). This function will be called in response to the -application calling \fIBIO_gets()\fR. The parameters for the function have the same -meaning as for \fIBIO_gets()\fR. +application calling \fBBIO_gets()\fR. The parameters for the function have the same +meaning as for \fBBIO_gets()\fR. .PP -\&\fIBIO_meth_get_ctrl()\fR and \fIBIO_meth_set_ctrl()\fR get and set the function used for +\&\fBBIO_meth_get_ctrl()\fR and \fBBIO_meth_set_ctrl()\fR get and set the function used for processing ctrl messages in the \s-1BIO\s0 respectively. See the BIO_ctrl page for more information. This function will be called in response to the application -calling \fIBIO_ctrl()\fR. The parameters for the function have the same meaning as for -\&\fIBIO_ctrl()\fR. +calling \fBBIO_ctrl()\fR. The parameters for the function have the same meaning as for +\&\fBBIO_ctrl()\fR. .PP -\&\fIBIO_meth_get_create()\fR and \fIBIO_meth_set_create()\fR get and set the function used +\&\fBBIO_meth_get_create()\fR and \fBBIO_meth_set_create()\fR get and set the function used for creating a new instance of the \s-1BIO\s0 respectively. This function will be -called in response to the application calling \fIBIO_new()\fR and passing -in a pointer to the current \s-1BIO_METHOD.\s0 The \fIBIO_new()\fR function will allocate the +called in response to the application calling \fBBIO_new()\fR and passing +in a pointer to the current \s-1BIO_METHOD.\s0 The \fBBIO_new()\fR function will allocate the memory for the new \s-1BIO,\s0 and a pointer to this newly allocated structure will be passed as a parameter to the function. .PP -\&\fIBIO_meth_get_destroy()\fR and \fIBIO_meth_set_destroy()\fR get and set the function used +\&\fBBIO_meth_get_destroy()\fR and \fBBIO_meth_set_destroy()\fR get and set the function used for destroying an instance of a \s-1BIO\s0 respectively. This function will be -called in response to the application calling \fIBIO_free()\fR. A pointer to the \s-1BIO\s0 +called in response to the application calling \fBBIO_free()\fR. A pointer to the \s-1BIO\s0 to be destroyed is passed as a parameter. The destroy function should be used for \s-1BIO\s0 specific clean up. The memory for the \s-1BIO\s0 itself should not be freed by this function. .PP -\&\fIBIO_meth_get_callback_ctrl()\fR and \fIBIO_meth_set_callback_ctrl()\fR get and set the +\&\fBBIO_meth_get_callback_ctrl()\fR and \fBBIO_meth_set_callback_ctrl()\fR get and set the function used for processing callback ctrl messages in the \s-1BIO\s0 respectively. See -the \fIBIO_callback_ctrl\fR\|(3) page for more information. This function will be called -in response to the application calling \fIBIO_callback_ctrl()\fR. The parameters for -the function have the same meaning as for \fIBIO_callback_ctrl()\fR. +the \fBBIO_callback_ctrl\fR\|(3) page for more information. This function will be called +in response to the application calling \fBBIO_callback_ctrl()\fR. The parameters for +the function have the same meaning as for \fBBIO_callback_ctrl()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_get_new_index()\fR returns the new \s-1BIO\s0 type value or \-1 if an error occurred. +\&\fBBIO_get_new_index()\fR returns the new \s-1BIO\s0 type value or \-1 if an error occurred. .PP BIO_meth_new(int type, const char *name) returns a valid \fB\s-1BIO_METHOD\s0\fR or \s-1NULL\s0 if an error occurred. diff --git a/secure/lib/libcrypto/man/BIO_new.3 b/secure/lib/libcrypto/man/BIO_new.3 index 9ce06a5f167e..5df1ed610ba4 100644 --- a/secure/lib/libcrypto/man/BIO_new.3 +++ b/secure/lib/libcrypto/man/BIO_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_NEW 3" -.TH BIO_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BIO_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,38 +153,38 @@ BIO_new, BIO_up_ref, BIO_free, BIO_vfree, BIO_free_all \&\- BIO allocation and f .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIBIO_new()\fR function returns a new \s-1BIO\s0 using method \fBtype\fR. +The \fBBIO_new()\fR function returns a new \s-1BIO\s0 using method \fBtype\fR. .PP -\&\fIBIO_up_ref()\fR increments the reference count associated with the \s-1BIO\s0 object. +\&\fBBIO_up_ref()\fR increments the reference count associated with the \s-1BIO\s0 object. .PP -\&\fIBIO_free()\fR frees up a single \s-1BIO,\s0 \fIBIO_vfree()\fR also frees up a single \s-1BIO\s0 +\&\fBBIO_free()\fR frees up a single \s-1BIO,\s0 \fBBIO_vfree()\fR also frees up a single \s-1BIO\s0 but it does not return a value. If \fBa\fR is \s-1NULL\s0 nothing is done. -Calling \fIBIO_free()\fR may also have some effect +Calling \fBBIO_free()\fR may also have some effect on the underlying I/O structure, for example it may close the file being referred to under certain circumstances. For more details see the individual \&\s-1BIO_METHOD\s0 descriptions. .PP -\&\fIBIO_free_all()\fR frees up an entire \s-1BIO\s0 chain, it does not halt if an error +\&\fBBIO_free_all()\fR frees up an entire \s-1BIO\s0 chain, it does not halt if an error occurs freeing up an individual \s-1BIO\s0 in the chain. If \fBa\fR is \s-1NULL\s0 nothing is done. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_new()\fR returns a newly created \s-1BIO\s0 or \s-1NULL\s0 if the call fails. +\&\fBBIO_new()\fR returns a newly created \s-1BIO\s0 or \s-1NULL\s0 if the call fails. .PP -\&\fIBIO_up_ref()\fR and \fIBIO_free()\fR return 1 for success and 0 for failure. +\&\fBBIO_up_ref()\fR and \fBBIO_free()\fR return 1 for success and 0 for failure. .PP -\&\fIBIO_free_all()\fR and \fIBIO_vfree()\fR do not return values. +\&\fBBIO_free_all()\fR and \fBBIO_vfree()\fR do not return values. .SH "NOTES" .IX Header "NOTES" -If \fIBIO_free()\fR is called on a \s-1BIO\s0 chain it will only free one \s-1BIO\s0 resulting +If \fBBIO_free()\fR is called on a \s-1BIO\s0 chain it will only free one \s-1BIO\s0 resulting in a memory leak. .PP -Calling \fIBIO_free_all()\fR on a single \s-1BIO\s0 has the same effect as calling \fIBIO_free()\fR +Calling \fBBIO_free_all()\fR on a single \s-1BIO\s0 has the same effect as calling \fBBIO_free()\fR on it other than the discarded return value. .SH "HISTORY" .IX Header "HISTORY" -\&\fIBIO_set()\fR was removed in OpenSSL 1.1.0 as \s-1BIO\s0 type is now opaque. +\&\fBBIO_set()\fR was removed in OpenSSL 1.1.0 as \s-1BIO\s0 type is now opaque. .SH "EXAMPLE" .IX Header "EXAMPLE" Create a memory \s-1BIO:\s0 diff --git a/secure/lib/libcrypto/man/BIO_new_CMS.3 b/secure/lib/libcrypto/man/BIO_new_CMS.3 index ca5447bb3e8d..245ef4ae68b8 100644 --- a/secure/lib/libcrypto/man/BIO_new_CMS.3 +++ b/secure/lib/libcrypto/man/BIO_new_CMS.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_NEW_CMS 3" -.TH BIO_NEW_CMS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BIO_NEW_CMS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,7 +149,7 @@ BIO_new_CMS \- CMS streaming filter BIO .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_new_CMS()\fR returns a streaming filter \s-1BIO\s0 chain based on \fBcms\fR. The output +\&\fBBIO_new_CMS()\fR returns a streaming filter \s-1BIO\s0 chain based on \fBcms\fR. The output of the filter is written to \fBout\fR. Any data written to the chain is automatically translated to a \s-1BER\s0 format \s-1CMS\s0 structure of the appropriate type. .SH "NOTES" @@ -153,15 +157,15 @@ automatically translated to a \s-1BER\s0 format \s-1CMS\s0 structure of the appr The chain returned by this function behaves like a standard filter \s-1BIO.\s0 It supports non blocking I/O. Content is processed and streamed on the fly and not all held in memory at once: so it is possible to encode very large structures. -After all content has been written through the chain \fIBIO_flush()\fR must be called +After all content has been written through the chain \fBBIO_flush()\fR must be called to finalise the structure. .PP The \fB\s-1CMS_STREAM\s0\fR flag must be included in the corresponding \fBflags\fR parameter of the \fBcms\fR creation function. .PP If an application wishes to write additional data to \fBout\fR BIOs should be -removed from the chain using \fIBIO_pop()\fR and freed with \fIBIO_free()\fR until \fBout\fR -is reached. If no additional data needs to be written \fIBIO_free_all()\fR can be +removed from the chain using \fBBIO_pop()\fR and freed with \fBBIO_free()\fR until \fBout\fR +is reached. If no additional data needs to be written \fBBIO_free_all()\fR can be called to free up the whole chain. .PP Any content written through the filter is used verbatim: no canonical @@ -174,22 +178,22 @@ structures. .PP Large numbers of small writes through the chain should be avoided as this will produce an output consisting of lots of \s-1OCTET STRING\s0 structures. Prepending -a \fIBIO_f_buffer()\fR buffering \s-1BIO\s0 will prevent this. +a \fBBIO_f_buffer()\fR buffering \s-1BIO\s0 will prevent this. .SH "BUGS" .IX Header "BUGS" There is currently no corresponding inverse \s-1BIO:\s0 i.e. one which can decode a \s-1CMS\s0 structure on the fly. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_new_CMS()\fR returns a \s-1BIO\s0 chain when successful or \s-1NULL\s0 if an error -occurred. The error can be obtained from \fIERR_get_error\fR\|(3). +\&\fBBIO_new_CMS()\fR returns a \s-1BIO\s0 chain when successful or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), -\&\fICMS_encrypt\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_encrypt\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIBIO_new_CMS()\fR was added to OpenSSL 1.0.0 +The \fBBIO_new_CMS()\fR function was added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/BIO_parse_hostserv.3 b/secure/lib/libcrypto/man/BIO_parse_hostserv.3 index 098bdd163034..d6ca29a49064 100644 --- a/secure/lib/libcrypto/man/BIO_parse_hostserv.3 +++ b/secure/lib/libcrypto/man/BIO_parse_hostserv.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_PARSE_HOSTSERV 3" -.TH BIO_PARSE_HOSTSERV 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BIO_PARSE_HOSTSERV 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,14 +153,14 @@ BIO_hostserv_priorities, BIO_parse_hostserv \&\- utility routines to parse a sta .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_parse_hostserv()\fR will parse the information given in \fBhostserv\fR, +\&\fBBIO_parse_hostserv()\fR will parse the information given in \fBhostserv\fR, create strings with the host name and service name and give those back via \fBhost\fR and \fBservice\fR. Those will need to be freed after they are used. \fBhostserv_prio\fR helps determine if \fBhostserv\fR shall be interpreted primarily as a host name or a service name in ambiguous cases. .PP -The syntax the \fIBIO_parse_hostserv()\fR recognises is: +The syntax the \fBBIO_parse_hostserv()\fR recognises is: .PP .Vb 7 \& host + \*(Aq:\*(Aq + service @@ -194,10 +198,10 @@ and \fBhostserv_prio\fR, as follows: .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_parse_hostserv()\fR returns 1 on success or 0 on error. +\&\fBBIO_parse_hostserv()\fR returns 1 on success or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fIBIO_ADDRINFO\s0\fR\|(3) +\&\s-1\fBBIO_ADDRINFO\s0\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/BIO_printf.3 b/secure/lib/libcrypto/man/BIO_printf.3 index 9a583b97db13..fc39afb2c2e5 100644 --- a/secure/lib/libcrypto/man/BIO_printf.3 +++ b/secure/lib/libcrypto/man/BIO_printf.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_PRINTF 3" -.TH BIO_PRINTF 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BIO_PRINTF 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,24 +153,24 @@ BIO_printf, BIO_vprintf, BIO_snprintf, BIO_vsnprintf \&\- formatted output to a .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_printf()\fR is similar to the standard C \fIprintf()\fR function, except that +\&\fBBIO_printf()\fR is similar to the standard C \fBprintf()\fR function, except that the output is sent to the specified \s-1BIO,\s0 \fBbio\fR, rather than standard output. All common format specifiers are supported. .PP -\&\fIBIO_vprintf()\fR is similar to the \fIvprintf()\fR function found on many platforms, +\&\fBBIO_vprintf()\fR is similar to the \fBvprintf()\fR function found on many platforms, the output is sent to the specified \s-1BIO,\s0 \fBbio\fR, rather than standard output. All common format specifiers are supported. The argument list \fBargs\fR is a stdarg argument list. .PP -\&\fIBIO_snprintf()\fR is for platforms that do not have the common \fIsnprintf()\fR -function. It is like \fIsprintf()\fR except that the size parameter, \fBn\fR, +\&\fBBIO_snprintf()\fR is for platforms that do not have the common \fBsnprintf()\fR +function. It is like \fBsprintf()\fR except that the size parameter, \fBn\fR, specifies the size of the output buffer. .PP -\&\fIBIO_vsnprintf()\fR is to \fIBIO_snprintf()\fR as \fIBIO_vprintf()\fR is to \fIBIO_printf()\fR. +\&\fBBIO_vsnprintf()\fR is to \fBBIO_snprintf()\fR as \fBBIO_vprintf()\fR is to \fBBIO_printf()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" All functions return the number of bytes written, or \-1 on error. -For \fIBIO_snprintf()\fR and \fIBIO_vsnprintf()\fR this includes when the output +For \fBBIO_snprintf()\fR and \fBBIO_vsnprintf()\fR this includes when the output buffer is too small. .SH "COPYRIGHT" .IX Header "COPYRIGHT" diff --git a/secure/lib/libcrypto/man/BIO_push.3 b/secure/lib/libcrypto/man/BIO_push.3 index 59ad305882e1..954142d67472 100644 --- a/secure/lib/libcrypto/man/BIO_push.3 +++ b/secure/lib/libcrypto/man/BIO_push.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_PUSH 3" -.TH BIO_PUSH 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BIO_PUSH 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,24 +151,24 @@ BIO_push, BIO_pop, BIO_set_next \- add and remove BIOs from a chain .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIBIO_push()\fR function appends the \s-1BIO\s0 \fBappend\fR to \fBb\fR, it returns +The \fBBIO_push()\fR function appends the \s-1BIO\s0 \fBappend\fR to \fBb\fR, it returns \&\fBb\fR. .PP -\&\fIBIO_pop()\fR removes the \s-1BIO\s0 \fBb\fR from a chain and returns the next \s-1BIO\s0 +\&\fBBIO_pop()\fR removes the \s-1BIO\s0 \fBb\fR from a chain and returns the next \s-1BIO\s0 in the chain, or \s-1NULL\s0 if there is no next \s-1BIO.\s0 The removed \s-1BIO\s0 then becomes a single \s-1BIO\s0 with no association with the original chain, it can thus be freed or attached to a different chain. .PP -\&\fIBIO_set_next()\fR replaces the existing next \s-1BIO\s0 in a chain with the \s-1BIO\s0 pointed to +\&\fBBIO_set_next()\fR replaces the existing next \s-1BIO\s0 in a chain with the \s-1BIO\s0 pointed to by \fBnext\fR. The new chain may include some of the same BIOs from the old chain or it may be completely different. .SH "NOTES" .IX Header "NOTES" -The names of these functions are perhaps a little misleading. \fIBIO_push()\fR -joins two \s-1BIO\s0 chains whereas \fIBIO_pop()\fR deletes a single \s-1BIO\s0 from a chain, +The names of these functions are perhaps a little misleading. \fBBIO_push()\fR +joins two \s-1BIO\s0 chains whereas \fBBIO_pop()\fR deletes a single \s-1BIO\s0 from a chain, the deleted \s-1BIO\s0 does not need to be at the end of a chain. .PP -The process of calling \fIBIO_push()\fR and \fIBIO_pop()\fR on a \s-1BIO\s0 may have additional +The process of calling \fBBIO_push()\fR and \fBBIO_pop()\fR on a \s-1BIO\s0 may have additional consequences (a control call is made to the affected BIOs) any effects will be noted in the descriptions of individual BIOs. .SH "EXAMPLES" @@ -200,16 +204,16 @@ The call will return \fBb64\fR and the new chain will be \fBmd1\-b64\-f\fR data be written to \fBmd1\fR as before. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_push()\fR returns the end of the chain, \fBb\fR. +\&\fBBIO_push()\fR returns the end of the chain, \fBb\fR. .PP -\&\fIBIO_pop()\fR returns the next \s-1BIO\s0 in the chain, or \s-1NULL\s0 if there is no next +\&\fBBIO_pop()\fR returns the next \s-1BIO\s0 in the chain, or \s-1NULL\s0 if there is no next \&\s-1BIO.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" bio .SH "HISTORY" .IX Header "HISTORY" -The \fIBIO_set_next()\fR function was added in OpenSSL 1.1.0. +The \fBBIO_set_next()\fR function was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/BIO_read.3 b/secure/lib/libcrypto/man/BIO_read.3 index a18f78da4392..c490e4d58103 100644 --- a/secure/lib/libcrypto/man/BIO_read.3 +++ b/secure/lib/libcrypto/man/BIO_read.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_READ 3" -.TH BIO_READ 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BIO_READ 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,37 +155,37 @@ BIO_read_ex, BIO_write_ex, BIO_read, BIO_write, BIO_gets, BIO_puts \&\- BIO I/O .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_read_ex()\fR attempts to read \fBdlen\fR bytes from \s-1BIO\s0 \fBb\fR and places the data +\&\fBBIO_read_ex()\fR attempts to read \fBdlen\fR bytes from \s-1BIO\s0 \fBb\fR and places the data in \fBdata\fR. If any bytes were successfully read then the number of bytes read is stored in \fB*readbytes\fR. .PP -\&\fIBIO_write_ex()\fR attempts to write \fBdlen\fR bytes from \fBdata\fR to \s-1BIO\s0 \fBb\fR. If +\&\fBBIO_write_ex()\fR attempts to write \fBdlen\fR bytes from \fBdata\fR to \s-1BIO\s0 \fBb\fR. If successful then the number of bytes written is stored in \fB*written\fR. .PP -\&\fIBIO_read()\fR attempts to read \fBlen\fR bytes from \s-1BIO\s0 \fBb\fR and places +\&\fBBIO_read()\fR attempts to read \fBlen\fR bytes from \s-1BIO\s0 \fBb\fR and places the data in \fBbuf\fR. .PP -\&\fIBIO_gets()\fR performs the BIOs \*(L"gets\*(R" operation and places the data +\&\fBBIO_gets()\fR performs the BIOs \*(L"gets\*(R" operation and places the data in \fBbuf\fR. Usually this operation will attempt to read a line of data from the \s-1BIO\s0 of maximum length \fBsize\-1\fR. There are exceptions to this, -however; for example, \fIBIO_gets()\fR on a digest \s-1BIO\s0 will calculate and -return the digest and other BIOs may not support \fIBIO_gets()\fR at all. +however; for example, \fBBIO_gets()\fR on a digest \s-1BIO\s0 will calculate and +return the digest and other BIOs may not support \fBBIO_gets()\fR at all. The returned string is always NUL-terminated and the '\en' is preserved if present in the input data. .PP -\&\fIBIO_write()\fR attempts to write \fBlen\fR bytes from \fBbuf\fR to \s-1BIO\s0 \fBb\fR. +\&\fBBIO_write()\fR attempts to write \fBlen\fR bytes from \fBbuf\fR to \s-1BIO\s0 \fBb\fR. .PP -\&\fIBIO_puts()\fR attempts to write a NUL-terminated string \fBbuf\fR to \s-1BIO\s0 \fBb\fR. +\&\fBBIO_puts()\fR attempts to write a NUL-terminated string \fBbuf\fR to \s-1BIO\s0 \fBb\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_read_ex()\fR and \fIBIO_write_ex()\fR return 1 if data was successfully read or +\&\fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR return 1 if data was successfully read or written, and 0 otherwise. .PP All other functions return either the amount of data successfully read or written (if the return value is positive) or that no data was successfully read or written if the result is 0 or \-1. If the return value is \-2 then the operation is not implemented in the specific \s-1BIO\s0 type. The trailing -\&\s-1NUL\s0 is not included in the length returned by \fIBIO_gets()\fR. +\&\s-1NUL\s0 is not included in the length returned by \fBBIO_gets()\fR. .SH "NOTES" .IX Header "NOTES" A 0 or \-1 return is not necessarily an indication of an error. In @@ -190,27 +194,27 @@ it may merely be an indication that no data is currently available and that the application should retry the operation later. .PP One technique sometimes used with blocking sockets is to use a system call -(such as \fIselect()\fR, \fIpoll()\fR or equivalent) to determine when data is available -and then call \fIread()\fR to read the data. The equivalent with BIOs (that is call -\&\fIselect()\fR on the underlying I/O structure and then call \fIBIO_read()\fR to -read the data) should \fBnot\fR be used because a single call to \fIBIO_read()\fR +(such as \fBselect()\fR, \fBpoll()\fR or equivalent) to determine when data is available +and then call \fBread()\fR to read the data. The equivalent with BIOs (that is call +\&\fBselect()\fR on the underlying I/O structure and then call \fBBIO_read()\fR to +read the data) should \fBnot\fR be used because a single call to \fBBIO_read()\fR can cause several reads (and writes in the case of \s-1SSL\s0 BIOs) on the underlying -I/O structure and may block as a result. Instead \fIselect()\fR (or equivalent) +I/O structure and may block as a result. Instead \fBselect()\fR (or equivalent) should be combined with non blocking I/O so successive reads will request a retry instead of blocking. .PP -See \fIBIO_should_retry\fR\|(3) for details of how to +See \fBBIO_should_retry\fR\|(3) for details of how to determine the cause of a retry and other I/O issues. .PP -If the \fIBIO_gets()\fR function is not supported by a \s-1BIO\s0 then it possible to -work around this by adding a buffering \s-1BIO\s0 \fIBIO_f_buffer\fR\|(3) +If the \fBBIO_gets()\fR function is not supported by a \s-1BIO\s0 then it possible to +work around this by adding a buffering \s-1BIO\s0 \fBBIO_f_buffer\fR\|(3) to the chain. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIBIO_should_retry\fR\|(3) +\&\fBBIO_should_retry\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIBIO_gets()\fR on 1.1.0 and older when called on \fIBIO_fd()\fR based \s-1BIO\s0 does not +\&\fBBIO_gets()\fR on 1.1.0 and older when called on \fBBIO_fd()\fR based \s-1BIO\s0 does not keep the '\en' at the end of the line in the buffer. .SH "COPYRIGHT" .IX Header "COPYRIGHT" diff --git a/secure/lib/libcrypto/man/BIO_s_accept.3 b/secure/lib/libcrypto/man/BIO_s_accept.3 index f916bea479e6..d79a96401261 100644 --- a/secure/lib/libcrypto/man/BIO_s_accept.3 +++ b/secure/lib/libcrypto/man/BIO_s_accept.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_S_ACCEPT 3" -.TH BIO_S_ACCEPT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BIO_S_ACCEPT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -166,7 +170,7 @@ BIO_s_accept, BIO_set_accept_name, BIO_set_accept_port, BIO_get_accept_name, BIO .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_s_accept()\fR returns the accept \s-1BIO\s0 method. This is a wrapper +\&\fBBIO_s_accept()\fR returns the accept \s-1BIO\s0 method. This is a wrapper round the platform's \s-1TCP/IP\s0 socket accept routines. .PP Using accept BIOs, \s-1TCP/IP\s0 connections can be accepted and data @@ -178,50 +182,50 @@ on the underlying connection. If no connection is established and the port (see below) is set up properly then the \s-1BIO\s0 waits for an incoming connection. .PP -Accept BIOs support \fIBIO_puts()\fR but not \fIBIO_gets()\fR. +Accept BIOs support \fBBIO_puts()\fR but not \fBBIO_gets()\fR. .PP If the close flag is set on an accept \s-1BIO\s0 then any active connection on that chain is shutdown and the socket closed when the \s-1BIO\s0 is freed. .PP -Calling \fIBIO_reset()\fR on an accept \s-1BIO\s0 will close any active +Calling \fBBIO_reset()\fR on an accept \s-1BIO\s0 will close any active connection and reset the \s-1BIO\s0 into a state where it awaits another incoming connection. .PP -\&\fIBIO_get_fd()\fR and \fIBIO_set_fd()\fR can be called to retrieve or set -the accept socket. See \fIBIO_s_fd\fR\|(3) +\&\fBBIO_get_fd()\fR and \fBBIO_set_fd()\fR can be called to retrieve or set +the accept socket. See \fBBIO_s_fd\fR\|(3) .PP -\&\fIBIO_set_accept_name()\fR uses the string \fBname\fR to set the accept +\&\fBBIO_set_accept_name()\fR uses the string \fBname\fR to set the accept name. The name is represented as a string of the form \*(L"host:port\*(R", where \*(L"host\*(R" is the interface to use and \*(L"port\*(R" is the port. The host can be \*(L"*\*(R" or empty which is interpreted as meaning any interface. If the host is an IPv6 address, it has to be enclosed in brackets, for example \*(L"[::1]:https\*(R". \*(L"port\*(R" has the -same syntax as the port specified in \fIBIO_set_conn_port()\fR for +same syntax as the port specified in \fBBIO_set_conn_port()\fR for connect BIOs, that is it can be a numerical port string or a -string to lookup using \fIgetservbyname()\fR and a string table. +string to lookup using \fBgetservbyname()\fR and a string table. .PP -\&\fIBIO_set_accept_port()\fR uses the string \fBport\fR to set the accept +\&\fBBIO_set_accept_port()\fR uses the string \fBport\fR to set the accept port. \*(L"port\*(R" has the same syntax as the port specified in -\&\fIBIO_set_conn_port()\fR for connect BIOs, that is it can be a numerical -port string or a string to lookup using \fIgetservbyname()\fR and a string +\&\fBBIO_set_conn_port()\fR for connect BIOs, that is it can be a numerical +port string or a string to lookup using \fBgetservbyname()\fR and a string table. .PP -\&\fIBIO_new_accept()\fR combines \fIBIO_new()\fR and \fIBIO_set_accept_name()\fR into +\&\fBBIO_new_accept()\fR combines \fBBIO_new()\fR and \fBBIO_set_accept_name()\fR into a single call: that is it creates a new accept \s-1BIO\s0 with port \&\fBhost_port\fR. .PP -\&\fIBIO_set_nbio_accept()\fR sets the accept socket to blocking mode +\&\fBBIO_set_nbio_accept()\fR sets the accept socket to blocking mode (the default) if \fBn\fR is 0 or non blocking mode if \fBn\fR is 1. .PP -\&\fIBIO_set_accept_bios()\fR can be used to set a chain of BIOs which +\&\fBBIO_set_accept_bios()\fR can be used to set a chain of BIOs which will be duplicated and prepended to the chain when an incoming connection is received. This is useful if, for example, a buffering or \s-1SSL BIO\s0 is required for each connection. The chain of BIOs must not be freed after this call, they will be automatically freed when the accept \s-1BIO\s0 is freed. .PP -\&\fIBIO_set_bind_mode()\fR and \fIBIO_get_bind_mode()\fR set and retrieve +\&\fBBIO_set_bind_mode()\fR and \fBBIO_get_bind_mode()\fR set and retrieve the current bind mode. If \fB\s-1BIO_BIND_NORMAL\s0\fR (the default) is set then another socket cannot be bound to the same port. If \&\fB\s-1BIO_BIND_REUSEADDR\s0\fR is set then other sockets can bind to the @@ -230,10 +234,10 @@ attempt is first made to use \s-1BIO_BIN_NORMAL,\s0 if this fails and the port is not in use then a second attempt is made using \fB\s-1BIO_BIND_REUSEADDR\s0\fR. .PP -\&\fIBIO_do_accept()\fR serves two functions. When it is first +\&\fBBIO_do_accept()\fR serves two functions. When it is first called, after the accept \s-1BIO\s0 has been setup, it will attempt to create the accept socket and bind an address to it. Second -and subsequent calls to \fIBIO_do_accept()\fR will await an incoming +and subsequent calls to \fBBIO_do_accept()\fR will await an incoming connection, or request a retry in non blocking mode. .SH "NOTES" .IX Header "NOTES" @@ -248,7 +252,7 @@ accept\->socket. This effectively means that attempting I/O on an initial accept socket will await an incoming connection then perform I/O on it. .PP -If any additional BIOs have been set using \fIBIO_set_accept_bios()\fR +If any additional BIOs have been set using \fBBIO_set_accept_bios()\fR then they are placed between the socket and the accept \s-1BIO,\s0 that is the chain will be accept\->otherbios\->socket. .PP @@ -265,43 +269,43 @@ After this call \fBconnection\fR will contain a \s-1BIO\s0 for the recently established connection and \fBaccept\fR will now be a single \s-1BIO\s0 again which can be used to await further incoming connections. If no further connections will be accepted the \fBaccept\fR can -be freed using \fIBIO_free()\fR. +be freed using \fBBIO_free()\fR. .PP If only a single connection will be processed it is possible to perform I/O using the accept \s-1BIO\s0 itself. This is often undesirable however because the accept \s-1BIO\s0 will still accept additional incoming -connections. This can be resolved by using \fIBIO_pop()\fR (see above) +connections. This can be resolved by using \fBBIO_pop()\fR (see above) and freeing up the accept \s-1BIO\s0 after the initial connection. .PP -If the underlying accept socket is non-blocking and \fIBIO_do_accept()\fR is +If the underlying accept socket is non-blocking and \fBBIO_do_accept()\fR is called to await an incoming connection it is possible for -\&\fIBIO_should_io_special()\fR with the reason \s-1BIO_RR_ACCEPT.\s0 If this happens +\&\fBBIO_should_io_special()\fR with the reason \s-1BIO_RR_ACCEPT.\s0 If this happens then it is an indication that an accept attempt would block: the application should take appropriate action to wait until the underlying socket has accepted a connection and retry the call. .PP -\&\fIBIO_set_accept_name()\fR, \fIBIO_get_accept_name()\fR, \fIBIO_set_accept_port()\fR, -\&\fIBIO_get_accept_port()\fR, \fIBIO_set_nbio_accept()\fR, \fIBIO_set_accept_bios()\fR, -\&\fIBIO_get_peer_name()\fR, \fIBIO_get_peer_port()\fR, -\&\fIBIO_get_accept_ip_family()\fR, \fIBIO_set_accept_ip_family()\fR, -\&\fIBIO_set_bind_mode()\fR, \fIBIO_get_bind_mode()\fR and \fIBIO_do_accept()\fR are macros. +\&\fBBIO_set_accept_name()\fR, \fBBIO_get_accept_name()\fR, \fBBIO_set_accept_port()\fR, +\&\fBBIO_get_accept_port()\fR, \fBBIO_set_nbio_accept()\fR, \fBBIO_set_accept_bios()\fR, +\&\fBBIO_get_peer_name()\fR, \fBBIO_get_peer_port()\fR, +\&\fBBIO_get_accept_ip_family()\fR, \fBBIO_set_accept_ip_family()\fR, +\&\fBBIO_set_bind_mode()\fR, \fBBIO_get_bind_mode()\fR and \fBBIO_do_accept()\fR are macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_do_accept()\fR, -\&\fIBIO_set_accept_name()\fR, \fIBIO_set_accept_port()\fR, \fIBIO_set_nbio_accept()\fR, -\&\fIBIO_set_accept_bios()\fR, \fIBIO_set_accept_ip_family()\fR, and \fIBIO_set_bind_mode()\fR +\&\fBBIO_do_accept()\fR, +\&\fBBIO_set_accept_name()\fR, \fBBIO_set_accept_port()\fR, \fBBIO_set_nbio_accept()\fR, +\&\fBBIO_set_accept_bios()\fR, \fBBIO_set_accept_ip_family()\fR, and \fBBIO_set_bind_mode()\fR return 1 for success and 0 or \-1 for failure. .PP -\&\fIBIO_get_accept_name()\fR returns the accept name or \s-1NULL\s0 on error. -\&\fIBIO_get_peer_name()\fR returns the peer name or \s-1NULL\s0 on error. +\&\fBBIO_get_accept_name()\fR returns the accept name or \s-1NULL\s0 on error. +\&\fBBIO_get_peer_name()\fR returns the peer name or \s-1NULL\s0 on error. .PP -\&\fIBIO_get_accept_port()\fR returns the accept port as a string or \s-1NULL\s0 on error. -\&\fIBIO_get_peer_port()\fR returns the peer port as a string or \s-1NULL\s0 on error. -\&\fIBIO_get_accept_ip_family()\fR returns the \s-1IP\s0 family or \-1 on error. +\&\fBBIO_get_accept_port()\fR returns the accept port as a string or \s-1NULL\s0 on error. +\&\fBBIO_get_peer_port()\fR returns the peer port as a string or \s-1NULL\s0 on error. +\&\fBBIO_get_accept_ip_family()\fR returns the \s-1IP\s0 family or \-1 on error. .PP -\&\fIBIO_get_bind_mode()\fR returns the set of \fB\s-1BIO_BIND\s0\fR flags, or \-1 on failure. +\&\fBBIO_get_bind_mode()\fR returns the set of \fB\s-1BIO_BIND\s0\fR flags, or \-1 on failure. .PP -\&\fIBIO_new_accept()\fR returns a \s-1BIO\s0 or \s-1NULL\s0 on error. +\&\fBBIO_new_accept()\fR returns a \s-1BIO\s0 or \s-1NULL\s0 on error. .SH "EXAMPLE" .IX Header "EXAMPLE" This example accepts two connections on port 4444, sends messages diff --git a/secure/lib/libcrypto/man/BIO_s_bio.3 b/secure/lib/libcrypto/man/BIO_s_bio.3 index 61175dbc874d..976cc3cfb3c6 100644 --- a/secure/lib/libcrypto/man/BIO_s_bio.3 +++ b/secure/lib/libcrypto/man/BIO_s_bio.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_S_BIO 3" -.TH BIO_S_BIO 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BIO_S_BIO 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -160,7 +164,7 @@ BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr, BIO_set_wri .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_s_bio()\fR returns the method for a \s-1BIO\s0 pair. A \s-1BIO\s0 pair is a pair of source/sink +\&\fBBIO_s_bio()\fR returns the method for a \s-1BIO\s0 pair. A \s-1BIO\s0 pair is a pair of source/sink BIOs where data written to either half of the pair is buffered and can be read from the other half. Both halves must usually by handled by the same application thread since no locking is done on the internal data structures. @@ -173,47 +177,47 @@ One typical use of \s-1BIO\s0 pairs is to place \s-1TLS/SSL I/O\s0 under applica can be used when the application wishes to use a non standard transport for \&\s-1TLS/SSL\s0 or the normal socket routines are inappropriate. .PP -Calls to \fIBIO_read_ex()\fR will read data from the buffer or request a retry if no +Calls to \fBBIO_read_ex()\fR will read data from the buffer or request a retry if no data is available. .PP -Calls to \fIBIO_write_ex()\fR will place data in the buffer or request a retry if the +Calls to \fBBIO_write_ex()\fR will place data in the buffer or request a retry if the buffer is full. .PP -The standard calls \fIBIO_ctrl_pending()\fR and \fIBIO_ctrl_wpending()\fR can be used to +The standard calls \fBBIO_ctrl_pending()\fR and \fBBIO_ctrl_wpending()\fR can be used to determine the amount of pending data in the read or write buffer. .PP -\&\fIBIO_reset()\fR clears any data in the write buffer. +\&\fBBIO_reset()\fR clears any data in the write buffer. .PP -\&\fIBIO_make_bio_pair()\fR joins two separate BIOs into a connected pair. +\&\fBBIO_make_bio_pair()\fR joins two separate BIOs into a connected pair. .PP -\&\fIBIO_destroy_pair()\fR destroys the association between two connected BIOs. Freeing +\&\fBBIO_destroy_pair()\fR destroys the association between two connected BIOs. Freeing up any half of the pair will automatically destroy the association. .PP -\&\fIBIO_shutdown_wr()\fR is used to close down a \s-1BIO\s0 \fBb\fR. After this call no further +\&\fBBIO_shutdown_wr()\fR is used to close down a \s-1BIO\s0 \fBb\fR. After this call no further writes on \s-1BIO\s0 \fBb\fR are allowed (they will return an error). Reads on the other half of the pair will return any pending data or \s-1EOF\s0 when all pending data has been read. .PP -\&\fIBIO_set_write_buf_size()\fR sets the write buffer size of \s-1BIO\s0 \fBb\fR to \fBsize\fR. +\&\fBBIO_set_write_buf_size()\fR sets the write buffer size of \s-1BIO\s0 \fBb\fR to \fBsize\fR. If the size is not initialized a default value is used. This is currently 17K, sufficient for a maximum size \s-1TLS\s0 record. .PP -\&\fIBIO_get_write_buf_size()\fR returns the size of the write buffer. +\&\fBBIO_get_write_buf_size()\fR returns the size of the write buffer. .PP -\&\fIBIO_new_bio_pair()\fR combines the calls to \fIBIO_new()\fR, \fIBIO_make_bio_pair()\fR and -\&\fIBIO_set_write_buf_size()\fR to create a connected pair of BIOs \fBbio1\fR, \fBbio2\fR +\&\fBBIO_new_bio_pair()\fR combines the calls to \fBBIO_new()\fR, \fBBIO_make_bio_pair()\fR and +\&\fBBIO_set_write_buf_size()\fR to create a connected pair of BIOs \fBbio1\fR, \fBbio2\fR with write buffer sizes \fBwritebuf1\fR and \fBwritebuf2\fR. If either size is -zero then the default size is used. \fIBIO_new_bio_pair()\fR does not check whether +zero then the default size is used. \fBBIO_new_bio_pair()\fR does not check whether \&\fBbio1\fR or \fBbio2\fR do point to some other \s-1BIO,\s0 the values are overwritten, -\&\fIBIO_free()\fR is not called. +\&\fBBIO_free()\fR is not called. .PP -\&\fIBIO_get_write_guarantee()\fR and \fIBIO_ctrl_get_write_guarantee()\fR return the maximum +\&\fBBIO_get_write_guarantee()\fR and \fBBIO_ctrl_get_write_guarantee()\fR return the maximum length of data that can be currently written to the \s-1BIO.\s0 Writes larger than this -value will return a value from \fIBIO_write_ex()\fR less than the amount requested or -if the buffer is full request a retry. \fIBIO_ctrl_get_write_guarantee()\fR is a -function whereas \fIBIO_get_write_guarantee()\fR is a macro. +value will return a value from \fBBIO_write_ex()\fR less than the amount requested or +if the buffer is full request a retry. \fBBIO_ctrl_get_write_guarantee()\fR is a +function whereas \fBBIO_get_write_guarantee()\fR is a macro. .PP -\&\fIBIO_get_read_request()\fR and \fIBIO_ctrl_get_read_request()\fR return the +\&\fBBIO_get_read_request()\fR and \fBBIO_ctrl_get_read_request()\fR return the amount of data requested, or the buffer size if it is less, if the last read attempt at the other half of the \s-1BIO\s0 pair failed due to an empty buffer. This can be used to determine how much data should be @@ -222,40 +226,40 @@ in \s-1TLS/SSL\s0 applications where the amount of data read is usually meaningful rather than just a buffer size. After a successful read this call will return zero. It also will return zero once new data has been written satisfying the read request or part of it. -Note that \fIBIO_get_read_request()\fR never returns an amount larger -than that returned by \fIBIO_get_write_guarantee()\fR. +Note that \fBBIO_get_read_request()\fR never returns an amount larger +than that returned by \fBBIO_get_write_guarantee()\fR. .PP -\&\fIBIO_ctrl_reset_read_request()\fR can also be used to reset the value returned by -\&\fIBIO_get_read_request()\fR to zero. +\&\fBBIO_ctrl_reset_read_request()\fR can also be used to reset the value returned by +\&\fBBIO_get_read_request()\fR to zero. .SH "NOTES" .IX Header "NOTES" Both halves of a \s-1BIO\s0 pair should be freed. That is even if one half is implicit -freed due to a \fIBIO_free_all()\fR or \fISSL_free()\fR call the other half needs to be freed. +freed due to a \fBBIO_free_all()\fR or \fBSSL_free()\fR call the other half needs to be freed. .PP When used in bidirectional applications (such as \s-1TLS/SSL\s0) care should be taken to -flush any data in the write buffer. This can be done by calling \fIBIO_pending()\fR +flush any data in the write buffer. This can be done by calling \fBBIO_pending()\fR on the other half of the pair and, if any data is pending, reading it and sending it to the underlying transport. This must be done before any normal processing -(such as calling \fIselect()\fR ) due to a request and \fIBIO_should_read()\fR being true. +(such as calling \fBselect()\fR ) due to a request and \fBBIO_should_read()\fR being true. .PP To see why this is important consider a case where a request is sent using -\&\fIBIO_write_ex()\fR and a response read with \fIBIO_read_ex()\fR, this can occur during an -\&\s-1TLS/SSL\s0 handshake for example. \fIBIO_write_ex()\fR will succeed and place data in the -write buffer. \fIBIO_read_ex()\fR will initially fail and \fIBIO_should_read()\fR will be +\&\fBBIO_write_ex()\fR and a response read with \fBBIO_read_ex()\fR, this can occur during an +\&\s-1TLS/SSL\s0 handshake for example. \fBBIO_write_ex()\fR will succeed and place data in the +write buffer. \fBBIO_read_ex()\fR will initially fail and \fBBIO_should_read()\fR will be true. If the application then waits for data to be available on the underlying transport before flushing the write buffer it will never succeed because the request was never sent! .PP -\&\fIBIO_eof()\fR is true if no data is in the peer \s-1BIO\s0 and the peer \s-1BIO\s0 has been +\&\fBBIO_eof()\fR is true if no data is in the peer \s-1BIO\s0 and the peer \s-1BIO\s0 has been shutdown. .PP -\&\fIBIO_make_bio_pair()\fR, \fIBIO_destroy_bio_pair()\fR, \fIBIO_shutdown_wr()\fR, -\&\fIBIO_set_write_buf_size()\fR, \fIBIO_get_write_buf_size()\fR, -\&\fIBIO_get_write_guarantee()\fR, and \fIBIO_get_read_request()\fR are implemented +\&\fBBIO_make_bio_pair()\fR, \fBBIO_destroy_bio_pair()\fR, \fBBIO_shutdown_wr()\fR, +\&\fBBIO_set_write_buf_size()\fR, \fBBIO_get_write_buf_size()\fR, +\&\fBBIO_get_write_guarantee()\fR, and \fBBIO_get_read_request()\fR are implemented as macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_new_bio_pair()\fR returns 1 on success, with the new BIOs available in +\&\fBBIO_new_bio_pair()\fR returns 1 on success, with the new BIOs available in \&\fBbio1\fR and \fBbio2\fR, or 0 on failure, with \s-1NULL\s0 pointers stored into the locations for \fBbio1\fR and \fBbio2\fR. Check the error stack for more information. .PP @@ -263,7 +267,7 @@ locations for \fBbio1\fR and \fBbio2\fR. Check the error stack for more informat .SH "EXAMPLE" .IX Header "EXAMPLE" The \s-1BIO\s0 pair can be used to have full control over the network access of an -application. The application can call \fIselect()\fR on the socket as required +application. The application can call \fBselect()\fR on the socket as required without having to go through the SSL-interface. .PP .Vb 1 @@ -300,21 +304,21 @@ connection, it behaves non-blocking and will return as soon as the write buffer is full or the read buffer is drained. Then the application has to flush the write buffer and/or fill the read buffer. .PP -Use the \fIBIO_ctrl_pending()\fR, to find out whether data is buffered in the \s-1BIO\s0 -and must be transferred to the network. Use \fIBIO_ctrl_get_read_request()\fR to +Use the \fBBIO_ctrl_pending()\fR, to find out whether data is buffered in the \s-1BIO\s0 +and must be transferred to the network. Use \fBBIO_ctrl_get_read_request()\fR to find out, how many bytes must be written into the buffer before the -\&\fISSL_operation()\fR can successfully be continued. +\&\fBSSL_operation()\fR can successfully be continued. .SH "WARNING" .IX Header "WARNING" -As the data is buffered, \fISSL_operation()\fR may return with an \s-1ERROR_SSL_WANT_READ\s0 +As the data is buffered, \fBSSL_operation()\fR may return with an \s-1ERROR_SSL_WANT_READ\s0 condition, but there is still data in the write buffer. An application must -not rely on the error value of \fISSL_operation()\fR but must assure that the +not rely on the error value of \fBSSL_operation()\fR but must assure that the write buffer is always flushed first. Otherwise a deadlock may occur as the peer might be waiting for the data before being able to continue. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_set_bio\fR\|(3), \fIssl\fR\|(7), \fIbio\fR\|(7), -\&\fIBIO_should_retry\fR\|(3), \fIBIO_read_ex\fR\|(3) +\&\fBSSL_set_bio\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7), +\&\fBBIO_should_retry\fR\|(3), \fBBIO_read_ex\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/BIO_s_connect.3 b/secure/lib/libcrypto/man/BIO_s_connect.3 index b46212f08174..a847ffca2670 100644 --- a/secure/lib/libcrypto/man/BIO_s_connect.3 +++ b/secure/lib/libcrypto/man/BIO_s_connect.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_S_CONNECT 3" -.TH BIO_S_CONNECT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BIO_S_CONNECT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -160,7 +164,7 @@ BIO_set_conn_address, BIO_get_conn_address, BIO_s_connect, BIO_new_connect, BIO_ .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. This is a wrapper +\&\fBBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. This is a wrapper round the platform's \s-1TCP/IP\s0 socket connection routines. .PP Using connect BIOs, \s-1TCP/IP\s0 connections can be made and data @@ -172,61 +176,61 @@ on the underlying connection. If no connection is established and the port and hostname (see below) is set up properly then a connection is established first. .PP -Connect BIOs support \fIBIO_puts()\fR but not \fIBIO_gets()\fR. +Connect BIOs support \fBBIO_puts()\fR but not \fBBIO_gets()\fR. .PP If the close flag is set on a connect \s-1BIO\s0 then any active connection is shutdown and the socket closed when the \s-1BIO\s0 is freed. .PP -Calling \fIBIO_reset()\fR on a connect \s-1BIO\s0 will close any active +Calling \fBBIO_reset()\fR on a connect \s-1BIO\s0 will close any active connection and reset the \s-1BIO\s0 into a state where it can connect to the same host again. .PP -\&\fIBIO_get_fd()\fR places the underlying socket in \fBc\fR if it is not \s-1NULL,\s0 +\&\fBBIO_get_fd()\fR places the underlying socket in \fBc\fR if it is not \s-1NULL,\s0 it also returns the socket . If \fBc\fR is not \s-1NULL\s0 it should be of type (int *). .PP -\&\fIBIO_set_conn_hostname()\fR uses the string \fBname\fR to set the hostname. +\&\fBBIO_set_conn_hostname()\fR uses the string \fBname\fR to set the hostname. The hostname can be an \s-1IP\s0 address; if the address is an IPv6 one, it must be enclosed with brackets. The hostname can also include the port in the form hostname:port. .PP -\&\fIBIO_set_conn_port()\fR sets the port to \fBport\fR. \fBport\fR can be the +\&\fBBIO_set_conn_port()\fR sets the port to \fBport\fR. \fBport\fR can be the numerical form or a string such as \*(L"http\*(R". A string will be looked -up first using \fIgetservbyname()\fR on the host platform but if that +up first using \fBgetservbyname()\fR on the host platform but if that fails a standard table of port names will be used. This internal list is http, telnet, socks, https, ssl, ftp, and gopher. .PP -\&\fIBIO_set_conn_address()\fR sets the address and port information using -a \s-1\fIBIO_ADDR\s0\fR\|(3ssl). +\&\fBBIO_set_conn_address()\fR sets the address and port information using +a \s-1\fBBIO_ADDR\s0\fR\|(3ssl). .PP -\&\fIBIO_set_conn_ip_family()\fR sets the \s-1IP\s0 family. +\&\fBBIO_set_conn_ip_family()\fR sets the \s-1IP\s0 family. .PP -\&\fIBIO_get_conn_hostname()\fR returns the hostname of the connect \s-1BIO\s0 or +\&\fBBIO_get_conn_hostname()\fR returns the hostname of the connect \s-1BIO\s0 or \&\s-1NULL\s0 if the \s-1BIO\s0 is initialized but no hostname is set. This return value is an internal pointer which should not be modified. .PP -\&\fIBIO_get_conn_port()\fR returns the port as a string. +\&\fBBIO_get_conn_port()\fR returns the port as a string. This return value is an internal pointer which should not be modified. .PP -\&\fIBIO_get_conn_address()\fR returns the address information as a \s-1BIO_ADDR.\s0 +\&\fBBIO_get_conn_address()\fR returns the address information as a \s-1BIO_ADDR.\s0 This return value is an internal pointer which should not be modified. .PP -\&\fIBIO_get_conn_ip_family()\fR returns the \s-1IP\s0 family of the connect \s-1BIO.\s0 +\&\fBBIO_get_conn_ip_family()\fR returns the \s-1IP\s0 family of the connect \s-1BIO.\s0 .PP -\&\fIBIO_set_nbio()\fR sets the non blocking I/O flag to \fBn\fR. If \fBn\fR is +\&\fBBIO_set_nbio()\fR sets the non blocking I/O flag to \fBn\fR. If \fBn\fR is zero then blocking I/O is set. If \fBn\fR is 1 then non blocking I/O -is set. Blocking I/O is the default. The call to \fIBIO_set_nbio()\fR +is set. Blocking I/O is the default. The call to \fBBIO_set_nbio()\fR should be made before the connection is established because non blocking I/O is set during the connect process. .PP -\&\fIBIO_new_connect()\fR combines \fIBIO_new()\fR and \fIBIO_set_conn_hostname()\fR into +\&\fBBIO_new_connect()\fR combines \fBBIO_new()\fR and \fBBIO_set_conn_hostname()\fR into a single call: that is it creates a new connect \s-1BIO\s0 with \fBname\fR. .PP -\&\fIBIO_do_connect()\fR attempts to connect the supplied \s-1BIO.\s0 It returns 1 +\&\fBBIO_do_connect()\fR attempts to connect the supplied \s-1BIO.\s0 It returns 1 if the connection was established successfully. A zero or negative value is returned if the connection could not be established, the -call \fIBIO_should_retry()\fR should be used for non blocking connect BIOs +call \fBBIO_should_retry()\fR should be used for non blocking connect BIOs to determine if the call should be retried. .SH "NOTES" .IX Header "NOTES" @@ -235,59 +239,59 @@ I/O call is caused by an error condition, although a zero return will normally mean that the connection was closed. .PP If the port name is supplied as part of the host name then this will -override any value set with \fIBIO_set_conn_port()\fR. This may be undesirable +override any value set with \fBBIO_set_conn_port()\fR. This may be undesirable if the application does not wish to allow connection to arbitrary ports. This can be avoided by checking for the presence of the ':' character in the passed hostname and either indicating an error or truncating the string at that point. .PP -The values returned by \fIBIO_get_conn_hostname()\fR, \fIBIO_get_conn_address()\fR, -and \fIBIO_get_conn_port()\fR are updated when a connection attempt is made. +The values returned by \fBBIO_get_conn_hostname()\fR, \fBBIO_get_conn_address()\fR, +and \fBBIO_get_conn_port()\fR are updated when a connection attempt is made. Before any connection attempt the values returned are those set by the application itself. .PP -Applications do not have to call \fIBIO_do_connect()\fR but may wish to do +Applications do not have to call \fBBIO_do_connect()\fR but may wish to do so to separate the connection process from other I/O processing. .PP If non blocking I/O is set then retries will be requested as appropriate. .PP -It addition to \fIBIO_should_read()\fR and \fIBIO_should_write()\fR it is also -possible for \fIBIO_should_io_special()\fR to be true during the initial +It addition to \fBBIO_should_read()\fR and \fBBIO_should_write()\fR it is also +possible for \fBBIO_should_io_special()\fR to be true during the initial connection process with the reason \s-1BIO_RR_CONNECT.\s0 If this is returned then this is an indication that a connection attempt would block, the application should then take appropriate action to wait until the underlying socket has connected and retry the call. .PP -\&\fIBIO_set_conn_hostname()\fR, \fIBIO_set_conn_port()\fR, \fIBIO_get_conn_hostname()\fR, -\&\fIBIO_set_conn_address()\fR, \fIBIO_get_conn_port()\fR, \fIBIO_get_conn_address()\fR, -\&\fIBIO_set_conn_ip_family()\fR, \fIBIO_get_conn_ip_family()\fR, -\&\fIBIO_set_nbio()\fR, and \fIBIO_do_connect()\fR are macros. +\&\fBBIO_set_conn_hostname()\fR, \fBBIO_set_conn_port()\fR, \fBBIO_get_conn_hostname()\fR, +\&\fBBIO_set_conn_address()\fR, \fBBIO_get_conn_port()\fR, \fBBIO_get_conn_address()\fR, +\&\fBBIO_set_conn_ip_family()\fR, \fBBIO_get_conn_ip_family()\fR, +\&\fBBIO_set_nbio()\fR, and \fBBIO_do_connect()\fR are macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. +\&\fBBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. .PP -\&\fIBIO_get_fd()\fR returns the socket or \-1 if the \s-1BIO\s0 has not +\&\fBBIO_get_fd()\fR returns the socket or \-1 if the \s-1BIO\s0 has not been initialized. .PP -\&\fIBIO_set_conn_address()\fR, \fIBIO_set_conn_port()\fR, and \fIBIO_set_conn_ip_family()\fR +\&\fBBIO_set_conn_address()\fR, \fBBIO_set_conn_port()\fR, and \fBBIO_set_conn_ip_family()\fR always return 1. .PP -\&\fIBIO_set_conn_hostname()\fR returns 1 on success and 0 on failure. +\&\fBBIO_set_conn_hostname()\fR returns 1 on success and 0 on failure. .PP -\&\fIBIO_get_conn_address()\fR returns the address information or \s-1NULL\s0 if none +\&\fBBIO_get_conn_address()\fR returns the address information or \s-1NULL\s0 if none was set. .PP -\&\fIBIO_get_conn_hostname()\fR returns the connected hostname or \s-1NULL\s0 if +\&\fBBIO_get_conn_hostname()\fR returns the connected hostname or \s-1NULL\s0 if none was set. .PP -\&\fIBIO_get_conn_ip_family()\fR returns the address family or \-1 if none was set. +\&\fBBIO_get_conn_ip_family()\fR returns the address family or \-1 if none was set. .PP -\&\fIBIO_get_conn_port()\fR returns a string representing the connected +\&\fBBIO_get_conn_port()\fR returns a string representing the connected port or \s-1NULL\s0 if not set. .PP -\&\fIBIO_set_nbio()\fR always returns 1. +\&\fBBIO_set_nbio()\fR always returns 1. .PP -\&\fIBIO_do_connect()\fR returns 1 if the connection was successfully +\&\fBBIO_do_connect()\fR returns 1 if the connection was successfully established and 0 or \-1 if the connection failed. .SH "EXAMPLE" .IX Header "EXAMPLE" @@ -318,12 +322,12 @@ to retrieve a page and copy the result to standard output. .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fIBIO_ADDR\s0\fR\|(3) +\&\s-1\fBBIO_ADDR\s0\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIBIO_set_conn_int_port()\fR, \fIBIO_get_conn_int_port()\fR, \fIBIO_set_conn_ip()\fR, and \fIBIO_get_conn_ip()\fR +\&\fBBIO_set_conn_int_port()\fR, \fBBIO_get_conn_int_port()\fR, \fBBIO_set_conn_ip()\fR, and \fBBIO_get_conn_ip()\fR were removed in OpenSSL 1.1.0. -Use \fIBIO_set_conn_address()\fR and \fIBIO_get_conn_address()\fR instead. +Use \fBBIO_set_conn_address()\fR and \fBBIO_get_conn_address()\fR instead. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/BIO_s_fd.3 b/secure/lib/libcrypto/man/BIO_s_fd.3 index 3a7f9689de77..52a33b3db1a9 100644 --- a/secure/lib/libcrypto/man/BIO_s_fd.3 +++ b/secure/lib/libcrypto/man/BIO_s_fd.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_S_FD 3" -.TH BIO_S_FD 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BIO_S_FD 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,53 +154,53 @@ BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd \- file descriptor BIO .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method. This is a wrapper -round the platforms file descriptor routines such as \fIread()\fR and \fIwrite()\fR. +\&\fBBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method. This is a wrapper +round the platforms file descriptor routines such as \fBread()\fR and \fBwrite()\fR. .PP -\&\fIBIO_read_ex()\fR and \fIBIO_write_ex()\fR read or write the underlying descriptor. -\&\fIBIO_puts()\fR is supported but \fIBIO_gets()\fR is not. +\&\fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR read or write the underlying descriptor. +\&\fBBIO_puts()\fR is supported but \fBBIO_gets()\fR is not. .PP -If the close flag is set then \fIclose()\fR is called on the underlying +If the close flag is set then \fBclose()\fR is called on the underlying file descriptor when the \s-1BIO\s0 is freed. .PP -\&\fIBIO_reset()\fR attempts to change the file pointer to the start of file +\&\fBBIO_reset()\fR attempts to change the file pointer to the start of file such as by using \fBlseek(fd, 0, 0)\fR. .PP -\&\fIBIO_seek()\fR sets the file pointer to position \fBofs\fR from start of file +\&\fBBIO_seek()\fR sets the file pointer to position \fBofs\fR from start of file such as by using \fBlseek(fd, ofs, 0)\fR. .PP -\&\fIBIO_tell()\fR returns the current file position such as by calling +\&\fBBIO_tell()\fR returns the current file position such as by calling \&\fBlseek(fd, 0, 1)\fR. .PP -\&\fIBIO_set_fd()\fR sets the file descriptor of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close +\&\fBBIO_set_fd()\fR sets the file descriptor of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close flag to \fBc\fR. .PP -\&\fIBIO_get_fd()\fR places the file descriptor in \fBc\fR if it is not \s-1NULL,\s0 it also +\&\fBBIO_get_fd()\fR places the file descriptor in \fBc\fR if it is not \s-1NULL,\s0 it also returns the file descriptor. .PP -\&\fIBIO_new_fd()\fR returns a file descriptor \s-1BIO\s0 using \fBfd\fR and \fBclose_flag\fR. +\&\fBBIO_new_fd()\fR returns a file descriptor \s-1BIO\s0 using \fBfd\fR and \fBclose_flag\fR. .SH "NOTES" .IX Header "NOTES" -The behaviour of \fIBIO_read_ex()\fR and \fIBIO_write_ex()\fR depends on the behavior of the -platforms \fIread()\fR and \fIwrite()\fR calls on the descriptor. If the underlying +The behaviour of \fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR depends on the behavior of the +platforms \fBread()\fR and \fBwrite()\fR calls on the descriptor. If the underlying file descriptor is in a non blocking mode then the \s-1BIO\s0 will behave in the -manner described in the \fIBIO_read_ex\fR\|(3) and \fIBIO_should_retry\fR\|(3) +manner described in the \fBBIO_read_ex\fR\|(3) and \fBBIO_should_retry\fR\|(3) manual pages. .PP File descriptor BIOs should not be used for socket I/O. Use socket BIOs instead. .PP -\&\fIBIO_set_fd()\fR and \fIBIO_get_fd()\fR are implemented as macros. +\&\fBBIO_set_fd()\fR and \fBBIO_get_fd()\fR are implemented as macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method. +\&\fBBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method. .PP -\&\fIBIO_set_fd()\fR always returns 1. +\&\fBBIO_set_fd()\fR always returns 1. .PP -\&\fIBIO_get_fd()\fR returns the file descriptor or \-1 if the \s-1BIO\s0 has not +\&\fBBIO_get_fd()\fR returns the file descriptor or \-1 if the \s-1BIO\s0 has not been initialized. .PP -\&\fIBIO_new_fd()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error +\&\fBBIO_new_fd()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error occurred. .SH "EXAMPLE" .IX Header "EXAMPLE" @@ -211,11 +215,11 @@ This is a file descriptor \s-1BIO\s0 version of \*(L"Hello World\*(R": .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIBIO_seek\fR\|(3), \fIBIO_tell\fR\|(3), -\&\fIBIO_reset\fR\|(3), \fIBIO_read_ex\fR\|(3), -\&\fIBIO_write_ex\fR\|(3), \fIBIO_puts\fR\|(3), -\&\fIBIO_gets\fR\|(3), \fIBIO_printf\fR\|(3), -\&\fIBIO_set_close\fR\|(3), \fIBIO_get_close\fR\|(3) +\&\fBBIO_seek\fR\|(3), \fBBIO_tell\fR\|(3), +\&\fBBIO_reset\fR\|(3), \fBBIO_read_ex\fR\|(3), +\&\fBBIO_write_ex\fR\|(3), \fBBIO_puts\fR\|(3), +\&\fBBIO_gets\fR\|(3), \fBBIO_printf\fR\|(3), +\&\fBBIO_set_close\fR\|(3), \fBBIO_get_close\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/BIO_s_file.3 b/secure/lib/libcrypto/man/BIO_s_file.3 index a9cdb3570df4..9132f7f98be2 100644 --- a/secure/lib/libcrypto/man/BIO_s_file.3 +++ b/secure/lib/libcrypto/man/BIO_s_file.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_S_FILE 3" -.TH BIO_S_FILE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BIO_S_FILE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,48 +159,48 @@ BIO_s_file, BIO_new_file, BIO_new_fp, BIO_set_fp, BIO_get_fp, BIO_read_filename, .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_s_file()\fR returns the \s-1BIO\s0 file method. As its name implies it +\&\fBBIO_s_file()\fR returns the \s-1BIO\s0 file method. As its name implies it is a wrapper round the stdio \s-1FILE\s0 structure and it is a source/sink \s-1BIO.\s0 .PP -Calls to \fIBIO_read_ex()\fR and \fIBIO_write_ex()\fR read and write data to the -underlying stream. \fIBIO_gets()\fR and \fIBIO_puts()\fR are supported on file BIOs. +Calls to \fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR read and write data to the +underlying stream. \fBBIO_gets()\fR and \fBBIO_puts()\fR are supported on file BIOs. .PP -\&\fIBIO_flush()\fR on a file \s-1BIO\s0 calls the \fIfflush()\fR function on the wrapped +\&\fBBIO_flush()\fR on a file \s-1BIO\s0 calls the \fBfflush()\fR function on the wrapped stream. .PP -\&\fIBIO_reset()\fR attempts to change the file pointer to the start of file +\&\fBBIO_reset()\fR attempts to change the file pointer to the start of file using fseek(stream, 0, 0). .PP -\&\fIBIO_seek()\fR sets the file pointer to position \fBofs\fR from start of file +\&\fBBIO_seek()\fR sets the file pointer to position \fBofs\fR from start of file using fseek(stream, ofs, 0). .PP -\&\fIBIO_eof()\fR calls \fIfeof()\fR. +\&\fBBIO_eof()\fR calls \fBfeof()\fR. .PP -Setting the \s-1BIO_CLOSE\s0 flag calls \fIfclose()\fR on the stream when the \s-1BIO\s0 +Setting the \s-1BIO_CLOSE\s0 flag calls \fBfclose()\fR on the stream when the \s-1BIO\s0 is freed. .PP -\&\fIBIO_new_file()\fR creates a new file \s-1BIO\s0 with mode \fBmode\fR the meaning -of \fBmode\fR is the same as the stdio function \fIfopen()\fR. The \s-1BIO_CLOSE\s0 +\&\fBBIO_new_file()\fR creates a new file \s-1BIO\s0 with mode \fBmode\fR the meaning +of \fBmode\fR is the same as the stdio function \fBfopen()\fR. The \s-1BIO_CLOSE\s0 flag is set on the returned \s-1BIO.\s0 .PP -\&\fIBIO_new_fp()\fR creates a file \s-1BIO\s0 wrapping \fBstream\fR. Flags can be: +\&\fBBIO_new_fp()\fR creates a file \s-1BIO\s0 wrapping \fBstream\fR. Flags can be: \&\s-1BIO_CLOSE, BIO_NOCLOSE\s0 (the close flag) \s-1BIO_FP_TEXT\s0 (sets the underlying stream to text mode, default is binary: this only has any effect under Win32). .PP -\&\fIBIO_set_fp()\fR sets the fp of a file \s-1BIO\s0 to \fBfp\fR. \fBflags\fR has the same -meaning as in \fIBIO_new_fp()\fR, it is a macro. +\&\fBBIO_set_fp()\fR sets the fp of a file \s-1BIO\s0 to \fBfp\fR. \fBflags\fR has the same +meaning as in \fBBIO_new_fp()\fR, it is a macro. .PP -\&\fIBIO_get_fp()\fR retrieves the fp of a file \s-1BIO,\s0 it is a macro. +\&\fBBIO_get_fp()\fR retrieves the fp of a file \s-1BIO,\s0 it is a macro. .PP -\&\fIBIO_seek()\fR is a macro that sets the position pointer to \fBoffset\fR bytes +\&\fBBIO_seek()\fR is a macro that sets the position pointer to \fBoffset\fR bytes from the start of file. .PP -\&\fIBIO_tell()\fR returns the value of the position pointer. +\&\fBBIO_tell()\fR returns the value of the position pointer. .PP -\&\fIBIO_read_filename()\fR, \fIBIO_write_filename()\fR, \fIBIO_append_filename()\fR and -\&\fIBIO_rw_filename()\fR set the file \s-1BIO\s0 \fBb\fR to use file \fBname\fR for +\&\fBBIO_read_filename()\fR, \fBBIO_write_filename()\fR, \fBBIO_append_filename()\fR and +\&\fBBIO_rw_filename()\fR set the file \s-1BIO\s0 \fBb\fR to use file \fBname\fR for reading, writing, append or read write respectively. .SH "NOTES" .IX Header "NOTES" @@ -260,35 +264,35 @@ Alternative technique: .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_s_file()\fR returns the file \s-1BIO\s0 method. +\&\fBBIO_s_file()\fR returns the file \s-1BIO\s0 method. .PP -\&\fIBIO_new_file()\fR and \fIBIO_new_fp()\fR return a file \s-1BIO\s0 or \s-1NULL\s0 if an error +\&\fBBIO_new_file()\fR and \fBBIO_new_fp()\fR return a file \s-1BIO\s0 or \s-1NULL\s0 if an error occurred. .PP -\&\fIBIO_set_fp()\fR and \fIBIO_get_fp()\fR return 1 for success or 0 for failure +\&\fBBIO_set_fp()\fR and \fBBIO_get_fp()\fR return 1 for success or 0 for failure (although the current implementation never return 0). .PP -\&\fIBIO_seek()\fR returns the same value as the underlying \fIfseek()\fR function: +\&\fBBIO_seek()\fR returns the same value as the underlying \fBfseek()\fR function: 0 for success or \-1 for failure. .PP -\&\fIBIO_tell()\fR returns the current file position. +\&\fBBIO_tell()\fR returns the current file position. .PP -\&\fIBIO_read_filename()\fR, \fIBIO_write_filename()\fR, \fIBIO_append_filename()\fR and -\&\fIBIO_rw_filename()\fR return 1 for success or 0 for failure. +\&\fBBIO_read_filename()\fR, \fBBIO_write_filename()\fR, \fBBIO_append_filename()\fR and +\&\fBBIO_rw_filename()\fR return 1 for success or 0 for failure. .SH "BUGS" .IX Header "BUGS" -\&\fIBIO_reset()\fR and \fIBIO_seek()\fR are implemented using \fIfseek()\fR on the underlying -stream. The return value for \fIfseek()\fR is 0 for success or \-1 if an error +\&\fBBIO_reset()\fR and \fBBIO_seek()\fR are implemented using \fBfseek()\fR on the underlying +stream. The return value for \fBfseek()\fR is 0 for success or \-1 if an error occurred this differs from other types of \s-1BIO\s0 which will typically return 1 for success and a non positive value if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIBIO_seek\fR\|(3), \fIBIO_tell\fR\|(3), -\&\fIBIO_reset\fR\|(3), \fIBIO_flush\fR\|(3), -\&\fIBIO_read_ex\fR\|(3), -\&\fIBIO_write_ex\fR\|(3), \fIBIO_puts\fR\|(3), -\&\fIBIO_gets\fR\|(3), \fIBIO_printf\fR\|(3), -\&\fIBIO_set_close\fR\|(3), \fIBIO_get_close\fR\|(3) +\&\fBBIO_seek\fR\|(3), \fBBIO_tell\fR\|(3), +\&\fBBIO_reset\fR\|(3), \fBBIO_flush\fR\|(3), +\&\fBBIO_read_ex\fR\|(3), +\&\fBBIO_write_ex\fR\|(3), \fBBIO_puts\fR\|(3), +\&\fBBIO_gets\fR\|(3), \fBBIO_printf\fR\|(3), +\&\fBBIO_set_close\fR\|(3), \fBBIO_get_close\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/BIO_s_mem.3 b/secure/lib/libcrypto/man/BIO_s_mem.3 index 43c18c6f4450..0c6e88a06320 100644 --- a/secure/lib/libcrypto/man/BIO_s_mem.3 +++ b/secure/lib/libcrypto/man/BIO_s_mem.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_S_MEM 3" -.TH BIO_S_MEM 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BIO_S_MEM 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,51 +157,51 @@ BIO_s_secmem, BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_b .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_s_mem()\fR returns the memory \s-1BIO\s0 method function. +\&\fBBIO_s_mem()\fR returns the memory \s-1BIO\s0 method function. .PP A memory \s-1BIO\s0 is a source/sink \s-1BIO\s0 which uses memory for its I/O. Data written to a memory \s-1BIO\s0 is stored in a \s-1BUF_MEM\s0 structure which is extended as appropriate to accommodate the stored data. .PP -\&\fIBIO_s_secmem()\fR is like \fIBIO_s_mem()\fR except that the secure heap is used +\&\fBBIO_s_secmem()\fR is like \fBBIO_s_mem()\fR except that the secure heap is used for buffer storage. .PP Any data written to a memory \s-1BIO\s0 can be recalled by reading from it. Unless the memory \s-1BIO\s0 is read only any data read from it is deleted from the \s-1BIO.\s0 .PP -Memory BIOs support \fIBIO_gets()\fR and \fIBIO_puts()\fR. +Memory BIOs support \fBBIO_gets()\fR and \fBBIO_puts()\fR. .PP If the \s-1BIO_CLOSE\s0 flag is set when a memory \s-1BIO\s0 is freed then the underlying \&\s-1BUF_MEM\s0 structure is also freed. .PP -Calling \fIBIO_reset()\fR on a read write memory \s-1BIO\s0 clears any data in it if the +Calling \fBBIO_reset()\fR on a read write memory \s-1BIO\s0 clears any data in it if the flag \s-1BIO_FLAGS_NONCLEAR_RST\s0 is not set. On a read only \s-1BIO\s0 or if the flag \&\s-1BIO_FLAGS_NONCLEAR_RST\s0 is set it restores the \s-1BIO\s0 to its original state and the data can be read again. .PP -\&\fIBIO_eof()\fR is true if no data is in the \s-1BIO.\s0 +\&\fBBIO_eof()\fR is true if no data is in the \s-1BIO.\s0 .PP -\&\fIBIO_ctrl_pending()\fR returns the number of bytes currently stored. +\&\fBBIO_ctrl_pending()\fR returns the number of bytes currently stored. .PP -\&\fIBIO_set_mem_eof_return()\fR sets the behaviour of memory \s-1BIO\s0 \fBb\fR when it is +\&\fBBIO_set_mem_eof_return()\fR sets the behaviour of memory \s-1BIO\s0 \fBb\fR when it is empty. If the \fBv\fR is zero then an empty memory \s-1BIO\s0 will return \s-1EOF\s0 (that is it will return zero and BIO_should_retry(b) will be false. If \fBv\fR is non zero then it will return \fBv\fR when it is empty and it will set the read retry flag (that is BIO_read_retry(b) is true). To avoid ambiguity with a normal positive return value \fBv\fR should be set to a negative value, typically \-1. .PP -\&\fIBIO_get_mem_data()\fR sets *\fBpp\fR to a pointer to the start of the memory BIOs data +\&\fBBIO_get_mem_data()\fR sets *\fBpp\fR to a pointer to the start of the memory BIOs data and returns the total amount of data available. It is implemented as a macro. .PP -\&\fIBIO_set_mem_buf()\fR sets the internal \s-1BUF_MEM\s0 structure to \fBbm\fR and sets the +\&\fBBIO_set_mem_buf()\fR sets the internal \s-1BUF_MEM\s0 structure to \fBbm\fR and sets the close flag to \fBc\fR, that is \fBc\fR should be either \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 It is a macro. .PP -\&\fIBIO_get_mem_ptr()\fR places the underlying \s-1BUF_MEM\s0 structure in *\fBpp\fR. It is +\&\fBBIO_get_mem_ptr()\fR places the underlying \s-1BUF_MEM\s0 structure in *\fBpp\fR. It is a macro. .PP -\&\fIBIO_new_mem_buf()\fR creates a memory \s-1BIO\s0 using \fBlen\fR bytes of data at \fBbuf\fR, +\&\fBBIO_new_mem_buf()\fR creates a memory \s-1BIO\s0 using \fBlen\fR bytes of data at \fBbuf\fR, if \fBlen\fR is \-1 then the \fBbuf\fR is assumed to be nul terminated and its length is determined by \fBstrlen\fR. The \s-1BIO\s0 is set to a read only state and as a result cannot be written to. This is useful when some data needs to be @@ -215,7 +219,7 @@ read in small chunks the operation can be very slow. The use of a read only memory \s-1BIO\s0 avoids this problem. If the \s-1BIO\s0 must be read write then adding a buffering \s-1BIO\s0 to the chain will speed up the process. .PP -Calling \fIBIO_set_mem_buf()\fR on a \s-1BIO\s0 created with \fIBIO_new_secmem()\fR will +Calling \fBBIO_set_mem_buf()\fR on a \s-1BIO\s0 created with \fBBIO_new_secmem()\fR will give undefined results, including perhaps a program crash. .SH "BUGS" .IX Header "BUGS" @@ -248,12 +252,12 @@ Extract the \s-1BUF_MEM\s0 structure from a memory \s-1BIO\s0 and then free up t .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_s_mem()\fR and \fIBIO_s_secmem()\fR return a valid memory \fB\s-1BIO_METHOD\s0\fR structure. +\&\fBBIO_s_mem()\fR and \fBBIO_s_secmem()\fR return a valid memory \fB\s-1BIO_METHOD\s0\fR structure. .PP -\&\fIBIO_set_mem_eof_return()\fR, \fIBIO_get_mem_data()\fR, \fIBIO_set_mem_buf()\fR and \fIBIO_get_mem_ptr()\fR +\&\fBBIO_set_mem_eof_return()\fR, \fBBIO_get_mem_data()\fR, \fBBIO_set_mem_buf()\fR and \fBBIO_get_mem_ptr()\fR return 1 on success or a value which is less than or equal to 0 if an error occurred. .PP -\&\fIBIO_new_mem_buf()\fR returns a valid \fB\s-1BIO\s0\fR structure on success or \s-1NULL\s0 on error. +\&\fBBIO_new_mem_buf()\fR returns a valid \fB\s-1BIO\s0\fR structure on success or \s-1NULL\s0 on error. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/BIO_s_null.3 b/secure/lib/libcrypto/man/BIO_s_null.3 index 87ecfc2c1cdf..abf5045a1e90 100644 --- a/secure/lib/libcrypto/man/BIO_s_null.3 +++ b/secure/lib/libcrypto/man/BIO_s_null.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_S_NULL 3" -.TH BIO_S_NULL 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BIO_S_NULL 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,7 +149,7 @@ BIO_s_null \- null data sink .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_s_null()\fR returns the null sink \s-1BIO\s0 method. Data written to +\&\fBBIO_s_null()\fR returns the null sink \s-1BIO\s0 method. Data written to the null sink is discarded, reads return \s-1EOF.\s0 .SH "NOTES" .IX Header "NOTES" @@ -161,7 +165,7 @@ Since a \s-1BIO\s0 chain must normally include a source/sink \s-1BIO\s0 this can by adding a null sink \s-1BIO\s0 to the end of the chain .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_s_null()\fR returns the null sink \s-1BIO\s0 method. +\&\fBBIO_s_null()\fR returns the null sink \s-1BIO\s0 method. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/BIO_s_socket.3 b/secure/lib/libcrypto/man/BIO_s_socket.3 index 689201382d1b..e960407b9f82 100644 --- a/secure/lib/libcrypto/man/BIO_s_socket.3 +++ b/secure/lib/libcrypto/man/BIO_s_socket.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_S_SOCKET 3" -.TH BIO_S_SOCKET 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BIO_S_SOCKET 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,16 +151,16 @@ BIO_s_socket, BIO_new_socket \- socket BIO .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_s_socket()\fR returns the socket \s-1BIO\s0 method. This is a wrapper +\&\fBBIO_s_socket()\fR returns the socket \s-1BIO\s0 method. This is a wrapper round the platform's socket routines. .PP -\&\fIBIO_read_ex()\fR and \fIBIO_write_ex()\fR read or write the underlying socket. -\&\fIBIO_puts()\fR is supported but \fIBIO_gets()\fR is not. +\&\fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR read or write the underlying socket. +\&\fBBIO_puts()\fR is supported but \fBBIO_gets()\fR is not. .PP If the close flag is set then the socket is shut down and closed when the \s-1BIO\s0 is freed. .PP -\&\fIBIO_new_socket()\fR returns a socket \s-1BIO\s0 using \fBsock\fR and \fBclose_flag\fR. +\&\fBBIO_new_socket()\fR returns a socket \s-1BIO\s0 using \fBsock\fR and \fBclose_flag\fR. .SH "NOTES" .IX Header "NOTES" Socket BIOs also support any relevant functionality of file descriptor @@ -168,9 +172,9 @@ Windows is one such platform. Any code mixing the two will not work on all platforms. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_s_socket()\fR returns the socket \s-1BIO\s0 method. +\&\fBBIO_s_socket()\fR returns the socket \s-1BIO\s0 method. .PP -\&\fIBIO_new_socket()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error +\&\fBBIO_new_socket()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error occurred. .SH "COPYRIGHT" .IX Header "COPYRIGHT" diff --git a/secure/lib/libcrypto/man/BIO_set_callback.3 b/secure/lib/libcrypto/man/BIO_set_callback.3 index 347f585e943d..1d62b22819af 100644 --- a/secure/lib/libcrypto/man/BIO_set_callback.3 +++ b/secure/lib/libcrypto/man/BIO_set_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_SET_CALLBACK 3" -.TH BIO_SET_CALLBACK 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BIO_SET_CALLBACK 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -160,25 +164,25 @@ BIO_set_callback_ex, BIO_get_callback_ex, BIO_set_callback, BIO_get_callback, BI .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_set_callback_ex()\fR and \fIBIO_get_callback_ex()\fR set and retrieve the \s-1BIO\s0 +\&\fBBIO_set_callback_ex()\fR and \fBBIO_get_callback_ex()\fR set and retrieve the \s-1BIO\s0 callback. The callback is called during most high level \s-1BIO\s0 operations. It can be used for debugging purposes to trace operations on a \s-1BIO\s0 or to modify its operation. .PP -\&\fIBIO_set_callback()\fR and \fIBIO_get_callback()\fR set and retrieve the old format \s-1BIO\s0 +\&\fBBIO_set_callback()\fR and \fBBIO_get_callback()\fR set and retrieve the old format \s-1BIO\s0 callback. New code should not use these functions, but they are retained for -backwards compatibility. Any callback set via \fIBIO_set_callback_ex()\fR will get -called in preference to any set by \fIBIO_set_callback()\fR. +backwards compatibility. Any callback set via \fBBIO_set_callback_ex()\fR will get +called in preference to any set by \fBBIO_set_callback()\fR. .PP -\&\fIBIO_set_callback_arg()\fR and \fIBIO_get_callback_arg()\fR are macros which can be +\&\fBBIO_set_callback_arg()\fR and \fBBIO_get_callback_arg()\fR are macros which can be used to set and retrieve an argument for use in the callback. .PP -\&\fIBIO_debug_callback()\fR is a standard debugging callback which prints +\&\fBBIO_debug_callback()\fR is a standard debugging callback which prints out information relating to each \s-1BIO\s0 operation. If the callback argument is set it is interpreted as a \s-1BIO\s0 to send the information to, otherwise stderr is used. .PP -\&\fIBIO_callback_fn_ex()\fR is the type of the callback function and \fIBIO_callback_fn()\fR +\&\fBBIO_callback_fn_ex()\fR is the type of the callback function and \fBBIO_callback_fn()\fR is the type of the old format callback function. The meaning of each argument is described below: .IP "\fBb\fR" 4 @@ -365,18 +369,18 @@ argument of type \fBBIO_info_cb\fR itself. In this case \fBparg\fR is a pointer the actual call parameter, see \fBBIO_callback_ctrl\fR. .SH "EXAMPLE" .IX Header "EXAMPLE" -The \fIBIO_debug_callback()\fR function is a good example, its source is +The \fBBIO_debug_callback()\fR function is a good example, its source is in crypto/bio/bio_cb.c .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_get_callback_ex()\fR and \fIBIO_get_callback()\fR return the callback function -previously set by a call to \fIBIO_set_callback_ex()\fR and \fIBIO_set_callback()\fR +\&\fBBIO_get_callback_ex()\fR and \fBBIO_get_callback()\fR return the callback function +previously set by a call to \fBBIO_set_callback_ex()\fR and \fBBIO_set_callback()\fR respectively. .PP -\&\fIBIO_get_callback_arg()\fR returns a \fBchar\fR pointer to the value previously set -via a call to \fIBIO_set_callback_arg()\fR. +\&\fBBIO_get_callback_arg()\fR returns a \fBchar\fR pointer to the value previously set +via a call to \fBBIO_set_callback_arg()\fR. .PP -\&\fIBIO_debug_callback()\fR returns 1 or \fBret\fR if it's called after specific \s-1BIO\s0 +\&\fBBIO_debug_callback()\fR returns 1 or \fBret\fR if it's called after specific \s-1BIO\s0 operations. .SH "COPYRIGHT" .IX Header "COPYRIGHT" diff --git a/secure/lib/libcrypto/man/BIO_should_retry.3 b/secure/lib/libcrypto/man/BIO_should_retry.3 index c58a4844ba11..0621cc9deda1 100644 --- a/secure/lib/libcrypto/man/BIO_should_retry.3 +++ b/secure/lib/libcrypto/man/BIO_should_retry.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_SHOULD_RETRY 3" -.TH BIO_SHOULD_RETRY 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BIO_SHOULD_RETRY 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -154,50 +158,50 @@ BIO_should_read, BIO_should_write, BIO_should_io_special, BIO_retry_type, BIO_sh .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions determine why a \s-1BIO\s0 is not able to read or write data. -They will typically be called after a failed \fIBIO_read_ex()\fR or \fIBIO_write_ex()\fR +They will typically be called after a failed \fBBIO_read_ex()\fR or \fBBIO_write_ex()\fR call. .PP -\&\fIBIO_should_retry()\fR is true if the call that produced this condition +\&\fBBIO_should_retry()\fR is true if the call that produced this condition should then be retried at a later time. .PP -If \fIBIO_should_retry()\fR is false then the cause is an error condition. +If \fBBIO_should_retry()\fR is false then the cause is an error condition. .PP -\&\fIBIO_should_read()\fR is true if the cause of the condition is that the \s-1BIO\s0 +\&\fBBIO_should_read()\fR is true if the cause of the condition is that the \s-1BIO\s0 has insufficient data to return. Check for readability and/or retry the last operation. .PP -\&\fIBIO_should_write()\fR is true if the cause of the condition is that the \s-1BIO\s0 +\&\fBBIO_should_write()\fR is true if the cause of the condition is that the \s-1BIO\s0 has pending data to write. Check for writability and/or retry the last operation. .PP -\&\fIBIO_should_io_special()\fR is true if some \*(L"special\*(R" condition, that is a +\&\fBBIO_should_io_special()\fR is true if some \*(L"special\*(R" condition, that is a reason other than reading or writing is the cause of the condition. .PP -\&\fIBIO_retry_type()\fR returns a mask of the cause of a retry condition +\&\fBBIO_retry_type()\fR returns a mask of the cause of a retry condition consisting of the values \fB\s-1BIO_FLAGS_READ\s0\fR, \fB\s-1BIO_FLAGS_WRITE\s0\fR, \&\fB\s-1BIO_FLAGS_IO_SPECIAL\s0\fR though current \s-1BIO\s0 types will only set one of these. .PP -\&\fIBIO_get_retry_BIO()\fR determines the precise reason for the special +\&\fBBIO_get_retry_BIO()\fR determines the precise reason for the special condition, it returns the \s-1BIO\s0 that caused this condition and if \&\fBreason\fR is not \s-1NULL\s0 it contains the reason code. The meaning of the reason code and the action that should be taken depends on the type of \s-1BIO\s0 that resulted in this condition. .PP -\&\fIBIO_get_retry_reason()\fR returns the reason for a special condition if -passed the relevant \s-1BIO,\s0 for example as returned by \fIBIO_get_retry_BIO()\fR. +\&\fBBIO_get_retry_reason()\fR returns the reason for a special condition if +passed the relevant \s-1BIO,\s0 for example as returned by \fBBIO_get_retry_BIO()\fR. .PP -\&\fIBIO_set_retry_reason()\fR sets the retry reason for a special condition for a given +\&\fBBIO_set_retry_reason()\fR sets the retry reason for a special condition for a given \&\s-1BIO.\s0 This would usually only be called by \s-1BIO\s0 implementations. .SH "NOTES" .IX Header "NOTES" -\&\fIBIO_should_read()\fR, \fIBIO_should_write()\fR, \fIBIO_should_io_special()\fR, -\&\fIBIO_retry_type()\fR, and \fIBIO_should_retry()\fR, are implemented as macros. +\&\fBBIO_should_read()\fR, \fBBIO_should_write()\fR, \fBBIO_should_io_special()\fR, +\&\fBBIO_retry_type()\fR, and \fBBIO_should_retry()\fR, are implemented as macros. .PP -If \fIBIO_should_retry()\fR returns false then the precise \*(L"error condition\*(R" +If \fBBIO_should_retry()\fR returns false then the precise \*(L"error condition\*(R" depends on the \s-1BIO\s0 type that caused it and the return code of the \s-1BIO\s0 -operation. For example if a call to \fIBIO_read_ex()\fR on a socket \s-1BIO\s0 returns -0 and \fIBIO_should_retry()\fR is false then the cause will be that the +operation. For example if a call to \fBBIO_read_ex()\fR on a socket \s-1BIO\s0 returns +0 and \fBBIO_should_retry()\fR is false then the cause will be that the connection closed. A similar condition on a file \s-1BIO\s0 will mean that it has reached \s-1EOF.\s0 Some \s-1BIO\s0 types may place additional information on the error queue. For more details see the individual \s-1BIO\s0 type manual @@ -206,12 +210,12 @@ pages. If the underlying I/O structure is in a blocking mode almost all current \&\s-1BIO\s0 types will not request a retry, because the underlying I/O calls will not. If the application knows that the \s-1BIO\s0 type will never -signal a retry then it need not call \fIBIO_should_retry()\fR after a failed +signal a retry then it need not call \fBBIO_should_retry()\fR after a failed \&\s-1BIO I/O\s0 call. This is typically done with file BIOs. .PP \&\s-1SSL\s0 BIOs are the only current exception to this rule: they can request a retry even if the underlying I/O structure is blocking, if a handshake -occurs during a call to \fIBIO_read()\fR. An application can retry the failed +occurs during a call to \fBBIO_read()\fR. An application can retry the failed call immediately or avoid this situation by setting \s-1SSL_MODE_AUTO_RETRY\s0 on the underlying \s-1SSL\s0 structure. .PP @@ -221,10 +225,10 @@ repeatedly until data can be processed or is available. An application will normally wait until the necessary condition is satisfied. How this is done depends on the underlying I/O structure. .PP -For example if the cause is ultimately a socket and \fIBIO_should_read()\fR -is true then a call to \fIselect()\fR may be made to wait until data is +For example if the cause is ultimately a socket and \fBBIO_should_read()\fR +is true then a call to \fBselect()\fR may be made to wait until data is available and then retry the \s-1BIO\s0 operation. By combining the retry -conditions of several non blocking BIOs in a single \fIselect()\fR call +conditions of several non blocking BIOs in a single \fBselect()\fR call it is possible to service several BIOs in a single thread, though the performance may be poor if \s-1SSL\s0 BIOs are present because long delays can occur during the initial handshake process. @@ -232,7 +236,7 @@ can occur during the initial handshake process. It is possible for a \s-1BIO\s0 to block indefinitely if the underlying I/O structure cannot process or return any data. This depends on the behaviour of the platforms I/O functions. This is often not desirable: one solution -is to use non blocking I/O and use a timeout on the \fIselect()\fR (or +is to use non blocking I/O and use a timeout on the \fBselect()\fR (or equivalent) call. .SH "BUGS" .IX Header "BUGS" @@ -242,22 +246,22 @@ worked around by only passing the relevant data to \s-1ASN1\s0 functions when the entire structure can be read or written. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_should_read()\fR, \fIBIO_should_write()\fR, \fIBIO_should_io_special()\fR, and -\&\fIBIO_should_retry()\fR return either 1 or 0 based on the actual conditions +\&\fBBIO_should_read()\fR, \fBBIO_should_write()\fR, \fBBIO_should_io_special()\fR, and +\&\fBBIO_should_retry()\fR return either 1 or 0 based on the actual conditions of the \fB\s-1BIO\s0\fR. .PP -\&\fIBIO_retry_type()\fR returns a flag combination presenting the cause of a retry +\&\fBBIO_retry_type()\fR returns a flag combination presenting the cause of a retry condition or false if there is no retry condition. .PP -\&\fIBIO_get_retry_BIO()\fR returns a valid \fB\s-1BIO\s0\fR structure. +\&\fBBIO_get_retry_BIO()\fR returns a valid \fB\s-1BIO\s0\fR structure. .PP -\&\fIBIO_get_retry_reason()\fR returns the reason for a special condition. +\&\fBBIO_get_retry_reason()\fR returns the reason for a special condition. .SH "SEE ALSO" .IX Header "SEE ALSO" bio .SH "HISTORY" .IX Header "HISTORY" -The \fIBIO_get_retry_reason()\fR and \fIBIO_set_retry_reason()\fR functions were added in +The \fBBIO_get_retry_reason()\fR and \fBBIO_set_retry_reason()\fR functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" diff --git a/secure/lib/libcrypto/man/BN_BLINDING_new.3 b/secure/lib/libcrypto/man/BN_BLINDING_new.3 index ac9569420e6a..c547650b23ee 100644 --- a/secure/lib/libcrypto/man/BN_BLINDING_new.3 +++ b/secure/lib/libcrypto/man/BN_BLINDING_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_BLINDING_NEW 3" -.TH BN_BLINDING_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BN_BLINDING_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -169,77 +173,77 @@ BN_BLINDING_new, BN_BLINDING_free, BN_BLINDING_update, BN_BLINDING_convert, BN_B .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBN_BLINDING_new()\fR allocates a new \fB\s-1BN_BLINDING\s0\fR structure and copies +\&\fBBN_BLINDING_new()\fR allocates a new \fB\s-1BN_BLINDING\s0\fR structure and copies the \fBA\fR and \fBAi\fR values into the newly created \fB\s-1BN_BLINDING\s0\fR object. .PP -\&\fIBN_BLINDING_free()\fR frees the \fB\s-1BN_BLINDING\s0\fR structure. +\&\fBBN_BLINDING_free()\fR frees the \fB\s-1BN_BLINDING\s0\fR structure. If \fBb\fR is \s-1NULL,\s0 nothing is done. .PP -\&\fIBN_BLINDING_update()\fR updates the \fB\s-1BN_BLINDING\s0\fR parameters by squaring +\&\fBBN_BLINDING_update()\fR updates the \fB\s-1BN_BLINDING\s0\fR parameters by squaring the \fBA\fR and \fBAi\fR or, after specific number of uses and if the necessary parameters are set, by re-creating the blinding parameters. .PP -\&\fIBN_BLINDING_convert_ex()\fR multiplies \fBn\fR with the blinding factor \fBA\fR. +\&\fBBN_BLINDING_convert_ex()\fR multiplies \fBn\fR with the blinding factor \fBA\fR. If \fBr\fR is not \s-1NULL\s0 a copy the inverse blinding factor \fBAi\fR will be returned in \fBr\fR (this is useful if a \fB\s-1RSA\s0\fR object is shared among -several threads). \fIBN_BLINDING_invert_ex()\fR multiplies \fBn\fR with the +several threads). \fBBN_BLINDING_invert_ex()\fR multiplies \fBn\fR with the inverse blinding factor \fBAi\fR. If \fBr\fR is not \s-1NULL\s0 it will be used as the inverse blinding. .PP -\&\fIBN_BLINDING_convert()\fR and \fIBN_BLINDING_invert()\fR are wrapper -functions for \fIBN_BLINDING_convert_ex()\fR and \fIBN_BLINDING_invert_ex()\fR +\&\fBBN_BLINDING_convert()\fR and \fBBN_BLINDING_invert()\fR are wrapper +functions for \fBBN_BLINDING_convert_ex()\fR and \fBBN_BLINDING_invert_ex()\fR with \fBr\fR set to \s-1NULL.\s0 .PP -\&\fIBN_BLINDING_is_current_thread()\fR returns whether the \fB\s-1BN_BLINDING\s0\fR +\&\fBBN_BLINDING_is_current_thread()\fR returns whether the \fB\s-1BN_BLINDING\s0\fR structure is owned by the current thread. This is to help users provide proper locking if needed for multi-threaded use. .PP -\&\fIBN_BLINDING_set_current_thread()\fR sets the current thread as the +\&\fBBN_BLINDING_set_current_thread()\fR sets the current thread as the owner of the \fB\s-1BN_BLINDING\s0\fR structure. .PP -\&\fIBN_BLINDING_lock()\fR locks the \fB\s-1BN_BLINDING\s0\fR structure. +\&\fBBN_BLINDING_lock()\fR locks the \fB\s-1BN_BLINDING\s0\fR structure. .PP -\&\fIBN_BLINDING_unlock()\fR unlocks the \fB\s-1BN_BLINDING\s0\fR structure. +\&\fBBN_BLINDING_unlock()\fR unlocks the \fB\s-1BN_BLINDING\s0\fR structure. .PP -\&\fIBN_BLINDING_get_flags()\fR returns the \s-1BN_BLINDING\s0 flags. Currently +\&\fBBN_BLINDING_get_flags()\fR returns the \s-1BN_BLINDING\s0 flags. Currently there are two supported flags: \fB\s-1BN_BLINDING_NO_UPDATE\s0\fR and \&\fB\s-1BN_BLINDING_NO_RECREATE\s0\fR. \fB\s-1BN_BLINDING_NO_UPDATE\s0\fR inhibits the automatic update of the \fB\s-1BN_BLINDING\s0\fR parameters after each use and \fB\s-1BN_BLINDING_NO_RECREATE\s0\fR inhibits the automatic re-creation of the \fB\s-1BN_BLINDING\s0\fR parameters after a fixed number of uses (currently 32). In newly allocated \fB\s-1BN_BLINDING\s0\fR objects no flags are set. -\&\fIBN_BLINDING_set_flags()\fR sets the \fB\s-1BN_BLINDING\s0\fR parameters flags. +\&\fBBN_BLINDING_set_flags()\fR sets the \fB\s-1BN_BLINDING\s0\fR parameters flags. .PP -\&\fIBN_BLINDING_create_param()\fR creates new \fB\s-1BN_BLINDING\s0\fR parameters +\&\fBBN_BLINDING_create_param()\fR creates new \fB\s-1BN_BLINDING\s0\fR parameters using the exponent \fBe\fR and the modulus \fBm\fR. \fBbn_mod_exp\fR and \&\fBm_ctx\fR can be used to pass special functions for exponentiation -(normally \fIBN_mod_exp_mont()\fR and \fB\s-1BN_MONT_CTX\s0\fR). +(normally \fBBN_mod_exp_mont()\fR and \fB\s-1BN_MONT_CTX\s0\fR). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBN_BLINDING_new()\fR returns the newly allocated \fB\s-1BN_BLINDING\s0\fR structure +\&\fBBN_BLINDING_new()\fR returns the newly allocated \fB\s-1BN_BLINDING\s0\fR structure or \s-1NULL\s0 in case of an error. .PP -\&\fIBN_BLINDING_update()\fR, \fIBN_BLINDING_convert()\fR, \fIBN_BLINDING_invert()\fR, -\&\fIBN_BLINDING_convert_ex()\fR and \fIBN_BLINDING_invert_ex()\fR return 1 on +\&\fBBN_BLINDING_update()\fR, \fBBN_BLINDING_convert()\fR, \fBBN_BLINDING_invert()\fR, +\&\fBBN_BLINDING_convert_ex()\fR and \fBBN_BLINDING_invert_ex()\fR return 1 on success and 0 if an error occurred. .PP -\&\fIBN_BLINDING_is_current_thread()\fR returns 1 if the current thread owns +\&\fBBN_BLINDING_is_current_thread()\fR returns 1 if the current thread owns the \fB\s-1BN_BLINDING\s0\fR object, 0 otherwise. .PP -\&\fIBN_BLINDING_set_current_thread()\fR doesn't return anything. +\&\fBBN_BLINDING_set_current_thread()\fR doesn't return anything. .PP -\&\fIBN_BLINDING_lock()\fR, \fIBN_BLINDING_unlock()\fR return 1 if the operation +\&\fBBN_BLINDING_lock()\fR, \fBBN_BLINDING_unlock()\fR return 1 if the operation succeeded or 0 on error. .PP -\&\fIBN_BLINDING_get_flags()\fR returns the currently set \fB\s-1BN_BLINDING\s0\fR flags +\&\fBBN_BLINDING_get_flags()\fR returns the currently set \fB\s-1BN_BLINDING\s0\fR flags (a \fBunsigned long\fR value). .PP -\&\fIBN_BLINDING_create_param()\fR returns the newly created \fB\s-1BN_BLINDING\s0\fR +\&\fBBN_BLINDING_create_param()\fR returns the newly created \fB\s-1BN_BLINDING\s0\fR parameters or \s-1NULL\s0 on error. .SH "HISTORY" .IX Header "HISTORY" -\&\fIBN_BLINDING_thread_id()\fR was first introduced in OpenSSL 1.0.0, and it -deprecates \fIBN_BLINDING_set_thread_id()\fR and \fIBN_BLINDING_get_thread_id()\fR. +\&\fBBN_BLINDING_thread_id()\fR was first introduced in OpenSSL 1.0.0, and it +deprecates \fBBN_BLINDING_set_thread_id()\fR and \fBBN_BLINDING_get_thread_id()\fR. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2005\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/BN_CTX_new.3 b/secure/lib/libcrypto/man/BN_CTX_new.3 index 03e526090125..7059888e4ddd 100644 --- a/secure/lib/libcrypto/man/BN_CTX_new.3 +++ b/secure/lib/libcrypto/man/BN_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_CTX_NEW 3" -.TH BN_CTX_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BN_CTX_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -154,34 +158,34 @@ library functions. Since dynamic memory allocation to create \fB\s-1BIGNUM\s0\fR is rather expensive when used in conjunction with repeated subroutine calls, the \fB\s-1BN_CTX\s0\fR structure is used. .PP -\&\fIBN_CTX_new()\fR allocates and initializes a \fB\s-1BN_CTX\s0\fR structure. -\&\fIBN_CTX_secure_new()\fR allocates and initializes a \fB\s-1BN_CTX\s0\fR structure -but uses the secure heap (see \fICRYPTO_secure_malloc\fR\|(3)) to hold the +\&\fBBN_CTX_new()\fR allocates and initializes a \fB\s-1BN_CTX\s0\fR structure. +\&\fBBN_CTX_secure_new()\fR allocates and initializes a \fB\s-1BN_CTX\s0\fR structure +but uses the secure heap (see \fBCRYPTO_secure_malloc\fR\|(3)) to hold the \&\fB\s-1BIGNUM\s0\fRs. .PP -\&\fIBN_CTX_free()\fR frees the components of the \fB\s-1BN_CTX\s0\fR and the structure itself. -Since \fIBN_CTX_start()\fR is required in order to obtain \fB\s-1BIGNUM\s0\fRs from the -\&\fB\s-1BN_CTX\s0\fR, in most cases \fIBN_CTX_end()\fR must be called before the \fB\s-1BN_CTX\s0\fR may -be freed by \fIBN_CTX_free()\fR. If \fBc\fR is \s-1NULL,\s0 nothing is done. +\&\fBBN_CTX_free()\fR frees the components of the \fB\s-1BN_CTX\s0\fR and the structure itself. +Since \fBBN_CTX_start()\fR is required in order to obtain \fB\s-1BIGNUM\s0\fRs from the +\&\fB\s-1BN_CTX\s0\fR, in most cases \fBBN_CTX_end()\fR must be called before the \fB\s-1BN_CTX\s0\fR may +be freed by \fBBN_CTX_free()\fR. If \fBc\fR is \s-1NULL,\s0 nothing is done. .PP A given \fB\s-1BN_CTX\s0\fR must only be used by a single thread of execution. No locking is performed, and the internal pool allocator will not properly handle multiple threads of execution. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBN_CTX_new()\fR and \fIBN_CTX_secure_new()\fR return a pointer to the \fB\s-1BN_CTX\s0\fR. +\&\fBBN_CTX_new()\fR and \fBBN_CTX_secure_new()\fR return a pointer to the \fB\s-1BN_CTX\s0\fR. If the allocation fails, they return \fB\s-1NULL\s0\fR and sets an error code that can be obtained by -\&\fIERR_get_error\fR\|(3). +\&\fBERR_get_error\fR\|(3). .PP -\&\fIBN_CTX_free()\fR has no return values. +\&\fBBN_CTX_free()\fR has no return values. .SH "REMOVED FUNCTIONALITY" .IX Header "REMOVED FUNCTIONALITY" .Vb 1 \& void BN_CTX_init(BN_CTX *c); .Ve .PP -\&\fIBN_CTX_init()\fR is no longer available as of OpenSSL 1.1.0. Applications should +\&\fBBN_CTX_init()\fR is no longer available as of OpenSSL 1.1.0. Applications should replace use of BN_CTX_init with BN_CTX_new instead: .PP .Vb 6 @@ -194,11 +198,11 @@ replace use of BN_CTX_init with BN_CTX_new instead: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIBN_add\fR\|(3), -\&\fIBN_CTX_start\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3), +\&\fBBN_CTX_start\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIBN_CTX_init()\fR was removed in OpenSSL 1.1.0. +\&\fBBN_CTX_init()\fR was removed in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/BN_CTX_start.3 b/secure/lib/libcrypto/man/BN_CTX_start.3 index 292aa1d1b0e2..b2a7c9d54735 100644 --- a/secure/lib/libcrypto/man/BN_CTX_start.3 +++ b/secure/lib/libcrypto/man/BN_CTX_start.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_CTX_START 3" -.TH BN_CTX_START 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BN_CTX_START 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,30 +154,30 @@ BN_CTX_start, BN_CTX_get, BN_CTX_end \- use temporary BIGNUM variables .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions are used to obtain temporary \fB\s-1BIGNUM\s0\fR variables from -a \fB\s-1BN_CTX\s0\fR (which can been created by using \fIBN_CTX_new\fR\|(3)) +a \fB\s-1BN_CTX\s0\fR (which can been created by using \fBBN_CTX_new\fR\|(3)) in order to save the overhead of repeatedly creating and freeing \fB\s-1BIGNUM\s0\fRs in functions that are called from inside a loop. .PP -A function must call \fIBN_CTX_start()\fR first. Then, \fIBN_CTX_get()\fR may be -called repeatedly to obtain temporary \fB\s-1BIGNUM\s0\fRs. All \fIBN_CTX_get()\fR +A function must call \fBBN_CTX_start()\fR first. Then, \fBBN_CTX_get()\fR may be +called repeatedly to obtain temporary \fB\s-1BIGNUM\s0\fRs. All \fBBN_CTX_get()\fR calls must be made before calling any other functions that use the \&\fBctx\fR as an argument. .PP -Finally, \fIBN_CTX_end()\fR must be called before returning from the function. -When \fIBN_CTX_end()\fR is called, the \fB\s-1BIGNUM\s0\fR pointers obtained from -\&\fIBN_CTX_get()\fR become invalid. +Finally, \fBBN_CTX_end()\fR must be called before returning from the function. +When \fBBN_CTX_end()\fR is called, the \fB\s-1BIGNUM\s0\fR pointers obtained from +\&\fBBN_CTX_get()\fR become invalid. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBN_CTX_start()\fR and \fIBN_CTX_end()\fR return no values. +\&\fBBN_CTX_start()\fR and \fBBN_CTX_end()\fR return no values. .PP -\&\fIBN_CTX_get()\fR returns a pointer to the \fB\s-1BIGNUM\s0\fR, or \fB\s-1NULL\s0\fR on error. -Once \fIBN_CTX_get()\fR has failed, the subsequent calls will return \fB\s-1NULL\s0\fR +\&\fBBN_CTX_get()\fR returns a pointer to the \fB\s-1BIGNUM\s0\fR, or \fB\s-1NULL\s0\fR on error. +Once \fBBN_CTX_get()\fR has failed, the subsequent calls will return \fB\s-1NULL\s0\fR as well, so it is sufficient to check the return value of the last -\&\fIBN_CTX_get()\fR call. In case of an error, an error code is set, which -can be obtained by \fIERR_get_error\fR\|(3). +\&\fBBN_CTX_get()\fR call. In case of an error, an error code is set, which +can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIBN_CTX_new\fR\|(3) +\&\fBBN_CTX_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/BN_add.3 b/secure/lib/libcrypto/man/BN_add.3 index a8ada7644435..e3929129db9d 100644 --- a/secure/lib/libcrypto/man/BN_add.3 +++ b/secure/lib/libcrypto/man/BN_add.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_ADD 3" -.TH BN_ADD 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BN_ADD 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -176,63 +180,63 @@ BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add, BN_mod_sub .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBN_add()\fR adds \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a+b\*(C'\fR). +\&\fBBN_add()\fR adds \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a+b\*(C'\fR). \&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. .PP -\&\fIBN_sub()\fR subtracts \fIb\fR from \fIa\fR and places the result in \fIr\fR (\f(CW\*(C`r=a\-b\*(C'\fR). +\&\fBBN_sub()\fR subtracts \fIb\fR from \fIa\fR and places the result in \fIr\fR (\f(CW\*(C`r=a\-b\*(C'\fR). \&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. .PP -\&\fIBN_mul()\fR multiplies \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a*b\*(C'\fR). +\&\fBBN_mul()\fR multiplies \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a*b\*(C'\fR). \&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. -For multiplication by powers of 2, use \fIBN_lshift\fR\|(3). +For multiplication by powers of 2, use \fBBN_lshift\fR\|(3). .PP -\&\fIBN_sqr()\fR takes the square of \fIa\fR and places the result in \fIr\fR +\&\fBBN_sqr()\fR takes the square of \fIa\fR and places the result in \fIr\fR (\f(CW\*(C`r=a^2\*(C'\fR). \fIr\fR and \fIa\fR may be the same \fB\s-1BIGNUM\s0\fR. This function is faster than BN_mul(r,a,a). .PP -\&\fIBN_div()\fR divides \fIa\fR by \fId\fR and places the result in \fIdv\fR and the +\&\fBBN_div()\fR divides \fIa\fR by \fId\fR and places the result in \fIdv\fR and the remainder in \fIrem\fR (\f(CW\*(C`dv=a/d, rem=a%d\*(C'\fR). Either of \fIdv\fR and \fIrem\fR may be \fB\s-1NULL\s0\fR, in which case the respective value is not returned. The result is rounded towards zero; thus if \fIa\fR is negative, the remainder will be zero or negative. -For division by powers of 2, use \fIBN_rshift\fR\|(3). +For division by powers of 2, use \fBBN_rshift\fR\|(3). .PP -\&\fIBN_mod()\fR corresponds to \fIBN_div()\fR with \fIdv\fR set to \fB\s-1NULL\s0\fR. +\&\fBBN_mod()\fR corresponds to \fBBN_div()\fR with \fIdv\fR set to \fB\s-1NULL\s0\fR. .PP -\&\fIBN_nnmod()\fR reduces \fIa\fR modulo \fIm\fR and places the non-negative +\&\fBBN_nnmod()\fR reduces \fIa\fR modulo \fIm\fR and places the non-negative remainder in \fIr\fR. .PP -\&\fIBN_mod_add()\fR adds \fIa\fR to \fIb\fR modulo \fIm\fR and places the non-negative +\&\fBBN_mod_add()\fR adds \fIa\fR to \fIb\fR modulo \fIm\fR and places the non-negative result in \fIr\fR. .PP -\&\fIBN_mod_sub()\fR subtracts \fIb\fR from \fIa\fR modulo \fIm\fR and places the +\&\fBBN_mod_sub()\fR subtracts \fIb\fR from \fIa\fR modulo \fIm\fR and places the non-negative result in \fIr\fR. .PP -\&\fIBN_mod_mul()\fR multiplies \fIa\fR by \fIb\fR and finds the non-negative +\&\fBBN_mod_mul()\fR multiplies \fIa\fR by \fIb\fR and finds the non-negative remainder respective to modulus \fIm\fR (\f(CW\*(C`r=(a*b) mod m\*(C'\fR). \fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. For more efficient algorithms for repeated computations using the same modulus, see -\&\fIBN_mod_mul_montgomery\fR\|(3) and -\&\fIBN_mod_mul_reciprocal\fR\|(3). +\&\fBBN_mod_mul_montgomery\fR\|(3) and +\&\fBBN_mod_mul_reciprocal\fR\|(3). .PP -\&\fIBN_mod_sqr()\fR takes the square of \fIa\fR modulo \fBm\fR and places the +\&\fBBN_mod_sqr()\fR takes the square of \fIa\fR modulo \fBm\fR and places the result in \fIr\fR. .PP -\&\fIBN_exp()\fR raises \fIa\fR to the \fIp\fR\-th power and places the result in \fIr\fR +\&\fBBN_exp()\fR raises \fIa\fR to the \fIp\fR\-th power and places the result in \fIr\fR (\f(CW\*(C`r=a^p\*(C'\fR). This function is faster than repeated applications of -\&\fIBN_mul()\fR. +\&\fBBN_mul()\fR. .PP -\&\fIBN_mod_exp()\fR computes \fIa\fR to the \fIp\fR\-th power modulo \fIm\fR (\f(CW\*(C`r=a^p % -m\*(C'\fR). This function uses less time and space than \fIBN_exp()\fR. Do not call this +\&\fBBN_mod_exp()\fR computes \fIa\fR to the \fIp\fR\-th power modulo \fIm\fR (\f(CW\*(C`r=a^p % +m\*(C'\fR). This function uses less time and space than \fBBN_exp()\fR. Do not call this function when \fBm\fR is even and any of the parameters have the \&\fB\s-1BN_FLG_CONSTTIME\s0\fR flag set. .PP -\&\fIBN_gcd()\fR computes the greatest common divisor of \fIa\fR and \fIb\fR and +\&\fBBN_gcd()\fR computes the greatest common divisor of \fIa\fR and \fIb\fR and places the result in \fIr\fR. \fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \&\fIb\fR. .PP For all functions, \fIctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for -temporary variables; see \fIBN_CTX_new\fR\|(3). +temporary variables; see \fBBN_CTX_new\fR\|(3). .PP Unless noted otherwise, the result \fB\s-1BIGNUM\s0\fR must be different from the arguments. @@ -240,11 +244,11 @@ the arguments. .IX Header "RETURN VALUES" For all functions, 1 is returned for success, 0 on error. The return value should always be checked (e.g., \f(CW\*(C`if (!BN_add(r,a,b)) goto err;\*(C'\fR). -The error codes can be obtained by \fIERR_get_error\fR\|(3). +The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIBN_CTX_new\fR\|(3), -\&\fIBN_add_word\fR\|(3), \fIBN_set_bit\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBBN_CTX_new\fR\|(3), +\&\fBBN_add_word\fR\|(3), \fBBN_set_bit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/BN_add_word.3 b/secure/lib/libcrypto/man/BN_add_word.3 index efdba7606f8b..c27d0b5a5c19 100644 --- a/secure/lib/libcrypto/man/BN_add_word.3 +++ b/secure/lib/libcrypto/man/BN_add_word.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_ADD_WORD 3" -.TH BN_ADD_WORD 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BN_ADD_WORD 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -157,27 +161,27 @@ These functions perform arithmetic operations on BIGNUMs with unsigned integers. They are much more efficient than the normal \s-1BIGNUM\s0 arithmetic operations. .PP -\&\fIBN_add_word()\fR adds \fBw\fR to \fBa\fR (\f(CW\*(C`a+=w\*(C'\fR). +\&\fBBN_add_word()\fR adds \fBw\fR to \fBa\fR (\f(CW\*(C`a+=w\*(C'\fR). .PP -\&\fIBN_sub_word()\fR subtracts \fBw\fR from \fBa\fR (\f(CW\*(C`a\-=w\*(C'\fR). +\&\fBBN_sub_word()\fR subtracts \fBw\fR from \fBa\fR (\f(CW\*(C`a\-=w\*(C'\fR). .PP -\&\fIBN_mul_word()\fR multiplies \fBa\fR and \fBw\fR (\f(CW\*(C`a*=w\*(C'\fR). +\&\fBBN_mul_word()\fR multiplies \fBa\fR and \fBw\fR (\f(CW\*(C`a*=w\*(C'\fR). .PP -\&\fIBN_div_word()\fR divides \fBa\fR by \fBw\fR (\f(CW\*(C`a/=w\*(C'\fR) and returns the remainder. +\&\fBBN_div_word()\fR divides \fBa\fR by \fBw\fR (\f(CW\*(C`a/=w\*(C'\fR) and returns the remainder. .PP -\&\fIBN_mod_word()\fR returns the remainder of \fBa\fR divided by \fBw\fR (\f(CW\*(C`a%w\*(C'\fR). +\&\fBBN_mod_word()\fR returns the remainder of \fBa\fR divided by \fBw\fR (\f(CW\*(C`a%w\*(C'\fR). .PP -For \fIBN_div_word()\fR and \fIBN_mod_word()\fR, \fBw\fR must not be 0. +For \fBBN_div_word()\fR and \fBBN_mod_word()\fR, \fBw\fR must not be 0. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBN_add_word()\fR, \fIBN_sub_word()\fR and \fIBN_mul_word()\fR return 1 for success, 0 -on error. The error codes can be obtained by \fIERR_get_error\fR\|(3). +\&\fBBN_add_word()\fR, \fBBN_sub_word()\fR and \fBBN_mul_word()\fR return 1 for success, 0 +on error. The error codes can be obtained by \fBERR_get_error\fR\|(3). .PP -\&\fIBN_mod_word()\fR and \fIBN_div_word()\fR return \fBa\fR%\fBw\fR on success and +\&\fBBN_mod_word()\fR and \fBBN_div_word()\fR return \fBa\fR%\fBw\fR on success and \&\fB(\s-1BN_ULONG\s0)\-1\fR if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIBN_add\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/BN_bn2bin.3 b/secure/lib/libcrypto/man/BN_bn2bin.3 index da4d59360c79..6a138a9db335 100644 --- a/secure/lib/libcrypto/man/BN_bn2bin.3 +++ b/secure/lib/libcrypto/man/BN_bn2bin.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_BN2BIN 3" -.TH BN_BN2BIN 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BN_BN2BIN 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -161,76 +165,76 @@ BN_bn2binpad, BN_bn2bin, BN_bin2bn, BN_bn2lebinpad, BN_lebin2bn, BN_bn2hex, BN_b .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBN_bn2bin()\fR converts the absolute value of \fBa\fR into big-endian form +\&\fBBN_bn2bin()\fR converts the absolute value of \fBa\fR into big-endian form and stores it at \fBto\fR. \fBto\fR must point to BN_num_bytes(\fBa\fR) bytes of memory. .PP -\&\fIBN_bn2binpad()\fR also converts the absolute value of \fBa\fR into big-endian form +\&\fBBN_bn2binpad()\fR also converts the absolute value of \fBa\fR into big-endian form and stores it at \fBto\fR. \fBtolen\fR indicates the length of the output buffer \&\fBto\fR. The result is padded with zeroes if necessary. If \fBtolen\fR is less than BN_num_bytes(\fBa\fR) an error is returned. .PP -\&\fIBN_bin2bn()\fR converts the positive integer in big-endian form of length +\&\fBBN_bin2bn()\fR converts the positive integer in big-endian form of length \&\fBlen\fR at \fBs\fR into a \fB\s-1BIGNUM\s0\fR and places it in \fBret\fR. If \fBret\fR is \&\s-1NULL,\s0 a new \fB\s-1BIGNUM\s0\fR is created. .PP -\&\fIBN_bn2lebinpad()\fR and \fIBN_lebin2bn()\fR are identical to \fIBN_bn2binpad()\fR and -\&\fIBN_bin2bn()\fR except the buffer is in little-endian format. +\&\fBBN_bn2lebinpad()\fR and \fBBN_lebin2bn()\fR are identical to \fBBN_bn2binpad()\fR and +\&\fBBN_bin2bn()\fR except the buffer is in little-endian format. .PP -\&\fIBN_bn2hex()\fR and \fIBN_bn2dec()\fR return printable strings containing the +\&\fBBN_bn2hex()\fR and \fBBN_bn2dec()\fR return printable strings containing the hexadecimal and decimal encoding of \fBa\fR respectively. For negative numbers, the string is prefaced with a leading '\-'. The string must be -freed later using \fIOPENSSL_free()\fR. +freed later using \fBOPENSSL_free()\fR. .PP -\&\fIBN_hex2bn()\fR takes as many characters as possible from the string \fBstr\fR, +\&\fBBN_hex2bn()\fR takes as many characters as possible from the string \fBstr\fR, including the leading character '\-' which means negative, to form a valid hexadecimal number representation and converts them to a \fB\s-1BIGNUM\s0\fR and stores it in **\fBa\fR. If *\fBa\fR is \s-1NULL,\s0 a new \fB\s-1BIGNUM\s0\fR is created. If \&\fBa\fR is \s-1NULL,\s0 it only computes the length of valid representation. A \*(L"negative zero\*(R" is converted to zero. -\&\fIBN_dec2bn()\fR is the same using the decimal system. +\&\fBBN_dec2bn()\fR is the same using the decimal system. .PP -\&\fIBN_print()\fR and \fIBN_print_fp()\fR write the hexadecimal encoding of \fBa\fR, +\&\fBBN_print()\fR and \fBBN_print_fp()\fR write the hexadecimal encoding of \fBa\fR, with a leading '\-' for negative numbers, to the \fB\s-1BIO\s0\fR or \fB\s-1FILE\s0\fR \&\fBfp\fR. .PP -\&\fIBN_bn2mpi()\fR and \fIBN_mpi2bn()\fR convert \fB\s-1BIGNUM\s0\fRs from and to a format +\&\fBBN_bn2mpi()\fR and \fBBN_mpi2bn()\fR convert \fB\s-1BIGNUM\s0\fRs from and to a format that consists of the number's length in bytes represented as a 4\-byte big-endian number, and the number itself in big-endian format, where the most significant bit signals a negative number (the representation of numbers with the \s-1MSB\s0 set is prefixed with null byte). .PP -\&\fIBN_bn2mpi()\fR stores the representation of \fBa\fR at \fBto\fR, where \fBto\fR +\&\fBBN_bn2mpi()\fR stores the representation of \fBa\fR at \fBto\fR, where \fBto\fR must be large enough to hold the result. The size can be determined by calling BN_bn2mpi(\fBa\fR, \s-1NULL\s0). .PP -\&\fIBN_mpi2bn()\fR converts the \fBlen\fR bytes long representation at \fBs\fR to +\&\fBBN_mpi2bn()\fR converts the \fBlen\fR bytes long representation at \fBs\fR to a \fB\s-1BIGNUM\s0\fR and stores it at \fBret\fR, or in a newly allocated \fB\s-1BIGNUM\s0\fR if \fBret\fR is \s-1NULL.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBN_bn2bin()\fR returns the length of the big-endian number placed at \fBto\fR. -\&\fIBN_bin2bn()\fR returns the \fB\s-1BIGNUM\s0\fR, \s-1NULL\s0 on error. +\&\fBBN_bn2bin()\fR returns the length of the big-endian number placed at \fBto\fR. +\&\fBBN_bin2bn()\fR returns the \fB\s-1BIGNUM\s0\fR, \s-1NULL\s0 on error. .PP -\&\fIBN_bn2binpad()\fR returns the number of bytes written or \-1 if the supplied +\&\fBBN_bn2binpad()\fR returns the number of bytes written or \-1 if the supplied buffer is too small. .PP -\&\fIBN_bn2hex()\fR and \fIBN_bn2dec()\fR return a null-terminated string, or \s-1NULL\s0 -on error. \fIBN_hex2bn()\fR and \fIBN_dec2bn()\fR return the number of characters +\&\fBBN_bn2hex()\fR and \fBBN_bn2dec()\fR return a null-terminated string, or \s-1NULL\s0 +on error. \fBBN_hex2bn()\fR and \fBBN_dec2bn()\fR return the number of characters used in parsing, or 0 on error, in which case no new \fB\s-1BIGNUM\s0\fR will be created. .PP -\&\fIBN_print_fp()\fR and \fIBN_print()\fR return 1 on success, 0 on write errors. +\&\fBBN_print_fp()\fR and \fBBN_print()\fR return 1 on success, 0 on write errors. .PP -\&\fIBN_bn2mpi()\fR returns the length of the representation. \fIBN_mpi2bn()\fR +\&\fBBN_bn2mpi()\fR returns the length of the representation. \fBBN_mpi2bn()\fR returns the \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error. .PP -The error codes can be obtained by \fIERR_get_error\fR\|(3). +The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIBN_zero\fR\|(3), -\&\fIASN1_INTEGER_to_BN\fR\|(3), -\&\fIBN_num_bytes\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBBN_zero\fR\|(3), +\&\fBASN1_INTEGER_to_BN\fR\|(3), +\&\fBBN_num_bytes\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/BN_cmp.3 b/secure/lib/libcrypto/man/BN_cmp.3 index 5fe1492d11f5..7922205c464f 100644 --- a/secure/lib/libcrypto/man/BN_cmp.3 +++ b/secure/lib/libcrypto/man/BN_cmp.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_CMP 3" -.TH BN_CMP 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BN_CMP 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,20 +155,20 @@ BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd \- BIGNUM comparis .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBN_cmp()\fR compares the numbers \fBa\fR and \fBb\fR. \fIBN_ucmp()\fR compares their +\&\fBBN_cmp()\fR compares the numbers \fBa\fR and \fBb\fR. \fBBN_ucmp()\fR compares their absolute values. .PP -\&\fIBN_is_zero()\fR, \fIBN_is_one()\fR and \fIBN_is_word()\fR test if \fBa\fR equals 0, 1, -or \fBw\fR respectively. \fIBN_is_odd()\fR tests if a is odd. +\&\fBBN_is_zero()\fR, \fBBN_is_one()\fR and \fBBN_is_word()\fR test if \fBa\fR equals 0, 1, +or \fBw\fR respectively. \fBBN_is_odd()\fR tests if a is odd. .PP -\&\fIBN_is_zero()\fR, \fIBN_is_one()\fR, \fIBN_is_word()\fR and \fIBN_is_odd()\fR are macros. +\&\fBBN_is_zero()\fR, \fBBN_is_one()\fR, \fBBN_is_word()\fR and \fBBN_is_odd()\fR are macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBN_cmp()\fR returns \-1 if \fBa\fR < \fBb\fR, 0 if \fBa\fR == \fBb\fR and 1 if -\&\fBa\fR > \fBb\fR. \fIBN_ucmp()\fR is the same using the absolute values +\&\fBBN_cmp()\fR returns \-1 if \fBa\fR < \fBb\fR, 0 if \fBa\fR == \fBb\fR and 1 if +\&\fBa\fR > \fBb\fR. \fBBN_ucmp()\fR is the same using the absolute values of \fBa\fR and \fBb\fR. .PP -\&\fIBN_is_zero()\fR, \fIBN_is_one()\fR \fIBN_is_word()\fR and \fIBN_is_odd()\fR return 1 if +\&\fBBN_is_zero()\fR, \fBBN_is_one()\fR \fBBN_is_word()\fR and \fBBN_is_odd()\fR return 1 if the condition is true, 0 otherwise. .SH "COPYRIGHT" .IX Header "COPYRIGHT" diff --git a/secure/lib/libcrypto/man/BN_copy.3 b/secure/lib/libcrypto/man/BN_copy.3 index 58b4d6963059..30a490f64bb5 100644 --- a/secure/lib/libcrypto/man/BN_copy.3 +++ b/secure/lib/libcrypto/man/BN_copy.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_COPY 3" -.TH BN_COPY 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BN_COPY 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,7 +153,7 @@ BN_copy, BN_dup, BN_with_flags \- copy BIGNUMs .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBN_copy()\fR copies \fBfrom\fR to \fBto\fR. \fIBN_dup()\fR creates a new \fB\s-1BIGNUM\s0\fR +\&\fBBN_copy()\fR copies \fBfrom\fR to \fBto\fR. \fBBN_dup()\fR creates a new \fB\s-1BIGNUM\s0\fR containing the value \fBfrom\fR. .PP BN_with_flags creates a \fBtemporary\fR shallow copy of \fBb\fR in \fBdest\fR. It places @@ -162,7 +166,7 @@ might commonly be used to create a temporary copy of a \s-1BIGNUM\s0 with the \&\fBdest\fR will share some internal state with \fBb\fR. For this reason the following restrictions apply to the use of \fBdest\fR: .IP "\(bu" 2 -\&\fBdest\fR should be a newly allocated \s-1BIGNUM\s0 obtained via a call to \fIBN_new()\fR. It +\&\fBdest\fR should be a newly allocated \s-1BIGNUM\s0 obtained via a call to \fBBN_new()\fR. It should not have been used for other purposes or initialised in any way. .IP "\(bu" 2 \&\fBdest\fR must only be used in \*(L"read-only\*(R" operations, i.e. typically those @@ -171,12 +175,12 @@ functions where the relevant parameter is declared \*(L"const\*(R". \&\fBdest\fR must be used and freed before any further subsequent use of \fBb\fR .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBN_copy()\fR returns \fBto\fR on success, \s-1NULL\s0 on error. \fIBN_dup()\fR returns +\&\fBBN_copy()\fR returns \fBto\fR on success, \s-1NULL\s0 on error. \fBBN_dup()\fR returns the new \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error. The error codes can be obtained -by \fIERR_get_error\fR\|(3). +by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3) +\&\fBERR_get_error\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/BN_generate_prime.3 b/secure/lib/libcrypto/man/BN_generate_prime.3 index ddca791ee047..105a10581695 100644 --- a/secure/lib/libcrypto/man/BN_generate_prime.3 +++ b/secure/lib/libcrypto/man/BN_generate_prime.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_GENERATE_PRIME 3" -.TH BN_GENERATE_PRIME 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BN_GENERATE_PRIME 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -182,7 +186,7 @@ Deprecated: .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBN_generate_prime_ex()\fR generates a pseudo-random prime number of +\&\fBBN_generate_prime_ex()\fR generates a pseudo-random prime number of at least bit length \fBbits\fR. If \fBret\fR is not \fB\s-1NULL\s0\fR, it will be used to store the number. .PP @@ -196,7 +200,7 @@ While the number is being tested for primality, .IP "\(bu" 2 When a prime has been found, \fBBN_GENCB_call(cb, 2, i)\fR is called. .IP "\(bu" 2 -The callers of \fIBN_generate_prime_ex()\fR may call \fBBN_GENCB_call(cb, i, j)\fR with +The callers of \fBBN_generate_prime_ex()\fR may call \fBBN_GENCB_call(cb, i, j)\fR with other values as described in their respective man pages; see \*(L"\s-1SEE ALSO\*(R"\s0. .PP The prime may have to fulfill additional requirements for use in @@ -209,21 +213,21 @@ generator. If \fBsafe\fR is true, it will be a safe prime (i.e. a prime p so that (p\-1)/2 is also prime). .PP -The \s-1PRNG\s0 must be seeded prior to calling \fIBN_generate_prime_ex()\fR. +The \s-1PRNG\s0 must be seeded prior to calling \fBBN_generate_prime_ex()\fR. The prime number generation has a negligible error probability. .PP -\&\fIBN_is_prime_ex()\fR and \fIBN_is_prime_fasttest_ex()\fR test if the number \fBp\fR is +\&\fBBN_is_prime_ex()\fR and \fBBN_is_prime_fasttest_ex()\fR test if the number \fBp\fR is prime. The following tests are performed until one of them shows that \&\fBp\fR is composite; if \fBp\fR passes all these tests, it is considered prime. .PP -\&\fIBN_is_prime_fasttest_ex()\fR, when called with \fBdo_trial_division == 1\fR, +\&\fBBN_is_prime_fasttest_ex()\fR, when called with \fBdo_trial_division == 1\fR, first attempts trial division by a number of small primes; if no divisors are found by this test and \fBcb\fR is not \fB\s-1NULL\s0\fR, \&\fBBN_GENCB_call(cb, 1, \-1)\fR is called. If \fBdo_trial_division == 0\fR, this test is skipped. .PP -Both \fIBN_is_prime_ex()\fR and \fIBN_is_prime_fasttest_ex()\fR perform a Miller-Rabin +Both \fBBN_is_prime_ex()\fR and \fBBN_is_prime_fasttest_ex()\fR perform a Miller-Rabin probabilistic primality test with \fBnchecks\fR iterations. If \&\fBnchecks == BN_prime_checks\fR, a number of iterations is used that yields a false positive rate of at most 2^\-64 for random input. @@ -243,20 +247,20 @@ after the j\-th iteration (j = 0, 1, ...). \fBctx\fR is a pre-allocated \fB\s-1BN_CTX\s0\fR (to save the overhead of allocating and freeing the structure in a loop), or \fB\s-1NULL\s0\fR. .PP -\&\fIBN_GENCB_call()\fR calls the callback function held in the \fB\s-1BN_GENCB\s0\fR structure +\&\fBBN_GENCB_call()\fR calls the callback function held in the \fB\s-1BN_GENCB\s0\fR structure and passes the ints \fBa\fR and \fBb\fR as arguments. There are two types of \&\fB\s-1BN_GENCB\s0\fR structure that are supported: \*(L"new\*(R" style and \*(L"old\*(R" style. New programs should prefer the \*(L"new\*(R" style, whilst the \*(L"old\*(R" style is provided for backwards compatibility purposes. .PP -A \fB\s-1BN_GENCB\s0\fR structure should be created through a call to \fIBN_GENCB_new()\fR, -and freed through a call to \fIBN_GENCB_free()\fR. +A \fB\s-1BN_GENCB\s0\fR structure should be created through a call to \fBBN_GENCB_new()\fR, +and freed through a call to \fBBN_GENCB_free()\fR. .PP For \*(L"new\*(R" style callbacks a \s-1BN_GENCB\s0 structure should be initialised with a -call to \fIBN_GENCB_set()\fR, where \fBgencb\fR is a \fB\s-1BN_GENCB\s0 *\fR, \fBcallback\fR is of +call to \fBBN_GENCB_set()\fR, where \fBgencb\fR is a \fB\s-1BN_GENCB\s0 *\fR, \fBcallback\fR is of type \fBint (*callback)(int, int, \s-1BN_GENCB\s0 *)\fR and \fBcb_arg\fR is a \fBvoid *\fR. \&\*(L"Old\*(R" style callbacks are the same except they are initialised with a call -to \fIBN_GENCB_set_old()\fR and \fBcallback\fR is of type +to \fBBN_GENCB_set_old()\fR and \fBcallback\fR is of type \&\fBvoid (*callback)(int, int, void *)\fR. .PP A callback is invoked through a call to \fBBN_GENCB_call\fR. This will check @@ -266,22 +270,22 @@ style callbacks or \fBcallback(a, b, cb_arg)\fR for old style. It is possible to obtain the argument associated with a \s-1BN_GENCB\s0 structure (set via a call to BN_GENCB_set or BN_GENCB_set_old) using BN_GENCB_get_arg. .PP -\&\fIBN_generate_prime()\fR (deprecated) works in the same way as -\&\fIBN_generate_prime_ex()\fR but expects an old-style callback function +\&\fBBN_generate_prime()\fR (deprecated) works in the same way as +\&\fBBN_generate_prime_ex()\fR but expects an old-style callback function directly in the \fBcallback\fR parameter, and an argument to pass to it in -the \fBcb_arg\fR. \fIBN_is_prime()\fR and \fIBN_is_prime_fasttest()\fR -can similarly be compared to \fIBN_is_prime_ex()\fR and -\&\fIBN_is_prime_fasttest_ex()\fR, respectively. +the \fBcb_arg\fR. \fBBN_is_prime()\fR and \fBBN_is_prime_fasttest()\fR +can similarly be compared to \fBBN_is_prime_ex()\fR and +\&\fBBN_is_prime_fasttest_ex()\fR, respectively. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBN_generate_prime_ex()\fR return 1 on success or 0 on error. +\&\fBBN_generate_prime_ex()\fR return 1 on success or 0 on error. .PP -\&\fIBN_is_prime_ex()\fR, \fIBN_is_prime_fasttest_ex()\fR, \fIBN_is_prime()\fR and -\&\fIBN_is_prime_fasttest()\fR return 0 if the number is composite, 1 if it is +\&\fBBN_is_prime_ex()\fR, \fBBN_is_prime_fasttest_ex()\fR, \fBBN_is_prime()\fR and +\&\fBBN_is_prime_fasttest()\fR return 0 if the number is composite, 1 if it is prime with an error probability of less than 0.25^\fBnchecks\fR, and \&\-1 on error. .PP -\&\fIBN_generate_prime()\fR returns the prime number on success, \fB\s-1NULL\s0\fR otherwise. +\&\fBBN_generate_prime()\fR returns the prime number on success, \fB\s-1NULL\s0\fR otherwise. .PP BN_GENCB_new returns a pointer to a \s-1BN_GENCB\s0 structure on success, or \fB\s-1NULL\s0\fR otherwise. @@ -291,7 +295,7 @@ structure. .PP Callback functions should return 1 on success or 0 on error. .PP -The error codes can be obtained by \fIERR_get_error\fR\|(3). +The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "REMOVED FUNCTIONALITY" .IX Header "REMOVED FUNCTIONALITY" As of OpenSSL 1.1.0 it is no longer possible to create a \s-1BN_GENCB\s0 structure @@ -313,12 +317,12 @@ Instead applications should create a \s-1BN_GENCB\s0 structure using BN_GENCB_ne .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIDH_generate_parameters\fR\|(3), \fIDSA_generate_parameters\fR\|(3), -\&\fIRSA_generate_key\fR\|(3), \fIERR_get_error\fR\|(3), \fIRAND_bytes\fR\|(3) +\&\fBDH_generate_parameters\fR\|(3), \fBDSA_generate_parameters\fR\|(3), +\&\fBRSA_generate_key\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIBN_GENCB_new()\fR, \fIBN_GENCB_free()\fR, -and \fIBN_GENCB_get_arg()\fR were added in OpenSSL 1.1.0 +The \fBBN_GENCB_new()\fR, \fBBN_GENCB_free()\fR, +and \fBBN_GENCB_get_arg()\fR functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/BN_mod_inverse.3 b/secure/lib/libcrypto/man/BN_mod_inverse.3 index 5e54711e3b32..e2adea6b318c 100644 --- a/secure/lib/libcrypto/man/BN_mod_inverse.3 +++ b/secure/lib/libcrypto/man/BN_mod_inverse.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_MOD_INVERSE 3" -.TH BN_MOD_INVERSE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BN_MOD_INVERSE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,7 +150,7 @@ BN_mod_inverse \- compute inverse modulo n .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBN_mod_inverse()\fR computes the inverse of \fBa\fR modulo \fBn\fR +\&\fBBN_mod_inverse()\fR computes the inverse of \fBa\fR modulo \fBn\fR places the result in \fBr\fR (\f(CW\*(C`(a*r)%n==1\*(C'\fR). If \fBr\fR is \s-1NULL,\s0 a new \fB\s-1BIGNUM\s0\fR is created. .PP @@ -154,11 +158,11 @@ a new \fB\s-1BIGNUM\s0\fR is created. variables. \fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR or \fBn\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBN_mod_inverse()\fR returns the \fB\s-1BIGNUM\s0\fR containing the inverse, and -\&\s-1NULL\s0 on error. The error codes can be obtained by \fIERR_get_error\fR\|(3). +\&\fBBN_mod_inverse()\fR returns the \fB\s-1BIGNUM\s0\fR containing the inverse, and +\&\s-1NULL\s0 on error. The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIBN_add\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 index fe0ad15327b8..10b395b215d1 100644 --- a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 +++ b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_MOD_MUL_MONTGOMERY 3" -.TH BN_MOD_MUL_MONTGOMERY 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BN_MOD_MUL_MONTGOMERY 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -159,51 +163,51 @@ BN_mod_mul_montgomery, BN_MONT_CTX_new, BN_MONT_CTX_free, BN_MONT_CTX_set, BN_MO .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions implement Montgomery multiplication. They are used -automatically when \fIBN_mod_exp\fR\|(3) is called with suitable input, +automatically when \fBBN_mod_exp\fR\|(3) is called with suitable input, but they may be useful when several operations are to be performed using the same modulus. .PP -\&\fIBN_MONT_CTX_new()\fR allocates and initializes a \fB\s-1BN_MONT_CTX\s0\fR structure. +\&\fBBN_MONT_CTX_new()\fR allocates and initializes a \fB\s-1BN_MONT_CTX\s0\fR structure. .PP -\&\fIBN_MONT_CTX_set()\fR sets up the \fImont\fR structure from the modulus \fIm\fR +\&\fBBN_MONT_CTX_set()\fR sets up the \fImont\fR structure from the modulus \fIm\fR by precomputing its inverse and a value R. .PP -\&\fIBN_MONT_CTX_copy()\fR copies the \fB\s-1BN_MONT_CTX\s0\fR \fIfrom\fR to \fIto\fR. +\&\fBBN_MONT_CTX_copy()\fR copies the \fB\s-1BN_MONT_CTX\s0\fR \fIfrom\fR to \fIto\fR. .PP -\&\fIBN_MONT_CTX_free()\fR frees the components of the \fB\s-1BN_MONT_CTX\s0\fR, and, if -it was created by \fIBN_MONT_CTX_new()\fR, also the structure itself. +\&\fBBN_MONT_CTX_free()\fR frees the components of the \fB\s-1BN_MONT_CTX\s0\fR, and, if +it was created by \fBBN_MONT_CTX_new()\fR, also the structure itself. If \fBmont\fR is \s-1NULL,\s0 nothing is done. .PP -\&\fIBN_mod_mul_montgomery()\fR computes Mont(\fIa\fR,\fIb\fR):=\fIa\fR*\fIb\fR*R^\-1 and places +\&\fBBN_mod_mul_montgomery()\fR computes Mont(\fIa\fR,\fIb\fR):=\fIa\fR*\fIb\fR*R^\-1 and places the result in \fIr\fR. .PP -\&\fIBN_from_montgomery()\fR performs the Montgomery reduction \fIr\fR = \fIa\fR*R^\-1. +\&\fBBN_from_montgomery()\fR performs the Montgomery reduction \fIr\fR = \fIa\fR*R^\-1. .PP -\&\fIBN_to_montgomery()\fR computes Mont(\fIa\fR,R^2), i.e. \fIa\fR*R. +\&\fBBN_to_montgomery()\fR computes Mont(\fIa\fR,R^2), i.e. \fIa\fR*R. Note that \fIa\fR must be non-negative and smaller than the modulus. .PP For all functions, \fIctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for temporary variables. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBN_MONT_CTX_new()\fR returns the newly allocated \fB\s-1BN_MONT_CTX\s0\fR, and \s-1NULL\s0 +\&\fBBN_MONT_CTX_new()\fR returns the newly allocated \fB\s-1BN_MONT_CTX\s0\fR, and \s-1NULL\s0 on error. .PP -\&\fIBN_MONT_CTX_free()\fR has no return value. +\&\fBBN_MONT_CTX_free()\fR has no return value. .PP For the other functions, 1 is returned for success, 0 on error. -The error codes can be obtained by \fIERR_get_error\fR\|(3). +The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "WARNING" .IX Header "WARNING" The inputs must be reduced modulo \fBm\fR, otherwise the result will be outside the expected range. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIBN_add\fR\|(3), -\&\fIBN_CTX_new\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3), +\&\fBBN_CTX_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIBN_MONT_CTX_init()\fR was removed in OpenSSL 1.1.0 +\&\fBBN_MONT_CTX_init()\fR was removed in OpenSSL 1.1.0 .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 index 6e1392c8255a..ea3587aca439 100644 --- a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 +++ b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_MOD_MUL_RECIPROCAL 3" -.TH BN_MOD_MUL_RECIPROCAL 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BN_MOD_MUL_RECIPROCAL 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -154,43 +158,43 @@ BN_mod_mul_reciprocal, BN_div_recp, BN_RECP_CTX_new, BN_RECP_CTX_free, BN_RECP_C .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBN_mod_mul_reciprocal()\fR can be used to perform an efficient -\&\fIBN_mod_mul\fR\|(3) operation when the operation will be performed +\&\fBBN_mod_mul_reciprocal()\fR can be used to perform an efficient +\&\fBBN_mod_mul\fR\|(3) operation when the operation will be performed repeatedly with the same modulus. It computes \fBr\fR=(\fBa\fR*\fBb\fR)%\fBm\fR using \fBrecp\fR=1/\fBm\fR, which is set as described below. \fBctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for temporary variables. .PP -\&\fIBN_RECP_CTX_new()\fR allocates and initializes a \fB\s-1BN_RECP\s0\fR structure. +\&\fBBN_RECP_CTX_new()\fR allocates and initializes a \fB\s-1BN_RECP\s0\fR structure. .PP -\&\fIBN_RECP_CTX_free()\fR frees the components of the \fB\s-1BN_RECP\s0\fR, and, if it -was created by \fIBN_RECP_CTX_new()\fR, also the structure itself. +\&\fBBN_RECP_CTX_free()\fR frees the components of the \fB\s-1BN_RECP\s0\fR, and, if it +was created by \fBBN_RECP_CTX_new()\fR, also the structure itself. If \fBrecp\fR is \s-1NULL,\s0 nothing is done. .PP -\&\fIBN_RECP_CTX_set()\fR stores \fBm\fR in \fBrecp\fR and sets it up for computing +\&\fBBN_RECP_CTX_set()\fR stores \fBm\fR in \fBrecp\fR and sets it up for computing 1/\fBm\fR and shifting it left by BN_num_bits(\fBm\fR)+1 to make it an integer. The result and the number of bits it was shifted left will later be stored in \fBrecp\fR. .PP -\&\fIBN_div_recp()\fR divides \fBa\fR by \fBm\fR using \fBrecp\fR. It places the quotient +\&\fBBN_div_recp()\fR divides \fBa\fR by \fBm\fR using \fBrecp\fR. It places the quotient in \fBdv\fR and the remainder in \fBrem\fR. .PP The \fB\s-1BN_RECP_CTX\s0\fR structure cannot be shared between threads. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBN_RECP_CTX_new()\fR returns the newly allocated \fB\s-1BN_RECP_CTX\s0\fR, and \s-1NULL\s0 +\&\fBBN_RECP_CTX_new()\fR returns the newly allocated \fB\s-1BN_RECP_CTX\s0\fR, and \s-1NULL\s0 on error. .PP -\&\fIBN_RECP_CTX_free()\fR has no return value. +\&\fBBN_RECP_CTX_free()\fR has no return value. .PP For the other functions, 1 is returned for success, 0 on error. -The error codes can be obtained by \fIERR_get_error\fR\|(3). +The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIBN_add\fR\|(3), -\&\fIBN_CTX_new\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3), +\&\fBBN_CTX_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIBN_RECP_CTX_init()\fR was removed in OpenSSL 1.1.0 +\&\fBBN_RECP_CTX_init()\fR was removed in OpenSSL 1.1.0 .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/BN_new.3 b/secure/lib/libcrypto/man/BN_new.3 index 62a640928f18..7d260e5efd15 100644 --- a/secure/lib/libcrypto/man/BN_new.3 +++ b/secure/lib/libcrypto/man/BN_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_NEW 3" -.TH BN_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BN_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,33 +157,33 @@ BN_new, BN_secure_new, BN_clear, BN_free, BN_clear_free \- allocate and free BIG .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBN_new()\fR allocates and initializes a \fB\s-1BIGNUM\s0\fR structure. -\&\fIBN_secure_new()\fR does the same except that the secure heap -\&\fIOPENSSL_secure_malloc\fR\|(3) is used to store the value. +\&\fBBN_new()\fR allocates and initializes a \fB\s-1BIGNUM\s0\fR structure. +\&\fBBN_secure_new()\fR does the same except that the secure heap +\&\fBOPENSSL_secure_malloc\fR\|(3) is used to store the value. .PP -\&\fIBN_clear()\fR is used to destroy sensitive data such as keys when they +\&\fBBN_clear()\fR is used to destroy sensitive data such as keys when they are no longer needed. It erases the memory used by \fBa\fR and sets it to the value 0. .PP -\&\fIBN_free()\fR frees the components of the \fB\s-1BIGNUM\s0\fR, and if it was created -by \fIBN_new()\fR, also the structure itself. \fIBN_clear_free()\fR additionally +\&\fBBN_free()\fR frees the components of the \fB\s-1BIGNUM\s0\fR, and if it was created +by \fBBN_new()\fR, also the structure itself. \fBBN_clear_free()\fR additionally overwrites the data before the memory is returned to the system. If \fBa\fR is \s-1NULL,\s0 nothing is done. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBN_new()\fR and \fIBN_secure_new()\fR +\&\fBBN_new()\fR and \fBBN_secure_new()\fR return a pointer to the \fB\s-1BIGNUM\s0\fR initialised to the value 0. If the allocation fails, they return \fB\s-1NULL\s0\fR and set an error code that can be obtained -by \fIERR_get_error\fR\|(3). +by \fBERR_get_error\fR\|(3). .PP -\&\fIBN_clear()\fR, \fIBN_free()\fR and \fIBN_clear_free()\fR have no return values. +\&\fBBN_clear()\fR, \fBBN_free()\fR and \fBBN_clear_free()\fR have no return values. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3) +\&\fBERR_get_error\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIBN_init()\fR was removed in OpenSSL 1.1.0; use \fIBN_new()\fR instead. +\&\fBBN_init()\fR was removed in OpenSSL 1.1.0; use \fBBN_new()\fR instead. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/BN_num_bytes.3 b/secure/lib/libcrypto/man/BN_num_bytes.3 index 6ef112c3be09..4740a575937d 100644 --- a/secure/lib/libcrypto/man/BN_num_bytes.3 +++ b/secure/lib/libcrypto/man/BN_num_bytes.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_NUM_BYTES 3" -.TH BN_NUM_BYTES 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BN_NUM_BYTES 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,35 +153,35 @@ BN_num_bits, BN_num_bytes, BN_num_bits_word \- get BIGNUM size .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBN_num_bytes()\fR returns the size of a \fB\s-1BIGNUM\s0\fR in bytes. +\&\fBBN_num_bytes()\fR returns the size of a \fB\s-1BIGNUM\s0\fR in bytes. .PP -\&\fIBN_num_bits_word()\fR returns the number of significant bits in a word. +\&\fBBN_num_bits_word()\fR returns the number of significant bits in a word. If we take 0x00000432 as an example, it returns 11, not 16, not 32. Basically, except for a zero, it returns \fIfloor(log2(w))+1\fR. .PP -\&\fIBN_num_bits()\fR returns the number of significant bits in a \fB\s-1BIGNUM\s0\fR, -following the same principle as \fIBN_num_bits_word()\fR. +\&\fBBN_num_bits()\fR returns the number of significant bits in a \fB\s-1BIGNUM\s0\fR, +following the same principle as \fBBN_num_bits_word()\fR. .PP -\&\fIBN_num_bytes()\fR is a macro. +\&\fBBN_num_bytes()\fR is a macro. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The size. .SH "NOTES" .IX Header "NOTES" -Some have tried using \fIBN_num_bits()\fR on individual numbers in \s-1RSA\s0 keys, +Some have tried using \fBBN_num_bits()\fR on individual numbers in \s-1RSA\s0 keys, \&\s-1DH\s0 keys and \s-1DSA\s0 keys, and found that they don't always come up with the number of bits they expected (something like 512, 1024, 2048, \&...). This is because generating a number with some specific number of bits doesn't always set the highest bits, thereby making the number of \fIsignificant\fR bits a little lower. If you want to know the \*(L"key -size\*(R" of such a key, either use functions like \fIRSA_size()\fR, \fIDH_size()\fR -and \fIDSA_size()\fR, or use \fIBN_num_bytes()\fR and multiply with 8 (although +size\*(R" of such a key, either use functions like \fBRSA_size()\fR, \fBDH_size()\fR +and \fBDSA_size()\fR, or use \fBBN_num_bytes()\fR and multiply with 8 (although there's no real guarantee that will match the \*(L"key size\*(R", just a lot more probability). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIDH_size\fR\|(3), \fIDSA_size\fR\|(3), -\&\fIRSA_size\fR\|(3) +\&\fBDH_size\fR\|(3), \fBDSA_size\fR\|(3), +\&\fBRSA_size\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/BN_rand.3 b/secure/lib/libcrypto/man/BN_rand.3 index ceb927e95401..a5ebda0da489 100644 --- a/secure/lib/libcrypto/man/BN_rand.3 +++ b/secure/lib/libcrypto/man/BN_rand.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_RAND 3" -.TH BN_RAND 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BN_RAND 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,7 +159,7 @@ BN_rand, BN_priv_rand, BN_pseudo_rand, BN_rand_range, BN_priv_rand_range, BN_pse .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBN_rand()\fR generates a cryptographically strong pseudo-random number of +\&\fBBN_rand()\fR generates a cryptographically strong pseudo-random number of \&\fBbits\fR in length and stores it in \fBrnd\fR. If \fBbits\fR is less than zero, or too small to accommodate the requirements specified by the \fBtop\fR and \fBbottom\fR @@ -171,13 +175,13 @@ If \fBbottom\fR is \fB\s-1BN_RAND_BOTTOM_ODD\s0\fR, the number will be odd; if i is \fB\s-1BN_RAND_BOTTOM_ANY\s0\fR it can be odd or even. If \fBbits\fR is 1 then \fBtop\fR cannot also be \fB\s-1BN_RAND_FLG_TOPTWO\s0\fR. .PP -\&\fIBN_rand_range()\fR generates a cryptographically strong pseudo-random +\&\fBBN_rand_range()\fR generates a cryptographically strong pseudo-random number \fBrnd\fR in the range 0 <= \fBrnd\fR < \fBrange\fR. .PP -\&\fIBN_priv_rand()\fR and \fIBN_priv_rand_range()\fR have the same semantics as -\&\fIBN_rand()\fR and \fIBN_rand_range()\fR respectively. They are intended to be +\&\fBBN_priv_rand()\fR and \fBBN_priv_rand_range()\fR have the same semantics as +\&\fBBN_rand()\fR and \fBBN_rand_range()\fR respectively. They are intended to be used for generating values that should remain private, and mirror the -same difference between \fIRAND_bytes\fR\|(3) and \fIRAND_priv_bytes\fR\|(3). +same difference between \fBRAND_bytes\fR\|(3) and \fBRAND_priv_bytes\fR\|(3). .SH "NOTES" .IX Header "NOTES" Always check the error return value of these functions and do not take @@ -186,25 +190,26 @@ seeded with enough randomness to ensure an unpredictable byte sequence. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The functions return 1 on success, 0 on error. -The error codes can be obtained by \fIERR_get_error\fR\|(3). +The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "HISTORY" .IX Header "HISTORY" .IP "\(bu" 2 -Starting with OpenSSL release 1.1.0, \fIBN_pseudo_rand()\fR has been identical -to \fIBN_rand()\fR and \fIBN_pseudo_rand_range()\fR has been identical to -\&\fIBN_rand_range()\fR. +Starting with OpenSSL release 1.1.0, \fBBN_pseudo_rand()\fR has been identical +to \fBBN_rand()\fR and \fBBN_pseudo_rand_range()\fR has been identical to +\&\fBBN_rand_range()\fR. The \*(L"pseudo\*(R" functions should not be used and may be deprecated in a future release. .IP "\(bu" 2 -\&\fIBN_priv_rand()\fR and \fIBN_priv_rand_range()\fR were added in OpenSSL 1.1.1. +The +\&\fBBN_priv_rand()\fR and \fBBN_priv_rand_range()\fR functions were added in OpenSSL 1.1.1. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), -\&\fIRAND_add\fR\|(3), -\&\fIRAND_bytes\fR\|(3), -\&\fIRAND_priv_bytes\fR\|(3), -\&\s-1\fIRAND\s0\fR\|(7), -\&\s-1\fIRAND_DRBG\s0\fR\|(7) +\&\fBERR_get_error\fR\|(3), +\&\fBRAND_add\fR\|(3), +\&\fBRAND_bytes\fR\|(3), +\&\fBRAND_priv_bytes\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7), +\&\s-1\fBRAND_DRBG\s0\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/BN_security_bits.3 b/secure/lib/libcrypto/man/BN_security_bits.3 index 4bf266b1bebe..735c9b26cc53 100644 --- a/secure/lib/libcrypto/man/BN_security_bits.3 +++ b/secure/lib/libcrypto/man/BN_security_bits.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_SECURITY_BITS 3" -.TH BN_SECURITY_BITS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BN_SECURITY_BITS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,9 +149,9 @@ BN_security_bits \- returns bits of security based on given numbers .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBN_security_bits()\fR returns the number of bits of security provided by a +\&\fBBN_security_bits()\fR returns the number of bits of security provided by a specific algorithm and a particular key size. The bits of security is -defined in \s-1NIST SP800\-57.\s0 Currently, \fIBN_security_bits()\fR support two types +defined in \s-1NIST SP800\-57.\s0 Currently, \fBBN_security_bits()\fR support two types of asymmetric algorithms: the \s-1FFC\s0 (Finite Field Cryptography) and \s-1IFC\s0 (Integer Factorization Cryptography). For \s-1FFC,\s0 e.g., \s-1DSA\s0 and \s-1DH,\s0 both parameters \fBL\fR and \fBN\fR are used to decide the bits of security, where @@ -159,14 +163,14 @@ to be the key size (modulus). Number of security bits. .SH "NOTES" .IX Header "NOTES" -\&\s-1ECC\s0 (Elliptic Curve Cryptography) is not covered by the \fIBN_security_bits()\fR +\&\s-1ECC\s0 (Elliptic Curve Cryptography) is not covered by the \fBBN_security_bits()\fR function. The symmetric algorithms are not covered neither. .SH "HISTORY" .IX Header "HISTORY" -\&\fIBN_security_bits()\fR was added in OpenSSL 1.1.0. +The \fBBN_security_bits()\fR function was added in OpenSSL 1.1.0. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIDH_security_bits\fR\|(3), \fIDSA_security_bits\fR\|(3), \fIRSA_security_bits\fR\|(3) +\&\fBDH_security_bits\fR\|(3), \fBDSA_security_bits\fR\|(3), \fBRSA_security_bits\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/BN_set_bit.3 b/secure/lib/libcrypto/man/BN_set_bit.3 index 915cfa20f442..0cb207ce961f 100644 --- a/secure/lib/libcrypto/man/BN_set_bit.3 +++ b/secure/lib/libcrypto/man/BN_set_bit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_SET_BIT 3" -.TH BN_SET_BIT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BN_SET_BIT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,36 +160,36 @@ BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift, BN_lshift1, BN .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBN_set_bit()\fR sets bit \fBn\fR in \fBa\fR to 1 (\f(CW\*(C`a|=(1<<n)\*(C'\fR). The +\&\fBBN_set_bit()\fR sets bit \fBn\fR in \fBa\fR to 1 (\f(CW\*(C`a|=(1<<n)\*(C'\fR). The number is expanded if necessary. .PP -\&\fIBN_clear_bit()\fR sets bit \fBn\fR in \fBa\fR to 0 (\f(CW\*(C`a&=~(1<<n)\*(C'\fR). An +\&\fBBN_clear_bit()\fR sets bit \fBn\fR in \fBa\fR to 0 (\f(CW\*(C`a&=~(1<<n)\*(C'\fR). An error occurs if \fBa\fR is shorter than \fBn\fR bits. .PP -\&\fIBN_is_bit_set()\fR tests if bit \fBn\fR in \fBa\fR is set. +\&\fBBN_is_bit_set()\fR tests if bit \fBn\fR in \fBa\fR is set. .PP -\&\fIBN_mask_bits()\fR truncates \fBa\fR to an \fBn\fR bit number +\&\fBBN_mask_bits()\fR truncates \fBa\fR to an \fBn\fR bit number (\f(CW\*(C`a&=~((~0)>>n)\*(C'\fR). An error occurs if \fBa\fR already is shorter than \fBn\fR bits. .PP -\&\fIBN_lshift()\fR shifts \fBa\fR left by \fBn\fR bits and places the result in -\&\fBr\fR (\f(CW\*(C`r=a*2^n\*(C'\fR). Note that \fBn\fR must be non-negative. \fIBN_lshift1()\fR shifts +\&\fBBN_lshift()\fR shifts \fBa\fR left by \fBn\fR bits and places the result in +\&\fBr\fR (\f(CW\*(C`r=a*2^n\*(C'\fR). Note that \fBn\fR must be non-negative. \fBBN_lshift1()\fR shifts \&\fBa\fR left by one and places the result in \fBr\fR (\f(CW\*(C`r=2*a\*(C'\fR). .PP -\&\fIBN_rshift()\fR shifts \fBa\fR right by \fBn\fR bits and places the result in -\&\fBr\fR (\f(CW\*(C`r=a/2^n\*(C'\fR). Note that \fBn\fR must be non-negative. \fIBN_rshift1()\fR shifts +\&\fBBN_rshift()\fR shifts \fBa\fR right by \fBn\fR bits and places the result in +\&\fBr\fR (\f(CW\*(C`r=a/2^n\*(C'\fR). Note that \fBn\fR must be non-negative. \fBBN_rshift1()\fR shifts \&\fBa\fR right by one and places the result in \fBr\fR (\f(CW\*(C`r=a/2\*(C'\fR). .PP For the shift functions, \fBr\fR and \fBa\fR may be the same variable. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBN_is_bit_set()\fR returns 1 if the bit is set, 0 otherwise. +\&\fBBN_is_bit_set()\fR returns 1 if the bit is set, 0 otherwise. .PP All other functions return 1 for success, 0 on error. The error codes -can be obtained by \fIERR_get_error\fR\|(3). +can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIBN_num_bytes\fR\|(3), \fIBN_add\fR\|(3) +\&\fBBN_num_bytes\fR\|(3), \fBBN_add\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/BN_swap.3 b/secure/lib/libcrypto/man/BN_swap.3 index 04fed56410b5..4adf66813bd3 100644 --- a/secure/lib/libcrypto/man/BN_swap.3 +++ b/secure/lib/libcrypto/man/BN_swap.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_SWAP 3" -.TH BN_SWAP 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BN_SWAP 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,10 +149,10 @@ BN_swap \- exchange BIGNUMs .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBN_swap()\fR exchanges the values of \fIa\fR and \fIb\fR. +\&\fBBN_swap()\fR exchanges the values of \fIa\fR and \fIb\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBN_swap()\fR does not return a value. +\&\fBBN_swap()\fR does not return a value. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/BN_zero.3 b/secure/lib/libcrypto/man/BN_zero.3 index 0a07d8b50e85..a592b748a7b3 100644 --- a/secure/lib/libcrypto/man/BN_zero.3 +++ b/secure/lib/libcrypto/man/BN_zero.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_ZERO 3" -.TH BN_ZERO 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BN_ZERO 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -154,34 +158,34 @@ BN_zero, BN_one, BN_value_one, BN_set_word, BN_get_word \- BIGNUM assignment ope \&\fB\s-1BN_ULONG\s0\fR is a macro that will be an unsigned integral type optimized for the most efficient implementation on the local platform. .PP -\&\fIBN_zero()\fR, \fIBN_one()\fR and \fIBN_set_word()\fR set \fBa\fR to the values 0, 1 and -\&\fBw\fR respectively. \fIBN_zero()\fR and \fIBN_one()\fR are macros. +\&\fBBN_zero()\fR, \fBBN_one()\fR and \fBBN_set_word()\fR set \fBa\fR to the values 0, 1 and +\&\fBw\fR respectively. \fBBN_zero()\fR and \fBBN_one()\fR are macros. .PP -\&\fIBN_value_one()\fR returns a \fB\s-1BIGNUM\s0\fR constant of value 1. This constant +\&\fBBN_value_one()\fR returns a \fB\s-1BIGNUM\s0\fR constant of value 1. This constant is useful for use in comparisons and assignment. .PP -\&\fIBN_get_word()\fR returns \fBa\fR, if it can be represented as a \fB\s-1BN_ULONG\s0\fR. +\&\fBBN_get_word()\fR returns \fBa\fR, if it can be represented as a \fB\s-1BN_ULONG\s0\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBN_get_word()\fR returns the value \fBa\fR, or all-bits-set if \fBa\fR cannot +\&\fBBN_get_word()\fR returns the value \fBa\fR, or all-bits-set if \fBa\fR cannot be represented as a single integer. .PP -\&\fIBN_one()\fR and \fIBN_set_word()\fR return 1 on success, 0 otherwise. -\&\fIBN_value_one()\fR returns the constant. -\&\fIBN_zero()\fR never fails and returns no value. +\&\fBBN_one()\fR and \fBBN_set_word()\fR return 1 on success, 0 otherwise. +\&\fBBN_value_one()\fR returns the constant. +\&\fBBN_zero()\fR never fails and returns no value. .SH "BUGS" .IX Header "BUGS" If a \fB\s-1BIGNUM\s0\fR is equal to the value of all-bits-set, it will collide -with the error condition returned by \fIBN_get_word()\fR which uses that +with the error condition returned by \fBBN_get_word()\fR which uses that as an error value. .PP \&\fB\s-1BN_ULONG\s0\fR should probably be a typedef. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIBN_bn2bin\fR\|(3) +\&\fBBN_bn2bin\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -In OpenSSL 0.9.8, \fIBN_zero()\fR was changed to not return a value; previous +In OpenSSL 0.9.8, \fBBN_zero()\fR was changed to not return a value; previous versions returned an int. .SH "COPYRIGHT" .IX Header "COPYRIGHT" diff --git a/secure/lib/libcrypto/man/BUF_MEM_new.3 b/secure/lib/libcrypto/man/BUF_MEM_new.3 index b9016c9e3586..9c6b59ce0dac 100644 --- a/secure/lib/libcrypto/man/BUF_MEM_new.3 +++ b/secure/lib/libcrypto/man/BUF_MEM_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BUF_MEM_NEW 3" -.TH BUF_MEM_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH BUF_MEM_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -157,39 +161,39 @@ BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow, BUF_MEM_grow_clean, BUF The buffer library handles simple character arrays. Buffers are used for various purposes in the library, most notably memory BIOs. .PP -\&\fIBUF_MEM_new()\fR allocates a new buffer of zero size. +\&\fBBUF_MEM_new()\fR allocates a new buffer of zero size. .PP -\&\fIBUF_MEM_new_ex()\fR allocates a buffer with the specified flags. +\&\fBBUF_MEM_new_ex()\fR allocates a buffer with the specified flags. The flag \fB\s-1BUF_MEM_FLAG_SECURE\s0\fR specifies that the \fBdata\fR pointer -should be allocated on the secure heap; see \fICRYPTO_secure_malloc\fR\|(3). +should be allocated on the secure heap; see \fBCRYPTO_secure_malloc\fR\|(3). .PP -\&\fIBUF_MEM_free()\fR frees up an already existing buffer. The data is zeroed +\&\fBBUF_MEM_free()\fR frees up an already existing buffer. The data is zeroed before freeing up in case the buffer contains sensitive data. .PP -\&\fIBUF_MEM_grow()\fR changes the size of an already existing buffer to +\&\fBBUF_MEM_grow()\fR changes the size of an already existing buffer to \&\fBlen\fR. Any data already in the buffer is preserved if it increases in size. .PP -\&\fIBUF_MEM_grow_clean()\fR is similar to \fIBUF_MEM_grow()\fR but it sets any free'd +\&\fBBUF_MEM_grow_clean()\fR is similar to \fBBUF_MEM_grow()\fR but it sets any free'd or additionally-allocated memory to zero. .PP -\&\fIBUF_reverse()\fR reverses \fBsize\fR bytes at \fBin\fR into \fBout\fR. If \fBin\fR +\&\fBBUF_reverse()\fR reverses \fBsize\fR bytes at \fBin\fR into \fBout\fR. If \fBin\fR is \s-1NULL,\s0 the array is reversed in-place. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBUF_MEM_new()\fR returns the buffer or \s-1NULL\s0 on error. +\&\fBBUF_MEM_new()\fR returns the buffer or \s-1NULL\s0 on error. .PP -\&\fIBUF_MEM_free()\fR has no return value. +\&\fBBUF_MEM_free()\fR has no return value. .PP -\&\fIBUF_MEM_grow()\fR and \fIBUF_MEM_grow_clean()\fR return +\&\fBBUF_MEM_grow()\fR and \fBBUF_MEM_grow_clean()\fR return zero on error or the new size (i.e., \fBlen\fR). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIbio\fR\|(7), -\&\fICRYPTO_secure_malloc\fR\|(3). +\&\fBbio\fR\|(7), +\&\fBCRYPTO_secure_malloc\fR\|(3). .SH "HISTORY" .IX Header "HISTORY" -\&\fIBUF_MEM_new_ex()\fR was added in OpenSSL 1.1.0. +The \fBBUF_MEM_new_ex()\fR function was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/CMS_add0_cert.3 b/secure/lib/libcrypto/man/CMS_add0_cert.3 index 18210d30aad8..810ad33f7ffc 100644 --- a/secure/lib/libcrypto/man/CMS_add0_cert.3 +++ b/secure/lib/libcrypto/man/CMS_add0_cert.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_ADD0_CERT 3" -.TH CMS_ADD0_CERT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH CMS_ADD0_CERT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,12 +155,12 @@ CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_add1_crl, CMS_ge .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fICMS_add0_cert()\fR and \fICMS_add1_cert()\fR add certificate \fBcert\fR to \fBcms\fR. +\&\fBCMS_add0_cert()\fR and \fBCMS_add1_cert()\fR add certificate \fBcert\fR to \fBcms\fR. must be of type signed data or enveloped data. .PP -\&\fICMS_get1_certs()\fR returns all certificates in \fBcms\fR. +\&\fBCMS_get1_certs()\fR returns all certificates in \fBcms\fR. .PP -\&\fICMS_add0_crl()\fR and \fICMS_add1_crl()\fR add \s-1CRL\s0 \fBcrl\fR to \fBcms\fR. \fICMS_get1_crls()\fR +\&\fBCMS_add0_crl()\fR and \fBCMS_add1_crl()\fR add \s-1CRL\s0 \fBcrl\fR to \fBcms\fR. \fBCMS_get1_crls()\fR returns any CRLs in \fBcms\fR. .SH "NOTES" .IX Header "NOTES" @@ -167,25 +171,25 @@ For signed data certificates and CRLs are added to the \fBcertificates\fR and \&\fBcrls\fR fields of SignedData structure. For enveloped data they are added to \&\fBOriginatorInfo\fR. .PP -As the \fB0\fR implies \fICMS_add0_cert()\fR adds \fBcert\fR internally to \fBcms\fR and it -must not be freed up after the call as opposed to \fICMS_add1_cert()\fR where \fBcert\fR +As the \fB0\fR implies \fBCMS_add0_cert()\fR adds \fBcert\fR internally to \fBcms\fR and it +must not be freed up after the call as opposed to \fBCMS_add1_cert()\fR where \fBcert\fR must be freed up. .PP The same certificate or \s-1CRL\s0 must not be added to the same cms structure more than once. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICMS_add0_cert()\fR, \fICMS_add1_cert()\fR and \fICMS_add0_crl()\fR and \fICMS_add1_crl()\fR return +\&\fBCMS_add0_cert()\fR, \fBCMS_add1_cert()\fR and \fBCMS_add0_crl()\fR and \fBCMS_add1_crl()\fR return 1 for success and 0 for failure. .PP -\&\fICMS_get1_certs()\fR and \fICMS_get1_crls()\fR return the \s-1STACK\s0 of certificates or CRLs +\&\fBCMS_get1_certs()\fR and \fBCMS_get1_crls()\fR return the \s-1STACK\s0 of certificates or CRLs or \s-1NULL\s0 if there are none or an error occurs. The only error which will occur in practice is if the \fBcms\fR type is invalid. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), -\&\fICMS_sign\fR\|(3), -\&\fICMS_encrypt\fR\|(3) +\&\fBERR_get_error\fR\|(3), +\&\fBCMS_sign\fR\|(3), +\&\fBCMS_encrypt\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 b/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 index 3007120e83df..7d68d3c48956 100644 --- a/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 +++ b/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_ADD1_RECIPIENT_CERT 3" -.TH CMS_ADD1_RECIPIENT_CERT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH CMS_ADD1_RECIPIENT_CERT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,20 +157,20 @@ CMS_add1_recipient_cert, CMS_add0_recipient_key \- add recipients to a CMS envel .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fICMS_add1_recipient_cert()\fR adds recipient \fBrecip\fR to CMS_ContentInfo enveloped +\&\fBCMS_add1_recipient_cert()\fR adds recipient \fBrecip\fR to CMS_ContentInfo enveloped data structure \fBcms\fR as a KeyTransRecipientInfo structure. .PP -\&\fICMS_add0_recipient_key()\fR adds symmetric key \fBkey\fR of length \fBkeylen\fR using +\&\fBCMS_add0_recipient_key()\fR adds symmetric key \fBkey\fR of length \fBkeylen\fR using wrapping algorithm \fBnid\fR, identifier \fBid\fR of length \fBidlen\fR and optional values \fBdate\fR, \fBotherTypeId\fR and \fBotherType\fR to CMS_ContentInfo enveloped data structure \fBcms\fR as a KEKRecipientInfo structure. .PP The CMS_ContentInfo structure should be obtained from an initial call to -\&\fICMS_encrypt()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set. +\&\fBCMS_encrypt()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set. .SH "NOTES" .IX Header "NOTES" The main purpose of this function is to provide finer control over a \s-1CMS\s0 -enveloped data structure where the simpler \fICMS_encrypt()\fR function defaults are +enveloped data structure where the simpler \fBCMS_encrypt()\fR function defaults are not appropriate. For example if one or more KEKRecipientInfo structures need to be added. New attributes can also be added using the returned CMS_RecipientInfo structure and the \s-1CMS\s0 attribute utility functions. @@ -182,13 +186,13 @@ If \fBnid\fR is set to \fBNID_undef\fR then an \s-1AES\s0 wrap algorithm will be consistent with \fBkeylen\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICMS_add1_recipient_cert()\fR and \fICMS_add0_recipient_key()\fR return an internal +\&\fBCMS_add1_recipient_cert()\fR and \fBCMS_add0_recipient_key()\fR return an internal pointer to the CMS_RecipientInfo structure just added or \s-1NULL\s0 if an error occurs. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fICMS_decrypt\fR\|(3), -\&\fICMS_final\fR\|(3), +\&\fBERR_get_error\fR\|(3), \fBCMS_decrypt\fR\|(3), +\&\fBCMS_final\fR\|(3), .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/CMS_add1_signer.3 b/secure/lib/libcrypto/man/CMS_add1_signer.3 index 513f8233ba35..e651e222d291 100644 --- a/secure/lib/libcrypto/man/CMS_add1_signer.3 +++ b/secure/lib/libcrypto/man/CMS_add1_signer.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_ADD1_SIGNER 3" -.TH CMS_ADD1_SIGNER 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH CMS_ADD1_SIGNER 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,12 +153,12 @@ CMS_add1_signer, CMS_SignerInfo_sign \- add a signer to a CMS_ContentInfo signed .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fICMS_add1_signer()\fR adds a signer with certificate \fBsigncert\fR and private +\&\fBCMS_add1_signer()\fR adds a signer with certificate \fBsigncert\fR and private key \fBpkey\fR using message digest \fBmd\fR to CMS_ContentInfo SignedData structure \fBcms\fR. .PP The CMS_ContentInfo structure should be obtained from an initial call to -\&\fICMS_sign()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set or in the case or re-signing a +\&\fBCMS_sign()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set or in the case or re-signing a valid CMS_ContentInfo SignedData structure. .PP If the \fBmd\fR parameter is \fB\s-1NULL\s0\fR then the default digest for the public @@ -162,15 +166,15 @@ key algorithm will be used. .PP Unless the \fB\s-1CMS_REUSE_DIGEST\s0\fR flag is set the returned CMS_ContentInfo structure is not complete and must be finalized either by streaming (if -applicable) or a call to \fICMS_final()\fR. +applicable) or a call to \fBCMS_final()\fR. .PP -The \fICMS_SignerInfo_sign()\fR function will explicitly sign a CMS_SignerInfo +The \fBCMS_SignerInfo_sign()\fR function will explicitly sign a CMS_SignerInfo structure, its main use is when \fB\s-1CMS_REUSE_DIGEST\s0\fR and \fB\s-1CMS_PARTIAL\s0\fR flags are both set. .SH "NOTES" .IX Header "NOTES" -The main purpose of \fICMS_add1_signer()\fR is to provide finer control -over a \s-1CMS\s0 signed data structure where the simpler \fICMS_sign()\fR function defaults +The main purpose of \fBCMS_add1_signer()\fR is to provide finer control +over a \s-1CMS\s0 signed data structure where the simpler \fBCMS_sign()\fR function defaults are not appropriate. For example if multiple signers or non default digest algorithms are needed. New attributes can also be added using the returned CMS_SignerInfo structure and the \s-1CMS\s0 attribute utility functions or the @@ -187,7 +191,7 @@ flag is set. .PP If \fB\s-1CMS_PARTIAL\s0\fR is set in addition to \fB\s-1CMS_REUSE_DIGEST\s0\fR then the CMS_SignerInfo structure will not be finalized so additional attributes -can be added. In this case an explicit call to \fICMS_SignerInfo_sign()\fR is +can be added. In this case an explicit call to \fBCMS_SignerInfo_sign()\fR is needed to finalize it. .PP If \fB\s-1CMS_NOCERTS\s0\fR is set the signer's certificate will not be included in the @@ -213,17 +217,17 @@ bit \s-1AES, 128\s0 bit \s-1AES,\s0 triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bi If any of these algorithms is not available then it will not be included: for example the \s-1GOST\s0 algorithms will not be included if the \s-1GOST ENGINE\s0 is not loaded. .PP -\&\fICMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo +\&\fBCMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo structure just added, this can be used to set additional attributes before it is finalized. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo +\&\fBCMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo structure just added or \s-1NULL\s0 if an error occurs. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), -\&\fICMS_final\fR\|(3), +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_final\fR\|(3), .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2014\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/CMS_compress.3 b/secure/lib/libcrypto/man/CMS_compress.3 index 86a03c0e4d37..c895e59cf626 100644 --- a/secure/lib/libcrypto/man/CMS_compress.3 +++ b/secure/lib/libcrypto/man/CMS_compress.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_COMPRESS 3" -.TH CMS_COMPRESS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH CMS_COMPRESS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,7 +149,7 @@ CMS_compress \- create a CMS CompressedData structure .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fICMS_compress()\fR creates and returns a \s-1CMS\s0 CompressedData structure. \fBcomp_nid\fR +\&\fBCMS_compress()\fR creates and returns a \s-1CMS\s0 CompressedData structure. \fBcomp_nid\fR is the compression algorithm to use or \fBNID_undef\fR to use the default algorithm (zlib compression). \fBin\fR is the content to be compressed. \&\fBflags\fR is an optional set of flags. @@ -154,7 +158,7 @@ algorithm (zlib compression). \fBin\fR is the content to be compressed. The only currently supported compression algorithm is zlib using the \s-1NID\s0 NID_zlib_compression. .PP -If zlib support is not compiled into OpenSSL then \fICMS_compress()\fR will return +If zlib support is not compiled into OpenSSL then \fBCMS_compress()\fR will return an error. .PP If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are @@ -171,7 +175,7 @@ returned suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\f .PP The compressed data is included in the CMS_ContentInfo structure, unless \&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is rarely used in -practice and is not supported by \fISMIME_write_CMS()\fR. +practice and is not supported by \fBSMIME_write_CMS()\fR. .SH "NOTES" .IX Header "NOTES" If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is @@ -179,20 +183,20 @@ If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR st properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable results. .PP -Several functions including \fISMIME_write_CMS()\fR, \fIi2d_CMS_bio_stream()\fR, -\&\fIPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization +Several functions including \fBSMIME_write_CMS()\fR, \fBi2d_CMS_bio_stream()\fR, +\&\fBPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using -\&\fIBIO_new_CMS()\fR. +\&\fBBIO_new_CMS()\fR. .PP Additional compression parameters such as the zlib compression level cannot currently be set. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICMS_compress()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error -occurred. The error can be obtained from \fIERR_get_error\fR\|(3). +\&\fBCMS_compress()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fICMS_uncompress\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBCMS_uncompress\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fB\s-1CMS_STREAM\s0\fR flag was added in OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/CMS_decrypt.3 b/secure/lib/libcrypto/man/CMS_decrypt.3 index 97f0c97948ac..67856b18a184 100644 --- a/secure/lib/libcrypto/man/CMS_decrypt.3 +++ b/secure/lib/libcrypto/man/CMS_decrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_DECRYPT 3" -.TH CMS_DECRYPT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH CMS_DECRYPT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,7 +150,7 @@ CMS_decrypt \- decrypt content from a CMS envelopedData structure .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fICMS_decrypt()\fR extracts and decrypts the content from a \s-1CMS\s0 EnvelopedData +\&\fBCMS_decrypt()\fR extracts and decrypts the content from a \s-1CMS\s0 EnvelopedData structure. \fBpkey\fR is the private key of the recipient, \fBcert\fR is the recipient's certificate, \fBout\fR is a \s-1BIO\s0 to write the content to and \&\fBflags\fR is an optional set of flags. @@ -164,7 +168,7 @@ is problematic. To thwart the \s-1MMA\s0 attack (Bleichenbacher's attack on \&\s-1PKCS\s0 #1 v1.5 \s-1RSA\s0 padding) all recipients are tried whether they succeed or not. If no recipient succeeds then a random symmetric key is used to decrypt the content: this will typically output garbage and may (but is not guaranteed -to) ultimately return a padding error only. If \fICMS_decrypt()\fR just returned an +to) ultimately return a padding error only. If \fBCMS_decrypt()\fR just returned an error when all recipient encrypted keys failed to decrypt an attacker could use this in a timing attack. If the special flag \fB\s-1CMS_DEBUG_DECRYPT\s0\fR is set then the above behaviour is modified and an error \fBis\fR returned if no @@ -175,11 +179,11 @@ open to attack. .PP It is possible to determine the correct recipient key by other means (for example looking them up in a database) and setting them in the \s-1CMS\s0 structure -in advance using the \s-1CMS\s0 utility functions such as \fICMS_set1_pkey()\fR. In this +in advance using the \s-1CMS\s0 utility functions such as \fBCMS_set1_pkey()\fR. In this case both \fBcert\fR and \fBpkey\fR should be set to \s-1NULL.\s0 .PP -To process KEKRecipientInfo types \fICMS_set1_key()\fR or \fICMS_RecipientInfo_set0_key()\fR -and \fICMS_RecipientInfo_decrypt()\fR should be called before \fICMS_decrypt()\fR and +To process KEKRecipientInfo types \fBCMS_set1_key()\fR or \fBCMS_RecipientInfo_set0_key()\fR +and \fBCMS_RecipientInfo_decrypt()\fR should be called before \fBCMS_decrypt()\fR and \&\fBcert\fR and \fBpkey\fR set to \s-1NULL.\s0 .PP The following flags can be passed in the \fBflags\fR parameter. @@ -189,15 +193,15 @@ from the content. If the content is not of type \fBtext/plain\fR then an error i returned. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICMS_decrypt()\fR returns either 1 for success or 0 for failure. -The error can be obtained from \fIERR_get_error\fR\|(3) +\&\fBCMS_decrypt()\fR returns either 1 for success or 0 for failure. +The error can be obtained from \fBERR_get_error\fR\|(3) .SH "BUGS" .IX Header "BUGS" The lack of single pass processing and the need to hold all data in memory as -mentioned in \fICMS_verify()\fR also applies to \fICMS_decrypt()\fR. +mentioned in \fBCMS_verify()\fR also applies to \fBCMS_decrypt()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fICMS_encrypt\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBCMS_encrypt\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/CMS_encrypt.3 b/secure/lib/libcrypto/man/CMS_encrypt.3 index 65c1547f62ab..ba62161af127 100644 --- a/secure/lib/libcrypto/man/CMS_encrypt.3 +++ b/secure/lib/libcrypto/man/CMS_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_ENCRYPT 3" -.TH CMS_ENCRYPT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH CMS_ENCRYPT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,7 +150,7 @@ CMS_encrypt \- create a CMS envelopedData structure .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fICMS_encrypt()\fR creates and returns a \s-1CMS\s0 EnvelopedData structure. \fBcerts\fR +\&\fBCMS_encrypt()\fR creates and returns a \s-1CMS\s0 EnvelopedData structure. \fBcerts\fR is a list of recipient certificates. \fBin\fR is the content to be encrypted. \&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags. .SH "NOTES" @@ -154,7 +158,7 @@ is a list of recipient certificates. \fBin\fR is the content to be encrypted. Only certificates carrying \s-1RSA,\s0 Diffie-Hellman or \s-1EC\s0 keys are supported by this function. .PP -\&\fIEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use +\&\fBEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use because most clients will support it. .PP The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of @@ -163,7 +167,7 @@ its parameters. Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME envelopedData containing an S/MIME signed message. This can be readily produced by storing the S/MIME signed message in a memory \s-1BIO\s0 and passing it to -\&\fICMS_encrypt()\fR. +\&\fBCMS_encrypt()\fR. .PP The following flags can be passed in the \fBflags\fR parameter. .PP @@ -190,7 +194,7 @@ finalization. .PP The data being encrypted is included in the CMS_ContentInfo structure, unless \&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is rarely used in -practice and is not supported by \fISMIME_write_CMS()\fR. +practice and is not supported by \fBSMIME_write_CMS()\fR. .SH "NOTES" .IX Header "NOTES" If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is @@ -198,24 +202,24 @@ If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR st properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable results. .PP -Several functions including \fISMIME_write_CMS()\fR, \fIi2d_CMS_bio_stream()\fR, -\&\fIPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization +Several functions including \fBSMIME_write_CMS()\fR, \fBi2d_CMS_bio_stream()\fR, +\&\fBPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using -\&\fIBIO_new_CMS()\fR. +\&\fBBIO_new_CMS()\fR. .PP The recipients specified in \fBcerts\fR use a \s-1CMS\s0 KeyTransRecipientInfo info structure. KEKRecipientInfo is also supported using the flag \fB\s-1CMS_PARTIAL\s0\fR -and \fICMS_add0_recipient_key()\fR. +and \fBCMS_add0_recipient_key()\fR. .PP The parameter \fBcerts\fR may be \s-1NULL\s0 if \fB\s-1CMS_PARTIAL\s0\fR is set and recipients -added later using \fICMS_add1_recipient_cert()\fR or \fICMS_add0_recipient_key()\fR. +added later using \fBCMS_add1_recipient_cert()\fR or \fBCMS_add0_recipient_key()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICMS_encrypt()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error -occurred. The error can be obtained from \fIERR_get_error\fR\|(3). +\&\fBCMS_encrypt()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fICMS_decrypt\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBCMS_decrypt\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fB\s-1CMS_STREAM\s0\fR flag was first supported in OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/CMS_final.3 b/secure/lib/libcrypto/man/CMS_final.3 index 28e3db23eb41..9aa9f0ba695c 100644 --- a/secure/lib/libcrypto/man/CMS_final.3 +++ b/secure/lib/libcrypto/man/CMS_final.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_FINAL 3" -.TH CMS_FINAL 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH CMS_FINAL 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,7 +149,7 @@ CMS_final \- finalise a CMS_ContentInfo structure .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fICMS_final()\fR finalises the structure \fBcms\fR. It's purpose is to perform any +\&\fBCMS_final()\fR finalises the structure \fBcms\fR. It's purpose is to perform any operations necessary on \fBcms\fR (digest computation for example) and set the appropriate fields. The parameter \fBdata\fR contains the content to be processed. The \fBdcont\fR parameter contains a \s-1BIO\s0 to write content to after @@ -158,11 +162,11 @@ should only be used when streaming is not performed because the streaming I/O functions perform finalisation operations internally. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICMS_final()\fR returns 1 for success or 0 for failure. +\&\fBCMS_final()\fR returns 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), -\&\fICMS_encrypt\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_encrypt\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 b/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 index 24cfdf9796ac..580e7d43e8ae 100644 --- a/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 +++ b/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_GET0_RECIPIENTINFOS 3" -.TH CMS_GET0_RECIPIENTINFOS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH CMS_GET0_RECIPIENTINFOS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -166,27 +170,27 @@ CMS_get0_RecipientInfos, CMS_RecipientInfo_type, CMS_RecipientInfo_ktri_get0_sig .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The function \fICMS_get0_RecipientInfos()\fR returns all the CMS_RecipientInfo +The function \fBCMS_get0_RecipientInfos()\fR returns all the CMS_RecipientInfo structures associated with a \s-1CMS\s0 EnvelopedData structure. .PP -\&\fICMS_RecipientInfo_type()\fR returns the type of CMS_RecipientInfo structure \fBri\fR. +\&\fBCMS_RecipientInfo_type()\fR returns the type of CMS_RecipientInfo structure \fBri\fR. It will currently return \s-1CMS_RECIPINFO_TRANS, CMS_RECIPINFO_AGREE, CMS_RECIPINFO_KEK, CMS_RECIPINFO_PASS,\s0 or \s-1CMS_RECIPINFO_OTHER.\s0 .PP -\&\fICMS_RecipientInfo_ktri_get0_signer_id()\fR retrieves the certificate recipient +\&\fBCMS_RecipientInfo_ktri_get0_signer_id()\fR retrieves the certificate recipient identifier associated with a specific CMS_RecipientInfo structure \fBri\fR, which must be of type \s-1CMS_RECIPINFO_TRANS.\s0 Either the keyidentifier will be set in \&\fBkeyid\fR or \fBboth\fR issuer name and serial number in \fBissuer\fR and \fBsno\fR. .PP -\&\fICMS_RecipientInfo_ktri_cert_cmp()\fR compares the certificate \fBcert\fR against the +\&\fBCMS_RecipientInfo_ktri_cert_cmp()\fR compares the certificate \fBcert\fR against the CMS_RecipientInfo structure \fBri\fR, which must be of type \s-1CMS_RECIPINFO_TRANS.\s0 It returns zero if the comparison is successful and non zero if not. .PP -\&\fICMS_RecipientInfo_set0_pkey()\fR associates the private key \fBpkey\fR with +\&\fBCMS_RecipientInfo_set0_pkey()\fR associates the private key \fBpkey\fR with the CMS_RecipientInfo structure \fBri\fR, which must be of type \&\s-1CMS_RECIPINFO_TRANS.\s0 .PP -\&\fICMS_RecipientInfo_kekri_get0_id()\fR retrieves the key information from the +\&\fBCMS_RecipientInfo_kekri_get0_id()\fR retrieves the key information from the CMS_RecipientInfo structure \fBri\fR which must be of type \s-1CMS_RECIPINFO_KEK.\s0 Any of the remaining parameters can be \s-1NULL\s0 if the application is not interested in the value of a field. Where a field is optional and absent \s-1NULL\s0 will be written @@ -196,61 +200,61 @@ present is written to \fBpdate\fR, if the \fBother\fR field is present the compo \&\fBkeyAttrId\fR and \fBkeyAttr\fR are written to parameters \fBpotherid\fR and \&\fBpothertype\fR. .PP -\&\fICMS_RecipientInfo_kekri_id_cmp()\fR compares the \s-1ID\s0 in the \fBid\fR and \fBidlen\fR +\&\fBCMS_RecipientInfo_kekri_id_cmp()\fR compares the \s-1ID\s0 in the \fBid\fR and \fBidlen\fR parameters against the \fBkeyIdentifier\fR CMS_RecipientInfo structure \fBri\fR, which must be of type \s-1CMS_RECIPINFO_KEK.\s0 It returns zero if the comparison is successful and non zero if not. .PP -\&\fICMS_RecipientInfo_set0_key()\fR associates the symmetric key \fBkey\fR of length +\&\fBCMS_RecipientInfo_set0_key()\fR associates the symmetric key \fBkey\fR of length \&\fBkeylen\fR with the CMS_RecipientInfo structure \fBri\fR, which must be of type \&\s-1CMS_RECIPINFO_KEK.\s0 .PP -\&\fICMS_RecipientInfo_decrypt()\fR attempts to decrypt CMS_RecipientInfo structure +\&\fBCMS_RecipientInfo_decrypt()\fR attempts to decrypt CMS_RecipientInfo structure \&\fBri\fR in structure \fBcms\fR. A key must have been associated with the structure first. .PP -\&\fICMS_RecipientInfo_encrypt()\fR attempts to encrypt CMS_RecipientInfo structure +\&\fBCMS_RecipientInfo_encrypt()\fR attempts to encrypt CMS_RecipientInfo structure \&\fBri\fR in structure \fBcms\fR. A key must have been associated with the structure first and the content encryption key must be available: for example by a -previous call to \fICMS_RecipientInfo_decrypt()\fR. +previous call to \fBCMS_RecipientInfo_decrypt()\fR. .SH "NOTES" .IX Header "NOTES" The main purpose of these functions is to enable an application to lookup recipient keys using any appropriate technique when the simpler method -of \fICMS_decrypt()\fR is not appropriate. +of \fBCMS_decrypt()\fR is not appropriate. .PP In typical usage and application will retrieve all CMS_RecipientInfo structures -using \fICMS_get0_RecipientInfos()\fR and check the type of each using -\&\fICMS_RecipientInfo_type()\fR. Depending on the type the CMS_RecipientInfo structure +using \fBCMS_get0_RecipientInfos()\fR and check the type of each using +\&\fBCMS_RecipientInfo_type()\fR. Depending on the type the CMS_RecipientInfo structure can be ignored or its key identifier data retrieved using an appropriate function. Then if the corresponding secret or private key can be obtained by any appropriate means it can then associated with the structure and -\&\fICMS_RecipientInfo_decrypt()\fR called. If successful \fICMS_decrypt()\fR can be called +\&\fBCMS_RecipientInfo_decrypt()\fR called. If successful \fBCMS_decrypt()\fR can be called with a \s-1NULL\s0 key to decrypt the enveloped content. .PP -The \fICMS_RecipientInfo_encrypt()\fR can be used to add a new recipient to an +The \fBCMS_RecipientInfo_encrypt()\fR can be used to add a new recipient to an existing enveloped data structure. Typically an application will first decrypt an appropriate CMS_RecipientInfo structure to make the content encrypt key available, it will then add a new recipient using a function such as -\&\fICMS_add1_recipient_cert()\fR and finally encrypt the content encryption key -using \fICMS_RecipientInfo_encrypt()\fR. +\&\fBCMS_add1_recipient_cert()\fR and finally encrypt the content encryption key +using \fBCMS_RecipientInfo_encrypt()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICMS_get0_RecipientInfos()\fR returns all CMS_RecipientInfo structures, or \s-1NULL\s0 if +\&\fBCMS_get0_RecipientInfos()\fR returns all CMS_RecipientInfo structures, or \s-1NULL\s0 if an error occurs. .PP -\&\fICMS_RecipientInfo_ktri_get0_signer_id()\fR, \fICMS_RecipientInfo_set0_pkey()\fR, -\&\fICMS_RecipientInfo_kekri_get0_id()\fR, \fICMS_RecipientInfo_set0_key()\fR and -\&\fICMS_RecipientInfo_decrypt()\fR return 1 for success or 0 if an error occurs. -\&\fICMS_RecipientInfo_encrypt()\fR return 1 for success or 0 if an error occurs. +\&\fBCMS_RecipientInfo_ktri_get0_signer_id()\fR, \fBCMS_RecipientInfo_set0_pkey()\fR, +\&\fBCMS_RecipientInfo_kekri_get0_id()\fR, \fBCMS_RecipientInfo_set0_key()\fR and +\&\fBCMS_RecipientInfo_decrypt()\fR return 1 for success or 0 if an error occurs. +\&\fBCMS_RecipientInfo_encrypt()\fR return 1 for success or 0 if an error occurs. .PP -\&\fICMS_RecipientInfo_ktri_cert_cmp()\fR and \fICMS_RecipientInfo_kekri_cmp()\fR return 0 +\&\fBCMS_RecipientInfo_ktri_cert_cmp()\fR and \fBCMS_RecipientInfo_kekri_cmp()\fR return 0 for a successful comparison and non zero otherwise. .PP -Any error can be obtained from \fIERR_get_error\fR\|(3). +Any error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fICMS_decrypt\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBCMS_decrypt\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 b/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 index db2a6123dcfb..99e65095d05c 100644 --- a/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 +++ b/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_GET0_SIGNERINFOS 3" -.TH CMS_GET0_SIGNERINFOS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH CMS_GET0_SIGNERINFOS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,59 +155,59 @@ CMS_SignerInfo_set1_signer_cert, CMS_get0_SignerInfos, CMS_SignerInfo_get0_signe .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The function \fICMS_get0_SignerInfos()\fR returns all the CMS_SignerInfo structures +The function \fBCMS_get0_SignerInfos()\fR returns all the CMS_SignerInfo structures associated with a \s-1CMS\s0 signedData structure. .PP -\&\fICMS_SignerInfo_get0_signer_id()\fR retrieves the certificate signer identifier +\&\fBCMS_SignerInfo_get0_signer_id()\fR retrieves the certificate signer identifier associated with a specific CMS_SignerInfo structure \fBsi\fR. Either the keyidentifier will be set in \fBkeyid\fR or \fBboth\fR issuer name and serial number in \fBissuer\fR and \fBsno\fR. .PP -\&\fICMS_SignerInfo_get0_signature()\fR retrieves the signature associated with +\&\fBCMS_SignerInfo_get0_signature()\fR retrieves the signature associated with \&\fBsi\fR in a pointer to an \s-1ASN1_OCTET_STRING\s0 structure. This pointer returned corresponds to the internal signature value if \fBsi\fR so it may be read or modified. .PP -\&\fICMS_SignerInfo_cert_cmp()\fR compares the certificate \fBcert\fR against the signer +\&\fBCMS_SignerInfo_cert_cmp()\fR compares the certificate \fBcert\fR against the signer identifier \fBsi\fR. It returns zero if the comparison is successful and non zero if not. .PP -\&\fICMS_SignerInfo_set1_signer_cert()\fR sets the signers certificate of \fBsi\fR to +\&\fBCMS_SignerInfo_set1_signer_cert()\fR sets the signers certificate of \fBsi\fR to \&\fBsigner\fR. .SH "NOTES" .IX Header "NOTES" The main purpose of these functions is to enable an application to lookup signers certificates using any appropriate technique when the simpler method -of \fICMS_verify()\fR is not appropriate. +of \fBCMS_verify()\fR is not appropriate. .PP In typical usage and application will retrieve all CMS_SignerInfo structures -using \fICMS_get0_SignerInfo()\fR and retrieve the identifier information using +using \fBCMS_get0_SignerInfo()\fR and retrieve the identifier information using \&\s-1CMS.\s0 It will then obtain the signer certificate by some unspecified means (or return and error if it cannot be found) and set it using -\&\fICMS_SignerInfo_set1_signer_cert()\fR. +\&\fBCMS_SignerInfo_set1_signer_cert()\fR. .PP -Once all signer certificates have been set \fICMS_verify()\fR can be used. +Once all signer certificates have been set \fBCMS_verify()\fR can be used. .PP -Although \fICMS_get0_SignerInfos()\fR can return \s-1NULL\s0 if an error occurs \fBor\fR if +Although \fBCMS_get0_SignerInfos()\fR can return \s-1NULL\s0 if an error occurs \fBor\fR if there are no signers this is not a problem in practice because the only error which can occur is if the \fBcms\fR structure is not of type signedData due to application error. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICMS_get0_SignerInfos()\fR returns all CMS_SignerInfo structures, or \s-1NULL\s0 there +\&\fBCMS_get0_SignerInfos()\fR returns all CMS_SignerInfo structures, or \s-1NULL\s0 there are no signers or an error occurs. .PP -\&\fICMS_SignerInfo_get0_signer_id()\fR returns 1 for success and 0 for failure. +\&\fBCMS_SignerInfo_get0_signer_id()\fR returns 1 for success and 0 for failure. .PP -\&\fICMS_SignerInfo_cert_cmp()\fR returns 0 for a successful comparison and non +\&\fBCMS_SignerInfo_cert_cmp()\fR returns 0 for a successful comparison and non zero otherwise. .PP -\&\fICMS_SignerInfo_set1_signer_cert()\fR does not return a value. +\&\fBCMS_SignerInfo_set1_signer_cert()\fR does not return a value. .PP -Any error can be obtained from \fIERR_get_error\fR\|(3) +Any error can be obtained from \fBERR_get_error\fR\|(3) .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fICMS_verify\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBCMS_verify\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/CMS_get0_type.3 b/secure/lib/libcrypto/man/CMS_get0_type.3 index 9adeddc37807..71f7de5eccf4 100644 --- a/secure/lib/libcrypto/man/CMS_get0_type.3 +++ b/secure/lib/libcrypto/man/CMS_get0_type.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_GET0_TYPE 3" -.TH CMS_GET0_TYPE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH CMS_GET0_TYPE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,29 +152,30 @@ CMS_get0_type, CMS_set1_eContentType, CMS_get0_eContentType, CMS_get0_content \- .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fICMS_get0_type()\fR returns the content type of a CMS_ContentInfo structure as -and \s-1ASN1_OBJECT\s0 pointer. An application can then decide how to process the +\&\fBCMS_get0_type()\fR returns the content type of a CMS_ContentInfo structure as +an \s-1ASN1_OBJECT\s0 pointer. An application can then decide how to process the CMS_ContentInfo structure based on this value. .PP -\&\fICMS_set1_eContentType()\fR sets the embedded content type of a CMS_ContentInfo -structure. It should be called with \s-1CMS\s0 functions with the \fB\s-1CMS_PARTIAL\s0\fR +\&\fBCMS_set1_eContentType()\fR sets the embedded content type of a CMS_ContentInfo +structure. It should be called with \s-1CMS\s0 functions (such as CMS_sign, CMS_encrypt) +with the \fB\s-1CMS_PARTIAL\s0\fR flag and \fBbefore\fR the structure is finalised, otherwise the results are undefined. .PP -\&\s-1ASN1_OBJECT\s0 *\fICMS_get0_eContentType()\fR returns a pointer to the embedded +\&\s-1ASN1_OBJECT\s0 *\fBCMS_get0_eContentType()\fR returns a pointer to the embedded content type. .PP -\&\fICMS_get0_content()\fR returns a pointer to the \fB\s-1ASN1_OCTET_STRING\s0\fR pointer +\&\fBCMS_get0_content()\fR returns a pointer to the \fB\s-1ASN1_OCTET_STRING\s0\fR pointer containing the embedded content. .SH "NOTES" .IX Header "NOTES" -As the \fB0\fR implies \fICMS_get0_type()\fR, \fICMS_get0_eContentType()\fR and -\&\fICMS_get0_content()\fR return internal pointers which should \fBnot\fR be freed up. -\&\fICMS_set1_eContentType()\fR copies the supplied \s-1OID\s0 and it \fBshould\fR be freed up +As the \fB0\fR implies \fBCMS_get0_type()\fR, \fBCMS_get0_eContentType()\fR and +\&\fBCMS_get0_content()\fR return internal pointers which should \fBnot\fR be freed up. +\&\fBCMS_set1_eContentType()\fR copies the supplied \s-1OID\s0 and it \fBshould\fR be freed up after use. .PP The \fB\s-1ASN1_OBJECT\s0\fR values returned can be converted to an integer \fB\s-1NID\s0\fR value -using \fIOBJ_obj2nid()\fR. For the currently supported content types the following +using \fBOBJ_obj2nid()\fR. For the currently supported content types the following values are returned: .PP .Vb 6 @@ -182,7 +187,7 @@ values are returned: \& NID_pkcs7_enveloped .Ve .PP -The return value of \fICMS_get0_content()\fR is a pointer to the \fB\s-1ASN1_OCTET_STRING\s0\fR +The return value of \fBCMS_get0_content()\fR is a pointer to the \fB\s-1ASN1_OCTET_STRING\s0\fR content pointer. That means that for example: .PP .Vb 1 @@ -195,16 +200,16 @@ using this function. Applications usually will not need to modify the embedded content as it is normally set by higher level functions. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICMS_get0_type()\fR and \fICMS_get0_eContentType()\fR return and \s-1ASN1_OBJECT\s0 structure. +\&\fBCMS_get0_type()\fR and \fBCMS_get0_eContentType()\fR return an \s-1ASN1_OBJECT\s0 structure. .PP -\&\fICMS_set1_eContentType()\fR returns 1 for success or 0 if an error occurred. The -error can be obtained from \fIERR_get_error\fR\|(3). +\&\fBCMS_set1_eContentType()\fR returns 1 for success or 0 if an error occurred. The +error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3) +\&\fBERR_get_error\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 b/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 index 9e8c9788771a..6a9d9659cc5b 100644 --- a/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 +++ b/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_GET1_RECEIPTREQUEST 3" -.TH CMS_GET1_RECEIPTREQUEST 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH CMS_GET1_RECEIPTREQUEST 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -154,7 +158,7 @@ CMS_ReceiptRequest_create0, CMS_add1_ReceiptRequest, CMS_get1_ReceiptRequest, CM .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fICMS_ReceiptRequest_create0()\fR creates a signed receipt request structure. The +\&\fBCMS_ReceiptRequest_create0()\fR creates a signed receipt request structure. The \&\fBsignedContentIdentifier\fR field is set using \fBid\fR and \fBidlen\fR, or it is set to 32 bytes of pseudo random data if \fBid\fR is \s-1NULL.\s0 If \fBreceiptList\fR is \s-1NULL\s0 the allOrFirstTier option in \fBreceiptsFrom\fR is used and set to the value of @@ -162,13 +166,13 @@ the \fBallorfirst\fR parameter. If \fBreceiptList\fR is not \s-1NULL\s0 the \fBr option in \fBreceiptsFrom\fR is used. The \fBreceiptsTo\fR parameter specifies the \&\fBreceiptsTo\fR field value. .PP -The \fICMS_add1_ReceiptRequest()\fR function adds a signed receipt request \fBrr\fR +The \fBCMS_add1_ReceiptRequest()\fR function adds a signed receipt request \fBrr\fR to SignerInfo structure \fBsi\fR. .PP -int \fICMS_get1_ReceiptRequest()\fR looks for a signed receipt request in \fBsi\fR, if +int \fBCMS_get1_ReceiptRequest()\fR looks for a signed receipt request in \fBsi\fR, if any is found it is decoded and written to \fBprr\fR. .PP -\&\fICMS_ReceiptRequest_get0_values()\fR retrieves the values of a receipt request. +\&\fBCMS_ReceiptRequest_get0_values()\fR retrieves the values of a receipt request. The signedContentIdentifier is copied to \fBpcid\fR. If the \fBallOrFirstTier\fR option of \fBreceiptsFrom\fR is used its value is copied to \fBpallorfirst\fR otherwise the \fBreceiptList\fR field is copied to \fBplist\fR. The \fBreceiptsTo\fR @@ -179,22 +183,22 @@ For more details of the meaning of the fields see \s-1RFC2634.\s0 .PP The contents of a signed receipt should only be considered meaningful if the corresponding CMS_ContentInfo structure can be successfully verified using -\&\fICMS_verify()\fR. +\&\fBCMS_verify()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICMS_ReceiptRequest_create0()\fR returns a signed receipt request structure or +\&\fBCMS_ReceiptRequest_create0()\fR returns a signed receipt request structure or \&\s-1NULL\s0 if an error occurred. .PP -\&\fICMS_add1_ReceiptRequest()\fR returns 1 for success or 0 if an error occurred. +\&\fBCMS_add1_ReceiptRequest()\fR returns 1 for success or 0 if an error occurred. .PP -\&\fICMS_get1_ReceiptRequest()\fR returns 1 is a signed receipt request is found and +\&\fBCMS_get1_ReceiptRequest()\fR returns 1 is a signed receipt request is found and decoded. It returns 0 if a signed receipt request is not present and \-1 if it is present but malformed. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), -\&\fICMS_sign_receipt\fR\|(3), \fICMS_verify\fR\|(3) -\&\fICMS_verify_receipt\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_sign_receipt\fR\|(3), \fBCMS_verify\fR\|(3) +\&\fBCMS_verify_receipt\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/CMS_sign.3 b/secure/lib/libcrypto/man/CMS_sign.3 index d86d1f0e8e82..2c4457980f38 100644 --- a/secure/lib/libcrypto/man/CMS_sign.3 +++ b/secure/lib/libcrypto/man/CMS_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_SIGN 3" -.TH CMS_SIGN 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH CMS_SIGN 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,7 +150,7 @@ CMS_sign \- create a CMS SignedData structure .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fICMS_sign()\fR creates and returns a \s-1CMS\s0 SignedData structure. \fBsigncert\fR is +\&\fBCMS_sign()\fR creates and returns a \s-1CMS\s0 SignedData structure. \fBsigncert\fR is the certificate to sign with, \fBpkey\fR is the corresponding private key. \&\fBcerts\fR is an optional additional set of certificates to include in the \s-1CMS\s0 structure (for example any intermediate CAs in the chain). Any or all of @@ -212,10 +216,10 @@ If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR st properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable results. .PP -Several functions including \fISMIME_write_CMS()\fR, \fIi2d_CMS_bio_stream()\fR, -\&\fIPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization +Several functions including \fBSMIME_write_CMS()\fR, \fBi2d_CMS_bio_stream()\fR, +\&\fBPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using -\&\fIBIO_new_CMS()\fR. +\&\fBBIO_new_CMS()\fR. .PP If a signer is specified it will use the default digest for the signing algorithm. This is \fB\s-1SHA1\s0\fR for both \s-1RSA\s0 and \s-1DSA\s0 keys. @@ -223,23 +227,23 @@ algorithm. This is \fB\s-1SHA1\s0\fR for both \s-1RSA\s0 and \s-1DSA\s0 keys. If \fBsigncert\fR and \fBpkey\fR are \s-1NULL\s0 then a certificates only \s-1CMS\s0 structure is output. .PP -The function \fICMS_sign()\fR is a basic \s-1CMS\s0 signing function whose output will be +The function \fBCMS_sign()\fR is a basic \s-1CMS\s0 signing function whose output will be suitable for many purposes. For finer control of the output format the \&\fBcerts\fR, \fBsigncert\fR and \fBpkey\fR parameters can all be \fB\s-1NULL\s0\fR and the \&\fB\s-1CMS_PARTIAL\s0\fR flag set. Then one or more signers can be added using the -function \fICMS_sign_add1_signer()\fR, non default digests can be used and custom -attributes added. \fICMS_final()\fR must then be called to finalize the +function \fBCMS_sign_add1_signer()\fR, non default digests can be used and custom +attributes added. \fBCMS_final()\fR must then be called to finalize the structure if streaming is not enabled. .SH "BUGS" .IX Header "BUGS" Some attributes such as counter signatures are not supported. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICMS_sign()\fR returns either a valid CMS_ContentInfo structure or \s-1NULL\s0 if an error -occurred. The error can be obtained from \fIERR_get_error\fR\|(3). +\&\fBCMS_sign()\fR returns either a valid CMS_ContentInfo structure or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fICMS_verify\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBCMS_verify\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fB\s-1CMS_STREAM\s0\fR flag is only supported for detached data in OpenSSL 0.9.8, diff --git a/secure/lib/libcrypto/man/CMS_sign_receipt.3 b/secure/lib/libcrypto/man/CMS_sign_receipt.3 index 41f3b77648f4..74471cc90dc9 100644 --- a/secure/lib/libcrypto/man/CMS_sign_receipt.3 +++ b/secure/lib/libcrypto/man/CMS_sign_receipt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_SIGN_RECEIPT 3" -.TH CMS_SIGN_RECEIPT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH CMS_SIGN_RECEIPT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,7 +151,7 @@ CMS_sign_receipt \- create a CMS signed receipt .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fICMS_sign_receipt()\fR creates and returns a \s-1CMS\s0 signed receipt structure. \fBsi\fR is +\&\fBCMS_sign_receipt()\fR creates and returns a \s-1CMS\s0 signed receipt structure. \fBsi\fR is the \fBCMS_SignerInfo\fR structure containing the signed receipt request. \&\fBsigncert\fR is the certificate to sign with, \fBpkey\fR is the corresponding private key. \fBcerts\fR is an optional additional set of certificates to include @@ -156,19 +160,19 @@ in the \s-1CMS\s0 structure (for example any intermediate CAs in the chain). \&\fBflags\fR is an optional set of flags. .SH "NOTES" .IX Header "NOTES" -This functions behaves in a similar way to \fICMS_sign()\fR except the flag values +This functions behaves in a similar way to \fBCMS_sign()\fR except the flag values \&\fB\s-1CMS_DETACHED\s0\fR, \fB\s-1CMS_BINARY\s0\fR, \fB\s-1CMS_NOATTR\s0\fR, \fB\s-1CMS_TEXT\s0\fR and \fB\s-1CMS_STREAM\s0\fR are not supported since they do not make sense in the context of signed receipts. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICMS_sign_receipt()\fR returns either a valid CMS_ContentInfo structure or \s-1NULL\s0 if -an error occurred. The error can be obtained from \fIERR_get_error\fR\|(3). +\&\fBCMS_sign_receipt()\fR returns either a valid CMS_ContentInfo structure or \s-1NULL\s0 if +an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), -\&\fICMS_verify_receipt\fR\|(3), -\&\fICMS_sign\fR\|(3) +\&\fBERR_get_error\fR\|(3), +\&\fBCMS_verify_receipt\fR\|(3), +\&\fBCMS_sign\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/CMS_uncompress.3 b/secure/lib/libcrypto/man/CMS_uncompress.3 index fac85d450c5d..38b46ad5f23e 100644 --- a/secure/lib/libcrypto/man/CMS_uncompress.3 +++ b/secure/lib/libcrypto/man/CMS_uncompress.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_UNCOMPRESS 3" -.TH CMS_UNCOMPRESS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH CMS_UNCOMPRESS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,7 +149,7 @@ CMS_uncompress \- uncompress a CMS CompressedData structure .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fICMS_uncompress()\fR extracts and uncompresses the content from a \s-1CMS\s0 +\&\fBCMS_uncompress()\fR extracts and uncompresses the content from a \s-1CMS\s0 CompressedData structure \fBcms\fR. \fBdata\fR is a \s-1BIO\s0 to write the content to and \&\fBflags\fR is an optional set of flags. .PP @@ -156,7 +160,7 @@ is detached. It will normally be set to \s-1NULL.\s0 The only currently supported compression algorithm is zlib: if the structure indicates the use of any other algorithm an error is returned. .PP -If zlib support is not compiled into OpenSSL then \fICMS_uncompress()\fR will always +If zlib support is not compiled into OpenSSL then \fBCMS_uncompress()\fR will always return an error. .PP The following flags can be passed in the \fBflags\fR parameter. @@ -166,15 +170,15 @@ from the content. If the content is not of type \fBtext/plain\fR then an error i returned. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICMS_uncompress()\fR returns either 1 for success or 0 for failure. The error can -be obtained from \fIERR_get_error\fR\|(3) +\&\fBCMS_uncompress()\fR returns either 1 for success or 0 for failure. The error can +be obtained from \fBERR_get_error\fR\|(3) .SH "BUGS" .IX Header "BUGS" The lack of single pass processing and the need to hold all data in memory as -mentioned in \fICMS_verify()\fR also applies to \fICMS_decompress()\fR. +mentioned in \fBCMS_verify()\fR also applies to \fBCMS_decompress()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fICMS_compress\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBCMS_compress\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/CMS_verify.3 b/secure/lib/libcrypto/man/CMS_verify.3 index 46604b02a442..a2e57fc526f7 100644 --- a/secure/lib/libcrypto/man/CMS_verify.3 +++ b/secure/lib/libcrypto/man/CMS_verify.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_VERIFY 3" -.TH CMS_VERIFY 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH CMS_VERIFY 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,7 +152,7 @@ CMS_verify, CMS_get0_signers \- verify a CMS SignedData structure .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fICMS_verify()\fR verifies a \s-1CMS\s0 SignedData structure. \fBcms\fR is the CMS_ContentInfo +\&\fBCMS_verify()\fR verifies a \s-1CMS\s0 SignedData structure. \fBcms\fR is the CMS_ContentInfo structure to verify. \fBcerts\fR is a set of certificates in which to search for the signing certificate(s). \fBstore\fR is a trusted certificate store used for chain verification. \fBindata\fR is the detached content if the content is not @@ -157,8 +161,8 @@ present in \fBcms\fR. The content is written to \fBout\fR if it is not \s-1NULL. \&\fBflags\fR is an optional set of flags, which can be used to modify the verify operation. .PP -\&\fICMS_get0_signers()\fR retrieves the signing certificate(s) from \fBcms\fR, it must -be called after a successful \fICMS_verify()\fR operation. +\&\fBCMS_get0_signers()\fR retrieves the signing certificate(s) from \fBcms\fR, it must +be called after a successful \fBCMS_verify()\fR operation. .SH "VERIFY PROCESS" .IX Header "VERIFY PROCESS" Normally the verify process proceeds as follows. @@ -230,12 +234,12 @@ signer it cannot be trusted without additional evidence (such as a trusted timestamp). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICMS_verify()\fR returns 1 for a successful verification and zero if an error +\&\fBCMS_verify()\fR returns 1 for a successful verification and zero if an error occurred. .PP -\&\fICMS_get0_signers()\fR returns all signers or \s-1NULL\s0 if an error occurred. +\&\fBCMS_get0_signers()\fR returns all signers or \s-1NULL\s0 if an error occurred. .PP -The error can be obtained from \fIERR_get_error\fR\|(3) +The error can be obtained from \fBERR_get_error\fR\|(3) .SH "BUGS" .IX Header "BUGS" The trusted certificate store is not searched for the signing certificate, @@ -246,7 +250,7 @@ The lack of single pass processing means that the signed content must all be held in memory if it is not detached. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/CMS_verify_receipt.3 b/secure/lib/libcrypto/man/CMS_verify_receipt.3 index cdb1d7a18a80..c9e1ec7e9c5d 100644 --- a/secure/lib/libcrypto/man/CMS_verify_receipt.3 +++ b/secure/lib/libcrypto/man/CMS_verify_receipt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_VERIFY_RECEIPT 3" -.TH CMS_VERIFY_RECEIPT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH CMS_VERIFY_RECEIPT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,7 +151,7 @@ CMS_verify_receipt \- verify a CMS signed receipt .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fICMS_verify_receipt()\fR verifies a \s-1CMS\s0 signed receipt. \fBrcms\fR is the signed +\&\fBCMS_verify_receipt()\fR verifies a \s-1CMS\s0 signed receipt. \fBrcms\fR is the signed receipt to verify. \fBocms\fR is the original SignedData structure containing the receipt request. \fBcerts\fR is a set of certificates in which to search for the signing certificate. \fBstore\fR is a trusted certificate store (used for chain @@ -157,20 +161,20 @@ verification). operation. .SH "NOTES" .IX Header "NOTES" -This functions behaves in a similar way to \fICMS_verify()\fR except the flag values +This functions behaves in a similar way to \fBCMS_verify()\fR except the flag values \&\fB\s-1CMS_DETACHED\s0\fR, \fB\s-1CMS_BINARY\s0\fR, \fB\s-1CMS_TEXT\s0\fR and \fB\s-1CMS_STREAM\s0\fR are not supported since they do not make sense in the context of signed receipts. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICMS_verify_receipt()\fR returns 1 for a successful verification and zero if an +\&\fBCMS_verify_receipt()\fR returns 1 for a successful verification and zero if an error occurred. .PP -The error can be obtained from \fIERR_get_error\fR\|(3) +The error can be obtained from \fBERR_get_error\fR\|(3) .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), -\&\fICMS_sign_receipt\fR\|(3), -\&\fICMS_verify\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBCMS_sign_receipt\fR\|(3), +\&\fBCMS_verify\fR\|(3), .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/CONF_modules_free.3 b/secure/lib/libcrypto/man/CONF_modules_free.3 index 89b34363e82a..c98977dd088f 100644 --- a/secure/lib/libcrypto/man/CONF_modules_free.3 +++ b/secure/lib/libcrypto/man/CONF_modules_free.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CONF_MODULES_FREE 3" -.TH CONF_MODULES_FREE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH CONF_MODULES_FREE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -154,15 +158,15 @@ Deprecated: .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fICONF_modules_free()\fR closes down and frees up all memory allocated by all +\&\fBCONF_modules_free()\fR closes down and frees up all memory allocated by all configuration modules. Normally, in versions of OpenSSL prior to 1.1.0, applications called -\&\fICONF_modules_free()\fR at exit to tidy up any configuration performed. +\&\fBCONF_modules_free()\fR at exit to tidy up any configuration performed. .PP -\&\fICONF_modules_finish()\fR calls each configuration modules \fBfinish\fR handler +\&\fBCONF_modules_finish()\fR calls each configuration modules \fBfinish\fR handler to free up any configuration that module may have performed. .PP -\&\fICONF_modules_unload()\fR finishes and unloads configuration modules. If +\&\fBCONF_modules_unload()\fR finishes and unloads configuration modules. If \&\fBall\fR is set to \fB0\fR only modules loaded from DSOs will be unloads. If \&\fBall\fR is \fB1\fR all modules, including builtin modules will be unloaded. .SH "RETURN VALUES" @@ -170,12 +174,12 @@ to free up any configuration that module may have performed. None of the functions return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIconfig\fR\|(5), \fIOPENSSL_config\fR\|(3), -\&\fICONF_modules_load_file\fR\|(3) +\&\fBconfig\fR\|(5), \fBOPENSSL_config\fR\|(3), +\&\fBCONF_modules_load_file\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fICONF_modules_free()\fR was deprecated in OpenSSL 1.1.0; do not use it. -For more information see \fIOPENSSL_init_crypto\fR\|(3). +\&\fBCONF_modules_free()\fR was deprecated in OpenSSL 1.1.0; do not use it. +For more information see \fBOPENSSL_init_crypto\fR\|(3). .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/CONF_modules_load_file.3 b/secure/lib/libcrypto/man/CONF_modules_load_file.3 index 70f49cebb66b..2d5816eac179 100644 --- a/secure/lib/libcrypto/man/CONF_modules_load_file.3 +++ b/secure/lib/libcrypto/man/CONF_modules_load_file.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CONF_MODULES_LOAD_FILE 3" -.TH CONF_MODULES_LOAD_FILE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH CONF_MODULES_LOAD_FILE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,36 +152,44 @@ CONF_modules_load_file, CONF_modules_load \- OpenSSL configuration functions .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The function \fICONF_modules_load_file()\fR configures OpenSSL using file +The function \fBCONF_modules_load_file()\fR configures OpenSSL using file \&\fBfilename\fR and application name \fBappname\fR. If \fBfilename\fR is \s-1NULL\s0 the standard OpenSSL configuration file is used. If \fBappname\fR is \&\s-1NULL\s0 the standard OpenSSL application name \fBopenssl_conf\fR is used. The behaviour can be customized using \fBflags\fR. .PP -\&\fICONF_modules_load()\fR is identical to \fICONF_modules_load_file()\fR except it +\&\fBCONF_modules_load()\fR is identical to \fBCONF_modules_load_file()\fR except it reads configuration information from \fBcnf\fR. .SH "NOTES" .IX Header "NOTES" The following \fBflags\fR are currently recognized: .PP -\&\fB\s-1CONF_MFLAGS_IGNORE_ERRORS\s0\fR if set errors returned by individual +If \fB\s-1CONF_MFLAGS_IGNORE_ERRORS\s0\fR is set errors returned by individual configuration modules are ignored. If not set the first module error is considered fatal and no further modules are loaded. .PP Normally any modules errors will add error information to the error queue. If \&\fB\s-1CONF_MFLAGS_SILENT\s0\fR is set no error information is added. .PP +If \fB\s-1CONF_MFLAGS_IGNORE_RETURN_CODES\s0\fR is set the function unconditionally +returns success. +This is used by default in \fBOPENSSL_init_crypto\fR\|(3) to ignore any errors in +the default system-wide configuration file, as having all OpenSSL applications +fail to start when there are potentially minor issues in the file is too risky. +Applications calling \fBCONF_modules_load_file\fR explicitly should not generally +set this flag. +.PP If \fB\s-1CONF_MFLAGS_NO_DSO\s0\fR is set configuration module loading from DSOs is disabled. .PP -\&\fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR if set will make \fICONF_load_modules_file()\fR +\&\fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR if set will make \fBCONF_load_modules_file()\fR ignore missing configuration files. Normally a missing configuration file return an error. .PP \&\fB\s-1CONF_MFLAGS_DEFAULT_SECTION\s0\fR if set and \fBappname\fR is not \s-1NULL\s0 will use the default section pointed to by \fBopenssl_conf\fR if \fBappname\fR does not exist. .PP -By using \fICONF_modules_load_file()\fR with appropriate flags an application can +By using \fBCONF_modules_load_file()\fR with appropriate flags an application can customise application configuration to best suit its needs. In some cases the use of a configuration file is optional and its absence is not an error: in this case \fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR would be set. @@ -187,7 +199,7 @@ applications. For example in some cases an error may simply print out a warning message and the application continue. In other cases an application might consider a configuration file error as fatal and exit immediately. .PP -Applications can use the \fICONF_modules_load()\fR function if they wish to load a +Applications can use the \fBCONF_modules_load()\fR function if they wish to load a configuration file themselves and have finer control over how errors are treated. .SH "EXAMPLES" @@ -259,10 +271,10 @@ failure. If module errors are not ignored the return code will reflect the return value of the failing module (this will always be zero or negative). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIconfig\fR\|(5), \fIOPENSSL_config\fR\|(3) +\&\fBconfig\fR\|(5), \fBOPENSSL_config\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2004\-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/CRYPTO_THREAD_run_once.3 b/secure/lib/libcrypto/man/CRYPTO_THREAD_run_once.3 index e3bd897ddb18..57d48de90cf7 100644 --- a/secure/lib/libcrypto/man/CRYPTO_THREAD_run_once.3 +++ b/secure/lib/libcrypto/man/CRYPTO_THREAD_run_once.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CRYPTO_THREAD_RUN_ONCE 3" -.TH CRYPTO_THREAD_RUN_ONCE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH CRYPTO_THREAD_RUN_ONCE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -163,7 +167,7 @@ supported by OpenSSL. .PP The following multi-threading function are provided: .IP "\(bu" 2 -\&\fICRYPTO_THREAD_run_once()\fR can be used to perform one-time initialization. +\&\fBCRYPTO_THREAD_run_once()\fR can be used to perform one-time initialization. The \fBonce\fR argument must be a pointer to a static object of type \&\fB\s-1CRYPTO_ONCE\s0\fR that was statically initialized to the value \&\fB\s-1CRYPTO_ONCE_STATIC_INIT\s0\fR. @@ -172,29 +176,29 @@ exactly once initialization. In particular, this can be used to allocate locks in a thread-safe manner, which can then be used with the locking functions below. .IP "\(bu" 2 -\&\fICRYPTO_THREAD_lock_new()\fR allocates, initializes and returns a new read/write +\&\fBCRYPTO_THREAD_lock_new()\fR allocates, initializes and returns a new read/write lock. .IP "\(bu" 2 -\&\fICRYPTO_THREAD_read_lock()\fR locks the provided \fBlock\fR for reading. +\&\fBCRYPTO_THREAD_read_lock()\fR locks the provided \fBlock\fR for reading. .IP "\(bu" 2 -\&\fICRYPTO_THREAD_write_lock()\fR locks the provided \fBlock\fR for writing. +\&\fBCRYPTO_THREAD_write_lock()\fR locks the provided \fBlock\fR for writing. .IP "\(bu" 2 -\&\fICRYPTO_THREAD_unlock()\fR unlocks the previously locked \fBlock\fR. +\&\fBCRYPTO_THREAD_unlock()\fR unlocks the previously locked \fBlock\fR. .IP "\(bu" 2 -\&\fICRYPTO_THREAD_lock_free()\fR frees the provided \fBlock\fR. +\&\fBCRYPTO_THREAD_lock_free()\fR frees the provided \fBlock\fR. .IP "\(bu" 2 -\&\fICRYPTO_atomic_add()\fR atomically adds \fBamount\fR to \fBval\fR and returns the +\&\fBCRYPTO_atomic_add()\fR atomically adds \fBamount\fR to \fBval\fR and returns the result of the operation in \fBret\fR. \fBlock\fR will be locked, unless atomic operations are supported on the specific platform. Because of this, if a -variable is modified by \fICRYPTO_atomic_add()\fR then \fICRYPTO_atomic_add()\fR must +variable is modified by \fBCRYPTO_atomic_add()\fR then \fBCRYPTO_atomic_add()\fR must be the only way that the variable is modified. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICRYPTO_THREAD_run_once()\fR returns 1 on success, or 0 on error. +\&\fBCRYPTO_THREAD_run_once()\fR returns 1 on success, or 0 on error. .PP -\&\fICRYPTO_THREAD_lock_new()\fR returns the allocated lock, or \s-1NULL\s0 on error. +\&\fBCRYPTO_THREAD_lock_new()\fR returns the allocated lock, or \s-1NULL\s0 on error. .PP -\&\fICRYPTO_THREAD_lock_free()\fR returns no value. +\&\fBCRYPTO_THREAD_lock_free()\fR returns no value. .PP The other functions return 1 on success, or 0 on error. .SH "NOTES" @@ -268,7 +272,7 @@ You can find out if OpenSSL was configured with thread support: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrypto\fR\|(7) +\&\fBcrypto\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/CRYPTO_get_ex_new_index.3 b/secure/lib/libcrypto/man/CRYPTO_get_ex_new_index.3 index dc2f41c13aad..a746b6103574 100644 --- a/secure/lib/libcrypto/man/CRYPTO_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/CRYPTO_get_ex_new_index.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CRYPTO_GET_EX_NEW_INDEX 3" -.TH CRYPTO_GET_EX_NEW_INDEX 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH CRYPTO_GET_EX_NEW_INDEX 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -198,7 +202,7 @@ structures. Since the application data can be anything at all it is passed and retrieved as a \fBvoid *\fR type. .PP The \fB\s-1CRYPTO_EX_DATA\s0\fR type is opaque. To initialize the exdata part of -a structure, call \fICRYPTO_new_ex_data()\fR. This is only necessary for +a structure, call \fBCRYPTO_new_ex_data()\fR. This is only necessary for \&\fB\s-1CRYPTO_EX_INDEX_APP\s0\fR objects. .PP Exdata types are identified by an \fBindex\fR, an integer guaranteed to be @@ -214,7 +218,7 @@ semantics of those callbacks are described below. When copying or releasing objects with exdata, the callback functions are called in increasing order of their \fBindex\fR value. .PP -If a dynamic library can be unloaded, it should call \fICRYPTO_free_ex_index()\fR +If a dynamic library can be unloaded, it should call \fBCRYPTO_free_ex_index()\fR when this is done. This will replace the callbacks with no-ops so that applications don't crash. Any existing exdata will be leaked. @@ -232,7 +236,7 @@ to avoid likely double-free crashes. The function \fBCRYPTO_free_ex_data\fR is used to free all exdata attached to a structure. The appropriate type-specific routine must be used. The \fBclass_index\fR identifies the structure type, the \fBobj\fR is -be the pointer to the actual structure, and \fBr\fR is a pointer to the +a pointer to the actual structure, and \fBr\fR is a pointer to the structure's exdata field. .SS "Callback Functions" .IX Subsection "Callback Functions" @@ -240,53 +244,53 @@ This section describes how the callback functions are used. Applications that are defining their own exdata using \fB\s-1CYPRTO_EX_INDEX_APP\s0\fR must call them as described here. .PP -When a structure is initially allocated (such as \fIRSA_new()\fR) then the -\&\fInew_func()\fR is called for every defined index. There is no requirement +When a structure is initially allocated (such as \fBRSA_new()\fR) then the +\&\fBnew_func()\fR is called for every defined index. There is no requirement that the entire parent, or containing, structure has been set up. -The \fInew_func()\fR is typically used only to allocate memory to store the +The \fBnew_func()\fR is typically used only to allocate memory to store the exdata, and perhaps an \*(L"initialized\*(R" flag within that memory. -The exdata value should be set by calling \fICRYPTO_set_ex_data()\fR. +The exdata value should be set by calling \fBCRYPTO_set_ex_data()\fR. .PP -When a structure is free'd (such as \fISSL_CTX_free()\fR) then the -\&\fIfree_func()\fR is called for every defined index. Again, the state of the -parent structure is not guaranteed. The \fIfree_func()\fR may be called with a +When a structure is free'd (such as \fBSSL_CTX_free()\fR) then the +\&\fBfree_func()\fR is called for every defined index. Again, the state of the +parent structure is not guaranteed. The \fBfree_func()\fR may be called with a \&\s-1NULL\s0 pointer. .PP -Both \fInew_func()\fR and \fIfree_func()\fR take the same parameters. +Both \fBnew_func()\fR and \fBfree_func()\fR take the same parameters. The \fBparent\fR is the pointer to the structure that contains the exdata. -The \fBptr\fR is the current exdata item; for \fInew_func()\fR this will typically +The \fBptr\fR is the current exdata item; for \fBnew_func()\fR this will typically be \s-1NULL.\s0 The \fBr\fR parameter is a pointer to the exdata field of the object. The \fBidx\fR is the index and is the value returned when the callbacks were -initially registered via \fICRYPTO_get_ex_new_index()\fR and can be used if +initially registered via \fBCRYPTO_get_ex_new_index()\fR and can be used if the same callback handles different types of exdata. .PP -\&\fIdup_func()\fR is called when a structure is being copied. This is only done +\&\fBdup_func()\fR is called when a structure is being copied. This is only done for \fB\s-1SSL\s0\fR, \fB\s-1SSL_SESSION\s0\fR, \fB\s-1EC_KEY\s0\fR objects and \fB\s-1BIO\s0\fR chains via -\&\fIBIO_dup_chain()\fR. The \fBto\fR and \fBfrom\fR parameters +\&\fBBIO_dup_chain()\fR. The \fBto\fR and \fBfrom\fR parameters are pointers to the destination and source \fB\s-1CRYPTO_EX_DATA\s0\fR structures, respectively. The \fBfrom_d\fR parameter needs to be cast to a \fBvoid **pptr\fR as the \s-1API\s0 has currently the wrong signature; that will be changed in a future version. The \fB*pptr\fR is a pointer to the source exdata. -When the \fIdup_func()\fR returns, the value in \fB*pptr\fR is copied to the +When the \fBdup_func()\fR returns, the value in \fB*pptr\fR is copied to the destination ex_data. If the pointer contained in \fB*pptr\fR is not modified -by the \fIdup_func()\fR, then both \fBto\fR and \fBfrom\fR will point to the same data. +by the \fBdup_func()\fR, then both \fBto\fR and \fBfrom\fR will point to the same data. The \fBidx\fR, \fBargl\fR and \fBargp\fR parameters are as described for the other -two callbacks. If the \fIdup_func()\fR returns \fB0\fR the whole \fICRYPTO_dup_ex_data()\fR +two callbacks. If the \fBdup_func()\fR returns \fB0\fR the whole \fBCRYPTO_dup_ex_data()\fR will fail. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICRYPTO_get_ex_new_index()\fR returns a new index or \-1 on failure. +\&\fBCRYPTO_get_ex_new_index()\fR returns a new index or \-1 on failure. .PP -\&\fICRYPTO_free_ex_index()\fR and -\&\fICRYPTO_set_ex_data()\fR return 1 on success or 0 on failure. +\&\fBCRYPTO_free_ex_index()\fR and +\&\fBCRYPTO_set_ex_data()\fR return 1 on success or 0 on failure. .PP -\&\fICRYPTO_get_ex_data()\fR returns the application data or \s-1NULL\s0 on failure; +\&\fBCRYPTO_get_ex_data()\fR returns the application data or \s-1NULL\s0 on failure; note that \s-1NULL\s0 may be a valid value. .PP -\&\fIdup_func()\fR should return 0 for failure and 1 for success. +\&\fBdup_func()\fR should return 0 for failure and 1 for success. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/CTLOG_STORE_get0_log_by_id.3 b/secure/lib/libcrypto/man/CTLOG_STORE_get0_log_by_id.3 index 9bb35424c9e7..5334d645f1d2 100644 --- a/secure/lib/libcrypto/man/CTLOG_STORE_get0_log_by_id.3 +++ b/secure/lib/libcrypto/man/CTLOG_STORE_get0_log_by_id.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CTLOG_STORE_GET0_LOG_BY_ID 3" -.TH CTLOG_STORE_GET0_LOG_BY_ID 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH CTLOG_STORE_GET0_LOG_BY_ID 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -152,7 +156,7 @@ A Signed Certificate Timestamp (\s-1SCT\s0) identifies the Certificate Transpare Therefore, it is useful to be able to look up more information about a log (e.g. its public key) using this LogID. .PP -\&\fICTLOG_STORE_get0_log_by_id()\fR provides a way to do this. It will find a \s-1CTLOG\s0 +\&\fBCTLOG_STORE_get0_log_by_id()\fR provides a way to do this. It will find a \s-1CTLOG\s0 in a \s-1CTLOG_STORE\s0 that has a given LogID. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -160,11 +164,11 @@ in a \s-1CTLOG_STORE\s0 that has a given LogID. exists in the given \s-1CTLOG_STORE,\s0 otherwise it returns \s-1NULL.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIct\fR\|(7), -\&\fICTLOG_STORE_new\fR\|(3) +\&\fBct\fR\|(7), +\&\fBCTLOG_STORE_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -This function was added in OpenSSL 1.1.0. +The \fBCTLOG_STORE_get0_log_by_id()\fR function was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/CTLOG_STORE_new.3 b/secure/lib/libcrypto/man/CTLOG_STORE_new.3 index e314e5eca93f..e1a64dcaf7c9 100644 --- a/secure/lib/libcrypto/man/CTLOG_STORE_new.3 +++ b/secure/lib/libcrypto/man/CTLOG_STORE_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CTLOG_STORE_NEW 3" -.TH CTLOG_STORE_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH CTLOG_STORE_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,12 +157,12 @@ A \s-1CTLOG_STORE\s0 is a container for a list of CTLOGs (Certificate Transparen logs). The list can be loaded from one or more files and then searched by LogID (see \s-1RFC 6962,\s0 Section 3.2, for the definition of a LogID). .PP -\&\fICTLOG_STORE_new()\fR creates an empty list of \s-1CT\s0 logs. This is then populated -by \fICTLOG_STORE_load_default_file()\fR or \fICTLOG_STORE_load_file()\fR. -\&\fICTLOG_STORE_load_default_file()\fR loads from the default file, which is named +\&\fBCTLOG_STORE_new()\fR creates an empty list of \s-1CT\s0 logs. This is then populated +by \fBCTLOG_STORE_load_default_file()\fR or \fBCTLOG_STORE_load_file()\fR. +\&\fBCTLOG_STORE_load_default_file()\fR loads from the default file, which is named \&\*(L"ct_log_list.cnf\*(R" in \s-1OPENSSLDIR\s0 (see the output of version). This can be overridden using an environment variable named \*(L"\s-1CTLOG_FILE\*(R".\s0 -\&\fICTLOG_STORE_load_file()\fR loads from a caller-specified file path instead. +\&\fBCTLOG_STORE_load_file()\fR loads from a caller-specified file path instead. Both of these functions append any loaded \s-1CT\s0 logs to the \s-1CTLOG_STORE.\s0 .PP The expected format of the file is: @@ -176,7 +180,7 @@ The expected format of the file is: .Ve .PP Once a \s-1CTLOG_STORE\s0 is no longer required, it should be passed to -\&\fICTLOG_STORE_free()\fR. This will delete all of the CTLOGs stored within, along +\&\fBCTLOG_STORE_free()\fR. This will delete all of the CTLOGs stored within, along with the \s-1CTLOG_STORE\s0 itself. .SH "NOTES" .IX Header "NOTES" @@ -189,9 +193,9 @@ Both \fBCTLOG_STORE_load_default_file\fR and \fBCTLOG_STORE_load_file\fR return all \s-1CT\s0 logs in the file are successfully parsed and loaded, 0 otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIct\fR\|(7), -\&\fICTLOG_STORE_get0_log_by_id\fR\|(3), -\&\fISSL_CTX_set_ctlog_list_file\fR\|(3) +\&\fBct\fR\|(7), +\&\fBCTLOG_STORE_get0_log_by_id\fR\|(3), +\&\fBSSL_CTX_set_ctlog_list_file\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.1.0. diff --git a/secure/lib/libcrypto/man/CTLOG_new.3 b/secure/lib/libcrypto/man/CTLOG_new.3 index ca38aa135623..43a4f33e5e9a 100644 --- a/secure/lib/libcrypto/man/CTLOG_new.3 +++ b/secure/lib/libcrypto/man/CTLOG_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CTLOG_NEW 3" -.TH CTLOG_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH CTLOG_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -152,38 +156,38 @@ CTLOG_new, CTLOG_new_from_base64, CTLOG_free, CTLOG_get0_name, CTLOG_get0_log_id .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fICTLOG_new()\fR returns a new \s-1CTLOG\s0 that represents the Certificate Transparency +\&\fBCTLOG_new()\fR returns a new \s-1CTLOG\s0 that represents the Certificate Transparency (\s-1CT\s0) log with the given public key. A name must also be provided that can be used to help users identify this log. Ownership of the public key is transferred. .PP -\&\fICTLOG_new_from_base64()\fR also creates a new \s-1CTLOG,\s0 but takes the public key in +\&\fBCTLOG_new_from_base64()\fR also creates a new \s-1CTLOG,\s0 but takes the public key in base64\-encoded \s-1DER\s0 form and sets the ct_log pointer to point to the new \s-1CTLOG.\s0 The base64 will be decoded and the public key parsed. .PP -Regardless of whether \fICTLOG_new()\fR or \fICTLOG_new_from_base64()\fR is used, it is the -caller's responsibility to pass the \s-1CTLOG\s0 to \fICTLOG_free()\fR once it is no longer -needed. This will delete it and, if created by \fICTLOG_new()\fR, the \s-1EVP_PKEY\s0 that +Regardless of whether \fBCTLOG_new()\fR or \fBCTLOG_new_from_base64()\fR is used, it is the +caller's responsibility to pass the \s-1CTLOG\s0 to \fBCTLOG_free()\fR once it is no longer +needed. This will delete it and, if created by \fBCTLOG_new()\fR, the \s-1EVP_PKEY\s0 that was passed to it. .PP -\&\fICTLOG_get0_name()\fR returns the name of the log, as provided when the \s-1CTLOG\s0 was +\&\fBCTLOG_get0_name()\fR returns the name of the log, as provided when the \s-1CTLOG\s0 was created. Ownership of the string remains with the \s-1CTLOG.\s0 .PP -\&\fICTLOG_get0_log_id()\fR sets *log_id to point to a string containing that log's +\&\fBCTLOG_get0_log_id()\fR sets *log_id to point to a string containing that log's LogID (see \s-1RFC 6962\s0). It sets *log_id_len to the length of that LogID. For a v1 \s-1CT\s0 log, the LogID will be a \s-1SHA\-256\s0 hash (i.e. 32 bytes long). Ownership of the string remains with the \s-1CTLOG.\s0 .PP -\&\fICTLOG_get0_public_key()\fR returns the public key of the \s-1CT\s0 log. Ownership of the +\&\fBCTLOG_get0_public_key()\fR returns the public key of the \s-1CT\s0 log. Ownership of the \&\s-1EVP_PKEY\s0 remains with the \s-1CTLOG.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICTLOG_new()\fR will return \s-1NULL\s0 if an error occurs. +\&\fBCTLOG_new()\fR will return \s-1NULL\s0 if an error occurs. .PP -\&\fICTLOG_new_from_base64()\fR will return 1 on success, 0 otherwise. +\&\fBCTLOG_new_from_base64()\fR will return 1 on success, 0 otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIct\fR\|(7) +\&\fBct\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.1.0. diff --git a/secure/lib/libcrypto/man/CT_POLICY_EVAL_CTX_new.3 b/secure/lib/libcrypto/man/CT_POLICY_EVAL_CTX_new.3 index 4a677fd929d7..def5b1cd902a 100644 --- a/secure/lib/libcrypto/man/CT_POLICY_EVAL_CTX_new.3 +++ b/secure/lib/libcrypto/man/CT_POLICY_EVAL_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CT_POLICY_EVAL_CTX_NEW 3" -.TH CT_POLICY_EVAL_CTX_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH CT_POLICY_EVAL_CTX_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -171,35 +175,35 @@ the current time .PP The above requirements are met using the setters described below. .PP -\&\fICT_POLICY_EVAL_CTX_new()\fR creates an empty policy evaluation context. This +\&\fBCT_POLICY_EVAL_CTX_new()\fR creates an empty policy evaluation context. This should then be populated using: .IP "\(bu" 2 -\&\fICT_POLICY_EVAL_CTX_set1_cert()\fR to provide the certificate the SCTs were issued for +\&\fBCT_POLICY_EVAL_CTX_set1_cert()\fR to provide the certificate the SCTs were issued for .Sp Increments the reference count of the certificate. .IP "\(bu" 2 -\&\fICT_POLICY_EVAL_CTX_set1_issuer()\fR to provide the issuer certificate +\&\fBCT_POLICY_EVAL_CTX_set1_issuer()\fR to provide the issuer certificate .Sp Increments the reference count of the certificate. .IP "\(bu" 2 -\&\fICT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE()\fR to provide a list of logs that are trusted as sources of SCTs +\&\fBCT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE()\fR to provide a list of logs that are trusted as sources of SCTs .Sp Holds a pointer to the \s-1CTLOG_STORE,\s0 so the \s-1CTLOG_STORE\s0 must outlive the \&\s-1CT_POLICY_EVAL_CTX.\s0 .IP "\(bu" 2 -\&\fICT_POLICY_EVAL_CTX_set_time()\fR to set the time SCTs should be compared with to determine if they are valid +\&\fBCT_POLICY_EVAL_CTX_set_time()\fR to set the time SCTs should be compared with to determine if they are valid .Sp The \s-1SCT\s0 timestamp will be compared to this time to check whether the \s-1SCT\s0 was issued in the future. \s-1RFC6962\s0 states that \*(L"\s-1TLS\s0 clients \s-1MUST\s0 reject SCTs whose timestamp is in the future\*(R". By default, this will be set to 5 minutes in the -future (e.g. (\fItime()\fR + 300) * 1000), to allow for clock drift. +future (e.g. (\fBtime()\fR + 300) * 1000), to allow for clock drift. .Sp The time should be in milliseconds since the Unix epoch. .PP Each setter has a matching getter for accessing the current value. .PP When no longer required, the \fB\s-1CT_POLICY_EVAL_CTX\s0\fR should be passed to -\&\fICT_POLICY_EVAL_CTX_free()\fR to delete it. +\&\fBCT_POLICY_EVAL_CTX_free()\fR to delete it. .SH "NOTES" .IX Header "NOTES" The issuer certificate only needs to be provided if at least one of the SCTs @@ -208,10 +212,10 @@ certificate (i.e. those in an X.509 extension), but may not be the case for SCTs found in the \s-1TLS SCT\s0 extension or \s-1OCSP\s0 response. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICT_POLICY_EVAL_CTX_new()\fR will return \s-1NULL\s0 if malloc fails. +\&\fBCT_POLICY_EVAL_CTX_new()\fR will return \s-1NULL\s0 if malloc fails. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIct\fR\|(7) +\&\fBct\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.1.0. diff --git a/secure/lib/libcrypto/man/DEFINE_STACK_OF.3 b/secure/lib/libcrypto/man/DEFINE_STACK_OF.3 index 98abe054a027..f14c364f4ed1 100644 --- a/secure/lib/libcrypto/man/DEFINE_STACK_OF.3 +++ b/secure/lib/libcrypto/man/DEFINE_STACK_OF.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DEFINE_STACK_OF 3" -.TH DEFINE_STACK_OF 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH DEFINE_STACK_OF 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -187,8 +191,8 @@ functions that wrap around the utility \fBOPENSSL_sk_\fR \s-1API.\s0 In the description here, \fI\s-1TYPE\s0\fR is used as a placeholder for any of the OpenSSL datatypes, such as \fIX509\fR. .PP -\&\s-1\fISTACK_OF\s0()\fR returns the name for a stack of the specified \fB\s-1TYPE\s0\fR. -\&\s-1\fIDEFINE_STACK_OF\s0()\fR creates set of functions for a stack of \fB\s-1TYPE\s0\fR. This +\&\s-1\fBSTACK_OF\s0()\fR returns the name for a stack of the specified \fB\s-1TYPE\s0\fR. +\&\s-1\fBDEFINE_STACK_OF\s0()\fR creates set of functions for a stack of \fB\s-1TYPE\s0\fR. This will mean that type \fB\s-1TYPE\s0\fR is stored in each stack, the type is referenced by \&\s-1STACK_OF\s0(\s-1TYPE\s0) and each function name begins with \fIsk_TYPE_\fR. For example: .PP @@ -196,133 +200,133 @@ will mean that type \fB\s-1TYPE\s0\fR is stored in each stack, the type is refer \& TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx); .Ve .PP -\&\s-1\fIDEFINE_STACK_OF_CONST\s0()\fR is identical to \s-1\fIDEFINE_STACK_OF\s0()\fR except +\&\s-1\fBDEFINE_STACK_OF_CONST\s0()\fR is identical to \s-1\fBDEFINE_STACK_OF\s0()\fR except each element is constant. For example: .PP .Vb 1 \& const TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx); .Ve .PP -\&\s-1\fIDEFINE_SPECIAL_STACK_OF\s0()\fR defines a stack of \fB\s-1TYPE\s0\fR but +\&\s-1\fBDEFINE_SPECIAL_STACK_OF\s0()\fR defines a stack of \fB\s-1TYPE\s0\fR but each function uses \fB\s-1FUNCNAME\s0\fR in the function name. For example: .PP .Vb 1 \& TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx); .Ve .PP -\&\s-1\fIDEFINE_SPECIAL_STACK_OF_CONST\s0()\fR is similar except that each element is +\&\s-1\fBDEFINE_SPECIAL_STACK_OF_CONST\s0()\fR is similar except that each element is constant: .PP .Vb 1 \& const TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx); .Ve .PP -\&\fIsk_TYPE_num()\fR returns the number of elements in \fBsk\fR or \-1 if \fBsk\fR is +\&\fBsk_TYPE_num()\fR returns the number of elements in \fBsk\fR or \-1 if \fBsk\fR is \&\fB\s-1NULL\s0\fR. .PP -\&\fIsk_TYPE_value()\fR returns element \fBidx\fR in \fBsk\fR, where \fBidx\fR starts at +\&\fBsk_TYPE_value()\fR returns element \fBidx\fR in \fBsk\fR, where \fBidx\fR starts at zero. If \fBidx\fR is out of range then \fB\s-1NULL\s0\fR is returned. .PP -\&\fIsk_TYPE_new()\fR allocates a new empty stack using comparison function \fBcompare\fR. +\&\fBsk_TYPE_new()\fR allocates a new empty stack using comparison function \fBcompare\fR. If \fBcompare\fR is \fB\s-1NULL\s0\fR then no comparison function is used. This function is equivalent to sk_TYPE_new_reserve(compare, 0). .PP -\&\fIsk_TYPE_new_null()\fR allocates a new empty stack with no comparison function. This +\&\fBsk_TYPE_new_null()\fR allocates a new empty stack with no comparison function. This function is equivalent to sk_TYPE_new_reserve(\s-1NULL, 0\s0). .PP -\&\fIsk_TYPE_reserve()\fR allocates additional memory in the \fBsk\fR structure -such that the next \fBn\fR calls to \fIsk_TYPE_insert()\fR, \fIsk_TYPE_push()\fR -or \fIsk_TYPE_unshift()\fR will not fail or cause memory to be allocated +\&\fBsk_TYPE_reserve()\fR allocates additional memory in the \fBsk\fR structure +such that the next \fBn\fR calls to \fBsk_TYPE_insert()\fR, \fBsk_TYPE_push()\fR +or \fBsk_TYPE_unshift()\fR will not fail or cause memory to be allocated or reallocated. If \fBn\fR is zero, any excess space allocated in the \&\fBsk\fR structure is freed. On error \fBsk\fR is unchanged. .PP -\&\fIsk_TYPE_new_reserve()\fR allocates a new stack. The new stack will have additional +\&\fBsk_TYPE_new_reserve()\fR allocates a new stack. The new stack will have additional memory allocated to hold \fBn\fR elements if \fBn\fR is positive. The next \fBn\fR calls -to \fIsk_TYPE_insert()\fR, \fIsk_TYPE_push()\fR or \fIsk_TYPE_unshift()\fR will not fail or cause +to \fBsk_TYPE_insert()\fR, \fBsk_TYPE_push()\fR or \fBsk_TYPE_unshift()\fR will not fail or cause memory to be allocated or reallocated. If \fBn\fR is zero or less than zero, no -memory is allocated. \fIsk_TYPE_new_reserve()\fR also sets the comparison function +memory is allocated. \fBsk_TYPE_new_reserve()\fR also sets the comparison function \&\fBcompare\fR to the newly created stack. If \fBcompare\fR is \fB\s-1NULL\s0\fR then no comparison function is used. .PP -\&\fIsk_TYPE_set_cmp_func()\fR sets the comparison function of \fBsk\fR to \fBcompare\fR. +\&\fBsk_TYPE_set_cmp_func()\fR sets the comparison function of \fBsk\fR to \fBcompare\fR. The previous comparison function is returned or \fB\s-1NULL\s0\fR if there was no previous comparison function. .PP -\&\fIsk_TYPE_free()\fR frees up the \fBsk\fR structure. It does \fBnot\fR free up any +\&\fBsk_TYPE_free()\fR frees up the \fBsk\fR structure. It does \fBnot\fR free up any elements of \fBsk\fR. After this call \fBsk\fR is no longer valid. .PP -\&\fIsk_TYPE_zero()\fR sets the number of elements in \fBsk\fR to zero. It does not free +\&\fBsk_TYPE_zero()\fR sets the number of elements in \fBsk\fR to zero. It does not free \&\fBsk\fR so after this call \fBsk\fR is still valid. .PP -\&\fIsk_TYPE_pop_free()\fR frees up all elements of \fBsk\fR and \fBsk\fR itself. The -free function \fIfreefunc()\fR is called on each element to free it. +\&\fBsk_TYPE_pop_free()\fR frees up all elements of \fBsk\fR and \fBsk\fR itself. The +free function \fBfreefunc()\fR is called on each element to free it. .PP -\&\fIsk_TYPE_delete()\fR deletes element \fBi\fR from \fBsk\fR. It returns the deleted +\&\fBsk_TYPE_delete()\fR deletes element \fBi\fR from \fBsk\fR. It returns the deleted element or \fB\s-1NULL\s0\fR if \fBi\fR is out of range. .PP -\&\fIsk_TYPE_delete_ptr()\fR deletes element matching \fBptr\fR from \fBsk\fR. It returns +\&\fBsk_TYPE_delete_ptr()\fR deletes element matching \fBptr\fR from \fBsk\fR. It returns the deleted element or \fB\s-1NULL\s0\fR if no element matching \fBptr\fR was found. .PP -\&\fIsk_TYPE_insert()\fR inserts \fBptr\fR into \fBsk\fR at position \fBidx\fR. Any existing +\&\fBsk_TYPE_insert()\fR inserts \fBptr\fR into \fBsk\fR at position \fBidx\fR. Any existing elements at or after \fBidx\fR are moved downwards. If \fBidx\fR is out of range -the new element is appended to \fBsk\fR. \fIsk_TYPE_insert()\fR either returns the +the new element is appended to \fBsk\fR. \fBsk_TYPE_insert()\fR either returns the number of elements in \fBsk\fR after the new element is inserted or zero if an error (such as memory allocation failure) occurred. .PP -\&\fIsk_TYPE_push()\fR appends \fBptr\fR to \fBsk\fR it is equivalent to: +\&\fBsk_TYPE_push()\fR appends \fBptr\fR to \fBsk\fR it is equivalent to: .PP .Vb 1 \& sk_TYPE_insert(sk, ptr, \-1); .Ve .PP -\&\fIsk_TYPE_unshift()\fR inserts \fBptr\fR at the start of \fBsk\fR it is equivalent to: +\&\fBsk_TYPE_unshift()\fR inserts \fBptr\fR at the start of \fBsk\fR it is equivalent to: .PP .Vb 1 \& sk_TYPE_insert(sk, ptr, 0); .Ve .PP -\&\fIsk_TYPE_pop()\fR returns and removes the last element from \fBsk\fR. +\&\fBsk_TYPE_pop()\fR returns and removes the last element from \fBsk\fR. .PP -\&\fIsk_TYPE_shift()\fR returns and removes the first element from \fBsk\fR. +\&\fBsk_TYPE_shift()\fR returns and removes the first element from \fBsk\fR. .PP -\&\fIsk_TYPE_set()\fR sets element \fBidx\fR of \fBsk\fR to \fBptr\fR replacing the current +\&\fBsk_TYPE_set()\fR sets element \fBidx\fR of \fBsk\fR to \fBptr\fR replacing the current element. The new element value is returned or \fB\s-1NULL\s0\fR if an error occurred: this will only happen if \fBsk\fR is \fB\s-1NULL\s0\fR or \fBidx\fR is out of range. .PP -\&\fIsk_TYPE_find()\fR searches \fBsk\fR for the element \fBptr\fR. In the case +\&\fBsk_TYPE_find()\fR searches \fBsk\fR for the element \fBptr\fR. In the case where no comparison function has been specified, the function performs a linear search for a pointer equal to \fBptr\fR. The index of the first matching element is returned or \fB\-1\fR if there is no match. In the case where a comparison function has been specified, \fBsk\fR is sorted then -\&\fIsk_TYPE_find()\fR returns the index of a matching element or \fB\-1\fR if there +\&\fBsk_TYPE_find()\fR returns the index of a matching element or \fB\-1\fR if there is no match. Note that, in this case, the matching element returned is not guaranteed to be the first; the comparison function will usually compare the values pointed to rather than the pointers themselves and the order of elements in \fBsk\fR could change. .PP -\&\fIsk_TYPE_find_ex()\fR operates like \fIsk_TYPE_find()\fR except when a comparison +\&\fBsk_TYPE_find_ex()\fR operates like \fBsk_TYPE_find()\fR except when a comparison function has been specified and no matching element is found. Instead -of returning \fB\-1\fR, \fIsk_TYPE_find_ex()\fR returns the index of the element +of returning \fB\-1\fR, \fBsk_TYPE_find_ex()\fR returns the index of the element either before or after the location where \fBptr\fR would be if it were present in \fBsk\fR. .PP -\&\fIsk_TYPE_sort()\fR sorts \fBsk\fR using the supplied comparison function. +\&\fBsk_TYPE_sort()\fR sorts \fBsk\fR using the supplied comparison function. .PP -\&\fIsk_TYPE_is_sorted()\fR returns \fB1\fR if \fBsk\fR is sorted and \fB0\fR otherwise. +\&\fBsk_TYPE_is_sorted()\fR returns \fB1\fR if \fBsk\fR is sorted and \fB0\fR otherwise. .PP -\&\fIsk_TYPE_dup()\fR returns a copy of \fBsk\fR. Note the pointers in the copy +\&\fBsk_TYPE_dup()\fR returns a copy of \fBsk\fR. Note the pointers in the copy are identical to the original. .PP -\&\fIsk_TYPE_deep_copy()\fR returns a new stack where each element has been copied. -Copying is performed by the supplied \fIcopyfunc()\fR and freeing by \fIfreefunc()\fR. The -function \fIfreefunc()\fR is only called if an error occurs. +\&\fBsk_TYPE_deep_copy()\fR returns a new stack where each element has been copied. +Copying is performed by the supplied \fBcopyfunc()\fR and freeing by \fBfreefunc()\fR. The +function \fBfreefunc()\fR is only called if an error occurs. .SH "NOTES" .IX Header "NOTES" Care should be taken when accessing stacks in multi-threaded environments. -Any operation which increases the size of a stack such as \fIsk_TYPE_insert()\fR or -\&\fIsk_push()\fR can \*(L"grow\*(R" the size of an internal array and cause race conditions +Any operation which increases the size of a stack such as \fBsk_TYPE_insert()\fR or +\&\fBsk_push()\fR can \*(L"grow\*(R" the size of an internal array and cause race conditions if the same stack is accessed in a different thread. Operations such as -\&\fIsk_find()\fR and \fIsk_sort()\fR can also reorder the stack. +\&\fBsk_find()\fR and \fBsk_sort()\fR can also reorder the stack. .PP Any comparison function supplied should use a metric suitable for use in a binary search operation. That is it should return zero, a @@ -330,66 +334,66 @@ positive or negative value if \fBa\fR is equal to, greater than or less than \fBb\fR respectively. .PP Care should be taken when checking the return values of the functions -\&\fIsk_TYPE_find()\fR and \fIsk_TYPE_find_ex()\fR. They return an index to the +\&\fBsk_TYPE_find()\fR and \fBsk_TYPE_find_ex()\fR. They return an index to the matching element. In particular \fB0\fR indicates a matching first element. A failed search is indicated by a \fB\-1\fR return value. .PP -\&\s-1\fISTACK_OF\s0()\fR, \s-1\fIDEFINE_STACK_OF\s0()\fR, \s-1\fIDEFINE_STACK_OF_CONST\s0()\fR, and -\&\s-1\fIDEFINE_SPECIAL_STACK_OF\s0()\fR are implemented as macros. +\&\s-1\fBSTACK_OF\s0()\fR, \s-1\fBDEFINE_STACK_OF\s0()\fR, \s-1\fBDEFINE_STACK_OF_CONST\s0()\fR, and +\&\s-1\fBDEFINE_SPECIAL_STACK_OF\s0()\fR are implemented as macros. .PP The underlying utility \fBOPENSSL_sk_\fR \s-1API\s0 should not be used directly. -It defines these functions: \fIOPENSSL_sk_deep_copy()\fR, -\&\fIOPENSSL_sk_delete()\fR, \fIOPENSSL_sk_delete_ptr()\fR, \fIOPENSSL_sk_dup()\fR, -\&\fIOPENSSL_sk_find()\fR, \fIOPENSSL_sk_find_ex()\fR, \fIOPENSSL_sk_free()\fR, -\&\fIOPENSSL_sk_insert()\fR, \fIOPENSSL_sk_is_sorted()\fR, \fIOPENSSL_sk_new()\fR, -\&\fIOPENSSL_sk_new_null()\fR, \fIOPENSSL_sk_num()\fR, \fIOPENSSL_sk_pop()\fR, -\&\fIOPENSSL_sk_pop_free()\fR, \fIOPENSSL_sk_push()\fR, \fIOPENSSL_sk_reserve()\fR, -\&\fIOPENSSL_sk_set()\fR, \fIOPENSSL_sk_set_cmp_func()\fR, \fIOPENSSL_sk_shift()\fR, -\&\fIOPENSSL_sk_sort()\fR, \fIOPENSSL_sk_unshift()\fR, \fIOPENSSL_sk_value()\fR, -\&\fIOPENSSL_sk_zero()\fR. +It defines these functions: \fBOPENSSL_sk_deep_copy()\fR, +\&\fBOPENSSL_sk_delete()\fR, \fBOPENSSL_sk_delete_ptr()\fR, \fBOPENSSL_sk_dup()\fR, +\&\fBOPENSSL_sk_find()\fR, \fBOPENSSL_sk_find_ex()\fR, \fBOPENSSL_sk_free()\fR, +\&\fBOPENSSL_sk_insert()\fR, \fBOPENSSL_sk_is_sorted()\fR, \fBOPENSSL_sk_new()\fR, +\&\fBOPENSSL_sk_new_null()\fR, \fBOPENSSL_sk_num()\fR, \fBOPENSSL_sk_pop()\fR, +\&\fBOPENSSL_sk_pop_free()\fR, \fBOPENSSL_sk_push()\fR, \fBOPENSSL_sk_reserve()\fR, +\&\fBOPENSSL_sk_set()\fR, \fBOPENSSL_sk_set_cmp_func()\fR, \fBOPENSSL_sk_shift()\fR, +\&\fBOPENSSL_sk_sort()\fR, \fBOPENSSL_sk_unshift()\fR, \fBOPENSSL_sk_value()\fR, +\&\fBOPENSSL_sk_zero()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIsk_TYPE_num()\fR returns the number of elements in the stack or \fB\-1\fR if the +\&\fBsk_TYPE_num()\fR returns the number of elements in the stack or \fB\-1\fR if the passed stack is \fB\s-1NULL\s0\fR. .PP -\&\fIsk_TYPE_value()\fR returns a pointer to a stack element or \fB\s-1NULL\s0\fR if the +\&\fBsk_TYPE_value()\fR returns a pointer to a stack element or \fB\s-1NULL\s0\fR if the index is out of range. .PP -\&\fIsk_TYPE_new()\fR, \fIsk_TYPE_new_null()\fR and \fIsk_TYPE_new_reserve()\fR return an empty +\&\fBsk_TYPE_new()\fR, \fBsk_TYPE_new_null()\fR and \fBsk_TYPE_new_reserve()\fR return an empty stack or \fB\s-1NULL\s0\fR if an error occurs. .PP -\&\fIsk_TYPE_reserve()\fR returns \fB1\fR on successful allocation of the required memory +\&\fBsk_TYPE_reserve()\fR returns \fB1\fR on successful allocation of the required memory or \fB0\fR on error. .PP -\&\fIsk_TYPE_set_cmp_func()\fR returns the old comparison function or \fB\s-1NULL\s0\fR if +\&\fBsk_TYPE_set_cmp_func()\fR returns the old comparison function or \fB\s-1NULL\s0\fR if there was no old comparison function. .PP -\&\fIsk_TYPE_free()\fR, \fIsk_TYPE_zero()\fR, \fIsk_TYPE_pop_free()\fR and \fIsk_TYPE_sort()\fR do +\&\fBsk_TYPE_free()\fR, \fBsk_TYPE_zero()\fR, \fBsk_TYPE_pop_free()\fR and \fBsk_TYPE_sort()\fR do not return values. .PP -\&\fIsk_TYPE_pop()\fR, \fIsk_TYPE_shift()\fR, \fIsk_TYPE_delete()\fR and \fIsk_TYPE_delete_ptr()\fR +\&\fBsk_TYPE_pop()\fR, \fBsk_TYPE_shift()\fR, \fBsk_TYPE_delete()\fR and \fBsk_TYPE_delete_ptr()\fR return a pointer to the deleted element or \fB\s-1NULL\s0\fR on error. .PP -\&\fIsk_TYPE_insert()\fR, \fIsk_TYPE_push()\fR and \fIsk_TYPE_unshift()\fR return the total +\&\fBsk_TYPE_insert()\fR, \fBsk_TYPE_push()\fR and \fBsk_TYPE_unshift()\fR return the total number of elements in the stack and 0 if an error occurred. .PP -\&\fIsk_TYPE_set()\fR returns a pointer to the replacement element or \fB\s-1NULL\s0\fR on +\&\fBsk_TYPE_set()\fR returns a pointer to the replacement element or \fB\s-1NULL\s0\fR on error. .PP -\&\fIsk_TYPE_find()\fR and \fIsk_TYPE_find_ex()\fR return an index to the found element +\&\fBsk_TYPE_find()\fR and \fBsk_TYPE_find_ex()\fR return an index to the found element or \fB\-1\fR on error. .PP -\&\fIsk_TYPE_is_sorted()\fR returns \fB1\fR if the stack is sorted and \fB0\fR if it is +\&\fBsk_TYPE_is_sorted()\fR returns \fB1\fR if the stack is sorted and \fB0\fR if it is not. .PP -\&\fIsk_TYPE_dup()\fR and \fIsk_TYPE_deep_copy()\fR return a pointer to the copy of the +\&\fBsk_TYPE_dup()\fR and \fBsk_TYPE_deep_copy()\fR return a pointer to the copy of the stack. .SH "HISTORY" .IX Header "HISTORY" Before OpenSSL 1.1.0, this was implemented via macros and not inline functions and was not a public \s-1API.\s0 .PP -\&\fIsk_TYPE_reserve()\fR and \fIsk_TYPE_new_reserve()\fR were added in OpenSSL 1.1.1. +\&\fBsk_TYPE_reserve()\fR and \fBsk_TYPE_new_reserve()\fR were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/DES_random_key.3 b/secure/lib/libcrypto/man/DES_random_key.3 index ad4173cdade0..2ac6a10e38c3 100644 --- a/secure/lib/libcrypto/man/DES_random_key.3 +++ b/secure/lib/libcrypto/man/DES_random_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DES_RANDOM_KEY 3" -.TH DES_RANDOM_KEY 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH DES_RANDOM_KEY 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -229,34 +233,34 @@ consists of 8 bytes with odd parity. The least significant bit in each byte is the parity bit. The key schedule is an expanded form of the key; it is used to speed the encryption process. .PP -\&\fIDES_random_key()\fR generates a random key. The \s-1PRNG\s0 must be seeded -prior to using this function (see \fIRAND_bytes\fR\|(3)). If the \s-1PRNG\s0 +\&\fBDES_random_key()\fR generates a random key. The \s-1PRNG\s0 must be seeded +prior to using this function (see \fBRAND_bytes\fR\|(3)). If the \s-1PRNG\s0 could not generate a secure key, 0 is returned. .PP Before a \s-1DES\s0 key can be used, it must be converted into the architecture dependent \fIDES_key_schedule\fR via the -\&\fIDES_set_key_checked()\fR or \fIDES_set_key_unchecked()\fR function. +\&\fBDES_set_key_checked()\fR or \fBDES_set_key_unchecked()\fR function. .PP -\&\fIDES_set_key_checked()\fR will check that the key passed is of odd parity +\&\fBDES_set_key_checked()\fR will check that the key passed is of odd parity and is not a weak or semi-weak key. If the parity is wrong, then \-1 is returned. If the key is a weak key, then \-2 is returned. If an error is returned, the key schedule is not generated. .PP -\&\fIDES_set_key()\fR works like -\&\fIDES_set_key_checked()\fR if the \fIDES_check_key\fR flag is non-zero, -otherwise like \fIDES_set_key_unchecked()\fR. These functions are available +\&\fBDES_set_key()\fR works like +\&\fBDES_set_key_checked()\fR if the \fIDES_check_key\fR flag is non-zero, +otherwise like \fBDES_set_key_unchecked()\fR. These functions are available for compatibility; it is recommended to use a function that does not depend on a global variable. .PP -\&\fIDES_set_odd_parity()\fR sets the parity of the passed \fIkey\fR to odd. +\&\fBDES_set_odd_parity()\fR sets the parity of the passed \fIkey\fR to odd. .PP -\&\fIDES_is_weak_key()\fR returns 1 if the passed key is a weak key, 0 if it +\&\fBDES_is_weak_key()\fR returns 1 if the passed key is a weak key, 0 if it is ok. .PP The following routines mostly operate on an input and output stream of \&\fIDES_cblock\fRs. .PP -\&\fIDES_ecb_encrypt()\fR is the basic \s-1DES\s0 encryption routine that encrypts or +\&\fBDES_ecb_encrypt()\fR is the basic \s-1DES\s0 encryption routine that encrypts or decrypts a single 8\-byte \fIDES_cblock\fR in \fIelectronic code book\fR (\s-1ECB\s0) mode. It always transforms the input data, pointed to by \&\fIinput\fR, into the output data, pointed to by the \fIoutput\fR argument. @@ -265,9 +269,9 @@ If the \fIencrypt\fR argument is non-zero (\s-1DES_ENCRYPT\s0), the \fIinput\fR key_schedule specified by the \fIschedule\fR argument, previously set via \&\fIDES_set_key\fR. If \fIencrypt\fR is zero (\s-1DES_DECRYPT\s0), the \fIinput\fR (now ciphertext) is decrypted into the \fIoutput\fR (now cleartext). Input -and output may overlap. \fIDES_ecb_encrypt()\fR does not return a value. +and output may overlap. \fBDES_ecb_encrypt()\fR does not return a value. .PP -\&\fIDES_ecb3_encrypt()\fR encrypts/decrypts the \fIinput\fR block by using +\&\fBDES_ecb3_encrypt()\fR encrypts/decrypts the \fIinput\fR block by using three-key Triple-DES encryption in \s-1ECB\s0 mode. This involves encrypting the input with \fIks1\fR, decrypting with the key schedule \fIks2\fR, and then encrypting with \fIks3\fR. This routine greatly reduces the chances @@ -275,10 +279,10 @@ of brute force breaking of \s-1DES\s0 and has the advantage of if \fIks1\fR, \&\fIks2\fR and \fIks3\fR are the same, it is equivalent to just encryption using \s-1ECB\s0 mode and \fIks1\fR as the key. .PP -The macro \fIDES_ecb2_encrypt()\fR is provided to perform two-key Triple-DES +The macro \fBDES_ecb2_encrypt()\fR is provided to perform two-key Triple-DES encryption by using \fIks1\fR for the final encryption. .PP -\&\fIDES_ncbc_encrypt()\fR encrypts/decrypts using the \fIcipher-block-chaining\fR +\&\fBDES_ncbc_encrypt()\fR encrypts/decrypts using the \fIcipher-block-chaining\fR (\s-1CBC\s0) mode of \s-1DES.\s0 If the \fIencrypt\fR argument is non-zero, the routine cipher-block-chain encrypts the cleartext data pointed to by the \fIinput\fR argument into the ciphertext pointed to by the \fIoutput\fR @@ -288,24 +292,24 @@ and initialization vector provided by the \fIivec\fR argument. If the last block is copied to a temporary area and zero filled. The output is always an integral multiple of eight bytes. .PP -\&\fIDES_xcbc_encrypt()\fR is \s-1RSA\s0's \s-1DESX\s0 mode of \s-1DES.\s0 It uses \fIinw\fR and +\&\fBDES_xcbc_encrypt()\fR is \s-1RSA\s0's \s-1DESX\s0 mode of \s-1DES.\s0 It uses \fIinw\fR and \&\fIoutw\fR to 'whiten' the encryption. \fIinw\fR and \fIoutw\fR are secret (unlike the iv) and are as such, part of the key. So the key is sort of 24 bytes. This is much better than \s-1CBC DES.\s0 .PP -\&\fIDES_ede3_cbc_encrypt()\fR implements outer triple \s-1CBC DES\s0 encryption with +\&\fBDES_ede3_cbc_encrypt()\fR implements outer triple \s-1CBC DES\s0 encryption with three keys. This means that each \s-1DES\s0 operation inside the \s-1CBC\s0 mode is \&\f(CW\*(C`C=E(ks3,D(ks2,E(ks1,M)))\*(C'\fR. This mode is used by \s-1SSL.\s0 .PP -The \fIDES_ede2_cbc_encrypt()\fR macro implements two-key Triple-DES by +The \fBDES_ede2_cbc_encrypt()\fR macro implements two-key Triple-DES by reusing \fIks1\fR for the final encryption. \f(CW\*(C`C=E(ks1,D(ks2,E(ks1,M)))\*(C'\fR. This form of Triple-DES is used by the \s-1RSAREF\s0 library. .PP -\&\fIDES_pcbc_encrypt()\fR encrypts/decrypts using the propagating cipher block +\&\fBDES_pcbc_encrypt()\fR encrypts/decrypts using the propagating cipher block chaining mode used by Kerberos v4. Its parameters are the same as -\&\fIDES_ncbc_encrypt()\fR. +\&\fBDES_ncbc_encrypt()\fR. .PP -\&\fIDES_cfb_encrypt()\fR encrypts/decrypts using cipher feedback mode. This +\&\fBDES_cfb_encrypt()\fR encrypts/decrypts using cipher feedback mode. This method takes an array of characters as input and outputs an array of characters. It does not require any padding to 8 character groups. Note: the \fIivec\fR variable is changed and the new changed value needs to @@ -313,7 +317,7 @@ be passed to the next call to this function. Since this function runs a complete \s-1DES ECB\s0 encryption per \fInumbits\fR, this function is only suggested for use when sending a small number of characters. .PP -\&\fIDES_cfb64_encrypt()\fR +\&\fBDES_cfb64_encrypt()\fR implements \s-1CFB\s0 mode of \s-1DES\s0 with 64\-bit feedback. Why is this useful you ask? Because this routine will allow you to encrypt an arbitrary number of bytes, without 8 byte padding. Each call to this @@ -321,10 +325,10 @@ routine will encrypt the input bytes to output and then update ivec and num. num contains 'how far' we are though ivec. If this does not make much sense, read more about \s-1CFB\s0 mode of \s-1DES.\s0 .PP -\&\fIDES_ede3_cfb64_encrypt()\fR and \fIDES_ede2_cfb64_encrypt()\fR is the same as -\&\fIDES_cfb64_encrypt()\fR except that Triple-DES is used. +\&\fBDES_ede3_cfb64_encrypt()\fR and \fBDES_ede2_cfb64_encrypt()\fR is the same as +\&\fBDES_cfb64_encrypt()\fR except that Triple-DES is used. .PP -\&\fIDES_ofb_encrypt()\fR encrypts using output feedback mode. This method +\&\fBDES_ofb_encrypt()\fR encrypts using output feedback mode. This method takes an array of characters as input and outputs an array of characters. It does not require any padding to 8 character groups. Note: the \fIivec\fR variable is changed and the new changed value needs to @@ -332,22 +336,22 @@ be passed to the next call to this function. Since this function runs a complete \s-1DES ECB\s0 encryption per \fInumbits\fR, this function is only suggested for use when sending a small number of characters. .PP -\&\fIDES_ofb64_encrypt()\fR is the same as \fIDES_cfb64_encrypt()\fR using Output +\&\fBDES_ofb64_encrypt()\fR is the same as \fBDES_cfb64_encrypt()\fR using Output Feed Back mode. .PP -\&\fIDES_ede3_ofb64_encrypt()\fR and \fIDES_ede2_ofb64_encrypt()\fR is the same as -\&\fIDES_ofb64_encrypt()\fR, using Triple-DES. +\&\fBDES_ede3_ofb64_encrypt()\fR and \fBDES_ede2_ofb64_encrypt()\fR is the same as +\&\fBDES_ofb64_encrypt()\fR, using Triple-DES. .PP The following functions are included in the \s-1DES\s0 library for compatibility with the \s-1MIT\s0 Kerberos library. .PP -\&\fIDES_cbc_cksum()\fR produces an 8 byte checksum based on the input stream +\&\fBDES_cbc_cksum()\fR produces an 8 byte checksum based on the input stream (via \s-1CBC\s0 encryption). The last 4 bytes of the checksum are returned and the complete 8 bytes are placed in \fIoutput\fR. This function is used by Kerberos v4. Other applications should use -\&\fIEVP_DigestInit\fR\|(3) etc. instead. +\&\fBEVP_DigestInit\fR\|(3) etc. instead. .PP -\&\fIDES_quad_cksum()\fR is a Kerberos v4 function. It returns a 4 byte +\&\fBDES_quad_cksum()\fR is a Kerberos v4 function. It returns a 4 byte checksum from the input bytes. The algorithm can be iterated over the input, depending on \fIout_count\fR, 1, 2, 3 or 4 times. If \fIoutput\fR is non-NULL, the 8 bytes generated by each pass are written into @@ -355,23 +359,23 @@ non-NULL, the 8 bytes generated by each pass are written into .PP The following are DES-based transformations: .PP -\&\fIDES_fcrypt()\fR is a fast version of the Unix \fIcrypt\fR\|(3) function. This +\&\fBDES_fcrypt()\fR is a fast version of the Unix \fBcrypt\fR\|(3) function. This version takes only a small amount of space relative to other fast -\&\fIcrypt()\fR implementations. This is different to the normal \fIcrypt()\fR in +\&\fBcrypt()\fR implementations. This is different to the normal \fBcrypt()\fR in that the third parameter is the buffer that the return value is written into. It needs to be at least 14 bytes long. This function -is thread safe, unlike the normal \fIcrypt()\fR. +is thread safe, unlike the normal \fBcrypt()\fR. .PP -\&\fIDES_crypt()\fR is a faster replacement for the normal system \fIcrypt()\fR. -This function calls \fIDES_fcrypt()\fR with a static array passed as the +\&\fBDES_crypt()\fR is a faster replacement for the normal system \fBcrypt()\fR. +This function calls \fBDES_fcrypt()\fR with a static array passed as the third parameter. This mostly emulates the normal non-thread-safe semantics -of \fIcrypt\fR\|(3). +of \fBcrypt\fR\|(3). The \fBsalt\fR must be two \s-1ASCII\s0 characters. .PP -The values returned by \fIDES_fcrypt()\fR and \fIDES_crypt()\fR are terminated by \s-1NUL\s0 +The values returned by \fBDES_fcrypt()\fR and \fBDES_crypt()\fR are terminated by \s-1NUL\s0 character. .PP -\&\fIDES_enc_write()\fR writes \fIlen\fR bytes to file descriptor \fIfd\fR from +\&\fBDES_enc_write()\fR writes \fIlen\fR bytes to file descriptor \fIfd\fR from buffer \fIbuf\fR. The data is encrypted via \fIpcbc_encrypt\fR (default) using \fIsched\fR for the key and \fIiv\fR as a starting vector. The actual data send down \fIfd\fR consists of 4 bytes (in network byte order) @@ -380,10 +384,10 @@ data then follows, padded with random data out to a multiple of 8 bytes. .SH "BUGS" .IX Header "BUGS" -\&\fIDES_cbc_encrypt()\fR does not modify \fBivec\fR; use \fIDES_ncbc_encrypt()\fR +\&\fBDES_cbc_encrypt()\fR does not modify \fBivec\fR; use \fBDES_ncbc_encrypt()\fR instead. .PP -\&\fIDES_cfb_encrypt()\fR and \fIDES_ofb_encrypt()\fR operates on input of 8 bits. +\&\fBDES_cfb_encrypt()\fR and \fBDES_ofb_encrypt()\fR operates on input of 8 bits. What this means is that if you set numbits to 12, and length to 2, the first 12 bits will come from the 1st input byte and the low half of the second input byte. The second 12 bits will have the low 8 bits @@ -393,41 +397,41 @@ implemented this way because most people will be using a multiple of 8 and because once you get into pulling bytes input bytes apart things get ugly! .PP -\&\fIDES_string_to_key()\fR is available for backward compatibility with the +\&\fBDES_string_to_key()\fR is available for backward compatibility with the \&\s-1MIT\s0 library. New applications should use a cryptographic hash function. -The same applies for \fIDES_string_to_2key()\fR. +The same applies for \fBDES_string_to_2key()\fR. .SH "NOTES" .IX Header "NOTES" The \fBdes\fR library was written to be source code compatible with the \s-1MIT\s0 Kerberos library. .PP Applications should use the higher level functions -\&\fIEVP_EncryptInit\fR\|(3) etc. instead of calling these +\&\fBEVP_EncryptInit\fR\|(3) etc. instead of calling these functions directly. .PP Single-key \s-1DES\s0 is insecure due to its short key size. \s-1ECB\s0 mode is -not suitable for most applications; see \fIdes_modes\fR\|(7). +not suitable for most applications; see \fBdes_modes\fR\|(7). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIDES_set_key()\fR, \fIDES_key_sched()\fR, \fIDES_set_key_checked()\fR and \fIDES_is_weak_key()\fR +\&\fBDES_set_key()\fR, \fBDES_key_sched()\fR, \fBDES_set_key_checked()\fR and \fBDES_is_weak_key()\fR return 0 on success or negative values on error. .PP -\&\fIDES_cbc_cksum()\fR and \fIDES_quad_cksum()\fR return 4\-byte integer representing the +\&\fBDES_cbc_cksum()\fR and \fBDES_quad_cksum()\fR return 4\-byte integer representing the last 4 bytes of the checksum of the input. .PP -\&\fIDES_fcrypt()\fR returns a pointer to the caller-provided buffer and \fIDES_crypt()\fR \- +\&\fBDES_fcrypt()\fR returns a pointer to the caller-provided buffer and \fBDES_crypt()\fR \- to a static buffer on success; otherwise they return \s-1NULL.\s0 .SH "HISTORY" .IX Header "HISTORY" -The requirement that the \fBsalt\fR parameter to \fIDES_crypt()\fR and \fIDES_fcrypt()\fR +The requirement that the \fBsalt\fR parameter to \fBDES_crypt()\fR and \fBDES_fcrypt()\fR be two \s-1ASCII\s0 characters was first enforced in OpenSSL 1.1.0. Previous versions tried to use the letter uppercase \fBA\fR if both character were not present, and could crash when given non-ASCII on some platforms. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIdes_modes\fR\|(7), -\&\fIEVP_EncryptInit\fR\|(3) +\&\fBdes_modes\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/DH_generate_key.3 b/secure/lib/libcrypto/man/DH_generate_key.3 index 51c098116311..6e89587addd1 100644 --- a/secure/lib/libcrypto/man/DH_generate_key.3 +++ b/secure/lib/libcrypto/man/DH_generate_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_GENERATE_KEY 3" -.TH DH_GENERATE_KEY 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH DH_GENERATE_KEY 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,31 +151,31 @@ DH_generate_key, DH_compute_key \- perform Diffie\-Hellman key exchange .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIDH_generate_key()\fR performs the first step of a Diffie-Hellman key +\&\fBDH_generate_key()\fR performs the first step of a Diffie-Hellman key exchange by generating private and public \s-1DH\s0 values. By calling -\&\fIDH_compute_key()\fR, these are combined with the other party's public +\&\fBDH_compute_key()\fR, these are combined with the other party's public value to compute the shared key. .PP -\&\fIDH_generate_key()\fR expects \fBdh\fR to contain the shared parameters +\&\fBDH_generate_key()\fR expects \fBdh\fR to contain the shared parameters \&\fBdh\->p\fR and \fBdh\->g\fR. It generates a random private \s-1DH\s0 value unless \fBdh\->priv_key\fR is already set, and computes the corresponding public value \fBdh\->pub_key\fR, which can then be published. .PP -\&\fIDH_compute_key()\fR computes the shared secret from the private \s-1DH\s0 value +\&\fBDH_compute_key()\fR computes the shared secret from the private \s-1DH\s0 value in \fBdh\fR and the other party's public value in \fBpub_key\fR and stores it in \fBkey\fR. \fBkey\fR must point to \fBDH_size(dh)\fR bytes of memory. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIDH_generate_key()\fR returns 1 on success, 0 otherwise. +\&\fBDH_generate_key()\fR returns 1 on success, 0 otherwise. .PP -\&\fIDH_compute_key()\fR returns the size of the shared secret on success, \-1 +\&\fBDH_compute_key()\fR returns the size of the shared secret on success, \-1 on error. .PP -The error codes can be obtained by \fIERR_get_error\fR\|(3). +The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIDH_new\fR\|(3), \fIERR_get_error\fR\|(3), \fIRAND_bytes\fR\|(3), \fIDH_size\fR\|(3) +\&\fBDH_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), \fBDH_size\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/DH_generate_parameters.3 b/secure/lib/libcrypto/man/DH_generate_parameters.3 index acdadf8987d0..b8695b8baf81 100644 --- a/secure/lib/libcrypto/man/DH_generate_parameters.3 +++ b/secure/lib/libcrypto/man/DH_generate_parameters.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_GENERATE_PARAMETERS 3" -.TH DH_GENERATE_PARAMETERS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH DH_GENERATE_PARAMETERS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -161,11 +165,11 @@ Deprecated: .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIDH_generate_parameters_ex()\fR generates Diffie-Hellman parameters that can +\&\fBDH_generate_parameters_ex()\fR generates Diffie-Hellman parameters that can be shared among a group of users, and stores them in the provided \fB\s-1DH\s0\fR structure. The pseudo-random number generator must be seeded before calling it. -The parameters generated by \fIDH_generate_parameters_ex()\fR should not be used in +The parameters generated by \fBDH_generate_parameters_ex()\fR should not be used in signature schemes. .PP \&\fBprime_len\fR is the length in bits of the safe prime to be generated. @@ -173,19 +177,19 @@ signature schemes. .PP A callback function may be used to provide feedback about the progress of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it will be -called as described in \fIBN_generate_prime\fR\|(3) while a random prime +called as described in \fBBN_generate_prime\fR\|(3) while a random prime number is generated, and when a prime has been found, \fBBN_GENCB_call(cb, 3, 0)\fR -is called. See \fIBN_generate_prime_ex\fR\|(3) for information on -the \fIBN_GENCB_call()\fR function. +is called. See \fBBN_generate_prime_ex\fR\|(3) for information on +the \fBBN_GENCB_call()\fR function. .PP -\&\fIDH_generate_parameters()\fR is similar to \fIDH_generate_prime_ex()\fR but +\&\fBDH_generate_parameters()\fR is similar to \fBDH_generate_prime_ex()\fR but expects an old-style callback function; see -\&\fIBN_generate_prime\fR\|(3) for information on the old-style callback. +\&\fBBN_generate_prime\fR\|(3) for information on the old-style callback. .PP -\&\fIDH_check_params()\fR confirms that the \fBp\fR and \fBg\fR are likely enough to +\&\fBDH_check_params()\fR confirms that the \fBp\fR and \fBg\fR are likely enough to be valid. This is a lightweight check, if a more thorough check is needed, use -\&\fIDH_check()\fR. +\&\fBDH_check()\fR. The value of \fB*codes\fR is updated with any problems found. If \fB*codes\fR is zero then no problems were found, otherwise the following bits may be set: @@ -200,7 +204,7 @@ The generator \fBg\fR is not suitable. Note that the lack of this bit doesn't guarantee that \fBg\fR is suitable, unless \fBp\fR is known to be a strong prime. .PP -\&\fIDH_check()\fR confirms that the Diffie-Hellman parameters \fBdh\fR are valid. The +\&\fBDH_check()\fR confirms that the Diffie-Hellman parameters \fBdh\fR are valid. The value of \fB*codes\fR is updated with any problems found. If \fB*codes\fR is zero then no problems were found, otherwise the following bits may be set: .IP "\s-1DH_CHECK_P_NOT_PRIME\s0" 4 @@ -225,30 +229,30 @@ The parameter \fBq\fR is invalid. .IX Item "DH_CHECK_INVALID_J_VALUE" The parameter \fBj\fR is invalid. .PP -\&\fIDH_check_ex()\fR, \fIDH_check_params()\fR and \fIDH_check_pub_key_ex()\fR are similar to -\&\fIDH_check()\fR and \fIDH_check_params()\fR respectively, but the error reasons are added +\&\fBDH_check_ex()\fR, \fBDH_check_params()\fR and \fBDH_check_pub_key_ex()\fR are similar to +\&\fBDH_check()\fR and \fBDH_check_params()\fR respectively, but the error reasons are added to the thread's error queue instead of provided as return values from the function. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIDH_generate_parameters_ex()\fR, \fIDH_check()\fR and \fIDH_check_params()\fR return 1 +\&\fBDH_generate_parameters_ex()\fR, \fBDH_check()\fR and \fBDH_check_params()\fR return 1 if the check could be performed, 0 otherwise. .PP -\&\fIDH_generate_parameters()\fR returns a pointer to the \s-1DH\s0 structure or \s-1NULL\s0 if +\&\fBDH_generate_parameters()\fR returns a pointer to the \s-1DH\s0 structure or \s-1NULL\s0 if the parameter generation fails. .PP -\&\fIDH_check_ex()\fR, \fIDH_check_params()\fR and \fIDH_check_pub_key_ex()\fR return 1 if the +\&\fBDH_check_ex()\fR, \fBDH_check_params()\fR and \fBDH_check_pub_key_ex()\fR return 1 if the check is successful, 0 for failed. .PP -The error codes can be obtained by \fIERR_get_error\fR\|(3). +The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIDH_new\fR\|(3), \fIERR_get_error\fR\|(3), \fIRAND_bytes\fR\|(3), -\&\fIDH_free\fR\|(3) +\&\fBDH_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), +\&\fBDH_free\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIDH_generate_parameters()\fR was deprecated in OpenSSL 0.9.8; use -\&\fIDH_generate_parameters_ex()\fR instead. +\&\fBDH_generate_parameters()\fR was deprecated in OpenSSL 0.9.8; use +\&\fBDH_generate_parameters_ex()\fR instead. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/DH_get0_pqg.3 b/secure/lib/libcrypto/man/DH_get0_pqg.3 index 4d900d008a47..363d5744f43c 100644 --- a/secure/lib/libcrypto/man/DH_get0_pqg.3 +++ b/secure/lib/libcrypto/man/DH_get0_pqg.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_GET0_PQG 3" -.TH DH_GET0_PQG 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH DH_GET0_PQG 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -165,7 +169,7 @@ A \s-1DH\s0 object contains the parameters \fBp\fR, \fBq\fR and \fBg\fR. Note th parameter is optional. It also contains a public key (\fBpub_key\fR) and (optionally) a private key (\fBpriv_key\fR). .PP -The \fBp\fR, \fBq\fR and \fBg\fR parameters can be obtained by calling \fIDH_get0_pqg()\fR. +The \fBp\fR, \fBq\fR and \fBg\fR parameters can be obtained by calling \fBDH_get0_pqg()\fR. If the parameters have not yet been set then \fB*p\fR, \fB*q\fR and \fB*g\fR will be set to \s-1NULL.\s0 Otherwise they are set to pointers to their respective values. These point directly to the internal representations of the values and therefore @@ -173,13 +177,13 @@ should not be freed directly. Any of the out parameters \fBp\fR, \fBq\fR, and \fBg\fR can be \s-1NULL,\s0 in which case no value will be returned for that parameter. .PP -The \fBp\fR, \fBq\fR and \fBg\fR values can be set by calling \fIDH_set0_pqg()\fR and passing +The \fBp\fR, \fBq\fR and \fBg\fR values can be set by calling \fBDH_set0_pqg()\fR and passing the new values for \fBp\fR, \fBq\fR and \fBg\fR as parameters to the function. Calling this function transfers the memory management of the values to the \s-1DH\s0 object, and therefore the values that have been passed in should not be freed directly after this function has been called. The \fBq\fR parameter may be \s-1NULL.\s0 .PP -To get the public and private key values use the \fIDH_get0_key()\fR function. A +To get the public and private key values use the \fBDH_get0_key()\fR function. A pointer to the public key will be stored in \fB*pub_key\fR, and a pointer to the private key will be stored in \fB*priv_key\fR. Either may be \s-1NULL\s0 if they have not been set yet, although if the private key has been set then the public key must @@ -188,55 +192,55 @@ private key values. This memory should not be freed directly. Any of the out parameters \fBpub_key\fR and \fBpriv_key\fR can be \s-1NULL,\s0 in which case no value will be returned for that parameter. .PP -The public and private key values can be set using \fIDH_set0_key()\fR. Either +The public and private key values can be set using \fBDH_set0_key()\fR. Either parameter may be \s-1NULL,\s0 which means the corresponding \s-1DH\s0 field is left -untouched. As with \fIDH_set0_pqg()\fR this function transfers the memory management +untouched. As with \fBDH_set0_pqg()\fR this function transfers the memory management of the key values to the \s-1DH\s0 object, and therefore they should not be freed directly after this function has been called. .PP Any of the values \fBp\fR, \fBq\fR, \fBg\fR, \fBpriv_key\fR, and \fBpub_key\fR can also be -retrieved separately by the corresponding function \fIDH_get0_p()\fR, \fIDH_get0_q()\fR, -\&\fIDH_get0_g()\fR, \fIDH_get0_priv_key()\fR, and \fIDH_get0_pub_key()\fR, respectively. +retrieved separately by the corresponding function \fBDH_get0_p()\fR, \fBDH_get0_q()\fR, +\&\fBDH_get0_g()\fR, \fBDH_get0_priv_key()\fR, and \fBDH_get0_pub_key()\fR, respectively. .PP -\&\fIDH_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1DH\s0 object. +\&\fBDH_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1DH\s0 object. Multiple flags can be passed in one go (bitwise ORed together). Any flags that -are already set are left set. \fIDH_test_flags()\fR tests to see whether the flags +are already set are left set. \fBDH_test_flags()\fR tests to see whether the flags passed in the \fBflags\fR parameter are currently set in the \s-1DH\s0 object. Multiple flags can be tested in one go. All flags that are currently set are returned, or -zero if none of the flags are set. \fIDH_clear_flags()\fR clears the specified flags +zero if none of the flags are set. \fBDH_clear_flags()\fR clears the specified flags within the \s-1DH\s0 object. .PP -\&\fIDH_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for this \s-1DH\s0 +\&\fBDH_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for this \s-1DH\s0 object, or \s-1NULL\s0 if no such \s-1ENGINE\s0 has been set. .PP -The \fIDH_get_length()\fR and \fIDH_set_length()\fR functions get and set the optional +The \fBDH_get_length()\fR and \fBDH_set_length()\fR functions get and set the optional length parameter associated with this \s-1DH\s0 object. If the length is non-zero then it is used, otherwise it is ignored. The \fBlength\fR parameter indicates the length of the secret exponent (private key) in bits. .SH "NOTES" .IX Header "NOTES" -Values retrieved with \fIDH_get0_key()\fR are owned by the \s-1DH\s0 object used -in the call and may therefore \fInot\fR be passed to \fIDH_set0_key()\fR. If -needed, duplicate the received value using \fIBN_dup()\fR and pass the -duplicate. The same applies to \fIDH_get0_pqg()\fR and \fIDH_set0_pqg()\fR. +Values retrieved with \fBDH_get0_key()\fR are owned by the \s-1DH\s0 object used +in the call and may therefore \fInot\fR be passed to \fBDH_set0_key()\fR. If +needed, duplicate the received value using \fBBN_dup()\fR and pass the +duplicate. The same applies to \fBDH_get0_pqg()\fR and \fBDH_set0_pqg()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIDH_set0_pqg()\fR and \fIDH_set0_key()\fR return 1 on success or 0 on failure. +\&\fBDH_set0_pqg()\fR and \fBDH_set0_key()\fR return 1 on success or 0 on failure. .PP -\&\fIDH_get0_p()\fR, \fIDH_get0_q()\fR, \fIDH_get0_g()\fR, \fIDH_get0_priv_key()\fR, and \fIDH_get0_pub_key()\fR +\&\fBDH_get0_p()\fR, \fBDH_get0_q()\fR, \fBDH_get0_g()\fR, \fBDH_get0_priv_key()\fR, and \fBDH_get0_pub_key()\fR return the respective value, or \s-1NULL\s0 if it is unset. .PP -\&\fIDH_test_flags()\fR returns the current state of the flags in the \s-1DH\s0 object. +\&\fBDH_test_flags()\fR returns the current state of the flags in the \s-1DH\s0 object. .PP -\&\fIDH_get0_engine()\fR returns the \s-1ENGINE\s0 set for the \s-1DH\s0 object or \s-1NULL\s0 if no \s-1ENGINE\s0 +\&\fBDH_get0_engine()\fR returns the \s-1ENGINE\s0 set for the \s-1DH\s0 object or \s-1NULL\s0 if no \s-1ENGINE\s0 has been set. .PP -\&\fIDH_get_length()\fR returns the length of the secret exponent (private key) in bits, +\&\fBDH_get_length()\fR returns the length of the secret exponent (private key) in bits, or zero if no such length has been explicitly set. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIDH_new\fR\|(3), \fIDH_new\fR\|(3), \fIDH_generate_parameters\fR\|(3), \fIDH_generate_key\fR\|(3), -\&\fIDH_set_method\fR\|(3), \fIDH_size\fR\|(3), \fIDH_meth_new\fR\|(3) +\&\fBDH_new\fR\|(3), \fBDH_new\fR\|(3), \fBDH_generate_parameters\fR\|(3), \fBDH_generate_key\fR\|(3), +\&\fBDH_set_method\fR\|(3), \fBDH_size\fR\|(3), \fBDH_meth_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The functions described here were added in OpenSSL 1.1.0. diff --git a/secure/lib/libcrypto/man/DH_get_1024_160.3 b/secure/lib/libcrypto/man/DH_get_1024_160.3 index 593aadeedeca..7230fd38edfd 100644 --- a/secure/lib/libcrypto/man/DH_get_1024_160.3 +++ b/secure/lib/libcrypto/man/DH_get_1024_160.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_GET_1024_160 3" -.TH DH_GET_1024_160 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH DH_GET_1024_160 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -161,17 +165,17 @@ DH_get_1024_160, DH_get_2048_224, DH_get_2048_256, BN_get0_nist_prime_192, BN_ge .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIDH_get_1024_160()\fR, \fIDH_get_2048_224()\fR, and \fIDH_get_2048_256()\fR each return +\&\fBDH_get_1024_160()\fR, \fBDH_get_2048_224()\fR, and \fBDH_get_2048_256()\fR each return a \s-1DH\s0 object for the \s-1IETF RFC 5114\s0 value. .PP -\&\fIBN_get0_nist_prime_192()\fR, \fIBN_get0_nist_prime_224()\fR, \fIBN_get0_nist_prime_256()\fR, -\&\fIBN_get0_nist_prime_384()\fR, and \fIBN_get0_nist_prime_521()\fR functions return +\&\fBBN_get0_nist_prime_192()\fR, \fBBN_get0_nist_prime_224()\fR, \fBBN_get0_nist_prime_256()\fR, +\&\fBBN_get0_nist_prime_384()\fR, and \fBBN_get0_nist_prime_521()\fR functions return a \s-1BIGNUM\s0 for the specific \s-1NIST\s0 prime curve (e.g., P\-256). .PP -\&\fIBN_get_rfc2409_prime_768()\fR, \fIBN_get_rfc2409_prime_1024()\fR, -\&\fIBN_get_rfc3526_prime_1536()\fR, \fIBN_get_rfc3526_prime_2048()\fR, -\&\fIBN_get_rfc3526_prime_3072()\fR, \fIBN_get_rfc3526_prime_4096()\fR, -\&\fIBN_get_rfc3526_prime_6144()\fR, and \fIBN_get_rfc3526_prime_8192()\fR functions +\&\fBBN_get_rfc2409_prime_768()\fR, \fBBN_get_rfc2409_prime_1024()\fR, +\&\fBBN_get_rfc3526_prime_1536()\fR, \fBBN_get_rfc3526_prime_2048()\fR, +\&\fBBN_get_rfc3526_prime_3072()\fR, \fBBN_get_rfc3526_prime_4096()\fR, +\&\fBBN_get_rfc3526_prime_6144()\fR, and \fBBN_get_rfc3526_prime_8192()\fR functions return a \s-1BIGNUM\s0 for the specified size from \s-1IETF RFC 2409.\s0 If \fBbn\fR is not \s-1NULL,\s0 the \s-1BIGNUM\s0 will be set into that location as well. .SH "RETURN VALUES" diff --git a/secure/lib/libcrypto/man/DH_meth_new.3 b/secure/lib/libcrypto/man/DH_meth_new.3 index 0903e7408a8b..4620667e6c88 100644 --- a/secure/lib/libcrypto/man/DH_meth_new.3 +++ b/secure/lib/libcrypto/man/DH_meth_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_METH_NEW 3" -.TH DH_METH_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH DH_METH_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -189,45 +193,45 @@ The \fB\s-1DH_METHOD\s0\fR type is a structure used for the provision of custom implementations. It provides a set of functions used by OpenSSL for the implementation of the various \s-1DH\s0 capabilities. .PP -\&\fIDH_meth_new()\fR creates a new \fB\s-1DH_METHOD\s0\fR structure. It should be given a +\&\fBDH_meth_new()\fR creates a new \fB\s-1DH_METHOD\s0\fR structure. It should be given a unique \fBname\fR and a set of \fBflags\fR. The \fBname\fR should be a \s-1NULL\s0 terminated string, which will be duplicated and stored in the \fB\s-1DH_METHOD\s0\fR object. It is the callers responsibility to free the original string. The flags will be used during the construction of a new \fB\s-1DH\s0\fR object based on this \fB\s-1DH_METHOD\s0\fR. Any new \fB\s-1DH\s0\fR object will have those flags set by default. .PP -\&\fIDH_meth_dup()\fR creates a duplicate copy of the \fB\s-1DH_METHOD\s0\fR object passed as a +\&\fBDH_meth_dup()\fR creates a duplicate copy of the \fB\s-1DH_METHOD\s0\fR object passed as a parameter. This might be useful for creating a new \fB\s-1DH_METHOD\s0\fR based on an existing one, but with some differences. .PP -\&\fIDH_meth_free()\fR destroys a \fB\s-1DH_METHOD\s0\fR structure and frees up any memory +\&\fBDH_meth_free()\fR destroys a \fB\s-1DH_METHOD\s0\fR structure and frees up any memory associated with it. .PP -\&\fIDH_meth_get0_name()\fR will return a pointer to the name of this \s-1DH_METHOD.\s0 This +\&\fBDH_meth_get0_name()\fR will return a pointer to the name of this \s-1DH_METHOD.\s0 This is a pointer to the internal name string and so should not be freed by the -caller. \fIDH_meth_set1_name()\fR sets the name of the \s-1DH_METHOD\s0 to \fBname\fR. The +caller. \fBDH_meth_set1_name()\fR sets the name of the \s-1DH_METHOD\s0 to \fBname\fR. The string is duplicated and the copy is stored in the \s-1DH_METHOD\s0 structure, so the caller remains responsible for freeing the memory associated with the name. .PP -\&\fIDH_meth_get_flags()\fR returns the current value of the flags associated with this -\&\s-1DH_METHOD.\s0 \fIDH_meth_set_flags()\fR provides the ability to set these flags. +\&\fBDH_meth_get_flags()\fR returns the current value of the flags associated with this +\&\s-1DH_METHOD.\s0 \fBDH_meth_set_flags()\fR provides the ability to set these flags. .PP -The functions \fIDH_meth_get0_app_data()\fR and \fIDH_meth_set0_app_data()\fR provide the +The functions \fBDH_meth_get0_app_data()\fR and \fBDH_meth_set0_app_data()\fR provide the ability to associate implementation specific data with the \s-1DH_METHOD.\s0 It is the application's responsibility to free this data before the \s-1DH_METHOD\s0 is -freed via a call to \fIDH_meth_free()\fR. +freed via a call to \fBDH_meth_free()\fR. .PP -\&\fIDH_meth_get_generate_key()\fR and \fIDH_meth_set_generate_key()\fR get and set the +\&\fBDH_meth_get_generate_key()\fR and \fBDH_meth_set_generate_key()\fR get and set the function used for generating a new \s-1DH\s0 key pair respectively. This function will -be called in response to the application calling \fIDH_generate_key()\fR. The -parameter for the function has the same meaning as for \fIDH_generate_key()\fR. +be called in response to the application calling \fBDH_generate_key()\fR. The +parameter for the function has the same meaning as for \fBDH_generate_key()\fR. .PP -\&\fIDH_meth_get_compute_key()\fR and \fIDH_meth_set_compute_key()\fR get and set the +\&\fBDH_meth_get_compute_key()\fR and \fBDH_meth_set_compute_key()\fR get and set the function used for computing a new \s-1DH\s0 shared secret respectively. This function -will be called in response to the application calling \fIDH_compute_key()\fR. The -parameters for the function have the same meaning as for \fIDH_compute_key()\fR. +will be called in response to the application calling \fBDH_compute_key()\fR. The +parameters for the function have the same meaning as for \fBDH_compute_key()\fR. .PP -\&\fIDH_meth_get_bn_mod_exp()\fR and \fIDH_meth_set_bn_mod_exp()\fR get and set the function +\&\fBDH_meth_get_bn_mod_exp()\fR and \fBDH_meth_set_bn_mod_exp()\fR get and set the function used for computing the following value: .PP .Vb 1 @@ -235,48 +239,48 @@ used for computing the following value: .Ve .PP This function will be called by the default OpenSSL function for -\&\fIDH_generate_key()\fR. The result is stored in the \fBr\fR parameter. This function +\&\fBDH_generate_key()\fR. The result is stored in the \fBr\fR parameter. This function may be \s-1NULL\s0 unless using the default generate key function, in which case it must be present. .PP -\&\fIDH_meth_get_init()\fR and \fIDH_meth_set_init()\fR get and set the function used +\&\fBDH_meth_get_init()\fR and \fBDH_meth_set_init()\fR get and set the function used for creating a new \s-1DH\s0 instance respectively. This function will be -called in response to the application calling \fIDH_new()\fR (if the current default -\&\s-1DH_METHOD\s0 is this one) or \fIDH_new_method()\fR. The \fIDH_new()\fR and \fIDH_new_method()\fR +called in response to the application calling \fBDH_new()\fR (if the current default +\&\s-1DH_METHOD\s0 is this one) or \fBDH_new_method()\fR. The \fBDH_new()\fR and \fBDH_new_method()\fR functions will allocate the memory for the new \s-1DH\s0 object, and a pointer to this newly allocated structure will be passed as a parameter to the function. This function may be \s-1NULL.\s0 .PP -\&\fIDH_meth_get_finish()\fR and \fIDH_meth_set_finish()\fR get and set the function used +\&\fBDH_meth_get_finish()\fR and \fBDH_meth_set_finish()\fR get and set the function used for destroying an instance of a \s-1DH\s0 object respectively. This function will be -called in response to the application calling \fIDH_free()\fR. A pointer to the \s-1DH\s0 +called in response to the application calling \fBDH_free()\fR. A pointer to the \s-1DH\s0 to be destroyed is passed as a parameter. The destroy function should be used for \s-1DH\s0 implementation specific clean up. The memory for the \s-1DH\s0 itself should not be freed by this function. This function may be \s-1NULL.\s0 .PP -\&\fIDH_meth_get_generate_params()\fR and \fIDH_meth_set_generate_params()\fR get and set the +\&\fBDH_meth_get_generate_params()\fR and \fBDH_meth_set_generate_params()\fR get and set the function used for generating \s-1DH\s0 parameters respectively. This function will be -called in response to the application calling \fIDH_generate_parameters_ex()\fR (or -\&\fIDH_generate_parameters()\fR). The parameters for the function have the same -meaning as for \fIDH_generate_parameters_ex()\fR. This function may be \s-1NULL.\s0 +called in response to the application calling \fBDH_generate_parameters_ex()\fR (or +\&\fBDH_generate_parameters()\fR). The parameters for the function have the same +meaning as for \fBDH_generate_parameters_ex()\fR. This function may be \s-1NULL.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIDH_meth_new()\fR and \fIDH_meth_dup()\fR return the newly allocated \s-1DH_METHOD\s0 object +\&\fBDH_meth_new()\fR and \fBDH_meth_dup()\fR return the newly allocated \s-1DH_METHOD\s0 object or \s-1NULL\s0 on failure. .PP -\&\fIDH_meth_get0_name()\fR and \fIDH_meth_get_flags()\fR return the name and flags +\&\fBDH_meth_get0_name()\fR and \fBDH_meth_get_flags()\fR return the name and flags associated with the \s-1DH_METHOD\s0 respectively. .PP All other DH_meth_get_*() functions return the appropriate function pointer that has been set in the \s-1DH_METHOD,\s0 or \s-1NULL\s0 if no such pointer has yet been set. .PP -\&\fIDH_meth_set1_name()\fR and all DH_meth_set_*() functions return 1 on success or +\&\fBDH_meth_set1_name()\fR and all DH_meth_set_*() functions return 1 on success or 0 on failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIDH_new\fR\|(3), \fIDH_new\fR\|(3), \fIDH_generate_parameters\fR\|(3), \fIDH_generate_key\fR\|(3), -\&\fIDH_set_method\fR\|(3), \fIDH_size\fR\|(3), \fIDH_get0_pqg\fR\|(3) +\&\fBDH_new\fR\|(3), \fBDH_new\fR\|(3), \fBDH_generate_parameters\fR\|(3), \fBDH_generate_key\fR\|(3), +\&\fBDH_set_method\fR\|(3), \fBDH_size\fR\|(3), \fBDH_get0_pqg\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The functions described here were added in OpenSSL 1.1.0. diff --git a/secure/lib/libcrypto/man/DH_new.3 b/secure/lib/libcrypto/man/DH_new.3 index 292eb9b710a7..c6f509e4b28c 100644 --- a/secure/lib/libcrypto/man/DH_new.3 +++ b/secure/lib/libcrypto/man/DH_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_NEW 3" -.TH DH_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH DH_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,23 +151,23 @@ DH_new, DH_free \- allocate and free DH objects .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIDH_new()\fR allocates and initializes a \fB\s-1DH\s0\fR structure. +\&\fBDH_new()\fR allocates and initializes a \fB\s-1DH\s0\fR structure. .PP -\&\fIDH_free()\fR frees the \fB\s-1DH\s0\fR structure and its components. The values are +\&\fBDH_free()\fR frees the \fB\s-1DH\s0\fR structure and its components. The values are erased before the memory is returned to the system. If \fBdh\fR is \s-1NULL\s0 nothing is done. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -If the allocation fails, \fIDH_new()\fR returns \fB\s-1NULL\s0\fR and sets an error -code that can be obtained by \fIERR_get_error\fR\|(3). Otherwise it returns +If the allocation fails, \fBDH_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by \fBERR_get_error\fR\|(3). Otherwise it returns a pointer to the newly allocated structure. .PP -\&\fIDH_free()\fR returns no value. +\&\fBDH_free()\fR returns no value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIDH_new\fR\|(3), \fIERR_get_error\fR\|(3), -\&\fIDH_generate_parameters\fR\|(3), -\&\fIDH_generate_key\fR\|(3) +\&\fBDH_new\fR\|(3), \fBERR_get_error\fR\|(3), +\&\fBDH_generate_parameters\fR\|(3), +\&\fBDH_generate_key\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/DH_new_by_nid.3 b/secure/lib/libcrypto/man/DH_new_by_nid.3 index d49e9f9b1546..57a53351b46c 100644 --- a/secure/lib/libcrypto/man/DH_new_by_nid.3 +++ b/secure/lib/libcrypto/man/DH_new_by_nid.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_NEW_BY_NID 3" -.TH DH_NEW_BY_NID 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH DH_NEW_BY_NID 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,18 +149,18 @@ DH_new_by_nid, DH_get_nid \- get or find DH named parameters .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIDH_new_by_nid()\fR creates and returns a \s-1DH\s0 structure containing named parameters +\&\fBDH_new_by_nid()\fR creates and returns a \s-1DH\s0 structure containing named parameters \&\fBnid\fR. Currently \fBnid\fR must be \fBNID_ffdhe2048\fR, \fBNID_ffdhe3072\fR, \&\fBNID_ffdhe4096\fR, \fBNID_ffdhe6144\fR or \fBNID_ffdhe8192\fR. .PP -\&\fIDH_get_nid()\fR determines if the parameters contained in \fBdh\fR match +\&\fBDH_get_nid()\fR determines if the parameters contained in \fBdh\fR match any named set. It returns the \s-1NID\s0 corresponding to the matching parameters or \&\fBNID_undef\fR if there is no match. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIDH_new_by_nid()\fR returns a set of \s-1DH\s0 parameters or \fB\s-1NULL\s0\fR if an error occurred. +\&\fBDH_new_by_nid()\fR returns a set of \s-1DH\s0 parameters or \fB\s-1NULL\s0\fR if an error occurred. .PP -\&\fIDH_get_nid()\fR returns the \s-1NID\s0 of the matching set of parameters or +\&\fBDH_get_nid()\fR returns the \s-1NID\s0 of the matching set of parameters or \&\fBNID_undef\fR if there is no match. .SH "COPYRIGHT" .IX Header "COPYRIGHT" diff --git a/secure/lib/libcrypto/man/DH_set_method.3 b/secure/lib/libcrypto/man/DH_set_method.3 index cd0f6560ecbc..a976e2ab4571 100644 --- a/secure/lib/libcrypto/man/DH_set_method.3 +++ b/secure/lib/libcrypto/man/DH_set_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_SET_METHOD 3" -.TH DH_SET_METHOD 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH DH_SET_METHOD 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -160,20 +164,20 @@ important information about how these \s-1DH API\s0 functions are affected by th of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. .PP Initially, the default \s-1DH_METHOD\s0 is the OpenSSL internal implementation, as -returned by \fIDH_OpenSSL()\fR. +returned by \fBDH_OpenSSL()\fR. .PP -\&\fIDH_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DH\s0 +\&\fBDH_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DH\s0 structures created later. \&\fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has been set as a default for \s-1DH,\s0 so this function is no longer recommended. This function is not thread-safe and should not be called at the same time as other OpenSSL functions. .PP -\&\fIDH_get_default_method()\fR returns a pointer to the current default \s-1DH_METHOD.\s0 +\&\fBDH_get_default_method()\fR returns a pointer to the current default \s-1DH_METHOD.\s0 However, the meaningfulness of this result is dependent on whether the \s-1ENGINE API\s0 is being used, so this function is no longer recommended. .PP -\&\fIDH_set_method()\fR selects \fBmeth\fR to perform all operations using the key \fBdh\fR. +\&\fBDH_set_method()\fR selects \fBmeth\fR to perform all operations using the key \fBdh\fR. This will replace the \s-1DH_METHOD\s0 used by the \s-1DH\s0 key and if the previous method was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will be released during the change. It is possible to have \s-1DH\s0 keys that only work with certain \s-1DH_METHOD\s0 @@ -181,30 +185,30 @@ implementations (eg. from an \s-1ENGINE\s0 module that supports embedded hardware-protected keys), and in such cases attempting to change the \s-1DH_METHOD\s0 for the key can have unexpected results. .PP -\&\fIDH_new_method()\fR allocates and initializes a \s-1DH\s0 structure so that \fBengine\fR will +\&\fBDH_new_method()\fR allocates and initializes a \s-1DH\s0 structure so that \fBengine\fR will be used for the \s-1DH\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the default \s-1ENGINE\s0 for \s-1DH\s0 operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DH_METHOD\s0 controlled by -\&\fIDH_set_default_method()\fR is used. +\&\fBDH_set_default_method()\fR is used. .PP -A new \s-1DH_METHOD\s0 object may be constructed using \fIDH_meth_new()\fR (see -\&\fIDH_meth_new\fR\|(3)). +A new \s-1DH_METHOD\s0 object may be constructed using \fBDH_meth_new()\fR (see +\&\fBDH_meth_new\fR\|(3)). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIDH_OpenSSL()\fR and \fIDH_get_default_method()\fR return pointers to the respective +\&\fBDH_OpenSSL()\fR and \fBDH_get_default_method()\fR return pointers to the respective \&\fB\s-1DH_METHOD\s0\fRs. .PP -\&\fIDH_set_default_method()\fR returns no value. +\&\fBDH_set_default_method()\fR returns no value. .PP -\&\fIDH_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as +\&\fBDH_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as the method for \fBdh\fR (including unloading the \s-1ENGINE\s0 handle if the previous method was supplied by an \s-1ENGINE\s0). .PP -\&\fIDH_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained by -\&\fIERR_get_error\fR\|(3) if the allocation fails. Otherwise it +\&\fBDH_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained by +\&\fBERR_get_error\fR\|(3) if the allocation fails. Otherwise it returns a pointer to the newly allocated structure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIDH_new\fR\|(3), \fIDH_new\fR\|(3), \fIDH_meth_new\fR\|(3) +\&\fBDH_new\fR\|(3), \fBDH_new\fR\|(3), \fBDH_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/DH_size.3 b/secure/lib/libcrypto/man/DH_size.3 index 6a63cb458085..9ed829c463de 100644 --- a/secure/lib/libcrypto/man/DH_size.3 +++ b/secure/lib/libcrypto/man/DH_size.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_SIZE 3" -.TH DH_SIZE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH DH_SIZE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,30 +153,30 @@ DH_size, DH_bits, DH_security_bits \- get Diffie\-Hellman prime size and securit .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIDH_size()\fR returns the Diffie-Hellman prime size in bytes. It can be used +\&\fBDH_size()\fR returns the Diffie-Hellman prime size in bytes. It can be used to determine how much memory must be allocated for the shared secret -computed by \fIDH_compute_key\fR\|(3). +computed by \fBDH_compute_key\fR\|(3). .PP -\&\fIDH_bits()\fR returns the number of significant bits. +\&\fBDH_bits()\fR returns the number of significant bits. .PP \&\fBdh\fR and \fBdh\->p\fR must not be \fB\s-1NULL\s0\fR. .PP -\&\fIDH_security_bits()\fR returns the number of security bits of the given \fBdh\fR -key. See \fIBN_security_bits\fR\|(3). +\&\fBDH_security_bits()\fR returns the number of security bits of the given \fBdh\fR +key. See \fBBN_security_bits\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIDH_size()\fR returns the prime size of Diffie-Hellman in bytes. +\&\fBDH_size()\fR returns the prime size of Diffie-Hellman in bytes. .PP -\&\fIDH_bits()\fR returns the number of bits in the key. +\&\fBDH_bits()\fR returns the number of bits in the key. .PP -\&\fIDH_security_bits()\fR returns the number of security bits. +\&\fBDH_security_bits()\fR returns the number of security bits. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIDH_new\fR\|(3), \fIDH_generate_key\fR\|(3), -\&\fIBN_num_bits\fR\|(3) +\&\fBDH_new\fR\|(3), \fBDH_generate_key\fR\|(3), +\&\fBBN_num_bits\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIDH_bits()\fR was added in OpenSSL 1.1.0. +The \fBDH_bits()\fR function was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/DSA_SIG_new.3 b/secure/lib/libcrypto/man/DSA_SIG_new.3 index 6b91e3c4b12d..5933ac654c0c 100644 --- a/secure/lib/libcrypto/man/DSA_SIG_new.3 +++ b/secure/lib/libcrypto/man/DSA_SIG_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_SIG_NEW 3" -.TH DSA_SIG_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH DSA_SIG_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,33 +152,33 @@ DSA_SIG_get0, DSA_SIG_set0, DSA_SIG_new, DSA_SIG_free \- allocate and free DSA s .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIDSA_SIG_new()\fR allocates an empty \fB\s-1DSA_SIG\s0\fR structure. +\&\fBDSA_SIG_new()\fR allocates an empty \fB\s-1DSA_SIG\s0\fR structure. .PP -\&\fIDSA_SIG_free()\fR frees the \fB\s-1DSA_SIG\s0\fR structure and its components. The +\&\fBDSA_SIG_free()\fR frees the \fB\s-1DSA_SIG\s0\fR structure and its components. The values are erased before the memory is returned to the system. .PP -\&\fIDSA_SIG_get0()\fR returns internal pointers to the \fBr\fR and \fBs\fR values contained +\&\fBDSA_SIG_get0()\fR returns internal pointers to the \fBr\fR and \fBs\fR values contained in \fBsig\fR. .PP -The \fBr\fR and \fBs\fR values can be set by calling \fIDSA_SIG_set0()\fR and passing the +The \fBr\fR and \fBs\fR values can be set by calling \fBDSA_SIG_set0()\fR and passing the new values for \fBr\fR and \fBs\fR as parameters to the function. Calling this function transfers the memory management of the values to the \s-1DSA_SIG\s0 object, and therefore the values that have been passed in should not be freed directly after this function has been called. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -If the allocation fails, \fIDSA_SIG_new()\fR returns \fB\s-1NULL\s0\fR and sets an +If the allocation fails, \fBDSA_SIG_new()\fR returns \fB\s-1NULL\s0\fR and sets an error code that can be obtained by -\&\fIERR_get_error\fR\|(3). Otherwise it returns a pointer +\&\fBERR_get_error\fR\|(3). Otherwise it returns a pointer to the newly allocated structure. .PP -\&\fIDSA_SIG_free()\fR returns no value. +\&\fBDSA_SIG_free()\fR returns no value. .PP -\&\fIDSA_SIG_set0()\fR returns 1 on success or 0 on failure. +\&\fBDSA_SIG_set0()\fR returns 1 on success or 0 on failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIDSA_new\fR\|(3), \fIERR_get_error\fR\|(3), -\&\fIDSA_do_sign\fR\|(3) +\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), +\&\fBDSA_do_sign\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/DSA_do_sign.3 b/secure/lib/libcrypto/man/DSA_do_sign.3 index 7a27cda24f4b..1680fdc2b3e2 100644 --- a/secure/lib/libcrypto/man/DSA_do_sign.3 +++ b/secure/lib/libcrypto/man/DSA_do_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_DO_SIGN 3" -.TH DSA_DO_SIGN 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH DSA_DO_SIGN 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,28 +152,28 @@ DSA_do_sign, DSA_do_verify \- raw DSA signature operations .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIDSA_do_sign()\fR computes a digital signature on the \fBlen\fR byte message +\&\fBDSA_do_sign()\fR computes a digital signature on the \fBlen\fR byte message digest \fBdgst\fR using the private key \fBdsa\fR and returns it in a newly allocated \fB\s-1DSA_SIG\s0\fR structure. .PP -\&\fIDSA_sign_setup\fR\|(3) may be used to precompute part +\&\fBDSA_sign_setup\fR\|(3) may be used to precompute part of the signing operation in case signature generation is time-critical. .PP -\&\fIDSA_do_verify()\fR verifies that the signature \fBsig\fR matches a given +\&\fBDSA_do_verify()\fR verifies that the signature \fBsig\fR matches a given message digest \fBdgst\fR of size \fBlen\fR. \fBdsa\fR is the signer's public key. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIDSA_do_sign()\fR returns the signature, \s-1NULL\s0 on error. \fIDSA_do_verify()\fR +\&\fBDSA_do_sign()\fR returns the signature, \s-1NULL\s0 on error. \fBDSA_do_verify()\fR returns 1 for a valid signature, 0 for an incorrect signature and \-1 on error. The error codes can be obtained by -\&\fIERR_get_error\fR\|(3). +\&\fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIDSA_new\fR\|(3), \fIERR_get_error\fR\|(3), \fIRAND_bytes\fR\|(3), -\&\fIDSA_SIG_new\fR\|(3), -\&\fIDSA_sign\fR\|(3) +\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), +\&\fBDSA_SIG_new\fR\|(3), +\&\fBDSA_sign\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/DSA_dup_DH.3 b/secure/lib/libcrypto/man/DSA_dup_DH.3 index cfbd7edb0726..dce3f947953c 100644 --- a/secure/lib/libcrypto/man/DSA_dup_DH.3 +++ b/secure/lib/libcrypto/man/DSA_dup_DH.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_DUP_DH 3" -.TH DSA_DUP_DH 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH DSA_DUP_DH 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,19 +149,19 @@ DSA_dup_DH \- create a DH structure out of DSA structure .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIDSA_dup_DH()\fR duplicates \s-1DSA\s0 parameters/keys as \s-1DH\s0 parameters/keys. q +\&\fBDSA_dup_DH()\fR duplicates \s-1DSA\s0 parameters/keys as \s-1DH\s0 parameters/keys. q is lost during that conversion, but the resulting \s-1DH\s0 parameters contain its length. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIDSA_dup_DH()\fR returns the new \fB\s-1DH\s0\fR structure, and \s-1NULL\s0 on error. The -error codes can be obtained by \fIERR_get_error\fR\|(3). +\&\fBDSA_dup_DH()\fR returns the new \fB\s-1DH\s0\fR structure, and \s-1NULL\s0 on error. The +error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "NOTE" .IX Header "NOTE" Be careful to avoid small subgroup attacks when using this. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIDH_new\fR\|(3), \fIDSA_new\fR\|(3), \fIERR_get_error\fR\|(3) +\&\fBDH_new\fR\|(3), \fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/DSA_generate_key.3 b/secure/lib/libcrypto/man/DSA_generate_key.3 index 9cf96992cc61..daafe853e43e 100644 --- a/secure/lib/libcrypto/man/DSA_generate_key.3 +++ b/secure/lib/libcrypto/man/DSA_generate_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_GENERATE_KEY 3" -.TH DSA_GENERATE_KEY 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH DSA_GENERATE_KEY 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,18 +149,18 @@ DSA_generate_key \- generate DSA key pair .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIDSA_generate_key()\fR expects \fBa\fR to contain \s-1DSA\s0 parameters. It generates +\&\fBDSA_generate_key()\fR expects \fBa\fR to contain \s-1DSA\s0 parameters. It generates a new key pair and stores it in \fBa\->pub_key\fR and \fBa\->priv_key\fR. .PP -The \s-1PRNG\s0 must be seeded prior to calling \fIDSA_generate_key()\fR. +The \s-1PRNG\s0 must be seeded prior to calling \fBDSA_generate_key()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIDSA_generate_key()\fR returns 1 on success, 0 otherwise. -The error codes can be obtained by \fIERR_get_error\fR\|(3). +\&\fBDSA_generate_key()\fR returns 1 on success, 0 otherwise. +The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIDSA_new\fR\|(3), \fIERR_get_error\fR\|(3), \fIRAND_bytes\fR\|(3), -\&\fIDSA_generate_parameters_ex\fR\|(3) +\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), +\&\fBDSA_generate_parameters_ex\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/DSA_generate_parameters.3 b/secure/lib/libcrypto/man/DSA_generate_parameters.3 index 4b30a73215d7..bfc29faaa888 100644 --- a/secure/lib/libcrypto/man/DSA_generate_parameters.3 +++ b/secure/lib/libcrypto/man/DSA_generate_parameters.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_GENERATE_PARAMETERS 3" -.TH DSA_GENERATE_PARAMETERS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH DSA_GENERATE_PARAMETERS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -158,7 +162,7 @@ Deprecated: .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIDSA_generate_parameters_ex()\fR generates primes p and q and a generator g +\&\fBDSA_generate_parameters_ex()\fR generates primes p and q and a generator g for use in the \s-1DSA\s0 and stores the result in \fBdsa\fR. .PP \&\fBbits\fR is the length of the prime p to be generated. @@ -168,7 +172,7 @@ greater than or equal to 2048 bits, the length of q is set to 256 bits. If \fBseed\fR is \s-1NULL,\s0 the primes will be generated at random. If \fBseed_len\fR is less than the length of q, an error is returned. .PP -\&\fIDSA_generate_parameters_ex()\fR places the iteration count in +\&\fBDSA_generate_parameters_ex()\fR places the iteration count in *\fBcounter_ret\fR and a counter used for finding a generator in *\fBh_ret\fR, unless these are \fB\s-1NULL\s0\fR. .PP @@ -176,11 +180,11 @@ A callback function may be used to provide feedback about the progress of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it will be called as shown below. For information on the \s-1BN_GENCB\s0 structure and the BN_GENCB_call function discussed below, refer to -\&\fIBN_generate_prime\fR\|(3). +\&\fBBN_generate_prime\fR\|(3). .PP -\&\fIDSA_generate_prime()\fR is similar to \fIDSA_generate_prime_ex()\fR but +\&\fBDSA_generate_prime()\fR is similar to \fBDSA_generate_prime_ex()\fR but expects an old-style callback function; see -\&\fIBN_generate_prime\fR\|(3) for information on the old-style callback. +\&\fBBN_generate_prime\fR\|(3) for information on the old-style callback. .IP "\(bu" 2 When a candidate for q is generated, \fBBN_GENCB_call(cb, 0, m++)\fR is called (m is 0 for the first candidate). @@ -210,22 +214,22 @@ When p has been found, \fBBN_GENCB_call(cb, 2, 1)\fR is called. When the generator has been found, \fBBN_GENCB_call(cb, 3, 1)\fR is called. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIDSA_generate_parameters_ex()\fR returns a 1 on success, or 0 otherwise. -The error codes can be obtained by \fIERR_get_error\fR\|(3). +\&\fBDSA_generate_parameters_ex()\fR returns a 1 on success, or 0 otherwise. +The error codes can be obtained by \fBERR_get_error\fR\|(3). .PP -\&\fIDSA_generate_parameters()\fR returns a pointer to the \s-1DSA\s0 structure or +\&\fBDSA_generate_parameters()\fR returns a pointer to the \s-1DSA\s0 structure or \&\fB\s-1NULL\s0\fR if the parameter generation fails. .SH "BUGS" .IX Header "BUGS" Seed lengths greater than 20 are not supported. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIDSA_new\fR\|(3), \fIERR_get_error\fR\|(3), \fIRAND_bytes\fR\|(3), -\&\fIDSA_free\fR\|(3), \fIBN_generate_prime\fR\|(3) +\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), +\&\fBDSA_free\fR\|(3), \fBBN_generate_prime\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIDSA_generate_parameters()\fR was deprecated in OpenSSL 0.9.8; use -\&\fIDSA_generate_parameters_ex()\fR instead. +\&\fBDSA_generate_parameters()\fR was deprecated in OpenSSL 0.9.8; use +\&\fBDSA_generate_parameters_ex()\fR instead. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/DSA_get0_pqg.3 b/secure/lib/libcrypto/man/DSA_get0_pqg.3 index 0cd356b05b4c..4f6973678192 100644 --- a/secure/lib/libcrypto/man/DSA_get0_pqg.3 +++ b/secure/lib/libcrypto/man/DSA_get0_pqg.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_GET0_PQG 3" -.TH DSA_GET0_PQG 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH DSA_GET0_PQG 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -162,66 +166,66 @@ DSA_get0_pqg, DSA_set0_pqg, DSA_get0_key, DSA_set0_key, DSA_get0_p, DSA_get0_q, A \s-1DSA\s0 object contains the parameters \fBp\fR, \fBq\fR and \fBg\fR. It also contains a public key (\fBpub_key\fR) and (optionally) a private key (\fBpriv_key\fR). .PP -The \fBp\fR, \fBq\fR and \fBg\fR parameters can be obtained by calling \fIDSA_get0_pqg()\fR. +The \fBp\fR, \fBq\fR and \fBg\fR parameters can be obtained by calling \fBDSA_get0_pqg()\fR. If the parameters have not yet been set then \fB*p\fR, \fB*q\fR and \fB*g\fR will be set to \s-1NULL.\s0 Otherwise they are set to pointers to their respective values. These point directly to the internal representations of the values and therefore should not be freed directly. .PP -The \fBp\fR, \fBq\fR and \fBg\fR values can be set by calling \fIDSA_set0_pqg()\fR and passing +The \fBp\fR, \fBq\fR and \fBg\fR values can be set by calling \fBDSA_set0_pqg()\fR and passing the new values for \fBp\fR, \fBq\fR and \fBg\fR as parameters to the function. Calling this function transfers the memory management of the values to the \s-1DSA\s0 object, and therefore the values that have been passed in should not be freed directly after this function has been called. .PP -To get the public and private key values use the \fIDSA_get0_key()\fR function. A +To get the public and private key values use the \fBDSA_get0_key()\fR function. A pointer to the public key will be stored in \fB*pub_key\fR, and a pointer to the private key will be stored in \fB*priv_key\fR. Either may be \s-1NULL\s0 if they have not been set yet, although if the private key has been set then the public key must be. The values point to the internal representation of the public key and private key values. This memory should not be freed directly. .PP -The public and private key values can be set using \fIDSA_set0_key()\fR. The public +The public and private key values can be set using \fBDSA_set0_key()\fR. The public key must be non-NULL the first time this function is called on a given \s-1DSA\s0 object. The private key may be \s-1NULL.\s0 On subsequent calls, either may be \s-1NULL,\s0 -which means the corresponding \s-1DSA\s0 field is left untouched. As for \fIDSA_set0_pqg()\fR +which means the corresponding \s-1DSA\s0 field is left untouched. As for \fBDSA_set0_pqg()\fR this function transfers the memory management of the key values to the \s-1DSA\s0 object, and therefore they should not be freed directly after this function has been called. .PP Any of the values \fBp\fR, \fBq\fR, \fBg\fR, \fBpriv_key\fR, and \fBpub_key\fR can also be -retrieved separately by the corresponding function \fIDSA_get0_p()\fR, \fIDSA_get0_q()\fR, -\&\fIDSA_get0_g()\fR, \fIDSA_get0_priv_key()\fR, and \fIDSA_get0_pub_key()\fR, respectively. +retrieved separately by the corresponding function \fBDSA_get0_p()\fR, \fBDSA_get0_q()\fR, +\&\fBDSA_get0_g()\fR, \fBDSA_get0_priv_key()\fR, and \fBDSA_get0_pub_key()\fR, respectively. .PP -\&\fIDSA_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1DSA\s0 object. +\&\fBDSA_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1DSA\s0 object. Multiple flags can be passed in one go (bitwise ORed together). Any flags that -are already set are left set. \fIDSA_test_flags()\fR tests to see whether the flags +are already set are left set. \fBDSA_test_flags()\fR tests to see whether the flags passed in the \fBflags\fR parameter are currently set in the \s-1DSA\s0 object. Multiple flags can be tested in one go. All flags that are currently set are returned, or -zero if none of the flags are set. \fIDSA_clear_flags()\fR clears the specified flags +zero if none of the flags are set. \fBDSA_clear_flags()\fR clears the specified flags within the \s-1DSA\s0 object. .PP -\&\fIDSA_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for this \s-1DSA\s0 +\&\fBDSA_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for this \s-1DSA\s0 object, or \s-1NULL\s0 if no such \s-1ENGINE\s0 has been set. .SH "NOTES" .IX Header "NOTES" -Values retrieved with \fIDSA_get0_key()\fR are owned by the \s-1DSA\s0 object used -in the call and may therefore \fInot\fR be passed to \fIDSA_set0_key()\fR. If -needed, duplicate the received value using \fIBN_dup()\fR and pass the -duplicate. The same applies to \fIDSA_get0_pqg()\fR and \fIDSA_set0_pqg()\fR. +Values retrieved with \fBDSA_get0_key()\fR are owned by the \s-1DSA\s0 object used +in the call and may therefore \fInot\fR be passed to \fBDSA_set0_key()\fR. If +needed, duplicate the received value using \fBBN_dup()\fR and pass the +duplicate. The same applies to \fBDSA_get0_pqg()\fR and \fBDSA_set0_pqg()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIDSA_set0_pqg()\fR and \fIDSA_set0_key()\fR return 1 on success or 0 on failure. +\&\fBDSA_set0_pqg()\fR and \fBDSA_set0_key()\fR return 1 on success or 0 on failure. .PP -\&\fIDSA_test_flags()\fR returns the current state of the flags in the \s-1DSA\s0 object. +\&\fBDSA_test_flags()\fR returns the current state of the flags in the \s-1DSA\s0 object. .PP -\&\fIDSA_get0_engine()\fR returns the \s-1ENGINE\s0 set for the \s-1DSA\s0 object or \s-1NULL\s0 if no \s-1ENGINE\s0 +\&\fBDSA_get0_engine()\fR returns the \s-1ENGINE\s0 set for the \s-1DSA\s0 object or \s-1NULL\s0 if no \s-1ENGINE\s0 has been set. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIDSA_new\fR\|(3), \fIDSA_new\fR\|(3), \fIDSA_generate_parameters\fR\|(3), \fIDSA_generate_key\fR\|(3), -\&\fIDSA_dup_DH\fR\|(3), \fIDSA_do_sign\fR\|(3), \fIDSA_set_method\fR\|(3), \fIDSA_SIG_new\fR\|(3), -\&\fIDSA_sign\fR\|(3), \fIDSA_size\fR\|(3), \fIDSA_meth_new\fR\|(3) +\&\fBDSA_new\fR\|(3), \fBDSA_new\fR\|(3), \fBDSA_generate_parameters\fR\|(3), \fBDSA_generate_key\fR\|(3), +\&\fBDSA_dup_DH\fR\|(3), \fBDSA_do_sign\fR\|(3), \fBDSA_set_method\fR\|(3), \fBDSA_SIG_new\fR\|(3), +\&\fBDSA_sign\fR\|(3), \fBDSA_size\fR\|(3), \fBDSA_meth_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The functions described here were added in OpenSSL 1.1.0. diff --git a/secure/lib/libcrypto/man/DSA_meth_new.3 b/secure/lib/libcrypto/man/DSA_meth_new.3 index 5167565a2fb7..1277964af30c 100644 --- a/secure/lib/libcrypto/man/DSA_meth_new.3 +++ b/secure/lib/libcrypto/man/DSA_meth_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_METH_NEW 3" -.TH DSA_METH_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH DSA_METH_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -216,50 +220,50 @@ implementations. It provides a set of functions used by OpenSSL for the implementation of the various \s-1DSA\s0 capabilities. See the dsa page for more information. .PP -\&\fIDSA_meth_new()\fR creates a new \fB\s-1DSA_METHOD\s0\fR structure. It should be given a +\&\fBDSA_meth_new()\fR creates a new \fB\s-1DSA_METHOD\s0\fR structure. It should be given a unique \fBname\fR and a set of \fBflags\fR. The \fBname\fR should be a \s-1NULL\s0 terminated string, which will be duplicated and stored in the \fB\s-1DSA_METHOD\s0\fR object. It is the callers responsibility to free the original string. The flags will be used during the construction of a new \fB\s-1DSA\s0\fR object based on this \fB\s-1DSA_METHOD\s0\fR. Any new \fB\s-1DSA\s0\fR object will have those flags set by default. .PP -\&\fIDSA_meth_dup()\fR creates a duplicate copy of the \fB\s-1DSA_METHOD\s0\fR object passed as a +\&\fBDSA_meth_dup()\fR creates a duplicate copy of the \fB\s-1DSA_METHOD\s0\fR object passed as a parameter. This might be useful for creating a new \fB\s-1DSA_METHOD\s0\fR based on an existing one, but with some differences. .PP -\&\fIDSA_meth_free()\fR destroys a \fB\s-1DSA_METHOD\s0\fR structure and frees up any memory +\&\fBDSA_meth_free()\fR destroys a \fB\s-1DSA_METHOD\s0\fR structure and frees up any memory associated with it. .PP -\&\fIDSA_meth_get0_name()\fR will return a pointer to the name of this \s-1DSA_METHOD.\s0 This +\&\fBDSA_meth_get0_name()\fR will return a pointer to the name of this \s-1DSA_METHOD.\s0 This is a pointer to the internal name string and so should not be freed by the -caller. \fIDSA_meth_set1_name()\fR sets the name of the \s-1DSA_METHOD\s0 to \fBname\fR. The +caller. \fBDSA_meth_set1_name()\fR sets the name of the \s-1DSA_METHOD\s0 to \fBname\fR. The string is duplicated and the copy is stored in the \s-1DSA_METHOD\s0 structure, so the caller remains responsible for freeing the memory associated with the name. .PP -\&\fIDSA_meth_get_flags()\fR returns the current value of the flags associated with this -\&\s-1DSA_METHOD.\s0 \fIDSA_meth_set_flags()\fR provides the ability to set these flags. +\&\fBDSA_meth_get_flags()\fR returns the current value of the flags associated with this +\&\s-1DSA_METHOD.\s0 \fBDSA_meth_set_flags()\fR provides the ability to set these flags. .PP -The functions \fIDSA_meth_get0_app_data()\fR and \fIDSA_meth_set0_app_data()\fR provide the +The functions \fBDSA_meth_get0_app_data()\fR and \fBDSA_meth_set0_app_data()\fR provide the ability to associate implementation specific data with the \s-1DSA_METHOD.\s0 It is the application's responsibility to free this data before the \s-1DSA_METHOD\s0 is -freed via a call to \fIDSA_meth_free()\fR. +freed via a call to \fBDSA_meth_free()\fR. .PP -\&\fIDSA_meth_get_sign()\fR and \fIDSA_meth_set_sign()\fR get and set the function used for +\&\fBDSA_meth_get_sign()\fR and \fBDSA_meth_set_sign()\fR get and set the function used for creating a \s-1DSA\s0 signature respectively. This function will be -called in response to the application calling \fIDSA_do_sign()\fR (or \fIDSA_sign()\fR). The -parameters for the function have the same meaning as for \fIDSA_do_sign()\fR. +called in response to the application calling \fBDSA_do_sign()\fR (or \fBDSA_sign()\fR). The +parameters for the function have the same meaning as for \fBDSA_do_sign()\fR. .PP -\&\fIDSA_meth_get_sign_setup()\fR and \fIDSA_meth_set_sign_setup()\fR get and set the function +\&\fBDSA_meth_get_sign_setup()\fR and \fBDSA_meth_set_sign_setup()\fR get and set the function used for precalculating the \s-1DSA\s0 signature values \fBk^\-1\fR and \fBr\fR. This function -will be called in response to the application calling \fIDSA_sign_setup()\fR. The -parameters for the function have the same meaning as for \fIDSA_sign_setup()\fR. +will be called in response to the application calling \fBDSA_sign_setup()\fR. The +parameters for the function have the same meaning as for \fBDSA_sign_setup()\fR. .PP -\&\fIDSA_meth_get_verify()\fR and \fIDSA_meth_set_verify()\fR get and set the function used +\&\fBDSA_meth_get_verify()\fR and \fBDSA_meth_set_verify()\fR get and set the function used for verifying a \s-1DSA\s0 signature respectively. This function will be called in -response to the application calling \fIDSA_do_verify()\fR (or \fIDSA_verify()\fR). The -parameters for the function have the same meaning as for \fIDSA_do_verify()\fR. +response to the application calling \fBDSA_do_verify()\fR (or \fBDSA_verify()\fR). The +parameters for the function have the same meaning as for \fBDSA_do_verify()\fR. .PP -\&\fIDSA_meth_get_mod_exp()\fR and \fIDSA_meth_set_mod_exp()\fR get and set the function used +\&\fBDSA_meth_get_mod_exp()\fR and \fBDSA_meth_set_mod_exp()\fR get and set the function used for computing the following value: .PP .Vb 1 @@ -270,7 +274,7 @@ This function will be called by the default OpenSSL method during verification of a \s-1DSA\s0 signature. The result is stored in the \fBrr\fR parameter. This function may be \s-1NULL.\s0 .PP -\&\fIDSA_meth_get_bn_mod_exp()\fR and \fIDSA_meth_set_bn_mod_exp()\fR get and set the function +\&\fBDSA_meth_get_bn_mod_exp()\fR and \fBDSA_meth_set_bn_mod_exp()\fR get and set the function used for computing the following value: .PP .Vb 1 @@ -278,53 +282,53 @@ used for computing the following value: .Ve .PP This function will be called by the default OpenSSL function for -\&\fIDSA_sign_setup()\fR. The result is stored in the \fBr\fR parameter. This function +\&\fBDSA_sign_setup()\fR. The result is stored in the \fBr\fR parameter. This function may be \s-1NULL.\s0 .PP -\&\fIDSA_meth_get_init()\fR and \fIDSA_meth_set_init()\fR get and set the function used +\&\fBDSA_meth_get_init()\fR and \fBDSA_meth_set_init()\fR get and set the function used for creating a new \s-1DSA\s0 instance respectively. This function will be -called in response to the application calling \fIDSA_new()\fR (if the current default -\&\s-1DSA_METHOD\s0 is this one) or \fIDSA_new_method()\fR. The \fIDSA_new()\fR and \fIDSA_new_method()\fR +called in response to the application calling \fBDSA_new()\fR (if the current default +\&\s-1DSA_METHOD\s0 is this one) or \fBDSA_new_method()\fR. The \fBDSA_new()\fR and \fBDSA_new_method()\fR functions will allocate the memory for the new \s-1DSA\s0 object, and a pointer to this newly allocated structure will be passed as a parameter to the function. This function may be \s-1NULL.\s0 .PP -\&\fIDSA_meth_get_finish()\fR and \fIDSA_meth_set_finish()\fR get and set the function used +\&\fBDSA_meth_get_finish()\fR and \fBDSA_meth_set_finish()\fR get and set the function used for destroying an instance of a \s-1DSA\s0 object respectively. This function will be -called in response to the application calling \fIDSA_free()\fR. A pointer to the \s-1DSA\s0 +called in response to the application calling \fBDSA_free()\fR. A pointer to the \s-1DSA\s0 to be destroyed is passed as a parameter. The destroy function should be used for \s-1DSA\s0 implementation specific clean up. The memory for the \s-1DSA\s0 itself should not be freed by this function. This function may be \s-1NULL.\s0 .PP -\&\fIDSA_meth_get_paramgen()\fR and \fIDSA_meth_set_paramgen()\fR get and set the function +\&\fBDSA_meth_get_paramgen()\fR and \fBDSA_meth_set_paramgen()\fR get and set the function used for generating \s-1DSA\s0 parameters respectively. This function will be called in -response to the application calling \fIDSA_generate_parameters_ex()\fR (or -\&\fIDSA_generate_parameters()\fR). The parameters for the function have the same -meaning as for \fIDSA_generate_parameters_ex()\fR. +response to the application calling \fBDSA_generate_parameters_ex()\fR (or +\&\fBDSA_generate_parameters()\fR). The parameters for the function have the same +meaning as for \fBDSA_generate_parameters_ex()\fR. .PP -\&\fIDSA_meth_get_keygen()\fR and \fIDSA_meth_set_keygen()\fR get and set the function +\&\fBDSA_meth_get_keygen()\fR and \fBDSA_meth_set_keygen()\fR get and set the function used for generating a new \s-1DSA\s0 key pair respectively. This function will be -called in response to the application calling \fIDSA_generate_key()\fR. The parameter -for the function has the same meaning as for \fIDSA_generate_key()\fR. +called in response to the application calling \fBDSA_generate_key()\fR. The parameter +for the function has the same meaning as for \fBDSA_generate_key()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIDSA_meth_new()\fR and \fIDSA_meth_dup()\fR return the newly allocated \s-1DSA_METHOD\s0 object +\&\fBDSA_meth_new()\fR and \fBDSA_meth_dup()\fR return the newly allocated \s-1DSA_METHOD\s0 object or \s-1NULL\s0 on failure. .PP -\&\fIDSA_meth_get0_name()\fR and \fIDSA_meth_get_flags()\fR return the name and flags +\&\fBDSA_meth_get0_name()\fR and \fBDSA_meth_get_flags()\fR return the name and flags associated with the \s-1DSA_METHOD\s0 respectively. .PP All other DSA_meth_get_*() functions return the appropriate function pointer that has been set in the \s-1DSA_METHOD,\s0 or \s-1NULL\s0 if no such pointer has yet been set. .PP -\&\fIDSA_meth_set1_name()\fR and all DSA_meth_set_*() functions return 1 on success or +\&\fBDSA_meth_set1_name()\fR and all DSA_meth_set_*() functions return 1 on success or 0 on failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIDSA_new\fR\|(3), \fIDSA_new\fR\|(3), \fIDSA_generate_parameters\fR\|(3), \fIDSA_generate_key\fR\|(3), -\&\fIDSA_dup_DH\fR\|(3), \fIDSA_do_sign\fR\|(3), \fIDSA_set_method\fR\|(3), \fIDSA_SIG_new\fR\|(3), -\&\fIDSA_sign\fR\|(3), \fIDSA_size\fR\|(3), \fIDSA_get0_pqg\fR\|(3) +\&\fBDSA_new\fR\|(3), \fBDSA_new\fR\|(3), \fBDSA_generate_parameters\fR\|(3), \fBDSA_generate_key\fR\|(3), +\&\fBDSA_dup_DH\fR\|(3), \fBDSA_do_sign\fR\|(3), \fBDSA_set_method\fR\|(3), \fBDSA_SIG_new\fR\|(3), +\&\fBDSA_sign\fR\|(3), \fBDSA_size\fR\|(3), \fBDSA_get0_pqg\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The functions described here were added in OpenSSL 1.1.0. diff --git a/secure/lib/libcrypto/man/DSA_new.3 b/secure/lib/libcrypto/man/DSA_new.3 index 2f046affd999..b25b35063292 100644 --- a/secure/lib/libcrypto/man/DSA_new.3 +++ b/secure/lib/libcrypto/man/DSA_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_NEW 3" -.TH DSA_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH DSA_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,25 +151,25 @@ DSA_new, DSA_free \- allocate and free DSA objects .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIDSA_new()\fR allocates and initializes a \fB\s-1DSA\s0\fR structure. It is equivalent to +\&\fBDSA_new()\fR allocates and initializes a \fB\s-1DSA\s0\fR structure. It is equivalent to calling DSA_new_method(\s-1NULL\s0). .PP -\&\fIDSA_free()\fR frees the \fB\s-1DSA\s0\fR structure and its components. The values are +\&\fBDSA_free()\fR frees the \fB\s-1DSA\s0\fR structure and its components. The values are erased before the memory is returned to the system. If \fBdsa\fR is \s-1NULL\s0 nothing is done. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -If the allocation fails, \fIDSA_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +If the allocation fails, \fBDSA_new()\fR returns \fB\s-1NULL\s0\fR and sets an error code that can be obtained by -\&\fIERR_get_error\fR\|(3). Otherwise it returns a pointer +\&\fBERR_get_error\fR\|(3). Otherwise it returns a pointer to the newly allocated structure. .PP -\&\fIDSA_free()\fR returns no value. +\&\fBDSA_free()\fR returns no value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIDSA_new\fR\|(3), \fIERR_get_error\fR\|(3), -\&\fIDSA_generate_parameters\fR\|(3), -\&\fIDSA_generate_key\fR\|(3) +\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), +\&\fBDSA_generate_parameters\fR\|(3), +\&\fBDSA_generate_key\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/DSA_set_method.3 b/secure/lib/libcrypto/man/DSA_set_method.3 index 54e5fa3b2fcd..c2d7b8198aee 100644 --- a/secure/lib/libcrypto/man/DSA_set_method.3 +++ b/secure/lib/libcrypto/man/DSA_set_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_SET_METHOD 3" -.TH DSA_SET_METHOD 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH DSA_SET_METHOD 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -160,21 +164,21 @@ important information about how these \s-1DSA API\s0 functions are affected by t of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. .PP Initially, the default \s-1DSA_METHOD\s0 is the OpenSSL internal implementation, -as returned by \fIDSA_OpenSSL()\fR. +as returned by \fBDSA_OpenSSL()\fR. .PP -\&\fIDSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DSA\s0 +\&\fBDSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DSA\s0 structures created later. \&\fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has been set as a default for \s-1DSA,\s0 so this function is no longer recommended. This function is not thread-safe and should not be called at the same time as other OpenSSL functions. .PP -\&\fIDSA_get_default_method()\fR returns a pointer to the current default +\&\fBDSA_get_default_method()\fR returns a pointer to the current default \&\s-1DSA_METHOD.\s0 However, the meaningfulness of this result is dependent on whether the \s-1ENGINE API\s0 is being used, so this function is no longer recommended. .PP -\&\fIDSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key +\&\fBDSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key \&\fBrsa\fR. This will replace the \s-1DSA_METHOD\s0 used by the \s-1DSA\s0 key and if the previous method was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will be released during the change. It is possible to have \s-1DSA\s0 keys that only @@ -184,27 +188,27 @@ attempting to change the \s-1DSA_METHOD\s0 for the key can have unexpected results. See DSA_meth_new for information on constructing custom \s-1DSA_METHOD\s0 objects; .PP -\&\fIDSA_new_method()\fR allocates and initializes a \s-1DSA\s0 structure so that \fBengine\fR +\&\fBDSA_new_method()\fR allocates and initializes a \s-1DSA\s0 structure so that \fBengine\fR will be used for the \s-1DSA\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the default engine for \s-1DSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DSA_METHOD\s0 -controlled by \fIDSA_set_default_method()\fR is used. +controlled by \fBDSA_set_default_method()\fR is used. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIDSA_OpenSSL()\fR and \fIDSA_get_default_method()\fR return pointers to the respective +\&\fBDSA_OpenSSL()\fR and \fBDSA_get_default_method()\fR return pointers to the respective \&\fB\s-1DSA_METHOD\s0\fRs. .PP -\&\fIDSA_set_default_method()\fR returns no value. +\&\fBDSA_set_default_method()\fR returns no value. .PP -\&\fIDSA_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as +\&\fBDSA_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as the method for \fBdsa\fR (including unloading the \s-1ENGINE\s0 handle if the previous method was supplied by an \s-1ENGINE\s0). .PP -\&\fIDSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be -obtained by \fIERR_get_error\fR\|(3) if the allocation +\&\fBDSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be +obtained by \fBERR_get_error\fR\|(3) if the allocation fails. Otherwise it returns a pointer to the newly allocated structure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIDSA_new\fR\|(3), \fIDSA_new\fR\|(3), \fIDSA_meth_new\fR\|(3) +\&\fBDSA_new\fR\|(3), \fBDSA_new\fR\|(3), \fBDSA_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/DSA_sign.3 b/secure/lib/libcrypto/man/DSA_sign.3 index f5f896c59c24..6641e6c9c423 100644 --- a/secure/lib/libcrypto/man/DSA_sign.3 +++ b/secure/lib/libcrypto/man/DSA_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_SIGN 3" -.TH DSA_SIGN 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH DSA_SIGN 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,40 +155,40 @@ DSA_sign, DSA_sign_setup, DSA_verify \- DSA signatures .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIDSA_sign()\fR computes a digital signature on the \fBlen\fR byte message +\&\fBDSA_sign()\fR computes a digital signature on the \fBlen\fR byte message digest \fBdgst\fR using the private key \fBdsa\fR and places its \s-1ASN.1 DER\s0 encoding at \fBsigret\fR. The length of the signature is places in *\fBsiglen\fR. \fBsigret\fR must point to DSA_size(\fBdsa\fR) bytes of memory. .PP -\&\fIDSA_sign_setup()\fR is defined only for backward binary compatibility and +\&\fBDSA_sign_setup()\fR is defined only for backward binary compatibility and should not be used. Since OpenSSL 1.1.0 the \s-1DSA\s0 type is opaque and the output of -\&\fIDSA_sign_setup()\fR cannot be used anyway: calling this function will only +\&\fBDSA_sign_setup()\fR cannot be used anyway: calling this function will only cause overhead, and does not affect the actual signature (pre\-)computation. .PP -\&\fIDSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR +\&\fBDSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR matches a given message digest \fBdgst\fR of size \fBlen\fR. \&\fBdsa\fR is the signer's public key. .PP The \fBtype\fR parameter is ignored. .PP -The \s-1PRNG\s0 must be seeded before \fIDSA_sign()\fR (or \fIDSA_sign_setup()\fR) +The \s-1PRNG\s0 must be seeded before \fBDSA_sign()\fR (or \fBDSA_sign_setup()\fR) is called. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIDSA_sign()\fR and \fIDSA_sign_setup()\fR return 1 on success, 0 on error. -\&\fIDSA_verify()\fR returns 1 for a valid signature, 0 for an incorrect +\&\fBDSA_sign()\fR and \fBDSA_sign_setup()\fR return 1 on success, 0 on error. +\&\fBDSA_verify()\fR returns 1 for a valid signature, 0 for an incorrect signature and \-1 on error. The error codes can be obtained by -\&\fIERR_get_error\fR\|(3). +\&\fBERR_get_error\fR\|(3). .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1US\s0 Federal Information Processing Standard \s-1FIPS 186\s0 (Digital Signature Standard, \s-1DSS\s0), \s-1ANSI X9.30\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIDSA_new\fR\|(3), \fIERR_get_error\fR\|(3), \fIRAND_bytes\fR\|(3), -\&\fIDSA_do_sign\fR\|(3) +\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), +\&\fBDSA_do_sign\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/DSA_size.3 b/secure/lib/libcrypto/man/DSA_size.3 index e2cb1d00ba0e..6cd5229672bc 100644 --- a/secure/lib/libcrypto/man/DSA_size.3 +++ b/secure/lib/libcrypto/man/DSA_size.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_SIZE 3" -.TH DSA_SIZE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH DSA_SIZE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,25 +151,25 @@ DSA_size, DSA_bits, DSA_security_bits \- get DSA signature size, key bits or sec .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIDSA_size()\fR returns the maximum size of an \s-1ASN.1\s0 encoded \s-1DSA\s0 signature +\&\fBDSA_size()\fR returns the maximum size of an \s-1ASN.1\s0 encoded \s-1DSA\s0 signature for key \fBdsa\fR in bytes. It can be used to determine how much memory must be allocated for a \s-1DSA\s0 signature. .PP \&\fBdsa\->q\fR must not be \fB\s-1NULL\s0\fR. .PP -\&\fIDSA_bits()\fR returns the number of bits in key \fBdsa\fR: this is the number +\&\fBDSA_bits()\fR returns the number of bits in key \fBdsa\fR: this is the number of bits in the \fBp\fR parameter. .PP -\&\fIDSA_security_bits()\fR returns the number of security bits of the given \fBdsa\fR -key. See \fIBN_security_bits\fR\|(3). +\&\fBDSA_security_bits()\fR returns the number of security bits of the given \fBdsa\fR +key. See \fBBN_security_bits\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIDSA_size()\fR returns the signature size in bytes. +\&\fBDSA_size()\fR returns the signature size in bytes. .PP -\&\fIDSA_bits()\fR returns the number of bits in the key. +\&\fBDSA_bits()\fR returns the number of bits in the key. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIDSA_new\fR\|(3), \fIDSA_sign\fR\|(3) +\&\fBDSA_new\fR\|(3), \fBDSA_sign\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/DTLS_get_data_mtu.3 b/secure/lib/libcrypto/man/DTLS_get_data_mtu.3 index 56c3754ee13c..206b22a1357e 100644 --- a/secure/lib/libcrypto/man/DTLS_get_data_mtu.3 +++ b/secure/lib/libcrypto/man/DTLS_get_data_mtu.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DTLS_GET_DATA_MTU 3" -.TH DTLS_GET_DATA_MTU 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH DTLS_GET_DATA_MTU 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,7 +157,7 @@ of the \s-1DTLS\s0 record header, encryption and authentication currently in use Returns the maximum data payload size on success, or 0 on failure. .SH "HISTORY" .IX Header "HISTORY" -This function was added in OpenSSL 1.1.1 +The \fBDTLS_get_data_mtu()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/DTLS_set_timer_cb.3 b/secure/lib/libcrypto/man/DTLS_set_timer_cb.3 index 8b955732e86d..9020bf9f4103 100644 --- a/secure/lib/libcrypto/man/DTLS_set_timer_cb.3 +++ b/secure/lib/libcrypto/man/DTLS_set_timer_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DTLS_SET_TIMER_CB 3" -.TH DTLS_SET_TIMER_CB 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH DTLS_SET_TIMER_CB 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,7 +159,7 @@ called by \s-1DTLS\s0 for every new \s-1DTLS\s0 packet that is sent. Returns void. .SH "HISTORY" .IX Header "HISTORY" -This function was added in OpenSSL 1.1.1 +The \fBDTLS_set_timer_cb()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/DTLSv1_listen.3 b/secure/lib/libcrypto/man/DTLSv1_listen.3 index 27245e982fff..71ef2b68e781 100644 --- a/secure/lib/libcrypto/man/DTLSv1_listen.3 +++ b/secure/lib/libcrypto/man/DTLSv1_listen.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DTLSV1_LISTEN 3" -.TH DTLSV1_LISTEN 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH DTLSV1_LISTEN 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,12 +150,12 @@ SSL_stateless, DTLSv1_listen \&\- Statelessly listen for incoming connections .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_stateless()\fR statelessly listens for new incoming TLSv1.3 connections. -\&\fIDTLSv1_listen()\fR statelessly listens for new incoming \s-1DTLS\s0 connections. If a +\&\fBSSL_stateless()\fR statelessly listens for new incoming TLSv1.3 connections. +\&\fBDTLSv1_listen()\fR statelessly listens for new incoming \s-1DTLS\s0 connections. If a ClientHello is received that does not contain a cookie, then they respond with a request for a new ClientHello that does contain a cookie. If a ClientHello is received with a cookie that is verified then the function returns in order to -enable the handshake to be completed (for example by using \fISSL_accept()\fR). +enable the handshake to be completed (for example by using \fBSSL_accept()\fR). .SH "NOTES" .IX Header "NOTES" Some transport protocols (such as \s-1UDP\s0) can be susceptible to amplification @@ -165,7 +169,7 @@ message then the amplification attack has succeeded. If \s-1DTLS\s0 is used over \s-1UDP\s0 (or any datagram based protocol that does not validate the source \s-1IP\s0) then it is susceptible to this type of attack. TLSv1.3 is designed to operate over a stream-based transport protocol (such as \s-1TCP\s0). -If \s-1TCP\s0 is being used then there is no need to use \fISSL_stateless()\fR. However some +If \s-1TCP\s0 is being used then there is no need to use \fBSSL_stateless()\fR. However some stream-based transport protocols (e.g. \s-1QUIC\s0) may not validate the source address. In this case a TLSv1.3 application would be susceptible to this attack. .PP @@ -178,51 +182,51 @@ message thus proving that the client is capable of receiving messages sent to that address. All of this can be done by the server without allocating any state, and thus without consuming expensive resources. .PP -OpenSSL implements this capability via the \fISSL_stateless()\fR and \fIDTLSv1_listen()\fR +OpenSSL implements this capability via the \fBSSL_stateless()\fR and \fBDTLSv1_listen()\fR functions. The \fBssl\fR parameter should be a newly allocated \s-1SSL\s0 object with its read and write BIOs set, in the same way as might be done for a call to -\&\fISSL_accept()\fR. Typically, for \s-1DTLS,\s0 the read \s-1BIO\s0 will be in an \*(L"unconnected\*(R" +\&\fBSSL_accept()\fR. Typically, for \s-1DTLS,\s0 the read \s-1BIO\s0 will be in an \*(L"unconnected\*(R" state and thus capable of receiving messages from any peer. .PP When a ClientHello is received that contains a cookie that has been verified, then these functions will return with the \fBssl\fR parameter updated into a state -where the handshake can be continued by a call to (for example) \fISSL_accept()\fR. -Additionally, for \fIDTLSv1_listen()\fR, the \fB\s-1BIO_ADDR\s0\fR pointed to by \fBpeer\fR will be +where the handshake can be continued by a call to (for example) \fBSSL_accept()\fR. +Additionally, for \fBDTLSv1_listen()\fR, the \fB\s-1BIO_ADDR\s0\fR pointed to by \fBpeer\fR will be filled in with details of the peer that sent the ClientHello. If the underlying \&\s-1BIO\s0 is unable to obtain the \fB\s-1BIO_ADDR\s0\fR of the peer (for example because the \s-1BIO\s0 does not support this), then \fB*peer\fR will be cleared and the family set to \&\s-1AF_UNSPEC.\s0 Typically user code is expected to \*(L"connect\*(R" the underlying socket to the peer and continue the handshake in a connected state. .PP -Prior to calling \fIDTLSv1_listen()\fR user code must ensure that cookie generation +Prior to calling \fBDTLSv1_listen()\fR user code must ensure that cookie generation and verification callbacks have been set up using -\&\fISSL_CTX_set_cookie_generate_cb()\fR and \fISSL_CTX_set_cookie_verify_cb()\fR -respectively. For \fISSL_stateless()\fR, \fISSL_CTX_set_stateless_cookie_generate_cb()\fR -and \fISSL_CTX_set_stateless_cookie_verify_cb()\fR must be used instead. +\&\fBSSL_CTX_set_cookie_generate_cb()\fR and \fBSSL_CTX_set_cookie_verify_cb()\fR +respectively. For \fBSSL_stateless()\fR, \fBSSL_CTX_set_stateless_cookie_generate_cb()\fR +and \fBSSL_CTX_set_stateless_cookie_verify_cb()\fR must be used instead. .PP -Since \fIDTLSv1_listen()\fR operates entirely statelessly whilst processing incoming +Since \fBDTLSv1_listen()\fR operates entirely statelessly whilst processing incoming ClientHellos it is unable to process fragmented messages (since this would -require the allocation of state). An implication of this is that \fIDTLSv1_listen()\fR +require the allocation of state). An implication of this is that \fBDTLSv1_listen()\fR \&\fBonly\fR supports ClientHellos that fit inside a single datagram. .PP -For \fISSL_stateless()\fR if an entire ClientHello message cannot be read without the -\&\*(L"read\*(R" \s-1BIO\s0 becoming empty then the \fISSL_stateless()\fR call will fail. It is the +For \fBSSL_stateless()\fR if an entire ClientHello message cannot be read without the +\&\*(L"read\*(R" \s-1BIO\s0 becoming empty then the \fBSSL_stateless()\fR call will fail. It is the application's responsibility to ensure that data read from the \*(L"read\*(R" \s-1BIO\s0 during -a single \fISSL_stateless()\fR call is all from the same peer. +a single \fBSSL_stateless()\fR call is all from the same peer. .PP -\&\fISSL_stateless()\fR will fail (with a 0 return value) if some \s-1TLS\s0 version less than +\&\fBSSL_stateless()\fR will fail (with a 0 return value) if some \s-1TLS\s0 version less than TLSv1.3 is used. .PP -Both \fISSL_stateless()\fR and \fIDTLSv1_listen()\fR will clear the error queue when they +Both \fBSSL_stateless()\fR and \fBDTLSv1_listen()\fR will clear the error queue when they start. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -For \fISSL_stateless()\fR a return value of 1 indicates success and the \fBssl\fR object +For \fBSSL_stateless()\fR a return value of 1 indicates success and the \fBssl\fR object will be set up ready to continue the handshake. A return value of 0 or \-1 indicates failure. If the value is 0 then a HelloRetryRequest was sent. A value -of \-1 indicates any other error. User code may retry the \fISSL_stateless()\fR call. +of \-1 indicates any other error. User code may retry the \fBSSL_stateless()\fR call. .PP -For \fIDTLSv1_listen()\fR a return value of >= 1 indicates success. The \fBssl\fR object +For \fBDTLSv1_listen()\fR a return value of >= 1 indicates success. The \fBssl\fR object will be set up ready to continue the handshake. the \fBpeer\fR value will also be filled in. .PP @@ -230,24 +234,24 @@ A return value of 0 indicates a non-fatal error. This could (for example) be because of non-blocking \s-1IO,\s0 or some invalid message having been received from a peer. Errors may be placed on the OpenSSL error queue with further information if appropriate. Typically user code is expected to retry the -call to \fIDTLSv1_listen()\fR in the event of a non-fatal error. +call to \fBDTLSv1_listen()\fR in the event of a non-fatal error. .PP A return value of <0 indicates a fatal error. This could (for example) be because of a failure to allocate sufficient memory for the operation. .PP -For \fIDTLSv1_listen()\fR, prior to OpenSSL 1.1.0, fatal and non-fatal errors both +For \fBDTLSv1_listen()\fR, prior to OpenSSL 1.1.0, fatal and non-fatal errors both produce return codes <= 0 (in typical implementations user code treats all errors as non-fatal), whilst return codes >0 indicate success. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_get_error\fR\|(3), \fISSL_accept\fR\|(3), -\&\fIssl\fR\|(7), \fIbio\fR\|(7) +\&\fBSSL_get_error\fR\|(3), \fBSSL_accept\fR\|(3), +\&\fBssl\fR\|(7), \fBbio\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" -\&\fISSL_stateless()\fR was first added in OpenSSL 1.1.1. +The \fBSSL_stateless()\fR function was added in OpenSSL 1.1.1. .PP -\&\fIDTLSv1_listen()\fR return codes were clarified in OpenSSL 1.1.0. The type of \*(L"peer\*(R" -also changed in OpenSSL 1.1.0. +The \fBDTLSv1_listen()\fR return codes were clarified in OpenSSL 1.1.0. +The type of \*(L"peer\*(R" also changed in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/ECDSA_SIG_new.3 b/secure/lib/libcrypto/man/ECDSA_SIG_new.3 index f4e44d09f6e8..a9b8f7aa206b 100644 --- a/secure/lib/libcrypto/man/ECDSA_SIG_new.3 +++ b/secure/lib/libcrypto/man/ECDSA_SIG_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ECDSA_SIG_NEW 3" -.TH ECDSA_SIG_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH ECDSA_SIG_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -173,60 +177,60 @@ ECDSA_SIG_get0, ECDSA_SIG_get0_r, ECDSA_SIG_get0_s, ECDSA_SIG_set0, ECDSA_SIG_ne .IX Header "DESCRIPTION" Note: these functions provide a low level interface to \s-1ECDSA.\s0 Most applications should use the higher level \fB\s-1EVP\s0\fR interface such as -\&\fIEVP_DigestSignInit\fR\|(3) or \fIEVP_DigestVerifyInit\fR\|(3) instead. +\&\fBEVP_DigestSignInit\fR\|(3) or \fBEVP_DigestVerifyInit\fR\|(3) instead. .PP \&\fB\s-1ECDSA_SIG\s0\fR is an opaque structure consisting of two BIGNUMs for the \&\fBr\fR and \fBs\fR value of an \s-1ECDSA\s0 signature (see X9.62 or \s-1FIPS 186\-2\s0). .PP -\&\fIECDSA_SIG_new()\fR allocates an empty \fB\s-1ECDSA_SIG\s0\fR structure. Note: before +\&\fBECDSA_SIG_new()\fR allocates an empty \fB\s-1ECDSA_SIG\s0\fR structure. Note: before OpenSSL 1.1.0 the: the \fBr\fR and \fBs\fR components were initialised. .PP -\&\fIECDSA_SIG_free()\fR frees the \fB\s-1ECDSA_SIG\s0\fR structure \fBsig\fR. +\&\fBECDSA_SIG_free()\fR frees the \fB\s-1ECDSA_SIG\s0\fR structure \fBsig\fR. .PP -\&\fIECDSA_SIG_get0()\fR returns internal pointers the \fBr\fR and \fBs\fR values contained +\&\fBECDSA_SIG_get0()\fR returns internal pointers the \fBr\fR and \fBs\fR values contained in \fBsig\fR and stores them in \fB*pr\fR and \fB*ps\fR, respectively. The pointer \fBpr\fR or \fBps\fR can be \s-1NULL,\s0 in which case the corresponding value is not returned. .PP The values \fBr\fR, \fBs\fR can also be retrieved separately by the corresponding -function \fIECDSA_SIG_get0_r()\fR and \fIECDSA_SIG_get0_s()\fR, respectively. +function \fBECDSA_SIG_get0_r()\fR and \fBECDSA_SIG_get0_s()\fR, respectively. .PP -The \fBr\fR and \fBs\fR values can be set by calling \fIECDSA_SIG_set0()\fR and passing the +The \fBr\fR and \fBs\fR values can be set by calling \fBECDSA_SIG_set0()\fR and passing the new values for \fBr\fR and \fBs\fR as parameters to the function. Calling this function transfers the memory management of the values to the \s-1ECDSA_SIG\s0 object, and therefore the values that have been passed in should not be freed directly after this function has been called. .PP -\&\fIi2d_ECDSA_SIG()\fR creates the \s-1DER\s0 encoding of the \s-1ECDSA\s0 signature \fBsig\fR and -writes the encoded signature to \fB*pp\fR (note: if \fBpp\fR is \s-1NULL\s0 \fIi2d_ECDSA_SIG()\fR +\&\fBi2d_ECDSA_SIG()\fR creates the \s-1DER\s0 encoding of the \s-1ECDSA\s0 signature \fBsig\fR and +writes the encoded signature to \fB*pp\fR (note: if \fBpp\fR is \s-1NULL\s0 \fBi2d_ECDSA_SIG()\fR returns the expected length in bytes of the \s-1DER\s0 encoded signature). -\&\fIi2d_ECDSA_SIG()\fR returns the length of the \s-1DER\s0 encoded signature (or 0 on +\&\fBi2d_ECDSA_SIG()\fR returns the length of the \s-1DER\s0 encoded signature (or 0 on error). .PP -\&\fId2i_ECDSA_SIG()\fR decodes a \s-1DER\s0 encoded \s-1ECDSA\s0 signature and returns the decoded +\&\fBd2i_ECDSA_SIG()\fR decodes a \s-1DER\s0 encoded \s-1ECDSA\s0 signature and returns the decoded signature in a newly allocated \fB\s-1ECDSA_SIG\s0\fR structure. \fB*sig\fR points to the buffer containing the \s-1DER\s0 encoded signature of size \fBlen\fR. .PP -\&\fIECDSA_size()\fR returns the maximum length of a \s-1DER\s0 encoded \s-1ECDSA\s0 signature +\&\fBECDSA_size()\fR returns the maximum length of a \s-1DER\s0 encoded \s-1ECDSA\s0 signature created with the private \s-1EC\s0 key \fBeckey\fR. .PP -\&\fIECDSA_sign()\fR computes a digital signature of the \fBdgstlen\fR bytes hash value +\&\fBECDSA_sign()\fR computes a digital signature of the \fBdgstlen\fR bytes hash value \&\fBdgst\fR using the private \s-1EC\s0 key \fBeckey\fR. The \s-1DER\s0 encoded signatures is stored in \fBsig\fR and its length is returned in \fBsig_len\fR. Note: \fBsig\fR must point to ECDSA_size(eckey) bytes of memory. The parameter \fBtype\fR is currently -ignored. \fIECDSA_sign()\fR is wrapper function for \fIECDSA_sign_ex()\fR with \fBkinv\fR +ignored. \fBECDSA_sign()\fR is wrapper function for \fBECDSA_sign_ex()\fR with \fBkinv\fR and \fBrp\fR set to \s-1NULL.\s0 .PP -\&\fIECDSA_do_sign()\fR is similar to \fIECDSA_sign()\fR except the signature is returned -as a newly allocated \fB\s-1ECDSA_SIG\s0\fR structure (or \s-1NULL\s0 on error). \fIECDSA_do_sign()\fR -is a wrapper function for \fIECDSA_do_sign_ex()\fR with \fBkinv\fR and \fBrp\fR set to +\&\fBECDSA_do_sign()\fR is similar to \fBECDSA_sign()\fR except the signature is returned +as a newly allocated \fB\s-1ECDSA_SIG\s0\fR structure (or \s-1NULL\s0 on error). \fBECDSA_do_sign()\fR +is a wrapper function for \fBECDSA_do_sign_ex()\fR with \fBkinv\fR and \fBrp\fR set to \&\s-1NULL.\s0 .PP -\&\fIECDSA_verify()\fR verifies that the signature in \fBsig\fR of size \fBsiglen\fR is a +\&\fBECDSA_verify()\fR verifies that the signature in \fBsig\fR of size \fBsiglen\fR is a valid \s-1ECDSA\s0 signature of the hash value \fBdgst\fR of size \fBdgstlen\fR using the public key \fBeckey\fR. The parameter \fBtype\fR is ignored. .PP -\&\fIECDSA_do_verify()\fR is similar to \fIECDSA_verify()\fR except the signature is +\&\fBECDSA_do_verify()\fR is similar to \fBECDSA_verify()\fR except the signature is presented in the form of a pointer to an \fB\s-1ECDSA_SIG\s0\fR structure. .PP The remaining functions utilise the internal \fBkinv\fR and \fBr\fR values used @@ -234,39 +238,39 @@ during signature computation. Most applications will never need to call these and some external \s-1ECDSA ENGINE\s0 implementations may not support them at all if either \fBkinv\fR or \fBr\fR is not \fB\s-1NULL\s0\fR. .PP -\&\fIECDSA_sign_setup()\fR may be used to precompute parts of the signing operation. +\&\fBECDSA_sign_setup()\fR may be used to precompute parts of the signing operation. \&\fBeckey\fR is the private \s-1EC\s0 key and \fBctx\fR is a pointer to \fB\s-1BN_CTX\s0\fR structure (or \s-1NULL\s0). The precomputed values or returned in \fBkinv\fR and \fBrp\fR and can be -used in a later call to \fIECDSA_sign_ex()\fR or \fIECDSA_do_sign_ex()\fR. +used in a later call to \fBECDSA_sign_ex()\fR or \fBECDSA_do_sign_ex()\fR. .PP -\&\fIECDSA_sign_ex()\fR computes a digital signature of the \fBdgstlen\fR bytes hash value +\&\fBECDSA_sign_ex()\fR computes a digital signature of the \fBdgstlen\fR bytes hash value \&\fBdgst\fR using the private \s-1EC\s0 key \fBeckey\fR and the optional pre-computed values \&\fBkinv\fR and \fBrp\fR. The \s-1DER\s0 encoded signature is stored in \fBsig\fR and its length is returned in \fBsig_len\fR. Note: \fBsig\fR must point to ECDSA_size(eckey) bytes of memory. The parameter \fBtype\fR is ignored. .PP -\&\fIECDSA_do_sign_ex()\fR is similar to \fIECDSA_sign_ex()\fR except the signature is +\&\fBECDSA_do_sign_ex()\fR is similar to \fBECDSA_sign_ex()\fR except the signature is returned as a newly allocated \fB\s-1ECDSA_SIG\s0\fR structure (or \s-1NULL\s0 on error). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIECDSA_SIG_new()\fR returns \s-1NULL\s0 if the allocation fails. +\&\fBECDSA_SIG_new()\fR returns \s-1NULL\s0 if the allocation fails. .PP -\&\fIECDSA_SIG_set0()\fR returns 1 on success or 0 on failure. +\&\fBECDSA_SIG_set0()\fR returns 1 on success or 0 on failure. .PP -\&\fIECDSA_SIG_get0_r()\fR and \fIECDSA_SIG_get0_s()\fR return the corresponding value, +\&\fBECDSA_SIG_get0_r()\fR and \fBECDSA_SIG_get0_s()\fR return the corresponding value, or \s-1NULL\s0 if it is unset. .PP -\&\fIECDSA_size()\fR returns the maximum length signature or 0 on error. +\&\fBECDSA_size()\fR returns the maximum length signature or 0 on error. .PP -\&\fIECDSA_sign()\fR, \fIECDSA_sign_ex()\fR and \fIECDSA_sign_setup()\fR return 1 if successful +\&\fBECDSA_sign()\fR, \fBECDSA_sign_ex()\fR and \fBECDSA_sign_setup()\fR return 1 if successful or 0 on error. .PP -\&\fIECDSA_do_sign()\fR and \fIECDSA_do_sign_ex()\fR return a pointer to an allocated +\&\fBECDSA_do_sign()\fR and \fBECDSA_do_sign_ex()\fR return a pointer to an allocated \&\fB\s-1ECDSA_SIG\s0\fR structure or \s-1NULL\s0 on error. .PP -\&\fIECDSA_verify()\fR and \fIECDSA_do_verify()\fR return 1 for a valid +\&\fBECDSA_verify()\fR and \fBECDSA_do_verify()\fR return 1 for a valid signature, 0 for an invalid signature and \-1 on error. -The error codes can be obtained by \fIERR_get_error\fR\|(3). +The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "EXAMPLES" .IX Header "EXAMPLES" Creating an \s-1ECDSA\s0 signature of a given \s-1SHA\-256\s0 hash value using the @@ -288,7 +292,7 @@ specific) .Ve .PP Second step: compute the \s-1ECDSA\s0 signature of a \s-1SHA\-256\s0 hash value -using \fIECDSA_do_sign()\fR: +using \fBECDSA_do_sign()\fR: .PP .Vb 3 \& sig = ECDSA_do_sign(digest, 32, eckey); @@ -296,7 +300,7 @@ using \fIECDSA_do_sign()\fR: \& /* error */ .Ve .PP -or using \fIECDSA_sign()\fR: +or using \fBECDSA_sign()\fR: .PP .Vb 2 \& unsigned char *buffer, *pp; @@ -309,13 +313,13 @@ or using \fIECDSA_sign()\fR: \& /* error */ .Ve .PP -Third step: verify the created \s-1ECDSA\s0 signature using \fIECDSA_do_verify()\fR: +Third step: verify the created \s-1ECDSA\s0 signature using \fBECDSA_do_verify()\fR: .PP .Vb 1 \& ret = ECDSA_do_verify(digest, 32, sig, eckey); .Ve .PP -or using \fIECDSA_verify()\fR: +or using \fBECDSA_verify()\fR: .PP .Vb 1 \& ret = ECDSA_verify(0, digest, 32, buffer, buf_len, eckey); @@ -337,9 +341,9 @@ and finally evaluate the return value: (Digital Signature Standard, \s-1DSS\s0) .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIDSA_new\fR\|(3), -\&\fIEVP_DigestSignInit\fR\|(3), -\&\fIEVP_DigestVerifyInit\fR\|(3) +\&\fBDSA_new\fR\|(3), +\&\fBEVP_DigestSignInit\fR\|(3), +\&\fBEVP_DigestVerifyInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/ECPKParameters_print.3 b/secure/lib/libcrypto/man/ECPKParameters_print.3 index 9c376ca8a0bb..c4941ce8e9cb 100644 --- a/secure/lib/libcrypto/man/ECPKParameters_print.3 +++ b/secure/lib/libcrypto/man/ECPKParameters_print.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ECPKPARAMETERS_PRINT 3" -.TH ECPKPARAMETERS_PRINT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH ECPKPARAMETERS_PRINT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,18 +153,18 @@ ECPKParameters_print, ECPKParameters_print_fp \- Functions for decoding and enco The ECPKParameters represent the public parameters for an \&\fB\s-1EC_GROUP\s0\fR structure, which represents a curve. .PP -The \fIECPKParameters_print()\fR and \fIECPKParameters_print_fp()\fR functions print +The \fBECPKParameters_print()\fR and \fBECPKParameters_print_fp()\fR functions print a human-readable output of the public parameters of the \s-1EC_GROUP\s0 to \fBbp\fR or \fBfp\fR. The output lines are indented by \fBoff\fR spaces. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIECPKParameters_print()\fR and \fIECPKParameters_print_fp()\fR +\&\fBECPKParameters_print()\fR and \fBECPKParameters_print_fp()\fR return 1 for success and 0 if an error occurs. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrypto\fR\|(7), \fIEC_GROUP_new\fR\|(3), \fIEC_GROUP_copy\fR\|(3), -\&\fIEC_POINT_new\fR\|(3), \fIEC_POINT_add\fR\|(3), \fIEC_KEY_new\fR\|(3), -\&\fIEC_GFp_simple_method\fR\|(3), +\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3), +\&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), +\&\fBEC_GFp_simple_method\fR\|(3), .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EC_GFp_simple_method.3 b/secure/lib/libcrypto/man/EC_GFp_simple_method.3 index 26f231246ac3..3d186d3bab70 100644 --- a/secure/lib/libcrypto/man/EC_GFp_simple_method.3 +++ b/secure/lib/libcrypto/man/EC_GFp_simple_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EC_GFP_SIMPLE_METHOD 3" -.TH EC_GFP_SIMPLE_METHOD 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EC_GFP_SIMPLE_METHOD 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,7 +159,7 @@ EC_GFp_simple_method, EC_GFp_mont_method, EC_GFp_nist_method, EC_GFp_nistp224_me .SH "DESCRIPTION" .IX Header "DESCRIPTION" The Elliptic Curve library provides a number of different implementations through a single common interface. -When constructing a curve using EC_GROUP_new (see \fIEC_GROUP_new\fR\|(3)) an +When constructing a curve using EC_GROUP_new (see \fBEC_GROUP_new\fR\|(3)) an implementation method must be provided. The functions described here all return a const pointer to an \&\fB\s-1EC_METHOD\s0\fR structure that can be passed to \s-1EC_GROUP_NEW.\s0 It is important that the correct implementation type for the form of curve selected is used. @@ -164,9 +168,9 @@ For F2^m curves there is only one implementation choice, i.e. EC_GF2_simple_meth .PP For Fp curves the lowest common denominator implementation is the EC_GFp_simple_method implementation. All other implementations are based on this one. EC_GFp_mont_method builds on EC_GFp_simple_method but adds the -use of montgomery multiplication (see \fIBN_mod_mul_montgomery\fR\|(3)). EC_GFp_nist_method +use of montgomery multiplication (see \fBBN_mod_mul_montgomery\fR\|(3)). EC_GFp_nist_method offers an implementation optimised for use with \s-1NIST\s0 recommended curves (\s-1NIST\s0 curves are available through -EC_GROUP_new_by_curve_name as described in \fIEC_GROUP_new\fR\|(3)). +EC_GROUP_new_by_curve_name as described in \fBEC_GROUP_new\fR\|(3)). .PP The functions EC_GFp_nistp224_method, EC_GFp_nistp256_method and EC_GFp_nistp521_method offer 64 bit optimised implementations for the \s-1NIST P224, P256\s0 and P521 curves respectively. Note, however, that these @@ -183,10 +187,10 @@ All EC_GFp* functions and EC_GF2m_simple_method always return a const pointer to EC_METHOD_get_field_type returns an integer that identifies the type of field the \s-1EC_METHOD\s0 structure supports. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrypto\fR\|(7), \fIEC_GROUP_new\fR\|(3), \fIEC_GROUP_copy\fR\|(3), -\&\fIEC_POINT_new\fR\|(3), \fIEC_POINT_add\fR\|(3), \fIEC_KEY_new\fR\|(3), -\&\fId2i_ECPKParameters\fR\|(3), -\&\fIBN_mod_mul_montgomery\fR\|(3) +\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3), +\&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), +\&\fBd2i_ECPKParameters\fR\|(3), +\&\fBBN_mod_mul_montgomery\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EC_GROUP_copy.3 b/secure/lib/libcrypto/man/EC_GROUP_copy.3 index b3f95d40b1c7..07c946988267 100644 --- a/secure/lib/libcrypto/man/EC_GROUP_copy.3 +++ b/secure/lib/libcrypto/man/EC_GROUP_copy.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EC_GROUP_COPY 3" -.TH EC_GROUP_COPY 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EC_GROUP_COPY 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -202,7 +206,7 @@ The functions EC_GROUP_get_order and EC_GROUP_get_cofactor populate the provided with the respective order and cofactors for the \fBgroup\fR. .PP The functions EC_GROUP_set_curve_name and EC_GROUP_get_curve_name, set and get the \s-1NID\s0 for the curve respectively -(see \fIEC_GROUP_new\fR\|(3)). If a curve does not have a \s-1NID\s0 associated with it, then EC_GROUP_get_curve_name +(see \fBEC_GROUP_new\fR\|(3)). If a curve does not have a \s-1NID\s0 associated with it, then EC_GROUP_get_curve_name will return 0. .PP The asn1_flag value is used to determine whether the curve encoding uses @@ -212,7 +216,7 @@ named curve form is used and the parameters must have a corresponding named curve \s-1NID\s0 set. If asn1_flags is \fB\s-1OPENSSL_EC_EXPLICIT_CURVE\s0\fR the parameters are explicitly encoded. The functions EC_GROUP_get_asn1_flag and EC_GROUP_set_asn1_flag get and set the status of the asn1_flag for the curve. -Note: \fB\s-1OPENSSL_EC_EXPLICIT_CURVE\s0\fR was first added to OpenSSL 1.1.0, for +Note: \fB\s-1OPENSSL_EC_EXPLICIT_CURVE\s0\fR was added in OpenSSL 1.1.0, for previous versions of OpenSSL the value 0 must be used instead. Before OpenSSL 1.1.0 the default form was to use explicit parameters (meaning that applications would have to explicitly set the named curve form) in OpenSSL @@ -298,9 +302,9 @@ EC_GROUP_get_order, EC_GROUP_get_cofactor, EC_GROUP_get_curve_name, EC_GROUP_get and EC_GROUP_get_degree return the order, cofactor, curve name (\s-1NID\s0), \s-1ASN1\s0 flag, point_conversion_form and degree for the specified curve respectively. If there is no curve name associated with a curve then EC_GROUP_get_curve_name will return 0. .PP -\&\fIEC_GROUP_get0_order()\fR returns an internal pointer to the group order. -\&\fIEC_GROUP_get_order_bits()\fR returns the number of bits in the group order. -\&\fIEC_GROUP_get0_cofactor()\fR returns an internal pointer to the group cofactor. +\&\fBEC_GROUP_get0_order()\fR returns an internal pointer to the group order. +\&\fBEC_GROUP_order_bits()\fR returns the number of bits in the group order. +\&\fBEC_GROUP_get0_cofactor()\fR returns an internal pointer to the group cofactor. .PP EC_GROUP_get0_seed returns a pointer to the seed that was used to generate the parameter b, or \s-1NULL\s0 if the seed is not specified. EC_GROUP_get_seed_len returns the length of the seed or 0 if the seed is not specified. @@ -314,9 +318,9 @@ EC_GROUP_get_basis_type returns the values NID_X9_62_tpBasis or NID_X9_62_ppBasi trinomial or pentanomial respectively. Alternatively in the event of an error a 0 is returned. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrypto\fR\|(7), \fIEC_GROUP_new\fR\|(3), -\&\fIEC_POINT_new\fR\|(3), \fIEC_POINT_add\fR\|(3), \fIEC_KEY_new\fR\|(3), -\&\fIEC_GFp_simple_method\fR\|(3), \fId2i_ECPKParameters\fR\|(3) +\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), +\&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), +\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EC_GROUP_new.3 b/secure/lib/libcrypto/man/EC_GROUP_new.3 index 45053dff2c9d..5c755b32a394 100644 --- a/secure/lib/libcrypto/man/EC_GROUP_new.3 +++ b/secure/lib/libcrypto/man/EC_GROUP_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EC_GROUP_NEW 3" -.TH EC_GROUP_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EC_GROUP_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -188,22 +192,22 @@ Operations in a binary field are performed relative to an \fBirreducible polynom use a trinomial or a pentanomial for this parameter. .PP A new curve can be constructed by calling EC_GROUP_new, using the implementation provided by \fBmeth\fR (see -\&\fIEC_GFp_simple_method\fR\|(3)). It is then necessary to call \fIEC_GROUP_set_curve()\fR to set the curve parameters. -\&\fIEC_GROUP_new_from_ecparameters()\fR will create a group from the +\&\fBEC_GFp_simple_method\fR\|(3)). It is then necessary to call \fBEC_GROUP_set_curve()\fR to set the curve parameters. +\&\fBEC_GROUP_new_from_ecparameters()\fR will create a group from the specified \fBparams\fR and -\&\fIEC_GROUP_new_from_ecpkparameters()\fR will create a group from the specific \s-1PK\s0 \fBparams\fR. +\&\fBEC_GROUP_new_from_ecpkparameters()\fR will create a group from the specific \s-1PK\s0 \fBparams\fR. .PP -\&\fIEC_GROUP_set_curve()\fR sets the curve parameters \fBp\fR, \fBa\fR and \fBb\fR. For a curve over Fp \fBb\fR +\&\fBEC_GROUP_set_curve()\fR sets the curve parameters \fBp\fR, \fBa\fR and \fBb\fR. For a curve over Fp \fBb\fR is the prime for the field. For a curve over F2^m \fBp\fR represents the irreducible polynomial \- each bit represents a term in the polynomial. Therefore there will either be three or five bits set dependent on whether the polynomial is a trinomial or a pentanomial. .PP -\&\fIEC_group_get_curve()\fR obtains the previously set curve parameters. +\&\fBEC_group_get_curve()\fR obtains the previously set curve parameters. .PP -\&\fIEC_GROUP_set_curve_GFp()\fR and \fIEC_GROUP_set_curve_GF2m()\fR are synonyms for \fIEC_GROUP_set_curve()\fR. They are defined for +\&\fBEC_GROUP_set_curve_GFp()\fR and \fBEC_GROUP_set_curve_GF2m()\fR are synonyms for \fBEC_GROUP_set_curve()\fR. They are defined for backwards compatibility only and should not be used. .PP -\&\fIEC_GROUP_get_curve_GFp()\fR and \fIEC_GROUP_get_curve_GF2m()\fR are synonyms for \fIEC_GROUP_get_curve()\fR. They are defined for +\&\fBEC_GROUP_get_curve_GFp()\fR and \fBEC_GROUP_get_curve_GF2m()\fR are synonyms for \fBEC_GROUP_get_curve()\fR. They are defined for backwards compatibility only and should not be used. .PP The functions EC_GROUP_new_curve_GFp and EC_GROUP_new_curve_GF2m are shortcuts for calling EC_GROUP_new and then the @@ -244,9 +248,9 @@ EC_get_builtin_curves returns the number of builtin curves that are available. EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, EC_GROUP_set_curve_GF2m, EC_GROUP_get_curve_GF2m return 1 on success or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrypto\fR\|(7), \fIEC_GROUP_copy\fR\|(3), -\&\fIEC_POINT_new\fR\|(3), \fIEC_POINT_add\fR\|(3), \fIEC_KEY_new\fR\|(3), -\&\fIEC_GFp_simple_method\fR\|(3), \fId2i_ECPKParameters\fR\|(3) +\&\fBcrypto\fR\|(7), \fBEC_GROUP_copy\fR\|(3), +\&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), +\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EC_KEY_get_enc_flags.3 b/secure/lib/libcrypto/man/EC_KEY_get_enc_flags.3 index 31e93dd058e4..22762ff5f996 100644 --- a/secure/lib/libcrypto/man/EC_KEY_get_enc_flags.3 +++ b/secure/lib/libcrypto/man/EC_KEY_get_enc_flags.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EC_KEY_GET_ENC_FLAGS 3" -.TH EC_KEY_GET_ENC_FLAGS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EC_KEY_GET_ENC_FLAGS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,35 +151,35 @@ EC_KEY_get_enc_flags, EC_KEY_set_enc_flags \&\- Get and set flags for encoding E .SH "DESCRIPTION" .IX Header "DESCRIPTION" The format of the external representation of the public key written by -\&\fIi2d_ECPrivateKey()\fR (such as whether it is stored in a compressed form or not) is -described by the point_conversion_form. See \fIEC_GROUP_copy\fR\|(3) +\&\fBi2d_ECPrivateKey()\fR (such as whether it is stored in a compressed form or not) is +described by the point_conversion_form. See \fBEC_GROUP_copy\fR\|(3) for a description of point_conversion_form. .PP When reading a private key encoded without an associated public key (e.g. if -\&\s-1EC_PKEY_NO_PUBKEY\s0 has been used \- see below), then \fId2i_ECPrivateKey()\fR generates +\&\s-1EC_PKEY_NO_PUBKEY\s0 has been used \- see below), then \fBd2i_ECPrivateKey()\fR generates the missing public key automatically. Private keys encoded without parameters (e.g. if \s-1EC_PKEY_NO_PARAMETERS\s0 has been used \- see below) cannot be loaded using -\&\fId2i_ECPrivateKey()\fR. +\&\fBd2i_ECPrivateKey()\fR. .PP -The functions \fIEC_KEY_get_enc_flags()\fR and \fIEC_KEY_set_enc_flags()\fR get and set the +The functions \fBEC_KEY_get_enc_flags()\fR and \fBEC_KEY_set_enc_flags()\fR get and set the value of the encoding flags for the \fBkey\fR. There are two encoding flags currently defined \- \s-1EC_PKEY_NO_PARAMETERS\s0 and \s-1EC_PKEY_NO_PUBKEY.\s0 These flags define the behaviour of how the \fBkey\fR is converted into \s-1ASN1\s0 in a call to -\&\fIi2d_ECPrivateKey()\fR. If \s-1EC_PKEY_NO_PARAMETERS\s0 is set then the public parameters for +\&\fBi2d_ECPrivateKey()\fR. If \s-1EC_PKEY_NO_PARAMETERS\s0 is set then the public parameters for the curve are not encoded along with the private key. If \s-1EC_PKEY_NO_PUBKEY\s0 is set then the public key is not encoded along with the private key. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEC_KEY_get_enc_flags()\fR returns the value of the current encoding flags for the +\&\fBEC_KEY_get_enc_flags()\fR returns the value of the current encoding flags for the \&\s-1EC_KEY.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrypto\fR\|(7), \fIEC_GROUP_new\fR\|(3), -\&\fIEC_GROUP_copy\fR\|(3), \fIEC_POINT_new\fR\|(3), -\&\fIEC_POINT_add\fR\|(3), -\&\fIEC_GFp_simple_method\fR\|(3), -\&\fId2i_ECPKParameters\fR\|(3), -\&\fId2i_ECPrivateKey\fR\|(3) +\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), +\&\fBEC_GROUP_copy\fR\|(3), \fBEC_POINT_new\fR\|(3), +\&\fBEC_POINT_add\fR\|(3), +\&\fBEC_GFp_simple_method\fR\|(3), +\&\fBd2i_ECPKParameters\fR\|(3), +\&\fBd2i_ECPrivateKey\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EC_KEY_new.3 b/secure/lib/libcrypto/man/EC_KEY_new.3 index aa156b2ac6e2..183139d4dfbe 100644 --- a/secure/lib/libcrypto/man/EC_KEY_new.3 +++ b/secure/lib/libcrypto/man/EC_KEY_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EC_KEY_NEW 3" -.TH EC_KEY_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EC_KEY_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -180,121 +184,121 @@ EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_f .IX Header "DESCRIPTION" An \s-1EC_KEY\s0 represents a public key and, optionally, the associated private key. A new \s-1EC_KEY\s0 with no associated curve can be constructed by calling -\&\fIEC_KEY_new()\fR. The reference count for the newly created \s-1EC_KEY\s0 is initially +\&\fBEC_KEY_new()\fR. The reference count for the newly created \s-1EC_KEY\s0 is initially set to 1. A curve can be associated with the \s-1EC_KEY\s0 by calling -\&\fIEC_KEY_set_group()\fR. +\&\fBEC_KEY_set_group()\fR. .PP Alternatively a new \s-1EC_KEY\s0 can be constructed by calling -\&\fIEC_KEY_new_by_curve_name()\fR and supplying the nid of the associated curve. See -\&\fIEC_GROUP_new\fR\|(3) for a description of curve names. This function simply -wraps calls to \fIEC_KEY_new()\fR and \fIEC_GROUP_new_by_curve_name()\fR. +\&\fBEC_KEY_new_by_curve_name()\fR and supplying the nid of the associated curve. See +\&\fBEC_GROUP_new\fR\|(3) for a description of curve names. This function simply +wraps calls to \fBEC_KEY_new()\fR and \fBEC_GROUP_new_by_curve_name()\fR. .PP -Calling \fIEC_KEY_free()\fR decrements the reference count for the \s-1EC_KEY\s0 object, +Calling \fBEC_KEY_free()\fR decrements the reference count for the \s-1EC_KEY\s0 object, and if it has dropped to zero then frees the memory associated with it. If \&\fBkey\fR is \s-1NULL\s0 nothing is done. .PP -\&\fIEC_KEY_copy()\fR copies the contents of the \s-1EC_KEY\s0 in \fBsrc\fR into \fBdest\fR. +\&\fBEC_KEY_copy()\fR copies the contents of the \s-1EC_KEY\s0 in \fBsrc\fR into \fBdest\fR. .PP -\&\fIEC_KEY_dup()\fR creates a new \s-1EC_KEY\s0 object and copies \fBec_key\fR into it. +\&\fBEC_KEY_dup()\fR creates a new \s-1EC_KEY\s0 object and copies \fBec_key\fR into it. .PP -\&\fIEC_KEY_up_ref()\fR increments the reference count associated with the \s-1EC_KEY\s0 +\&\fBEC_KEY_up_ref()\fR increments the reference count associated with the \s-1EC_KEY\s0 object. .PP -\&\fIEC_KEY_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for +\&\fBEC_KEY_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for this \s-1EC_KEY\s0 object. .PP -\&\fIEC_KEY_generate_key()\fR generates a new public and private key for the supplied +\&\fBEC_KEY_generate_key()\fR generates a new public and private key for the supplied \&\fBeckey\fR object. \fBeckey\fR must have an \s-1EC_GROUP\s0 object associated with it before calling this function. The private key is a random integer (0 < priv_key < order, where \fIorder\fR is the order of the \s-1EC_GROUP\s0 object). The public key is an \s-1EC_POINT\s0 on the curve calculated by multiplying the generator for the curve by the private key. .PP -\&\fIEC_KEY_check_key()\fR performs various sanity checks on the \s-1EC_KEY\s0 object to +\&\fBEC_KEY_check_key()\fR performs various sanity checks on the \s-1EC_KEY\s0 object to confirm that it is valid. .PP -\&\fIEC_KEY_set_public_key_affine_coordinates()\fR sets the public key for \fBkey\fR based +\&\fBEC_KEY_set_public_key_affine_coordinates()\fR sets the public key for \fBkey\fR based on its affine co-ordinates; i.e., it constructs an \s-1EC_POINT\s0 object based on the supplied \fBx\fR and \fBy\fR values and sets the public key to be this \&\s-1EC_POINT.\s0 It also performs certain sanity checks on the key to confirm that it is valid. .PP -The functions \fIEC_KEY_get0_group()\fR, \fIEC_KEY_set_group()\fR, -\&\fIEC_KEY_get0_private_key()\fR, \fIEC_KEY_set_private_key()\fR, \fIEC_KEY_get0_public_key()\fR, -and \fIEC_KEY_set_public_key()\fR get and set the \s-1EC_GROUP\s0 object, the private key, +The functions \fBEC_KEY_get0_group()\fR, \fBEC_KEY_set_group()\fR, +\&\fBEC_KEY_get0_private_key()\fR, \fBEC_KEY_set_private_key()\fR, \fBEC_KEY_get0_public_key()\fR, +and \fBEC_KEY_set_public_key()\fR get and set the \s-1EC_GROUP\s0 object, the private key, and the \s-1EC_POINT\s0 public key for the \fBkey\fR respectively. .PP -The functions \fIEC_KEY_get_conv_form()\fR and \fIEC_KEY_set_conv_form()\fR get and set the +The functions \fBEC_KEY_get_conv_form()\fR and \fBEC_KEY_set_conv_form()\fR get and set the point_conversion_form for the \fBkey\fR. For a description of -point_conversion_forms please see \fIEC_POINT_new\fR\|(3). +point_conversion_forms please see \fBEC_POINT_new\fR\|(3). .PP -\&\fIEC_KEY_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1EC_KEY\s0 +\&\fBEC_KEY_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1EC_KEY\s0 object. Any flags that are already set are left set. The flags currently defined are \s-1EC_FLAG_NON_FIPS_ALLOW\s0 and \s-1EC_FLAG_FIPS_CHECKED.\s0 In addition there is the flag \s-1EC_FLAG_COFACTOR_ECDH\s0 which is specific to \s-1ECDH.\s0 -\&\fIEC_KEY_get_flags()\fR returns the current flags that are set for this \s-1EC_KEY.\s0 -\&\fIEC_KEY_clear_flags()\fR clears the flags indicated by the \fBflags\fR parameter; all +\&\fBEC_KEY_get_flags()\fR returns the current flags that are set for this \s-1EC_KEY.\s0 +\&\fBEC_KEY_clear_flags()\fR clears the flags indicated by the \fBflags\fR parameter; all other flags are left in their existing state. .PP -\&\fIEC_KEY_set_asn1_flag()\fR sets the asn1_flag on the underlying \s-1EC_GROUP\s0 object -(if set). Refer to \fIEC_GROUP_copy\fR\|(3) for further information on the +\&\fBEC_KEY_set_asn1_flag()\fR sets the asn1_flag on the underlying \s-1EC_GROUP\s0 object +(if set). Refer to \fBEC_GROUP_copy\fR\|(3) for further information on the asn1_flag. .PP -\&\fIEC_KEY_precompute_mult()\fR stores multiples of the underlying \s-1EC_GROUP\s0 generator -for faster point multiplication. See also \fIEC_POINT_add\fR\|(3). +\&\fBEC_KEY_precompute_mult()\fR stores multiples of the underlying \s-1EC_GROUP\s0 generator +for faster point multiplication. See also \fBEC_POINT_add\fR\|(3). .PP -\&\fIEC_KEY_oct2key()\fR and \fIEC_KEY_key2buf()\fR are identical to the functions -\&\fIEC_POINT_oct2point()\fR and \fIEC_KEY_point2buf()\fR except they use the public key +\&\fBEC_KEY_oct2key()\fR and \fBEC_KEY_key2buf()\fR are identical to the functions +\&\fBEC_POINT_oct2point()\fR and \fBEC_KEY_point2buf()\fR except they use the public key \&\s-1EC_POINT\s0 in \fBeckey\fR. .PP -\&\fIEC_KEY_oct2priv()\fR and \fIEC_KEY_priv2oct()\fR convert between the private key +\&\fBEC_KEY_oct2priv()\fR and \fBEC_KEY_priv2oct()\fR convert between the private key component of \fBeckey\fR and octet form. The octet form consists of the content octets of the \fBprivateKey\fR \s-1OCTET STRING\s0 in an \fBECPrivateKey\fR \s-1ASN.1\s0 structure. .PP -The function \fIEC_KEY_priv2oct()\fR must be supplied with a buffer long enough to +The function \fBEC_KEY_priv2oct()\fR must be supplied with a buffer long enough to store the octet form. The return value provides the number of octets stored. Calling the function with a \s-1NULL\s0 buffer will not perform the conversion but will just return the required buffer length. .PP -The function \fIEC_KEY_priv2buf()\fR allocates a buffer of suitable length and writes +The function \fBEC_KEY_priv2buf()\fR allocates a buffer of suitable length and writes an \s-1EC_KEY\s0 to it in octet format. The allocated buffer is written to \fB*pbuf\fR and its length is returned. The caller must free up the allocated buffer with a -call to \fIOPENSSL_free()\fR. Since the allocated buffer value is written to \fB*pbuf\fR +call to \fBOPENSSL_free()\fR. Since the allocated buffer value is written to \fB*pbuf\fR the \fBpbuf\fR parameter \fB\s-1MUST NOT\s0\fR be \fB\s-1NULL\s0\fR. .PP -\&\fIEC_KEY_priv2buf()\fR converts an \s-1EC_KEY\s0 private key into an allocated buffer. +\&\fBEC_KEY_priv2buf()\fR converts an \s-1EC_KEY\s0 private key into an allocated buffer. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEC_KEY_new()\fR, \fIEC_KEY_new_by_curve_name()\fR and \fIEC_KEY_dup()\fR return a pointer to +\&\fBEC_KEY_new()\fR, \fBEC_KEY_new_by_curve_name()\fR and \fBEC_KEY_dup()\fR return a pointer to the newly created \s-1EC_KEY\s0 object, or \s-1NULL\s0 on error. .PP -\&\fIEC_KEY_get_flags()\fR returns the flags associated with the \s-1EC_KEY\s0 object as an +\&\fBEC_KEY_get_flags()\fR returns the flags associated with the \s-1EC_KEY\s0 object as an integer. .PP -\&\fIEC_KEY_copy()\fR returns a pointer to the destination key, or \s-1NULL\s0 on error. +\&\fBEC_KEY_copy()\fR returns a pointer to the destination key, or \s-1NULL\s0 on error. .PP -\&\fIEC_KEY_get0_engine()\fR returns a pointer to an \s-1ENGINE,\s0 or \s-1NULL\s0 if it wasn't set. +\&\fBEC_KEY_get0_engine()\fR returns a pointer to an \s-1ENGINE,\s0 or \s-1NULL\s0 if it wasn't set. .PP -\&\fIEC_KEY_up_ref()\fR, \fIEC_KEY_set_group()\fR, \fIEC_KEY_set_private_key()\fR, -\&\fIEC_KEY_set_public_key()\fR, \fIEC_KEY_precompute_mult()\fR, \fIEC_KEY_generate_key()\fR, -\&\fIEC_KEY_check_key()\fR, \fIEC_KEY_set_public_key_affine_coordinates()\fR, -\&\fIEC_KEY_oct2key()\fR and \fIEC_KEY_oct2priv()\fR return 1 on success or 0 on error. +\&\fBEC_KEY_up_ref()\fR, \fBEC_KEY_set_group()\fR, \fBEC_KEY_set_private_key()\fR, +\&\fBEC_KEY_set_public_key()\fR, \fBEC_KEY_precompute_mult()\fR, \fBEC_KEY_generate_key()\fR, +\&\fBEC_KEY_check_key()\fR, \fBEC_KEY_set_public_key_affine_coordinates()\fR, +\&\fBEC_KEY_oct2key()\fR and \fBEC_KEY_oct2priv()\fR return 1 on success or 0 on error. .PP -\&\fIEC_KEY_get0_group()\fR returns the \s-1EC_GROUP\s0 associated with the \s-1EC_KEY.\s0 +\&\fBEC_KEY_get0_group()\fR returns the \s-1EC_GROUP\s0 associated with the \s-1EC_KEY.\s0 .PP -\&\fIEC_KEY_get0_private_key()\fR returns the private key associated with the \s-1EC_KEY.\s0 +\&\fBEC_KEY_get0_private_key()\fR returns the private key associated with the \s-1EC_KEY.\s0 .PP -\&\fIEC_KEY_get_conv_form()\fR return the point_conversion_form for the \s-1EC_KEY.\s0 +\&\fBEC_KEY_get_conv_form()\fR return the point_conversion_form for the \s-1EC_KEY.\s0 .PP -\&\fIEC_KEY_key2buf()\fR, \fIEC_KEY_priv2oct()\fR and \fIEC_KEY_priv2buf()\fR return the length +\&\fBEC_KEY_key2buf()\fR, \fBEC_KEY_priv2oct()\fR and \fBEC_KEY_priv2buf()\fR return the length of the buffer or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrypto\fR\|(7), \fIEC_GROUP_new\fR\|(3), -\&\fIEC_GROUP_copy\fR\|(3), \fIEC_POINT_new\fR\|(3), -\&\fIEC_POINT_add\fR\|(3), -\&\fIEC_GFp_simple_method\fR\|(3), -\&\fId2i_ECPKParameters\fR\|(3) +\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), +\&\fBEC_GROUP_copy\fR\|(3), \fBEC_POINT_new\fR\|(3), +\&\fBEC_POINT_add\fR\|(3), +\&\fBEC_GFp_simple_method\fR\|(3), +\&\fBd2i_ECPKParameters\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EC_POINT_add.3 b/secure/lib/libcrypto/man/EC_POINT_add.3 index 251e76d8309c..9012ac400c0b 100644 --- a/secure/lib/libcrypto/man/EC_POINT_add.3 +++ b/secure/lib/libcrypto/man/EC_POINT_add.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EC_POINT_ADD 3" -.TH EC_POINT_ADD 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EC_POINT_ADD 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -183,7 +187,7 @@ EC_POINTs_mul calculates the value generator * \fBn\fR + \fBq[0]\fR * \fBm[0]\fR When performing a fixed point multiplication (\fBn\fR is non-NULL and \fBnum\fR is 0) or a variable point multiplication (\fBn\fR is \s-1NULL\s0 and \fBnum\fR is 1), the underlying implementation uses a constant time algorithm, when the input scalar (either \fBn\fR or \fBm[0]\fR) is in the range [0, ec_group_order). .PP The function EC_GROUP_precompute_mult stores multiples of the generator for faster point multiplication, whilst -EC_GROUP_have_precompute_mult tests whether precomputation has already been done. See \fIEC_GROUP_copy\fR\|(3) for information +EC_GROUP_have_precompute_mult tests whether precomputation has already been done. See \fBEC_GROUP_copy\fR\|(3) for information about the generator. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -199,9 +203,9 @@ EC_POINT_cmp returns 1 if the points are not equal, 0 if they are, or \-1 on err EC_GROUP_have_precompute_mult return 1 if a precomputation has been done, or 0 if not. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrypto\fR\|(7), \fIEC_GROUP_new\fR\|(3), \fIEC_GROUP_copy\fR\|(3), -\&\fIEC_POINT_new\fR\|(3), \fIEC_KEY_new\fR\|(3), -\&\fIEC_GFp_simple_method\fR\|(3), \fId2i_ECPKParameters\fR\|(3) +\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3), +\&\fBEC_POINT_new\fR\|(3), \fBEC_KEY_new\fR\|(3), +\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EC_POINT_new.3 b/secure/lib/libcrypto/man/EC_POINT_new.3 index 6f28ac9bef7a..95da5c728ebb 100644 --- a/secure/lib/libcrypto/man/EC_POINT_new.3 +++ b/secure/lib/libcrypto/man/EC_POINT_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EC_POINT_NEW 3" -.TH EC_POINT_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EC_POINT_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -205,40 +209,40 @@ EC_POINT_set_Jprojective_coordinates_GFp, EC_POINT_point2buf, EC_POINT_new, EC_P .SH "DESCRIPTION" .IX Header "DESCRIPTION" An \fB\s-1EC_POINT\s0\fR structure represents a point on a curve. A new point is -constructed by calling the function \fIEC_POINT_new()\fR and providing the +constructed by calling the function \fBEC_POINT_new()\fR and providing the \&\fBgroup\fR object that the point relates to. .PP -\&\fIEC_POINT_free()\fR frees the memory associated with the \fB\s-1EC_POINT\s0\fR. +\&\fBEC_POINT_free()\fR frees the memory associated with the \fB\s-1EC_POINT\s0\fR. if \fBpoint\fR is \s-1NULL\s0 nothing is done. .PP -\&\fIEC_POINT_clear_free()\fR destroys any sensitive data held within the \s-1EC_POINT\s0 and +\&\fBEC_POINT_clear_free()\fR destroys any sensitive data held within the \s-1EC_POINT\s0 and then frees its memory. If \fBpoint\fR is \s-1NULL\s0 nothing is done. .PP -\&\fIEC_POINT_copy()\fR copies the point \fBsrc\fR into \fBdst\fR. Both \fBsrc\fR and \fBdst\fR +\&\fBEC_POINT_copy()\fR copies the point \fBsrc\fR into \fBdst\fR. Both \fBsrc\fR and \fBdst\fR must use the same \fB\s-1EC_METHOD\s0\fR. .PP -\&\fIEC_POINT_dup()\fR creates a new \fB\s-1EC_POINT\s0\fR object and copies the content from +\&\fBEC_POINT_dup()\fR creates a new \fB\s-1EC_POINT\s0\fR object and copies the content from \&\fBsrc\fR to the newly created \fB\s-1EC_POINT\s0\fR object. .PP -\&\fIEC_POINT_method_of()\fR obtains the \fB\s-1EC_METHOD\s0\fR associated with \fBpoint\fR. +\&\fBEC_POINT_method_of()\fR obtains the \fB\s-1EC_METHOD\s0\fR associated with \fBpoint\fR. .PP A valid point on a curve is the special point at infinity. A point is set to -be at infinity by calling \fIEC_POINT_set_to_infinity()\fR. +be at infinity by calling \fBEC_POINT_set_to_infinity()\fR. .PP The affine co-ordinates for a point describe a point in terms of its x and y -position. The function \fIEC_POINT_set_affine_coordinates()\fR sets the \fBx\fR and \fBy\fR +position. The function \fBEC_POINT_set_affine_coordinates()\fR sets the \fBx\fR and \fBy\fR co-ordinates for the point \fBp\fR defined over the curve given in \fBgroup\fR. The -function \fIEC_POINT_get_affine_coordinates()\fR sets \fBx\fR and \fBy\fR, either of which +function \fBEC_POINT_get_affine_coordinates()\fR sets \fBx\fR and \fBy\fR, either of which may be \s-1NULL,\s0 to the corresponding coordinates of \fBp\fR. .PP -The functions \fIEC_POINT_set_affine_coordinates_GFp()\fR and -\&\fIEC_POINT_set_affine_coordinates_GF2m()\fR are synonyms for -\&\fIEC_POINT_set_affine_coordinates()\fR. They are defined for backwards compatibility +The functions \fBEC_POINT_set_affine_coordinates_GFp()\fR and +\&\fBEC_POINT_set_affine_coordinates_GF2m()\fR are synonyms for +\&\fBEC_POINT_set_affine_coordinates()\fR. They are defined for backwards compatibility only and should not be used. .PP -The functions \fIEC_POINT_get_affine_coordinates_GFp()\fR and -\&\fIEC_POINT_get_affine_coordinates_GF2m()\fR are synonyms for -\&\fIEC_POINT_get_affine_coordinates()\fR. They are defined for backwards compatibility +The functions \fBEC_POINT_get_affine_coordinates_GFp()\fR and +\&\fBEC_POINT_get_affine_coordinates_GF2m()\fR are synonyms for +\&\fBEC_POINT_get_affine_coordinates()\fR. They are defined for backwards compatibility only and should not be used. .PP As well as the affine co-ordinates, a point can alternatively be described in @@ -250,19 +254,19 @@ affine co-ordinates. A Jacobian projective co-ordinate (x, y, z) can be written as an affine co-ordinate as (x/(z^2), y/(z^3)). Conversion to Jacobian projective from affine co-ordinates is simple. The co-ordinate (x, y) is mapped to (x, y, 1). To set or get the projective co-ordinates use -\&\fIEC_POINT_set_Jprojective_coordinates_GFp()\fR and -\&\fIEC_POINT_get_Jprojective_coordinates_GFp()\fR respectively. +\&\fBEC_POINT_set_Jprojective_coordinates_GFp()\fR and +\&\fBEC_POINT_get_Jprojective_coordinates_GFp()\fR respectively. .PP Points can also be described in terms of their compressed co-ordinates. For a point (x, y), for any given value for x such that the point is on the curve there will only ever be two possible values for y. Therefore a point can be set -using the \fIEC_POINT_set_compressed_coordinates()\fR function where \fBx\fR is the x +using the \fBEC_POINT_set_compressed_coordinates()\fR function where \fBx\fR is the x co-ordinate and \fBy_bit\fR is a value 0 or 1 to identify which of the two possible values for y should be used. .PP -The functions \fIEC_POINT_set_compressed_coordinates_GFp()\fR and -\&\fIEC_POINT_set_compressed_coordinates_GF2m()\fR are synonyms for -\&\fIEC_POINT_set_compressed_coordinates()\fR. They are defined for backwards +The functions \fBEC_POINT_set_compressed_coordinates_GFp()\fR and +\&\fBEC_POINT_set_compressed_coordinates_GF2m()\fR are synonyms for +\&\fBEC_POINT_set_compressed_coordinates()\fR. They are defined for backwards compatibility only and should not be used. .PP In addition \fB\s-1EC_POINT\s0\fR can be converted to and from various external @@ -274,57 +278,57 @@ integer converted to a \fB\s-1BIGNUM\s0\fR structure. Hexadecimal form is the oc form converted to a \s-1NULL\s0 terminated character string where each character is one of the printable values 0\-9 or A\-F (or a\-f). .PP -The functions \fIEC_POINT_point2oct()\fR, \fIEC_POINT_oct2point()\fR, \fIEC_POINT_point2bn()\fR, -\&\fIEC_POINT_bn2point()\fR, \fIEC_POINT_point2hex()\fR and \fIEC_POINT_hex2point()\fR convert from +The functions \fBEC_POINT_point2oct()\fR, \fBEC_POINT_oct2point()\fR, \fBEC_POINT_point2bn()\fR, +\&\fBEC_POINT_bn2point()\fR, \fBEC_POINT_point2hex()\fR and \fBEC_POINT_hex2point()\fR convert from and to EC_POINTs for the formats: octet, \s-1BIGNUM\s0 and hexadecimal respectively. .PP -The function \fIEC_POINT_point2oct()\fR must be supplied with a buffer long enough to +The function \fBEC_POINT_point2oct()\fR must be supplied with a buffer long enough to store the octet form. The return value provides the number of octets stored. Calling the function with a \s-1NULL\s0 buffer will not perform the conversion but will still return the required buffer length. .PP -The function \fIEC_POINT_point2buf()\fR allocates a buffer of suitable length and +The function \fBEC_POINT_point2buf()\fR allocates a buffer of suitable length and writes an \s-1EC_POINT\s0 to it in octet format. The allocated buffer is written to \&\fB*pbuf\fR and its length is returned. The caller must free up the allocated -buffer with a call to \fIOPENSSL_free()\fR. Since the allocated buffer value is +buffer with a call to \fBOPENSSL_free()\fR. Since the allocated buffer value is written to \fB*pbuf\fR the \fBpbuf\fR parameter \fB\s-1MUST NOT\s0\fR be \fB\s-1NULL\s0\fR. .PP -The function \fIEC_POINT_point2hex()\fR will allocate sufficient memory to store the +The function \fBEC_POINT_point2hex()\fR will allocate sufficient memory to store the hexadecimal string. It is the caller's responsibility to free this memory with -a subsequent call to \fIOPENSSL_free()\fR. +a subsequent call to \fBOPENSSL_free()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEC_POINT_new()\fR and \fIEC_POINT_dup()\fR return the newly allocated \s-1EC_POINT\s0 or \s-1NULL\s0 +\&\fBEC_POINT_new()\fR and \fBEC_POINT_dup()\fR return the newly allocated \s-1EC_POINT\s0 or \s-1NULL\s0 on error. .PP -The following functions return 1 on success or 0 on error: \fIEC_POINT_copy()\fR, -\&\fIEC_POINT_set_to_infinity()\fR, \fIEC_POINT_set_Jprojective_coordinates_GFp()\fR, -\&\fIEC_POINT_get_Jprojective_coordinates_GFp()\fR, -\&\fIEC_POINT_set_affine_coordinates_GFp()\fR, \fIEC_POINT_get_affine_coordinates_GFp()\fR, -\&\fIEC_POINT_set_compressed_coordinates_GFp()\fR, -\&\fIEC_POINT_set_affine_coordinates_GF2m()\fR, \fIEC_POINT_get_affine_coordinates_GF2m()\fR, -\&\fIEC_POINT_set_compressed_coordinates_GF2m()\fR and \fIEC_POINT_oct2point()\fR. +The following functions return 1 on success or 0 on error: \fBEC_POINT_copy()\fR, +\&\fBEC_POINT_set_to_infinity()\fR, \fBEC_POINT_set_Jprojective_coordinates_GFp()\fR, +\&\fBEC_POINT_get_Jprojective_coordinates_GFp()\fR, +\&\fBEC_POINT_set_affine_coordinates_GFp()\fR, \fBEC_POINT_get_affine_coordinates_GFp()\fR, +\&\fBEC_POINT_set_compressed_coordinates_GFp()\fR, +\&\fBEC_POINT_set_affine_coordinates_GF2m()\fR, \fBEC_POINT_get_affine_coordinates_GF2m()\fR, +\&\fBEC_POINT_set_compressed_coordinates_GF2m()\fR and \fBEC_POINT_oct2point()\fR. .PP EC_POINT_method_of returns the \s-1EC_METHOD\s0 associated with the supplied \s-1EC_POINT.\s0 .PP -\&\fIEC_POINT_point2oct()\fR and \fIEC_POINT_point2buf()\fR return the length of the required +\&\fBEC_POINT_point2oct()\fR and \fBEC_POINT_point2buf()\fR return the length of the required buffer or 0 on error. .PP -\&\fIEC_POINT_point2bn()\fR returns the pointer to the \s-1BIGNUM\s0 supplied, or \s-1NULL\s0 on +\&\fBEC_POINT_point2bn()\fR returns the pointer to the \s-1BIGNUM\s0 supplied, or \s-1NULL\s0 on error. .PP -\&\fIEC_POINT_bn2point()\fR returns the pointer to the \s-1EC_POINT\s0 supplied, or \s-1NULL\s0 on +\&\fBEC_POINT_bn2point()\fR returns the pointer to the \s-1EC_POINT\s0 supplied, or \s-1NULL\s0 on error. .PP -\&\fIEC_POINT_point2hex()\fR returns a pointer to the hex string, or \s-1NULL\s0 on error. +\&\fBEC_POINT_point2hex()\fR returns a pointer to the hex string, or \s-1NULL\s0 on error. .PP -\&\fIEC_POINT_hex2point()\fR returns the pointer to the \s-1EC_POINT\s0 supplied, or \s-1NULL\s0 on +\&\fBEC_POINT_hex2point()\fR returns the pointer to the \s-1EC_POINT\s0 supplied, or \s-1NULL\s0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrypto\fR\|(7), \fIEC_GROUP_new\fR\|(3), \fIEC_GROUP_copy\fR\|(3), -\&\fIEC_POINT_add\fR\|(3), \fIEC_KEY_new\fR\|(3), -\&\fIEC_GFp_simple_method\fR\|(3), \fId2i_ECPKParameters\fR\|(3) +\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3), +\&\fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), +\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/ENGINE_add.3 b/secure/lib/libcrypto/man/ENGINE_add.3 index c4bc47d90c99..13eebdee6fd6 100644 --- a/secure/lib/libcrypto/man/ENGINE_add.3 +++ b/secure/lib/libcrypto/man/ENGINE_add.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ENGINE_ADD 3" -.TH ENGINE_ADD 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH ENGINE_ADD 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -312,11 +316,11 @@ ENGINEs, reading information about an \s-1ENGINE,\s0 etc. Essentially a structur reference is sufficient if you only need to query or manipulate the data of an \s-1ENGINE\s0 implementation rather than use its functionality. .PP -The \fIENGINE_new()\fR function returns a structural reference to a new (empty) +The \fBENGINE_new()\fR function returns a structural reference to a new (empty) \&\s-1ENGINE\s0 object. There are other \s-1ENGINE API\s0 functions that return structural -references such as; \fIENGINE_by_id()\fR, \fIENGINE_get_first()\fR, \fIENGINE_get_last()\fR, -\&\fIENGINE_get_next()\fR, \fIENGINE_get_prev()\fR. All structural references should be -released by a corresponding to call to the \fIENGINE_free()\fR function \- the +references such as; \fBENGINE_by_id()\fR, \fBENGINE_get_first()\fR, \fBENGINE_get_last()\fR, +\&\fBENGINE_get_next()\fR, \fBENGINE_get_prev()\fR. All structural references should be +released by a corresponding to call to the \fBENGINE_free()\fR function \- the \&\s-1ENGINE\s0 object itself will only actually be cleaned up and deallocated when the last structural reference is released. .PP @@ -324,13 +328,13 @@ It should also be noted that many \s-1ENGINE API\s0 function calls that accept a structural reference will internally obtain another reference \- typically this happens whenever the supplied \s-1ENGINE\s0 will be needed by OpenSSL after the function has returned. Eg. the function to add a new \s-1ENGINE\s0 to -OpenSSL's internal list is \fIENGINE_add()\fR \- if this function returns success, +OpenSSL's internal list is \fBENGINE_add()\fR \- if this function returns success, then OpenSSL will have stored a new structural reference internally so the caller is still responsible for freeing their own reference with -\&\fIENGINE_free()\fR when they are finished with it. In a similar way, some +\&\fBENGINE_free()\fR when they are finished with it. In a similar way, some functions will automatically release the structural reference passed to it -if part of the function's job is to do so. Eg. the \fIENGINE_get_next()\fR and -\&\fIENGINE_get_prev()\fR functions are used for iterating across the internal +if part of the function's job is to do so. Eg. the \fBENGINE_get_next()\fR and +\&\fBENGINE_get_prev()\fR functions are used for iterating across the internal \&\s-1ENGINE\s0 list \- they will return a new structural reference to the next (or previous) \s-1ENGINE\s0 in the list or \s-1NULL\s0 if at the end (or beginning) of the list, but in either case the structural reference passed to the function is @@ -349,17 +353,17 @@ reference to the required \s-1ENGINE,\s0 or by asking OpenSSL for the default operational \s-1ENGINE\s0 for a given cryptographic purpose. .PP To obtain a functional reference from an existing structural reference, -call the \fIENGINE_init()\fR function. This returns zero if the \s-1ENGINE\s0 was not +call the \fBENGINE_init()\fR function. This returns zero if the \s-1ENGINE\s0 was not already operational and couldn't be successfully initialised (eg. lack of system drivers, no special hardware attached, etc), otherwise it will return non-zero to indicate that the \s-1ENGINE\s0 is now operational and will have allocated a new \fBfunctional\fR reference to the \s-1ENGINE.\s0 All functional -references are released by calling \fIENGINE_finish()\fR (which removes the +references are released by calling \fBENGINE_finish()\fR (which removes the implicit structural reference as well). .PP The second way to get a functional reference is by asking OpenSSL for a -default implementation for a given task, eg. by \fIENGINE_get_default_RSA()\fR, -\&\fIENGINE_get_default_cipher_engine()\fR, etc. These are discussed in the next +default implementation for a given task, eg. by \fBENGINE_get_default_RSA()\fR, +\&\fBENGINE_get_default_cipher_engine()\fR, etc. These are discussed in the next section, though they are not usually required by application programmers as they are used automatically when creating and using the relevant algorithm-specific types in OpenSSL, such as \s-1RSA, DSA, EVP_CIPHER_CTX,\s0 etc. @@ -394,10 +398,10 @@ needing to iterate across the table). Likewise, it will cache a \s-1NULL\s0 response if no \s-1ENGINE\s0 was available so that future queries won't repeat the same iteration unless the state table changes. This behaviour can also be changed; if the \s-1ENGINE_TABLE_FLAG_NOINIT\s0 flag is set (using -\&\fIENGINE_set_table_flags()\fR), no attempted initialisations will take place, +\&\fBENGINE_set_table_flags()\fR), no attempted initialisations will take place, instead the only way for the state table to return a non-NULL \s-1ENGINE\s0 to the \&\*(L"get_default\*(R" query will be if one is expressly set in the table. Eg. -\&\fIENGINE_set_default_RSA()\fR does the same job as \fIENGINE_register_RSA()\fR except +\&\fBENGINE_set_default_RSA()\fR does the same job as \fBENGINE_register_RSA()\fR except that it also sets the state table's cached response for the \*(L"get_default\*(R" query. In the case of abstractions like \s-1EVP_CIPHER,\s0 where implementations are indexed by 'nid', these flags and cached-responses are distinct for each 'nid' @@ -434,7 +438,7 @@ source code to openssl's builtin utilities as guides. If no \s-1ENGINE API\s0 functions are called within an application, then OpenSSL will not allocate any internal resources. Prior to OpenSSL 1.1.0, however, if any ENGINEs are loaded, even if not registered or used, it was necessary to -call \fIENGINE_cleanup()\fR before the program exits. +call \fBENGINE_cleanup()\fR before the program exits. .PP \&\fIUsing a specific \s-1ENGINE\s0 implementation\fR .PP @@ -488,7 +492,7 @@ it should be used. The following code illustrates how this can work; .PP That's all that's required. Eg. the next time OpenSSL tries to set up an \&\s-1RSA\s0 key, any bundled ENGINEs that implement \s-1RSA_METHOD\s0 will be passed to -\&\fIENGINE_init()\fR and if any of those succeed, that \s-1ENGINE\s0 will be set as the +\&\fBENGINE_init()\fR and if any of those succeed, that \s-1ENGINE\s0 will be set as the default for \s-1RSA\s0 use from then on. .SS "Advanced configuration support" .IX Subsection "Advanced configuration support" @@ -517,9 +521,9 @@ driver or config files it needs to load, required network addresses, smart-card identifiers, passwords to initialise protected devices, logging information, etc etc. This class of commands typically needs to be passed to an \s-1ENGINE\s0 \fBbefore\fR attempting to initialise it, ie. before -calling \fIENGINE_init()\fR. The other class of commands consist of settings or +calling \fBENGINE_init()\fR. The other class of commands consist of settings or operations that tweak certain behaviour or cause certain operations to take -place, and these commands may work either before or after \fIENGINE_init()\fR, or +place, and these commands may work either before or after \fBENGINE_init()\fR, or in some cases both. \s-1ENGINE\s0 implementations should provide indications of this in the descriptions attached to builtin control commands and/or in external product documentation. @@ -577,7 +581,7 @@ boolean success or failure. \& } .Ve .PP -Note that \fIENGINE_ctrl_cmd_string()\fR accepts a boolean argument that can +Note that \fBENGINE_ctrl_cmd_string()\fR accepts a boolean argument that can relax the semantics of the function \- if set non-zero it will only return failure if the \s-1ENGINE\s0 supported the given command name but failed while executing it, if the \s-1ENGINE\s0 doesn't support the command name it will simply @@ -591,7 +595,7 @@ It is possible to discover at run-time the names, numerical-ids, descriptions and input parameters of the control commands supported by an \s-1ENGINE\s0 using a structural reference. Note that some control commands are defined by OpenSSL itself and it will intercept and handle these control commands on behalf of the -\&\s-1ENGINE,\s0 ie. the \s-1ENGINE\s0's \fIctrl()\fR handler is not used for the control command. +\&\s-1ENGINE,\s0 ie. the \s-1ENGINE\s0's \fBctrl()\fR handler is not used for the control command. openssl/engine.h defines an index, \s-1ENGINE_CMD_BASE,\s0 that all control commands implemented by ENGINEs should be numbered from. Any command value lower than this symbol is considered a \*(L"generic\*(R" command is handled directly by the @@ -615,10 +619,10 @@ commands implemented by a given \s-1ENGINE,\s0 specifically the commands: Whilst these commands are automatically processed by the OpenSSL framework code, they use various properties exposed by each \s-1ENGINE\s0 to process these queries. An \s-1ENGINE\s0 has 3 properties it exposes that can affect how this behaves; -it can supply a \fIctrl()\fR handler, it can specify \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 in +it can supply a \fBctrl()\fR handler, it can specify \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 in the \s-1ENGINE\s0's flags, and it can expose an array of control command descriptions. If an \s-1ENGINE\s0 specifies the \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 flag, then it will -simply pass all these \*(L"core\*(R" control commands directly to the \s-1ENGINE\s0's \fIctrl()\fR +simply pass all these \*(L"core\*(R" control commands directly to the \s-1ENGINE\s0's \fBctrl()\fR handler (and thus, it must have supplied one), so it is up to the \s-1ENGINE\s0 to reply to these \*(L"discovery\*(R" commands itself. If that flag is not set, then the OpenSSL framework code will work with the following rules: @@ -657,10 +661,10 @@ possible values: .PP If the \s-1ENGINE_CMD_FLAG_INTERNAL\s0 flag is set, then any other flags are purely informational to the caller \- this flag will prevent the command being usable -for any higher-level \s-1ENGINE\s0 functions such as \fIENGINE_ctrl_cmd_string()\fR. +for any higher-level \s-1ENGINE\s0 functions such as \fBENGINE_ctrl_cmd_string()\fR. \&\*(L"\s-1INTERNAL\*(R"\s0 commands are not intended to be exposed to text-based configuration by applications, administrations, users, etc. These can support arbitrary -operations via \fIENGINE_ctrl()\fR, including passing to and/or from the control +operations via \fBENGINE_ctrl()\fR, including passing to and/or from the control commands data of any arbitrary type. These commands are supported in the discovery mechanisms simply to allow applications to determine if an \s-1ENGINE\s0 supports certain specific commands it might want to use (eg. application \*(L"foo\*(R" @@ -675,83 +679,83 @@ The path to the engines directory. Ignored in set-user-ID and set-group-ID programs. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIENGINE_get_first()\fR, \fIENGINE_get_last()\fR, \fIENGINE_get_next()\fR and \fIENGINE_get_prev()\fR +\&\fBENGINE_get_first()\fR, \fBENGINE_get_last()\fR, \fBENGINE_get_next()\fR and \fBENGINE_get_prev()\fR return a valid \fB\s-1ENGINE\s0\fR structure or \s-1NULL\s0 if an error occurred. .PP -\&\fIENGINE_add()\fR and \fIENGINE_remove()\fR return 1 on success or 0 on error. +\&\fBENGINE_add()\fR and \fBENGINE_remove()\fR return 1 on success or 0 on error. .PP -\&\fIENGINE_by_id()\fR returns a valid \fB\s-1ENGINE\s0\fR structure or \s-1NULL\s0 if an error occurred. +\&\fBENGINE_by_id()\fR returns a valid \fB\s-1ENGINE\s0\fR structure or \s-1NULL\s0 if an error occurred. .PP -\&\fIENGINE_init()\fR and \fIENGINE_finish()\fR return 1 on success or 0 on error. +\&\fBENGINE_init()\fR and \fBENGINE_finish()\fR return 1 on success or 0 on error. .PP -All \fIENGINE_get_default_TYPE()\fR functions, \fIENGINE_get_cipher_engine()\fR and -\&\fIENGINE_get_digest_engine()\fR return a valid \fB\s-1ENGINE\s0\fR structure on success or \s-1NULL\s0 +All \fBENGINE_get_default_TYPE()\fR functions, \fBENGINE_get_cipher_engine()\fR and +\&\fBENGINE_get_digest_engine()\fR return a valid \fB\s-1ENGINE\s0\fR structure on success or \s-1NULL\s0 if an error occurred. .PP -All \fIENGINE_set_default_TYPE()\fR functions return 1 on success or 0 on error. +All \fBENGINE_set_default_TYPE()\fR functions return 1 on success or 0 on error. .PP -\&\fIENGINE_set_default()\fR returns 1 on success or 0 on error. +\&\fBENGINE_set_default()\fR returns 1 on success or 0 on error. .PP -\&\fIENGINE_get_table_flags()\fR returns an unsigned integer value representing the +\&\fBENGINE_get_table_flags()\fR returns an unsigned integer value representing the global table flags which are used to control the registration behaviour of \&\fB\s-1ENGINE\s0\fR implementations. .PP -All \fIENGINE_register_TYPE()\fR functions return 1 on success or 0 on error. +All \fBENGINE_register_TYPE()\fR functions return 1 on success or 0 on error. .PP -\&\fIENGINE_register_complete()\fR and \fIENGINE_register_all_complete()\fR return 1 on success +\&\fBENGINE_register_complete()\fR and \fBENGINE_register_all_complete()\fR return 1 on success or 0 on error. .PP -\&\fIENGINE_ctrl()\fR returns a positive value on success or others on error. +\&\fBENGINE_ctrl()\fR returns a positive value on success or others on error. .PP -\&\fIENGINE_cmd_is_executable()\fR returns 1 if \fBcmd\fR is executable or 0 otherwise. +\&\fBENGINE_cmd_is_executable()\fR returns 1 if \fBcmd\fR is executable or 0 otherwise. .PP -\&\fIENGINE_ctrl_cmd()\fR and \fIENGINE_ctrl_cmd_string()\fR return 1 on success or 0 on error. +\&\fBENGINE_ctrl_cmd()\fR and \fBENGINE_ctrl_cmd_string()\fR return 1 on success or 0 on error. .PP -\&\fIENGINE_new()\fR returns a valid \fB\s-1ENGINE\s0\fR structure on success or \s-1NULL\s0 if an error +\&\fBENGINE_new()\fR returns a valid \fB\s-1ENGINE\s0\fR structure on success or \s-1NULL\s0 if an error occurred. .PP -\&\fIENGINE_free()\fR returns 1 on success or 0 on error. +\&\fBENGINE_free()\fR returns 1 on success or 0 on error. .PP -\&\fIENGINE_up_ref()\fR returns 1 on success or 0 on error. +\&\fBENGINE_up_ref()\fR returns 1 on success or 0 on error. .PP -\&\fIENGINE_set_id()\fR and \fIENGINE_set_name()\fR return 1 on success or 0 on error. +\&\fBENGINE_set_id()\fR and \fBENGINE_set_name()\fR return 1 on success or 0 on error. .PP All other \fBENGINE_set_*\fR functions return 1 on success or 0 on error. .PP -\&\fIENGINE_get_id()\fR and \fIENGINE_get_name()\fR return a string representing the identifier +\&\fBENGINE_get_id()\fR and \fBENGINE_get_name()\fR return a string representing the identifier and the name of the \s-1ENGINE\s0 \fBe\fR respectively. .PP -\&\fIENGINE_get_RSA()\fR, \fIENGINE_get_DSA()\fR, \fIENGINE_get_DH()\fR and \fIENGINE_get_RAND()\fR +\&\fBENGINE_get_RSA()\fR, \fBENGINE_get_DSA()\fR, \fBENGINE_get_DH()\fR and \fBENGINE_get_RAND()\fR return corresponding method structures for each algorithms. .PP -\&\fIENGINE_get_destroy_function()\fR, \fIENGINE_get_init_function()\fR, -\&\fIENGINE_get_finish_function()\fR, \fIENGINE_get_ctrl_function()\fR, -\&\fIENGINE_get_load_privkey_function()\fR, \fIENGINE_get_load_pubkey_function()\fR, -\&\fIENGINE_get_ciphers()\fR and \fIENGINE_get_digests()\fR return corresponding function +\&\fBENGINE_get_destroy_function()\fR, \fBENGINE_get_init_function()\fR, +\&\fBENGINE_get_finish_function()\fR, \fBENGINE_get_ctrl_function()\fR, +\&\fBENGINE_get_load_privkey_function()\fR, \fBENGINE_get_load_pubkey_function()\fR, +\&\fBENGINE_get_ciphers()\fR and \fBENGINE_get_digests()\fR return corresponding function pointers of the callbacks. .PP -\&\fIENGINE_get_cipher()\fR returns a valid \fB\s-1EVP_CIPHER\s0\fR structure on success or \s-1NULL\s0 +\&\fBENGINE_get_cipher()\fR returns a valid \fB\s-1EVP_CIPHER\s0\fR structure on success or \s-1NULL\s0 if an error occurred. .PP -\&\fIENGINE_get_digest()\fR returns a valid \fB\s-1EVP_MD\s0\fR structure on success or \s-1NULL\s0 if an +\&\fBENGINE_get_digest()\fR returns a valid \fB\s-1EVP_MD\s0\fR structure on success or \s-1NULL\s0 if an error occurred. .PP -\&\fIENGINE_get_flags()\fR returns an integer representing the \s-1ENGINE\s0 flags which are +\&\fBENGINE_get_flags()\fR returns an integer representing the \s-1ENGINE\s0 flags which are used to control various behaviours of an \s-1ENGINE.\s0 .PP -\&\fIENGINE_get_cmd_defns()\fR returns an \fB\s-1ENGINE_CMD_DEFN\s0\fR structure or \s-1NULL\s0 if it's +\&\fBENGINE_get_cmd_defns()\fR returns an \fB\s-1ENGINE_CMD_DEFN\s0\fR structure or \s-1NULL\s0 if it's not set. .PP -\&\fIENGINE_load_private_key()\fR and \fIENGINE_load_public_key()\fR return a valid \fB\s-1EVP_PKEY\s0\fR +\&\fBENGINE_load_private_key()\fR and \fBENGINE_load_public_key()\fR return a valid \fB\s-1EVP_PKEY\s0\fR structure on success or \s-1NULL\s0 if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIOPENSSL_init_crypto\fR\|(3), \fIRSA_new_method\fR\|(3), \fIDSA_new\fR\|(3), \fIDH_new\fR\|(3), -\&\fIRAND_bytes\fR\|(3), \fIconfig\fR\|(5) +\&\fBOPENSSL_init_crypto\fR\|(3), \fBRSA_new_method\fR\|(3), \fBDSA_new\fR\|(3), \fBDH_new\fR\|(3), +\&\fBRAND_bytes\fR\|(3), \fBconfig\fR\|(5) .SH "HISTORY" .IX Header "HISTORY" -\&\fIENGINE_cleanup()\fR was deprecated in OpenSSL 1.1.0 by the automatic cleanup -done by \fIOPENSSL_cleanup()\fR +\&\fBENGINE_cleanup()\fR was deprecated in OpenSSL 1.1.0 by the automatic cleanup +done by \fBOPENSSL_cleanup()\fR and should not be used. .SH "COPYRIGHT" .IX Header "COPYRIGHT" diff --git a/secure/lib/libcrypto/man/ERR_GET_LIB.3 b/secure/lib/libcrypto/man/ERR_GET_LIB.3 index 46248538cff5..ec0c060f319b 100644 --- a/secure/lib/libcrypto/man/ERR_GET_LIB.3 +++ b/secure/lib/libcrypto/man/ERR_GET_LIB.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_GET_LIB 3" -.TH ERR_GET_LIB 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH ERR_GET_LIB 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,11 +155,11 @@ ERR_GET_LIB, ERR_GET_FUNC, ERR_GET_REASON, ERR_FATAL_ERROR \&\- get information .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The error code returned by \fIERR_get_error()\fR consists of a library -number, function code and reason code. \s-1\fIERR_GET_LIB\s0()\fR, \s-1\fIERR_GET_FUNC\s0()\fR -and \s-1\fIERR_GET_REASON\s0()\fR can be used to extract these. +The error code returned by \fBERR_get_error()\fR consists of a library +number, function code and reason code. \s-1\fBERR_GET_LIB\s0()\fR, \s-1\fBERR_GET_FUNC\s0()\fR +and \s-1\fBERR_GET_REASON\s0()\fR can be used to extract these. .PP -\&\s-1\fIERR_FATAL_ERROR\s0()\fR indicates whether a given error code is a fatal error. +\&\s-1\fBERR_FATAL_ERROR\s0()\fR indicates whether a given error code is a fatal error. .PP The library number and function code describe where the error occurred, the reason code is the information about what went wrong. @@ -169,7 +173,7 @@ reasons. unique. However, when checking for sub-library specific reason codes, be sure to also compare the library number. .PP -\&\s-1\fIERR_GET_LIB\s0()\fR, \s-1\fIERR_GET_FUNC\s0()\fR, \s-1\fIERR_GET_REASON\s0()\fR, and \s-1\fIERR_FATAL_ERROR\s0()\fR +\&\s-1\fBERR_GET_LIB\s0()\fR, \s-1\fBERR_GET_FUNC\s0()\fR, \s-1\fBERR_GET_REASON\s0()\fR, and \s-1\fBERR_FATAL_ERROR\s0()\fR are macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -177,10 +181,10 @@ The library number, function code, reason code, and whether the error is fatal, respectively. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3) +\&\fBERR_get_error\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\s-1\fIERR_GET_LIB\s0()\fR, \s-1\fIERR_GET_FUNC\s0()\fR and \s-1\fIERR_GET_REASON\s0()\fR are available in +\&\s-1\fBERR_GET_LIB\s0()\fR, \s-1\fBERR_GET_FUNC\s0()\fR and \s-1\fBERR_GET_REASON\s0()\fR are available in all versions of OpenSSL. .SH "COPYRIGHT" .IX Header "COPYRIGHT" diff --git a/secure/lib/libcrypto/man/ERR_clear_error.3 b/secure/lib/libcrypto/man/ERR_clear_error.3 index a3b82dbe9b4b..6a5fea6d308d 100644 --- a/secure/lib/libcrypto/man/ERR_clear_error.3 +++ b/secure/lib/libcrypto/man/ERR_clear_error.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_CLEAR_ERROR 3" -.TH ERR_CLEAR_ERROR 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH ERR_CLEAR_ERROR 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,13 +149,13 @@ ERR_clear_error \- clear the error queue .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIERR_clear_error()\fR empties the current thread's error queue. +\&\fBERR_clear_error()\fR empties the current thread's error queue. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIERR_clear_error()\fR has no return value. +\&\fBERR_clear_error()\fR has no return value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3) +\&\fBERR_get_error\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/ERR_error_string.3 b/secure/lib/libcrypto/man/ERR_error_string.3 index 10c6e61d5284..b5f6c6531698 100644 --- a/secure/lib/libcrypto/man/ERR_error_string.3 +++ b/secure/lib/libcrypto/man/ERR_error_string.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_ERROR_STRING 3" -.TH ERR_ERROR_STRING 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH ERR_ERROR_STRING 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,17 +154,17 @@ ERR_error_string, ERR_error_string_n, ERR_lib_error_string, ERR_func_error_strin .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIERR_error_string()\fR generates a human-readable string representing the +\&\fBERR_error_string()\fR generates a human-readable string representing the error code \fIe\fR, and places it at \fIbuf\fR. \fIbuf\fR must be at least 256 bytes long. If \fIbuf\fR is \fB\s-1NULL\s0\fR, the error string is placed in a static buffer. Note that this function is not thread-safe and does no checks on the size -of the buffer; use \fIERR_error_string_n()\fR instead. +of the buffer; use \fBERR_error_string_n()\fR instead. .PP -\&\fIERR_error_string_n()\fR is a variant of \fIERR_error_string()\fR that writes +\&\fBERR_error_string_n()\fR is a variant of \fBERR_error_string()\fR that writes at most \fIlen\fR characters (including the terminating 0) and truncates the string if necessary. -For \fIERR_error_string_n()\fR, \fIbuf\fR may not be \fB\s-1NULL\s0\fR. +For \fBERR_error_string_n()\fR, \fIbuf\fR may not be \fB\s-1NULL\s0\fR. .PP The string will have the following format: .PP @@ -171,27 +175,27 @@ The string will have the following format: \&\fIerror code\fR is an 8 digit hexadecimal number, \fIlibrary name\fR, \&\fIfunction name\fR and \fIreason string\fR are \s-1ASCII\s0 text. .PP -\&\fIERR_lib_error_string()\fR, \fIERR_func_error_string()\fR and -\&\fIERR_reason_error_string()\fR return the library name, function +\&\fBERR_lib_error_string()\fR, \fBERR_func_error_string()\fR and +\&\fBERR_reason_error_string()\fR return the library name, function name and reason string respectively. .PP If there is no text string registered for the given error code, the error string will contain the numeric code. .PP -\&\fIERR_print_errors\fR\|(3) can be used to print +\&\fBERR_print_errors\fR\|(3) can be used to print all error codes currently in the queue. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIERR_error_string()\fR returns a pointer to a static buffer containing the +\&\fBERR_error_string()\fR returns a pointer to a static buffer containing the string if \fIbuf\fR \fB== \s-1NULL\s0\fR, \fIbuf\fR otherwise. .PP -\&\fIERR_lib_error_string()\fR, \fIERR_func_error_string()\fR and -\&\fIERR_reason_error_string()\fR return the strings, and \fB\s-1NULL\s0\fR if +\&\fBERR_lib_error_string()\fR, \fBERR_func_error_string()\fR and +\&\fBERR_reason_error_string()\fR return the strings, and \fB\s-1NULL\s0\fR if none is registered for the error code. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), -\&\fIERR_print_errors\fR\|(3) +\&\fBERR_get_error\fR\|(3), +\&\fBERR_print_errors\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/ERR_get_error.3 b/secure/lib/libcrypto/man/ERR_get_error.3 index 83b8fd9c381c..55334855d008 100644 --- a/secure/lib/libcrypto/man/ERR_get_error.3 +++ b/secure/lib/libcrypto/man/ERR_get_error.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_GET_ERROR 3" -.TH ERR_GET_ERROR 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH ERR_GET_ERROR 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -158,42 +162,42 @@ ERR_get_error, ERR_peek_error, ERR_peek_last_error, ERR_get_error_line, ERR_peek .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIERR_get_error()\fR returns the earliest error code from the thread's error +\&\fBERR_get_error()\fR returns the earliest error code from the thread's error queue and removes the entry. This function can be called repeatedly until there are no more error codes to return. .PP -\&\fIERR_peek_error()\fR returns the earliest error code from the thread's +\&\fBERR_peek_error()\fR returns the earliest error code from the thread's error queue without modifying it. .PP -\&\fIERR_peek_last_error()\fR returns the latest error code from the thread's +\&\fBERR_peek_last_error()\fR returns the latest error code from the thread's error queue without modifying it. .PP -See \s-1\fIERR_GET_LIB\s0\fR\|(3) for obtaining information about +See \s-1\fBERR_GET_LIB\s0\fR\|(3) for obtaining information about location and reason of the error, and -\&\fIERR_error_string\fR\|(3) for human-readable error +\&\fBERR_error_string\fR\|(3) for human-readable error messages. .PP -\&\fIERR_get_error_line()\fR, \fIERR_peek_error_line()\fR and -\&\fIERR_peek_last_error_line()\fR are the same as the above, but they +\&\fBERR_get_error_line()\fR, \fBERR_peek_error_line()\fR and +\&\fBERR_peek_last_error_line()\fR are the same as the above, but they additionally store the file name and line number where the error occurred in *\fBfile\fR and *\fBline\fR, unless these are \fB\s-1NULL\s0\fR. .PP -\&\fIERR_get_error_line_data()\fR, \fIERR_peek_error_line_data()\fR and -\&\fIERR_peek_last_error_line_data()\fR store additional data and flags +\&\fBERR_get_error_line_data()\fR, \fBERR_peek_error_line_data()\fR and +\&\fBERR_peek_last_error_line_data()\fR store additional data and flags associated with the error code in *\fBdata\fR and *\fBflags\fR, unless these are \fB\s-1NULL\s0\fR. *\fBdata\fR contains a string if *\fBflags\fR&\fB\s-1ERR_TXT_STRING\s0\fR is true. .PP An application \fB\s-1MUST NOT\s0\fR free the *\fBdata\fR pointer (or any other pointers -returned by these functions) with \fIOPENSSL_free()\fR as freeing is handled +returned by these functions) with \fBOPENSSL_free()\fR as freeing is handled automatically by the error library. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The error code, or 0 if there is no error in the queue. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_error_string\fR\|(3), -\&\s-1\fIERR_GET_LIB\s0\fR\|(3) +\&\fBERR_error_string\fR\|(3), +\&\s-1\fBERR_GET_LIB\s0\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 index c3ead8f6345d..4b8aed0154c5 100644 --- a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 +++ b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_LOAD_CRYPTO_STRINGS 3" -.TH ERR_LOAD_CRYPTO_STRINGS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH ERR_LOAD_CRYPTO_STRINGS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,24 +160,24 @@ Deprecated: .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIERR_load_crypto_strings()\fR registers the error strings for all -\&\fBlibcrypto\fR functions. \fISSL_load_error_strings()\fR does the same, +\&\fBERR_load_crypto_strings()\fR registers the error strings for all +\&\fBlibcrypto\fR functions. \fBSSL_load_error_strings()\fR does the same, but also registers the \fBlibssl\fR error strings. .PP In versions prior to OpenSSL 1.1.0, -\&\fIERR_free_strings()\fR releases any resources created by the above functions. +\&\fBERR_free_strings()\fR releases any resources created by the above functions. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIERR_load_crypto_strings()\fR, \fISSL_load_error_strings()\fR and -\&\fIERR_free_strings()\fR return no values. +\&\fBERR_load_crypto_strings()\fR, \fBSSL_load_error_strings()\fR and +\&\fBERR_free_strings()\fR return no values. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_error_string\fR\|(3) +\&\fBERR_error_string\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -The \fIERR_load_crypto_strings()\fR, \fISSL_load_error_strings()\fR, and -\&\fIERR_free_strings()\fR functions were deprecated in OpenSSL 1.1.0 by -\&\fIOPENSSL_init_crypto()\fR and \fIOPENSSL_init_ssl()\fR and should not be used. +The \fBERR_load_crypto_strings()\fR, \fBSSL_load_error_strings()\fR, and +\&\fBERR_free_strings()\fR functions were deprecated in OpenSSL 1.1.0 by +\&\fBOPENSSL_init_crypto()\fR and \fBOPENSSL_init_ssl()\fR and should not be used. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/ERR_load_strings.3 b/secure/lib/libcrypto/man/ERR_load_strings.3 index 9fbf91857c9c..883aedf12ac0 100644 --- a/secure/lib/libcrypto/man/ERR_load_strings.3 +++ b/secure/lib/libcrypto/man/ERR_load_strings.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_LOAD_STRINGS 3" -.TH ERR_LOAD_STRINGS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH ERR_LOAD_STRINGS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,7 +153,7 @@ ERR_load_strings, ERR_PACK, ERR_get_next_error_library \- load arbitrary error s .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIERR_load_strings()\fR registers error strings for library number \fBlib\fR. +\&\fBERR_load_strings()\fR registers error strings for library number \fBlib\fR. .PP \&\fBstr\fR is an array of error string data: .PP @@ -163,20 +167,20 @@ ERR_load_strings, ERR_PACK, ERR_get_next_error_library \- load arbitrary error s .PP The error code is generated from the library number and a function and reason code: \fBerror\fR = \s-1ERR_PACK\s0(\fBlib\fR, \fBfunc\fR, \fBreason\fR). -\&\s-1\fIERR_PACK\s0()\fR is a macro. +\&\s-1\fBERR_PACK\s0()\fR is a macro. .PP The last entry in the array is {0,0}. .PP -\&\fIERR_get_next_error_library()\fR can be used to assign library numbers +\&\fBERR_get_next_error_library()\fR can be used to assign library numbers to user libraries at runtime. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIERR_load_strings()\fR returns no value. \s-1\fIERR_PACK\s0()\fR return the error code. -\&\fIERR_get_next_error_library()\fR returns zero on failure, otherwise a new +\&\fBERR_load_strings()\fR returns no value. \s-1\fBERR_PACK\s0()\fR return the error code. +\&\fBERR_get_next_error_library()\fR returns zero on failure, otherwise a new library number. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_load_strings\fR\|(3) +\&\fBERR_load_strings\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/ERR_print_errors.3 b/secure/lib/libcrypto/man/ERR_print_errors.3 index a8b8bc4cb7ad..a90bcf02e283 100644 --- a/secure/lib/libcrypto/man/ERR_print_errors.3 +++ b/secure/lib/libcrypto/man/ERR_print_errors.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_PRINT_ERRORS 3" -.TH ERR_PRINT_ERRORS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH ERR_PRINT_ERRORS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,14 +151,14 @@ ERR_print_errors, ERR_print_errors_fp, ERR_print_errors_cb \&\- print error mess .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIERR_print_errors()\fR is a convenience function that prints the error +\&\fBERR_print_errors()\fR is a convenience function that prints the error strings for all errors that OpenSSL has recorded to \fBbp\fR, thus emptying the error queue. .PP -\&\fIERR_print_errors_fp()\fR is the same, except that the output goes to a +\&\fBERR_print_errors_fp()\fR is the same, except that the output goes to a \&\fB\s-1FILE\s0\fR. .PP -\&\fIERR_print_errors_cb()\fR is the same, except that the callback function, +\&\fBERR_print_errors_cb()\fR is the same, except that the callback function, \&\fBcb\fR, is called for each error line with the string, length, and userdata \&\fBu\fR as the callback parameters. .PP @@ -172,11 +176,11 @@ If there is no text string registered for the given error code, the error string will contain the numeric code. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIERR_print_errors()\fR and \fIERR_print_errors_fp()\fR return no values. +\&\fBERR_print_errors()\fR and \fBERR_print_errors_fp()\fR return no values. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_error_string\fR\|(3), -\&\fIERR_get_error\fR\|(3) +\&\fBERR_error_string\fR\|(3), +\&\fBERR_get_error\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/ERR_put_error.3 b/secure/lib/libcrypto/man/ERR_put_error.3 index 4e5c5aac2c9b..7edf07b5243c 100644 --- a/secure/lib/libcrypto/man/ERR_put_error.3 +++ b/secure/lib/libcrypto/man/ERR_put_error.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_PUT_ERROR 3" -.TH ERR_PUT_ERROR 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH ERR_PUT_ERROR 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,25 +152,25 @@ ERR_put_error, ERR_add_error_data, ERR_add_error_vdata \- record an error .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIERR_put_error()\fR adds an error code to the thread's error queue. It +\&\fBERR_put_error()\fR adds an error code to the thread's error queue. It signals that the error of reason code \fBreason\fR occurred in function \&\fBfunc\fR of library \fBlib\fR, in line number \fBline\fR of \fBfile\fR. This function is usually called by a macro. .PP -\&\fIERR_add_error_data()\fR associates the concatenation of its \fBnum\fR string +\&\fBERR_add_error_data()\fR associates the concatenation of its \fBnum\fR string arguments with the error code added last. -\&\fIERR_add_error_vdata()\fR is similar except the argument is a \fBva_list\fR. +\&\fBERR_add_error_vdata()\fR is similar except the argument is a \fBva_list\fR. .PP -\&\fIERR_load_strings\fR\|(3) can be used to register +\&\fBERR_load_strings\fR\|(3) can be used to register error strings so that the application can a generate human-readable error messages for the error code. .SS "Reporting errors" .IX Subsection "Reporting errors" -Each sub-library has a specific macro \fIXXXerr()\fR that is used to report +Each sub-library has a specific macro \fBXXXerr()\fR that is used to report errors. Its first argument is a function code \fB\s-1XXX_F_...\s0\fR, the second argument is a reason code \fB\s-1XXX_R_...\s0\fR. Function codes are derived from the function names; reason codes consist of textual error -descriptions. For example, the function \fIssl3_read_bytes()\fR reports a +descriptions. For example, the function \fBssl3_read_bytes()\fR reports a \&\*(L"handshake failure\*(R" as follows: .PP .Vb 1 @@ -185,14 +189,14 @@ into lower case and underscores changed to spaces. Although a library will normally report errors using its own specific XXXerr macro, another library's macro can be used. This is normally only done when a library wants to include \s-1ASN1\s0 code which must use -the \fIASN1err()\fR macro. +the \fBASN1err()\fR macro. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIERR_put_error()\fR and \fIERR_add_error_data()\fR return +\&\fBERR_put_error()\fR and \fBERR_add_error_data()\fR return no values. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_load_strings\fR\|(3) +\&\fBERR_load_strings\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/ERR_remove_state.3 b/secure/lib/libcrypto/man/ERR_remove_state.3 index ee335a31dcf0..2fa7aff02429 100644 --- a/secure/lib/libcrypto/man/ERR_remove_state.3 +++ b/secure/lib/libcrypto/man/ERR_remove_state.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_REMOVE_STATE 3" -.TH ERR_REMOVE_STATE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH ERR_REMOVE_STATE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,20 +155,20 @@ Deprecated: .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIERR_remove_state()\fR frees the error queue associated with the specified +\&\fBERR_remove_state()\fR frees the error queue associated with the specified thread, identified by \fBtid\fR. -\&\fIERR_remove_thread_state()\fR does the same thing, except the identifier is +\&\fBERR_remove_thread_state()\fR does the same thing, except the identifier is an opaque pointer. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIERR_remove_state()\fR and \fIERR_remove_thread_state()\fR return no value. +\&\fBERR_remove_state()\fR and \fBERR_remove_thread_state()\fR return no value. .SH "SEE ALSO" .IX Header "SEE ALSO" -L\fIOPENSSL_init_crypto\fR\|(3) +L\fBOPENSSL_init_crypto\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIERR_remove_state()\fR was deprecated in OpenSSL 1.0.0 and -\&\fIERR_remove_thread_state()\fR was deprecated in OpenSSL 1.1.0; these functions +\&\fBERR_remove_state()\fR was deprecated in OpenSSL 1.0.0 and +\&\fBERR_remove_thread_state()\fR was deprecated in OpenSSL 1.1.0; these functions and should not be used. .SH "COPYRIGHT" .IX Header "COPYRIGHT" diff --git a/secure/lib/libcrypto/man/ERR_set_mark.3 b/secure/lib/libcrypto/man/ERR_set_mark.3 index f9ff981ae7f4..616042dc2a63 100644 --- a/secure/lib/libcrypto/man/ERR_set_mark.3 +++ b/secure/lib/libcrypto/man/ERR_set_mark.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_SET_MARK 3" -.TH ERR_SET_MARK 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH ERR_SET_MARK 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,16 +151,16 @@ ERR_set_mark, ERR_pop_to_mark \- set marks and pop errors until mark .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIERR_set_mark()\fR sets a mark on the current topmost error record if there +\&\fBERR_set_mark()\fR sets a mark on the current topmost error record if there is one. .PP -\&\fIERR_pop_to_mark()\fR will pop the top of the error stack until a mark is found. +\&\fBERR_pop_to_mark()\fR will pop the top of the error stack until a mark is found. The mark is then removed. If there is no mark, the whole stack is removed. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIERR_set_mark()\fR returns 0 if the error stack is empty, otherwise 1. +\&\fBERR_set_mark()\fR returns 0 if the error stack is empty, otherwise 1. .PP -\&\fIERR_pop_to_mark()\fR returns 0 if there was no mark in the error stack, which +\&\fBERR_pop_to_mark()\fR returns 0 if there was no mark in the error stack, which implies that the stack became empty, otherwise 1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" diff --git a/secure/lib/libcrypto/man/EVP_BytesToKey.3 b/secure/lib/libcrypto/man/EVP_BytesToKey.3 index 8fd3b341dc9d..0099102e9eda 100644 --- a/secure/lib/libcrypto/man/EVP_BytesToKey.3 +++ b/secure/lib/libcrypto/man/EVP_BytesToKey.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_BYTESTOKEY 3" -.TH EVP_BYTESTOKEY 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_BYTESTOKEY 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,7 +152,7 @@ EVP_BytesToKey \- password based encryption routine .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIEVP_BytesToKey()\fR derives a key and \s-1IV\s0 from various parameters. \fBtype\fR is +\&\fBEVP_BytesToKey()\fR derives a key and \s-1IV\s0 from various parameters. \fBtype\fR is the cipher to derive the key and \s-1IV\s0 for. \fBmd\fR is the message digest to use. The \fBsalt\fR parameter is used as a salt in the derivation: it should point to an 8 byte buffer or \s-1NULL\s0 if no salt is used. \fBdata\fR is a buffer containing @@ -187,15 +191,15 @@ The initial bytes are used for the key and the subsequent bytes for the \s-1IV.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" -If \fBdata\fR is \s-1NULL,\s0 then \fIEVP_BytesToKey()\fR returns the number of bytes +If \fBdata\fR is \s-1NULL,\s0 then \fBEVP_BytesToKey()\fR returns the number of bytes needed to store the derived key. -Otherwise, \fIEVP_BytesToKey()\fR returns the size of the derived key in bytes, +Otherwise, \fBEVP_BytesToKey()\fR returns the size of the derived key in bytes, or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(7), \fIRAND_bytes\fR\|(3), -\&\s-1\fIPKCS5_PBKDF2_HMAC\s0\fR\|(3), -\&\fIEVP_EncryptInit\fR\|(3) +\&\fBevp\fR\|(7), \fBRAND_bytes\fR\|(3), +\&\s-1\fBPKCS5_PBKDF2_HMAC\s0\fR\|(3), +\&\fBEVP_EncryptInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3 b/secure/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3 index 9088cb489104..d63c2d6c67a4 100644 --- a/secure/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3 +++ b/secure/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_CIPHER_CTX_GET_CIPHER_DATA 3" -.TH EVP_CIPHER_CTX_GET_CIPHER_DATA 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_CIPHER_CTX_GET_CIPHER_DATA 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,27 +150,27 @@ EVP_CIPHER_CTX_get_cipher_data, EVP_CIPHER_CTX_set_cipher_data \- Routines to in .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIEVP_CIPHER_CTX_get_cipher_data()\fR function returns a pointer to the cipher +The \fBEVP_CIPHER_CTX_get_cipher_data()\fR function returns a pointer to the cipher data relevant to \s-1EVP_CIPHER_CTX.\s0 The contents of this data is specific to the particular implementation of the cipher. For example this data can be used by engines to store engine specific information. The data is automatically allocated and freed by OpenSSL, so applications and engines should not normally free this directly (but see below). .PP -The \fIEVP_CIPHER_CTX_set_cipher_data()\fR function allows an application or engine to +The \fBEVP_CIPHER_CTX_set_cipher_data()\fR function allows an application or engine to replace the cipher data with new data. A pointer to any existing cipher data is returned from this function. If the old data is no longer required then it -should be freed through a call to \fIOPENSSL_free()\fR. +should be freed through a call to \fBOPENSSL_free()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The \fIEVP_CIPHER_CTX_get_cipher_data()\fR function returns a pointer to the current +The \fBEVP_CIPHER_CTX_get_cipher_data()\fR function returns a pointer to the current cipher data for the \s-1EVP_CIPHER_CTX.\s0 .PP -The \fIEVP_CIPHER_CTX_set_cipher_data()\fR function returns a pointer to the old +The \fBEVP_CIPHER_CTX_set_cipher_data()\fR function returns a pointer to the old cipher data for the \s-1EVP_CIPHER_CTX.\s0 .SH "HISTORY" .IX Header "HISTORY" -The \fIEVP_CIPHER_CTX_get_cipher_data()\fR and \fIEVP_CIPHER_CTX_set_cipher_data()\fR +The \fBEVP_CIPHER_CTX_get_cipher_data()\fR and \fBEVP_CIPHER_CTX_set_cipher_data()\fR functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" diff --git a/secure/lib/libcrypto/man/EVP_CIPHER_meth_new.3 b/secure/lib/libcrypto/man/EVP_CIPHER_meth_new.3 index 6f31f3f3174a..009c634d3186 100644 --- a/secure/lib/libcrypto/man/EVP_CIPHER_meth_new.3 +++ b/secure/lib/libcrypto/man/EVP_CIPHER_meth_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_CIPHER_METH_NEW 3" -.TH EVP_CIPHER_METH_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_CIPHER_METH_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -192,16 +196,16 @@ EVP_CIPHER_meth_new, EVP_CIPHER_meth_dup, EVP_CIPHER_meth_free, EVP_CIPHER_meth_ The \fB\s-1EVP_CIPHER\s0\fR type is a structure for symmetric cipher method implementation. .PP -\&\fIEVP_CIPHER_meth_new()\fR creates a new \fB\s-1EVP_CIPHER\s0\fR structure. +\&\fBEVP_CIPHER_meth_new()\fR creates a new \fB\s-1EVP_CIPHER\s0\fR structure. .PP -\&\fIEVP_CIPHER_meth_dup()\fR creates a copy of \fBcipher\fR. +\&\fBEVP_CIPHER_meth_dup()\fR creates a copy of \fBcipher\fR. .PP -\&\fIEVP_CIPHER_meth_free()\fR destroys a \fB\s-1EVP_CIPHER\s0\fR structure. +\&\fBEVP_CIPHER_meth_free()\fR destroys a \fB\s-1EVP_CIPHER\s0\fR structure. .PP -\&\fIEVP_CIPHER_meth_set_iv_length()\fR sets the length of the \s-1IV.\s0 +\&\fBEVP_CIPHER_meth_set_iv_length()\fR sets the length of the \s-1IV.\s0 This is only needed when the implemented cipher mode requires it. .PP -\&\fIEVP_CIPHER_meth_set_flags()\fR sets the flags to describe optional +\&\fBEVP_CIPHER_meth_set_flags()\fR sets the flags to describe optional behaviours in the particular \fBcipher\fR. With the exception of cipher modes, of which only one may be present, several flags can be or'd together. @@ -218,18 +222,18 @@ Storing and initialising the \s-1IV\s0 is left entirely to the implementation. .IP "\s-1EVP_CIPH_ALWAYS_CALL_INIT\s0" 4 .IX Item "EVP_CIPH_ALWAYS_CALL_INIT" -Set this if the implementation's \fIinit()\fR function should be called even +Set this if the implementation's \fBinit()\fR function should be called even if \fBkey\fR is \fB\s-1NULL\s0\fR. .IP "\s-1EVP_CIPH_CTRL_INIT\s0" 4 .IX Item "EVP_CIPH_CTRL_INIT" -Set this to have the implementation's \fIctrl()\fR function called with +Set this to have the implementation's \fBctrl()\fR function called with command code \fB\s-1EVP_CTRL_INIT\s0\fR early in its setup. .IP "\s-1EVP_CIPH_CUSTOM_KEY_LENGTH\s0" 4 .IX Item "EVP_CIPH_CUSTOM_KEY_LENGTH" Checking and setting the key length after creating the \fB\s-1EVP_CIPHER\s0\fR is left to the implementation. -Whenever someone uses \fIEVP_CIPHER_CTX_set_key_length()\fR on a -\&\fB\s-1EVP_CIPHER\s0\fR with this flag set, the implementation's \fIctrl()\fR function +Whenever someone uses \fBEVP_CIPHER_CTX_set_key_length()\fR on a +\&\fB\s-1EVP_CIPHER\s0\fR with this flag set, the implementation's \fBctrl()\fR function will be called with the control code \fB\s-1EVP_CTRL_SET_KEY_LENGTH\s0\fR and the key length in \fBarg\fR. .IP "\s-1EVP_CIPH_NO_PADDING\s0" 4 @@ -238,19 +242,19 @@ Don't use standard block padding. .IP "\s-1EVP_CIPH_RAND_KEY\s0" 4 .IX Item "EVP_CIPH_RAND_KEY" Making a key with random content is left to the implementation. -This is done by calling the implementation's \fIctrl()\fR function with the +This is done by calling the implementation's \fBctrl()\fR function with the control code \fB\s-1EVP_CTRL_RAND_KEY\s0\fR and the pointer to the key memory storage in \fBptr\fR. .IP "\s-1EVP_CIPH_CUSTOM_COPY\s0" 4 .IX Item "EVP_CIPH_CUSTOM_COPY" -Set this to have the implementation's \fIctrl()\fR function called with -command code \fB\s-1EVP_CTRL_COPY\s0\fR at the end of \fIEVP_CIPHER_CTX_copy()\fR. +Set this to have the implementation's \fBctrl()\fR function called with +command code \fB\s-1EVP_CTRL_COPY\s0\fR at the end of \fBEVP_CIPHER_CTX_copy()\fR. The intended use is for further things to deal with after the implementation specific data block has been copied. The destination \fB\s-1EVP_CIPHER_CTX\s0\fR is passed to the control with the \&\fBptr\fR parameter. The implementation specific data block is reached with -\&\fIEVP_CIPHER_CTX_get_cipher_data()\fR. +\&\fBEVP_CIPHER_CTX_get_cipher_data()\fR. .IP "\s-1EVP_CIPH_FLAG_DEFAULT_ASN1\s0" 4 .IX Item "EVP_CIPH_FLAG_DEFAULT_ASN1" Use the default \s-1EVP\s0 routines to pass \s-1IV\s0 to and from \s-1ASN.1.\s0 @@ -273,52 +277,52 @@ This indicates that this is an \s-1AEAD\s0 cipher implementation. Allow interleaving of crypto blocks, a particular optimization only applicable to certain \s-1TLS\s0 ciphers. .PP -\&\fIEVP_CIPHER_meth_set_impl_ctx_size()\fR sets the size of the \s-1EVP_CIPHER\s0's +\&\fBEVP_CIPHER_meth_set_impl_ctx_size()\fR sets the size of the \s-1EVP_CIPHER\s0's implementation context so that it can be automatically allocated. .PP -\&\fIEVP_CIPHER_meth_set_init()\fR sets the cipher init function for +\&\fBEVP_CIPHER_meth_set_init()\fR sets the cipher init function for \&\fBcipher\fR. -The cipher init function is called by \fIEVP_CipherInit()\fR, -\&\fIEVP_CipherInit_ex()\fR, \fIEVP_EncryptInit()\fR, \fIEVP_EncryptInit_ex()\fR, -\&\fIEVP_DecryptInit()\fR, \fIEVP_DecryptInit_ex()\fR. +The cipher init function is called by \fBEVP_CipherInit()\fR, +\&\fBEVP_CipherInit_ex()\fR, \fBEVP_EncryptInit()\fR, \fBEVP_EncryptInit_ex()\fR, +\&\fBEVP_DecryptInit()\fR, \fBEVP_DecryptInit_ex()\fR. .PP -\&\fIEVP_CIPHER_meth_set_do_cipher()\fR sets the cipher function for +\&\fBEVP_CIPHER_meth_set_do_cipher()\fR sets the cipher function for \&\fBcipher\fR. -The cipher function is called by \fIEVP_CipherUpdate()\fR, -\&\fIEVP_EncryptUpdate()\fR, \fIEVP_DecryptUpdate()\fR, \fIEVP_CipherFinal()\fR, -\&\fIEVP_EncryptFinal()\fR, \fIEVP_EncryptFinal_ex()\fR, \fIEVP_DecryptFinal()\fR and -\&\fIEVP_DecryptFinal_ex()\fR. +The cipher function is called by \fBEVP_CipherUpdate()\fR, +\&\fBEVP_EncryptUpdate()\fR, \fBEVP_DecryptUpdate()\fR, \fBEVP_CipherFinal()\fR, +\&\fBEVP_EncryptFinal()\fR, \fBEVP_EncryptFinal_ex()\fR, \fBEVP_DecryptFinal()\fR and +\&\fBEVP_DecryptFinal_ex()\fR. .PP -\&\fIEVP_CIPHER_meth_set_cleanup()\fR sets the function for \fBcipher\fR to do +\&\fBEVP_CIPHER_meth_set_cleanup()\fR sets the function for \fBcipher\fR to do extra cleanup before the method's private data structure is cleaned out and freed. Note that the cleanup function is passed a \fB\s-1EVP_CIPHER_CTX\s0 *\fR, the private data structure is then available with -\&\fIEVP_CIPHER_CTX_get_cipher_data()\fR. -This cleanup function is called by \fIEVP_CIPHER_CTX_reset()\fR and -\&\fIEVP_CIPHER_CTX_free()\fR. +\&\fBEVP_CIPHER_CTX_get_cipher_data()\fR. +This cleanup function is called by \fBEVP_CIPHER_CTX_reset()\fR and +\&\fBEVP_CIPHER_CTX_free()\fR. .PP -\&\fIEVP_CIPHER_meth_set_set_asn1_params()\fR sets the function for \fBcipher\fR +\&\fBEVP_CIPHER_meth_set_set_asn1_params()\fR sets the function for \fBcipher\fR to set the AlgorithmIdentifier \*(L"parameter\*(R" based on the passed cipher. -This function is called by \fIEVP_CIPHER_param_to_asn1()\fR. -\&\fIEVP_CIPHER_meth_set_get_asn1_params()\fR sets the function for \fBcipher\fR +This function is called by \fBEVP_CIPHER_param_to_asn1()\fR. +\&\fBEVP_CIPHER_meth_set_get_asn1_params()\fR sets the function for \fBcipher\fR that sets the cipher parameters based on an \s-1ASN.1\s0 AlgorithmIdentifier \&\*(L"parameter\*(R". Both these functions are needed when there is a need for custom data (more or other than the cipher \s-1IV\s0). -They are called by \fIEVP_CIPHER_param_to_asn1()\fR and -\&\fIEVP_CIPHER_asn1_to_param()\fR respectively if defined. +They are called by \fBEVP_CIPHER_param_to_asn1()\fR and +\&\fBEVP_CIPHER_asn1_to_param()\fR respectively if defined. .PP -\&\fIEVP_CIPHER_meth_set_ctrl()\fR sets the control function for \fBcipher\fR. +\&\fBEVP_CIPHER_meth_set_ctrl()\fR sets the control function for \fBcipher\fR. .PP -\&\fIEVP_CIPHER_meth_get_init()\fR, \fIEVP_CIPHER_meth_get_do_cipher()\fR, -\&\fIEVP_CIPHER_meth_get_cleanup()\fR, \fIEVP_CIPHER_meth_get_set_asn1_params()\fR, -\&\fIEVP_CIPHER_meth_get_get_asn1_params()\fR and \fIEVP_CIPHER_meth_get_ctrl()\fR +\&\fBEVP_CIPHER_meth_get_init()\fR, \fBEVP_CIPHER_meth_get_do_cipher()\fR, +\&\fBEVP_CIPHER_meth_get_cleanup()\fR, \fBEVP_CIPHER_meth_get_set_asn1_params()\fR, +\&\fBEVP_CIPHER_meth_get_get_asn1_params()\fR and \fBEVP_CIPHER_meth_get_ctrl()\fR are all used to retrieve the method data given with the EVP_CIPHER_meth_set_*() functions above. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_CIPHER_meth_new()\fR and \fIEVP_CIPHER_meth_dup()\fR return a pointer to a +\&\fBEVP_CIPHER_meth_new()\fR and \fBEVP_CIPHER_meth_dup()\fR return a pointer to a newly created \fB\s-1EVP_CIPHER\s0\fR, or \s-1NULL\s0 on failure. All EVP_CIPHER_meth_set_*() functions return 1. All EVP_CIPHER_meth_get_*() functions return pointers to their diff --git a/secure/lib/libcrypto/man/EVP_DigestInit.3 b/secure/lib/libcrypto/man/EVP_DigestInit.3 index 5f59cda8f416..380757a93d6c 100644 --- a/secure/lib/libcrypto/man/EVP_DigestInit.3 +++ b/secure/lib/libcrypto/man/EVP_DigestInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_DIGESTINIT 3" -.TH EVP_DIGESTINIT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_DIGESTINIT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -184,116 +188,116 @@ EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy_ex, EVP_MD_CT .IX Header "DESCRIPTION" The \s-1EVP\s0 digest routines are a high level interface to message digests, and should be used instead of the cipher-specific functions. -.IP "\fIEVP_MD_CTX_new()\fR" 4 +.IP "\fBEVP_MD_CTX_new()\fR" 4 .IX Item "EVP_MD_CTX_new()" Allocates and returns a digest context. -.IP "\fIEVP_MD_CTX_reset()\fR" 4 +.IP "\fBEVP_MD_CTX_reset()\fR" 4 .IX Item "EVP_MD_CTX_reset()" Resets the digest context \fBctx\fR. This can be used to reuse an already existing context. -.IP "\fIEVP_MD_CTX_free()\fR" 4 +.IP "\fBEVP_MD_CTX_free()\fR" 4 .IX Item "EVP_MD_CTX_free()" Cleans up digest context \fBctx\fR and frees up the space allocated to it. -.IP "\fIEVP_MD_CTX_ctrl()\fR" 4 +.IP "\fBEVP_MD_CTX_ctrl()\fR" 4 .IX Item "EVP_MD_CTX_ctrl()" Performs digest-specific control actions on context \fBctx\fR. -.IP "\fIEVP_MD_CTX_set_flags()\fR, \fIEVP_MD_CTX_clear_flags()\fR, \fIEVP_MD_CTX_test_flags()\fR" 4 +.IP "\fBEVP_MD_CTX_set_flags()\fR, \fBEVP_MD_CTX_clear_flags()\fR, \fBEVP_MD_CTX_test_flags()\fR" 4 .IX Item "EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags(), EVP_MD_CTX_test_flags()" Sets, clears and tests \fBctx\fR flags. See \*(L"\s-1FLAGS\*(R"\s0 below for more information. -.IP "\fIEVP_DigestInit_ex()\fR" 4 +.IP "\fBEVP_DigestInit_ex()\fR" 4 .IX Item "EVP_DigestInit_ex()" Sets up digest context \fBctx\fR to use a digest \fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. -\&\fBtype\fR will typically be supplied by a function such as \fIEVP_sha1()\fR. If +\&\fBtype\fR will typically be supplied by a function such as \fBEVP_sha1()\fR. If \&\fBimpl\fR is \s-1NULL\s0 then the default implementation of digest \fBtype\fR is used. -.IP "\fIEVP_DigestUpdate()\fR" 4 +.IP "\fBEVP_DigestUpdate()\fR" 4 .IX Item "EVP_DigestUpdate()" Hashes \fBcnt\fR bytes of data at \fBd\fR into the digest context \fBctx\fR. This function can be called several times on the same \fBctx\fR to hash additional data. -.IP "\fIEVP_DigestFinal_ex()\fR" 4 +.IP "\fBEVP_DigestFinal_ex()\fR" 4 .IX Item "EVP_DigestFinal_ex()" Retrieves the digest value from \fBctx\fR and places it in \fBmd\fR. If the \fBs\fR parameter is not \s-1NULL\s0 then the number of bytes of data written (i.e. the length of the digest) will be written to the integer at \fBs\fR, at most -\&\fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes will be written. After calling \fIEVP_DigestFinal_ex()\fR -no additional calls to \fIEVP_DigestUpdate()\fR can be made, but -\&\fIEVP_DigestInit_ex()\fR can be called to initialize a new digest operation. -.IP "\fIEVP_DigestFinalXOF()\fR" 4 +\&\fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes will be written. After calling \fBEVP_DigestFinal_ex()\fR +no additional calls to \fBEVP_DigestUpdate()\fR can be made, but +\&\fBEVP_DigestInit_ex()\fR can be called to initialize a new digest operation. +.IP "\fBEVP_DigestFinalXOF()\fR" 4 .IX Item "EVP_DigestFinalXOF()" Interfaces to extendable-output functions, XOFs, such as \s-1SHAKE128\s0 and \s-1SHAKE256.\s0 It retrieves the digest value from \fBctx\fR and places it in \fBlen\fR\-sized <B>md. -After calling this function no additional calls to \fIEVP_DigestUpdate()\fR can be -made, but \fIEVP_DigestInit_ex()\fR can be called to initialize a new operation. -.IP "\fIEVP_MD_CTX_copy_ex()\fR" 4 +After calling this function no additional calls to \fBEVP_DigestUpdate()\fR can be +made, but \fBEVP_DigestInit_ex()\fR can be called to initialize a new operation. +.IP "\fBEVP_MD_CTX_copy_ex()\fR" 4 .IX Item "EVP_MD_CTX_copy_ex()" Can be used to copy the message digest state from \fBin\fR to \fBout\fR. This is useful if large amounts of data are to be hashed which only differ in the last few bytes. -.IP "\fIEVP_DigestInit()\fR" 4 +.IP "\fBEVP_DigestInit()\fR" 4 .IX Item "EVP_DigestInit()" -Behaves in the same way as \fIEVP_DigestInit_ex()\fR except it always uses the +Behaves in the same way as \fBEVP_DigestInit_ex()\fR except it always uses the default digest implementation. -.IP "\fIEVP_DigestFinal()\fR" 4 +.IP "\fBEVP_DigestFinal()\fR" 4 .IX Item "EVP_DigestFinal()" -Similar to \fIEVP_DigestFinal_ex()\fR except the digest context \fBctx\fR is +Similar to \fBEVP_DigestFinal_ex()\fR except the digest context \fBctx\fR is automatically cleaned up. -.IP "\fIEVP_MD_CTX_copy()\fR" 4 +.IP "\fBEVP_MD_CTX_copy()\fR" 4 .IX Item "EVP_MD_CTX_copy()" -Similar to \fIEVP_MD_CTX_copy_ex()\fR except the destination \fBout\fR does not have to +Similar to \fBEVP_MD_CTX_copy_ex()\fR except the destination \fBout\fR does not have to be initialized. -.IP "\fIEVP_MD_size()\fR, \fIEVP_MD_CTX_size()\fR" 4 +.IP "\fBEVP_MD_size()\fR, \fBEVP_MD_CTX_size()\fR" 4 .IX Item "EVP_MD_size(), EVP_MD_CTX_size()" Return the size of the message digest when passed an \fB\s-1EVP_MD\s0\fR or an \&\fB\s-1EVP_MD_CTX\s0\fR structure, i.e. the size of the hash. -.IP "\fIEVP_MD_block_size()\fR, \fIEVP_MD_CTX_block_size()\fR" 4 +.IP "\fBEVP_MD_block_size()\fR, \fBEVP_MD_CTX_block_size()\fR" 4 .IX Item "EVP_MD_block_size(), EVP_MD_CTX_block_size()" Return the block size of the message digest when passed an \fB\s-1EVP_MD\s0\fR or an \&\fB\s-1EVP_MD_CTX\s0\fR structure. -.IP "\fIEVP_MD_type()\fR, \fIEVP_MD_CTX_type()\fR" 4 +.IP "\fBEVP_MD_type()\fR, \fBEVP_MD_CTX_type()\fR" 4 .IX Item "EVP_MD_type(), EVP_MD_CTX_type()" Return the \s-1NID\s0 of the \s-1OBJECT IDENTIFIER\s0 representing the given message digest when passed an \fB\s-1EVP_MD\s0\fR structure. For example, \f(CW\*(C`EVP_MD_type(EVP_sha1())\*(C'\fR returns \fBNID_sha1\fR. This function is normally used when setting \s-1ASN1\s0 OIDs. -.IP "\fIEVP_MD_CTX_md_data()\fR" 4 +.IP "\fBEVP_MD_CTX_md_data()\fR" 4 .IX Item "EVP_MD_CTX_md_data()" Return the digest method private data for the passed \fB\s-1EVP_MD_CTX\s0\fR. The space is allocated by OpenSSL and has the size originally set with -\&\fIEVP_MD_meth_set_app_datasize()\fR. -.IP "\fIEVP_MD_CTX_md()\fR" 4 +\&\fBEVP_MD_meth_set_app_datasize()\fR. +.IP "\fBEVP_MD_CTX_md()\fR" 4 .IX Item "EVP_MD_CTX_md()" Returns the \fB\s-1EVP_MD\s0\fR structure corresponding to the passed \fB\s-1EVP_MD_CTX\s0\fR. -.IP "\fIEVP_MD_pkey_type()\fR" 4 +.IP "\fBEVP_MD_pkey_type()\fR" 4 .IX Item "EVP_MD_pkey_type()" Returns the \s-1NID\s0 of the public key signing algorithm associated with this -digest. For example \fIEVP_sha1()\fR is associated with \s-1RSA\s0 so this will return +digest. For example \fBEVP_sha1()\fR is associated with \s-1RSA\s0 so this will return \&\fBNID_sha1WithRSAEncryption\fR. Since digests and signature algorithms are no longer linked this function is only retained for compatibility reasons. -.IP "\fIEVP_md_null()\fR" 4 +.IP "\fBEVP_md_null()\fR" 4 .IX Item "EVP_md_null()" A \*(L"null\*(R" message digest that does nothing: i.e. the hash it returns is of zero length. -.IP "\fIEVP_get_digestbyname()\fR, \fIEVP_get_digestbynid()\fR, \fIEVP_get_digestbyobj()\fR" 4 +.IP "\fBEVP_get_digestbyname()\fR, \fBEVP_get_digestbynid()\fR, \fBEVP_get_digestbyobj()\fR" 4 .IX Item "EVP_get_digestbyname(), EVP_get_digestbynid(), EVP_get_digestbyobj()" Returns an \fB\s-1EVP_MD\s0\fR structure when passed a digest name, a digest \fB\s-1NID\s0\fR or an \&\fB\s-1ASN1_OBJECT\s0\fR structure respectively. -.IP "\fIEVP_MD_CTX_set_pkey_ctx()\fR" 4 +.IP "\fBEVP_MD_CTX_set_pkey_ctx()\fR" 4 .IX Item "EVP_MD_CTX_set_pkey_ctx()" Assigns an \fB\s-1EVP_PKEY_CTX\s0\fR to \fB\s-1EVP_MD_CTX\s0\fR. This is usually used to provide -a customzied \fB\s-1EVP_PKEY_CTX\s0\fR to \fIEVP_DigestSignInit\fR\|(3) or -\&\fIEVP_DigestVerifyInit\fR\|(3). The \fBpctx\fR passed to this function should be freed +a customzied \fB\s-1EVP_PKEY_CTX\s0\fR to \fBEVP_DigestSignInit\fR\|(3) or +\&\fBEVP_DigestVerifyInit\fR\|(3). The \fBpctx\fR passed to this function should be freed by the caller. A \s-1NULL\s0 \fBpctx\fR pointer is also allowed to clear the \fB\s-1EVP_PKEY_CTX\s0\fR assigned to \fBctx\fR. In such case, freeing the cleared \fB\s-1EVP_PKEY_CTX\s0\fR or not depends on how the \fB\s-1EVP_PKEY_CTX\s0\fR is created. .SH "FLAGS" .IX Header "FLAGS" -\&\fIEVP_MD_CTX_set_flags()\fR, \fIEVP_MD_CTX_clear_flags()\fR and \fIEVP_MD_CTX_test_flags()\fR +\&\fBEVP_MD_CTX_set_flags()\fR, \fBEVP_MD_CTX_clear_flags()\fR and \fBEVP_MD_CTX_test_flags()\fR can be used the manipulate and test these \fB\s-1EVP_MD_CTX\s0\fR flags: .IP "\s-1EVP_MD_CTX_FLAG_ONESHOT\s0" 4 .IX Item "EVP_MD_CTX_FLAG_ONESHOT" This flag instructs the digest to optimize for one update only, if possible. .IP "\s-1EVP_MD_CTX_FLAG_NO_INIT\s0" 4 .IX Item "EVP_MD_CTX_FLAG_NO_INIT" -This flag instructs \fIEVP_DigestInit()\fR and similar not to initialise the +This flag instructs \fBEVP_DigestInit()\fR and similar not to initialise the implementation specific data. .IP "\s-1EVP_MD_CTX_FLAG_FINALISE\s0" 4 .IX Item "EVP_MD_CTX_FLAG_FINALISE" @@ -303,30 +307,30 @@ This is inefficient if this functionality is not required, and can be disabled with this flag. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -.IP "\fIEVP_DigestInit_ex()\fR, \fIEVP_DigestUpdate()\fR, \fIEVP_DigestFinal_ex()\fR" 4 +.IP "\fBEVP_DigestInit_ex()\fR, \fBEVP_DigestUpdate()\fR, \fBEVP_DigestFinal_ex()\fR" 4 .IX Item "EVP_DigestInit_ex(), EVP_DigestUpdate(), EVP_DigestFinal_ex()" Returns 1 for success and 0 for failure. -.IP "\fIEVP_MD_CTX_ctrl()\fR" 4 +.IP "\fBEVP_MD_CTX_ctrl()\fR" 4 .IX Item "EVP_MD_CTX_ctrl()" Returns 1 if successful or 0 for failure. -.IP "\fIEVP_MD_CTX_copy_ex()\fR" 4 +.IP "\fBEVP_MD_CTX_copy_ex()\fR" 4 .IX Item "EVP_MD_CTX_copy_ex()" Returns 1 if successful or 0 for failure. -.IP "\fIEVP_MD_type()\fR, \fIEVP_MD_pkey_type()\fR, \fIEVP_MD_type()\fR" 4 +.IP "\fBEVP_MD_type()\fR, \fBEVP_MD_pkey_type()\fR, \fBEVP_MD_type()\fR" 4 .IX Item "EVP_MD_type(), EVP_MD_pkey_type(), EVP_MD_type()" Returns the \s-1NID\s0 of the corresponding \s-1OBJECT IDENTIFIER\s0 or NID_undef if none exists. -.IP "\fIEVP_MD_size()\fR, \fIEVP_MD_block_size()\fR, \fIEVP_MD_CTX_size()\fR, \fIEVP_MD_CTX_block_size()\fR" 4 +.IP "\fBEVP_MD_size()\fR, \fBEVP_MD_block_size()\fR, \fBEVP_MD_CTX_size()\fR, \fBEVP_MD_CTX_block_size()\fR" 4 .IX Item "EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size(), EVP_MD_CTX_block_size()" Returns the digest or block size in bytes. -.IP "\fIEVP_md_null()\fR" 4 +.IP "\fBEVP_md_null()\fR" 4 .IX Item "EVP_md_null()" Returns a pointer to the \fB\s-1EVP_MD\s0\fR structure of the \*(L"null\*(R" message digest. -.IP "\fIEVP_get_digestbyname()\fR, \fIEVP_get_digestbynid()\fR, \fIEVP_get_digestbyobj()\fR" 4 +.IP "\fBEVP_get_digestbyname()\fR, \fBEVP_get_digestbynid()\fR, \fBEVP_get_digestbyobj()\fR" 4 .IX Item "EVP_get_digestbyname(), EVP_get_digestbynid(), EVP_get_digestbyobj()" Returns either an \fB\s-1EVP_MD\s0\fR structure or \s-1NULL\s0 if an error occurs. -.IP "\fIEVP_MD_CTX_set_pkey_ctx()\fR" 4 +.IP "\fBEVP_MD_CTX_set_pkey_ctx()\fR" 4 .IX Item "EVP_MD_CTX_set_pkey_ctx()" This function has no return value. .SH "NOTES" @@ -335,28 +339,28 @@ The \fB\s-1EVP\s0\fR interface to message digests should almost always be used i preference to the low level interfaces. This is because the code then becomes transparent to the digest used and much more flexible. .PP -New applications should use the \s-1SHA\-2\s0 (such as \fIEVP_sha256\fR\|(3)) or the \s-1SHA\-3\s0 -digest algorithms (such as \fIEVP_sha3_512\fR\|(3)). The other digest algorithms +New applications should use the \s-1SHA\-2\s0 (such as \fBEVP_sha256\fR\|(3)) or the \s-1SHA\-3\s0 +digest algorithms (such as \fBEVP_sha3_512\fR\|(3)). The other digest algorithms are still in common use. .PP -For most applications the \fBimpl\fR parameter to \fIEVP_DigestInit_ex()\fR will be +For most applications the \fBimpl\fR parameter to \fBEVP_DigestInit_ex()\fR will be set to \s-1NULL\s0 to use the default digest implementation. .PP -The functions \fIEVP_DigestInit()\fR, \fIEVP_DigestFinal()\fR and \fIEVP_MD_CTX_copy()\fR are +The functions \fBEVP_DigestInit()\fR, \fBEVP_DigestFinal()\fR and \fBEVP_MD_CTX_copy()\fR are obsolete but are retained to maintain compatibility with existing code. New -applications should use \fIEVP_DigestInit_ex()\fR, \fIEVP_DigestFinal_ex()\fR and -\&\fIEVP_MD_CTX_copy_ex()\fR because they can efficiently reuse a digest context +applications should use \fBEVP_DigestInit_ex()\fR, \fBEVP_DigestFinal_ex()\fR and +\&\fBEVP_MD_CTX_copy_ex()\fR because they can efficiently reuse a digest context instead of initializing and cleaning it up on each call and allow non default implementations of digests to be specified. .PP If digest contexts are not cleaned up after use, memory leaks will occur. .PP -\&\fIEVP_MD_CTX_size()\fR, \fIEVP_MD_CTX_block_size()\fR, \fIEVP_MD_CTX_type()\fR, -\&\fIEVP_get_digestbynid()\fR and \fIEVP_get_digestbyobj()\fR are defined as +\&\fBEVP_MD_CTX_size()\fR, \fBEVP_MD_CTX_block_size()\fR, \fBEVP_MD_CTX_type()\fR, +\&\fBEVP_get_digestbynid()\fR and \fBEVP_get_digestbyobj()\fR are defined as macros. .PP -\&\fIEVP_MD_CTX_ctrl()\fR sends commands to message digests for additional configuration +\&\fBEVP_MD_CTX_ctrl()\fR sends commands to message digests for additional configuration or control. .SH "EXAMPLE" .IX Header "EXAMPLE" @@ -405,33 +409,33 @@ digest name passed on the command line. .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIdgst\fR\|(1), -\&\fIevp\fR\|(7) +\&\fBdgst\fR\|(1), +\&\fBevp\fR\|(7) .PP The full list of digest algorithms are provided below. .PP -\&\fIEVP_blake2b512\fR\|(3), -\&\fIEVP_md2\fR\|(3), -\&\fIEVP_md4\fR\|(3), -\&\fIEVP_md5\fR\|(3), -\&\fIEVP_mdc2\fR\|(3), -\&\fIEVP_ripemd160\fR\|(3), -\&\fIEVP_sha1\fR\|(3), -\&\fIEVP_sha224\fR\|(3), -\&\fIEVP_sha3_224\fR\|(3), -\&\fIEVP_sm3\fR\|(3), -\&\fIEVP_whirlpool\fR\|(3) +\&\fBEVP_blake2b512\fR\|(3), +\&\fBEVP_md2\fR\|(3), +\&\fBEVP_md4\fR\|(3), +\&\fBEVP_md5\fR\|(3), +\&\fBEVP_mdc2\fR\|(3), +\&\fBEVP_ripemd160\fR\|(3), +\&\fBEVP_sha1\fR\|(3), +\&\fBEVP_sha224\fR\|(3), +\&\fBEVP_sha3_224\fR\|(3), +\&\fBEVP_sm3\fR\|(3), +\&\fBEVP_whirlpool\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIEVP_MD_CTX_create()\fR and \fIEVP_MD_CTX_destroy()\fR were renamed to -\&\fIEVP_MD_CTX_new()\fR and \fIEVP_MD_CTX_free()\fR in OpenSSL 1.1.0. +The \fBEVP_MD_CTX_create()\fR and \fBEVP_MD_CTX_destroy()\fR functions were renamed to +\&\fBEVP_MD_CTX_new()\fR and \fBEVP_MD_CTX_free()\fR in OpenSSL 1.1.0, respectively. .PP The link between digests and signing algorithms was fixed in OpenSSL 1.0 and -later, so now \fIEVP_sha1()\fR can be used with \s-1RSA\s0 and \s-1DSA.\s0 +later, so now \fBEVP_sha1()\fR can be used with \s-1RSA\s0 and \s-1DSA.\s0 .PP -\&\fIEVP_dss1()\fR was removed in OpenSSL 1.1.0. +The \fBEVP_dss1()\fR function was removed in OpenSSL 1.1.0. .PP -\&\fIEVP_MD_CTX_set_pkey_ctx()\fR was added in 1.1.1. +The \fBEVP_MD_CTX_set_pkey_ctx()\fR function was added in 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_DigestSignInit.3 b/secure/lib/libcrypto/man/EVP_DigestSignInit.3 index d33bc7ea47cf..67cc1571e2ac 100644 --- a/secure/lib/libcrypto/man/EVP_DigestSignInit.3 +++ b/secure/lib/libcrypto/man/EVP_DigestSignInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_DIGESTSIGNINIT 3" -.TH EVP_DIGESTSIGNINIT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_DIGESTSIGNINIT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -154,21 +158,21 @@ EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal, EVP_DigestSign \- .IX Header "DESCRIPTION" The \s-1EVP\s0 signature routines are a high level interface to digital signatures. .PP -\&\fIEVP_DigestSignInit()\fR sets up signing context \fBctx\fR to use digest \fBtype\fR from +\&\fBEVP_DigestSignInit()\fR sets up signing context \fBctx\fR to use digest \fBtype\fR from \&\s-1ENGINE\s0 \fBe\fR and private key \fBpkey\fR. \fBctx\fR must be created with -\&\fIEVP_MD_CTX_new()\fR before calling this function. If \fBpctx\fR is not \s-1NULL,\s0 the +\&\fBEVP_MD_CTX_new()\fR before calling this function. If \fBpctx\fR is not \s-1NULL,\s0 the \&\s-1EVP_PKEY_CTX\s0 of the signing operation will be written to \fB*pctx\fR: this can be used to set alternative signing options. Note that any existing value in \&\fB*pctx\fR is overwritten. The \s-1EVP_PKEY_CTX\s0 value returned must not be freed directly by the application if \fBctx\fR is not assigned an \s-1EVP_PKEY_CTX\s0 value before -being passed to \fIEVP_DigestSignInit()\fR (which means the \s-1EVP_PKEY_CTX\s0 is created -inside \fIEVP_DigestSignInit()\fR and it will be freed automatically when the +being passed to \fBEVP_DigestSignInit()\fR (which means the \s-1EVP_PKEY_CTX\s0 is created +inside \fBEVP_DigestSignInit()\fR and it will be freed automatically when the \&\s-1EVP_MD_CTX\s0 is freed). .PP The digest \fBtype\fR may be \s-1NULL\s0 if the signing algorithm supports it. .PP -No \fB\s-1EVP_PKEY_CTX\s0\fR will be created by \fIEVP_DigsetSignInit()\fR if the passed \fBctx\fR -has already been assigned one via \fIEVP_MD_CTX_set_ctx\fR\|(3). See also \s-1\fISM2\s0\fR\|(7). +No \fB\s-1EVP_PKEY_CTX\s0\fR will be created by \fBEVP_DigsetSignInit()\fR if the passed \fBctx\fR +has already been assigned one via \fBEVP_MD_CTX_set_ctx\fR\|(3). See also \s-1\fBSM2\s0\fR\|(7). .PP Only \s-1EVP_PKEY\s0 types that support signing can be used with these functions. This includes \s-1MAC\s0 algorithms where the \s-1MAC\s0 generation is considered as a form of @@ -204,71 +208,71 @@ Will ignore any digest provided. .PP If RSA-PSS is used and restrictions apply then the digest must match. .PP -\&\fIEVP_DigestSignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the +\&\fBEVP_DigestSignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the signature context \fBctx\fR. This function can be called several times on the same \fBctx\fR to include additional data. This function is currently implemented using a macro. .PP -\&\fIEVP_DigestSignFinal()\fR signs the data in \fBctx\fR and places the signature in \fBsig\fR. +\&\fBEVP_DigestSignFinal()\fR signs the data in \fBctx\fR and places the signature in \fBsig\fR. If \fBsig\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to the \fBsiglen\fR parameter. If \fBsig\fR is not \fB\s-1NULL\s0\fR then before the call the \&\fBsiglen\fR parameter should contain the length of the \fBsig\fR buffer. If the call is successful the signature is written to \fBsig\fR and the amount of data written to \fBsiglen\fR. .PP -\&\fIEVP_DigestSign()\fR signs \fBtbslen\fR bytes of data at \fBtbs\fR and places the +\&\fBEVP_DigestSign()\fR signs \fBtbslen\fR bytes of data at \fBtbs\fR and places the signature in \fBsig\fR and its length in \fBsiglen\fR in a similar way to -\&\fIEVP_DigestSignFinal()\fR. +\&\fBEVP_DigestSignFinal()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_DigestSignInit()\fR, \fIEVP_DigestSignUpdate()\fR, \fIEVP_DigestSignaFinal()\fR and -\&\fIEVP_DigestSign()\fR return 1 for success and 0 or a negative value for failure. In +\&\fBEVP_DigestSignInit()\fR, \fBEVP_DigestSignUpdate()\fR, \fBEVP_DigestSignaFinal()\fR and +\&\fBEVP_DigestSign()\fR return 1 for success and 0 or a negative value for failure. In particular, a return value of \-2 indicates the operation is not supported by the public key algorithm. .PP -The error codes can be obtained from \fIERR_get_error\fR\|(3). +The error codes can be obtained from \fBERR_get_error\fR\|(3). .SH "NOTES" .IX Header "NOTES" The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in preference to the low level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. .PP -\&\fIEVP_DigestSign()\fR is a one shot operation which signs a single block of data +\&\fBEVP_DigestSign()\fR is a one shot operation which signs a single block of data in one function. For algorithms that support streaming it is equivalent to -calling \fIEVP_DigestSignUpdate()\fR and \fIEVP_DigestSignFinal()\fR. For algorithms which +calling \fBEVP_DigestSignUpdate()\fR and \fBEVP_DigestSignFinal()\fR. For algorithms which do not support streaming (e.g. PureEdDSA) it is the only way to sign data. .PP In previous versions of OpenSSL there was a link between message digest types -and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fIEVP_dss1()\fR +and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fBEVP_dss1()\fR needed to be used to sign using \s-1SHA1\s0 and \s-1DSA.\s0 This is no longer necessary and the use of clone digest is now discouraged. .PP For some key types and parameters the random number generator must be seeded or the operation will fail. .PP -The call to \fIEVP_DigestSignFinal()\fR internally finalizes a copy of the digest -context. This means that calls to \fIEVP_DigestSignUpdate()\fR and -\&\fIEVP_DigestSignFinal()\fR can be called later to digest and sign additional data. +The call to \fBEVP_DigestSignFinal()\fR internally finalizes a copy of the digest +context. This means that calls to \fBEVP_DigestSignUpdate()\fR and +\&\fBEVP_DigestSignFinal()\fR can be called later to digest and sign additional data. .PP Since only a copy of the digest context is ever finalized, the context must -be cleaned up after use by calling \fIEVP_MD_CTX_free()\fR or a memory leak +be cleaned up after use by calling \fBEVP_MD_CTX_free()\fR or a memory leak will occur. .PP -The use of \fIEVP_PKEY_size()\fR with these functions is discouraged because some +The use of \fBEVP_PKEY_size()\fR with these functions is discouraged because some signature operations may have a signature length which depends on the -parameters set. As a result \fIEVP_PKEY_size()\fR would have to return a value +parameters set. As a result \fBEVP_PKEY_size()\fR would have to return a value which indicates the maximum possible signature for any set of parameters. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_DigestVerifyInit\fR\|(3), -\&\fIEVP_DigestInit\fR\|(3), -\&\fIevp\fR\|(7), \s-1\fIHMAC\s0\fR\|(3), \s-1\fIMD2\s0\fR\|(3), -\&\s-1\fIMD5\s0\fR\|(3), \s-1\fIMDC2\s0\fR\|(3), \s-1\fIRIPEMD160\s0\fR\|(3), -\&\s-1\fISHA1\s0\fR\|(3), \fIdgst\fR\|(1) +\&\fBEVP_DigestVerifyInit\fR\|(3), +\&\fBEVP_DigestInit\fR\|(3), +\&\fBevp\fR\|(7), \s-1\fBHMAC\s0\fR\|(3), \s-1\fBMD2\s0\fR\|(3), +\&\s-1\fBMD5\s0\fR\|(3), \s-1\fBMDC2\s0\fR\|(3), \s-1\fBRIPEMD160\s0\fR\|(3), +\&\s-1\fBSHA1\s0\fR\|(3), \fBdgst\fR\|(1) .SH "HISTORY" .IX Header "HISTORY" -\&\fIEVP_DigestSignInit()\fR, \fIEVP_DigestSignUpdate()\fR and \fIEVP_DigestSignFinal()\fR -were first added to OpenSSL 1.0.0. +\&\fBEVP_DigestSignInit()\fR, \fBEVP_DigestSignUpdate()\fR and \fBEVP_DigestSignFinal()\fR +were added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 b/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 index 9b4fc7217faa..df49e59189f9 100644 --- a/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 +++ b/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_DIGESTVERIFYINIT 3" -.TH EVP_DIGESTVERIFYINIT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_DIGESTVERIFYINIT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,80 +157,80 @@ EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal, EVP_DigestV .IX Header "DESCRIPTION" The \s-1EVP\s0 signature routines are a high level interface to digital signatures. .PP -\&\fIEVP_DigestVerifyInit()\fR sets up verification context \fBctx\fR to use digest +\&\fBEVP_DigestVerifyInit()\fR sets up verification context \fBctx\fR to use digest \&\fBtype\fR from \s-1ENGINE\s0 \fBe\fR and public key \fBpkey\fR. \fBctx\fR must be created -with \fIEVP_MD_CTX_new()\fR before calling this function. If \fBpctx\fR is not \s-1NULL,\s0 the +with \fBEVP_MD_CTX_new()\fR before calling this function. If \fBpctx\fR is not \s-1NULL,\s0 the \&\s-1EVP_PKEY_CTX\s0 of the verification operation will be written to \fB*pctx\fR: this can be used to set alternative verification options. Note that any existing value in \fB*pctx\fR is overwritten. The \s-1EVP_PKEY_CTX\s0 value returned must not be freed directly by the application if \fBctx\fR is not assigned an \s-1EVP_PKEY_CTX\s0 value before -being passed to \fIEVP_DigestSignInit()\fR (which means the \s-1EVP_PKEY_CTX\s0 is created -inside \fIEVP_DigestSignInit()\fR and it will be freed automatically when the +being passed to \fBEVP_DigestSignInit()\fR (which means the \s-1EVP_PKEY_CTX\s0 is created +inside \fBEVP_DigestSignInit()\fR and it will be freed automatically when the \&\s-1EVP_MD_CTX\s0 is freed). .PP -No \fB\s-1EVP_PKEY_CTX\s0\fR will be created by \fIEVP_DigsetSignInit()\fR if the passed \fBctx\fR -has already been assigned one via \fIEVP_MD_CTX_set_ctx\fR\|(3). See also \s-1\fISM2\s0\fR\|(7). +No \fB\s-1EVP_PKEY_CTX\s0\fR will be created by \fBEVP_DigsetSignInit()\fR if the passed \fBctx\fR +has already been assigned one via \fBEVP_MD_CTX_set_ctx\fR\|(3). See also \s-1\fBSM2\s0\fR\|(7). .PP -\&\fIEVP_DigestVerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the +\&\fBEVP_DigestVerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the verification context \fBctx\fR. This function can be called several times on the same \fBctx\fR to include additional data. This function is currently implemented using a macro. .PP -\&\fIEVP_DigestVerifyFinal()\fR verifies the data in \fBctx\fR against the signature in +\&\fBEVP_DigestVerifyFinal()\fR verifies the data in \fBctx\fR against the signature in \&\fBsig\fR of length \fBsiglen\fR. .PP -\&\fIEVP_DigestVerify()\fR verifies \fBtbslen\fR bytes at \fBtbs\fR against the signature +\&\fBEVP_DigestVerify()\fR verifies \fBtbslen\fR bytes at \fBtbs\fR against the signature in \fBsig\fR of length \fBsiglen\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_DigestVerifyInit()\fR and \fIEVP_DigestVerifyUpdate()\fR return 1 for success and 0 +\&\fBEVP_DigestVerifyInit()\fR and \fBEVP_DigestVerifyUpdate()\fR return 1 for success and 0 for failure. .PP -\&\fIEVP_DigestVerifyFinal()\fR and \fIEVP_DigestVerify()\fR return 1 for success; any other +\&\fBEVP_DigestVerifyFinal()\fR and \fBEVP_DigestVerify()\fR return 1 for success; any other value indicates failure. A return value of zero indicates that the signature did not verify successfully (that is, \fBtbs\fR did not match the original data or the signature had an invalid form), while other values indicate a more serious error (and sometimes also indicate an invalid signature form). .PP -The error codes can be obtained from \fIERR_get_error\fR\|(3). +The error codes can be obtained from \fBERR_get_error\fR\|(3). .SH "NOTES" .IX Header "NOTES" The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in preference to the low level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. .PP -\&\fIEVP_DigestVerify()\fR is a one shot operation which verifies a single block of +\&\fBEVP_DigestVerify()\fR is a one shot operation which verifies a single block of data in one function. For algorithms that support streaming it is equivalent -to calling \fIEVP_DigestVerifyUpdate()\fR and \fIEVP_DigestVerifyFinal()\fR. For +to calling \fBEVP_DigestVerifyUpdate()\fR and \fBEVP_DigestVerifyFinal()\fR. For algorithms which do not support streaming (e.g. PureEdDSA) it is the only way to verify data. .PP In previous versions of OpenSSL there was a link between message digest types -and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fIEVP_dss1()\fR +and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fBEVP_dss1()\fR needed to be used to sign using \s-1SHA1\s0 and \s-1DSA.\s0 This is no longer necessary and the use of clone digest is now discouraged. .PP For some key types and parameters the random number generator must be seeded or the operation will fail. .PP -The call to \fIEVP_DigestVerifyFinal()\fR internally finalizes a copy of the digest -context. This means that \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR can +The call to \fBEVP_DigestVerifyFinal()\fR internally finalizes a copy of the digest +context. This means that \fBEVP_VerifyUpdate()\fR and \fBEVP_VerifyFinal()\fR can be called later to digest and verify additional data. .PP Since only a copy of the digest context is ever finalized, the context must -be cleaned up after use by calling \fIEVP_MD_CTX_free()\fR or a memory leak +be cleaned up after use by calling \fBEVP_MD_CTX_free()\fR or a memory leak will occur. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_DigestSignInit\fR\|(3), -\&\fIEVP_DigestInit\fR\|(3), -\&\fIevp\fR\|(7), \s-1\fIHMAC\s0\fR\|(3), \s-1\fIMD2\s0\fR\|(3), -\&\s-1\fIMD5\s0\fR\|(3), \s-1\fIMDC2\s0\fR\|(3), \s-1\fIRIPEMD160\s0\fR\|(3), -\&\s-1\fISHA1\s0\fR\|(3), \fIdgst\fR\|(1) +\&\fBEVP_DigestSignInit\fR\|(3), +\&\fBEVP_DigestInit\fR\|(3), +\&\fBevp\fR\|(7), \s-1\fBHMAC\s0\fR\|(3), \s-1\fBMD2\s0\fR\|(3), +\&\s-1\fBMD5\s0\fR\|(3), \s-1\fBMDC2\s0\fR\|(3), \s-1\fBRIPEMD160\s0\fR\|(3), +\&\s-1\fBSHA1\s0\fR\|(3), \fBdgst\fR\|(1) .SH "HISTORY" .IX Header "HISTORY" -\&\fIEVP_DigestVerifyInit()\fR, \fIEVP_DigestVerifyUpdate()\fR and \fIEVP_DigestVerifyFinal()\fR -were first added to OpenSSL 1.0.0. +\&\fBEVP_DigestVerifyInit()\fR, \fBEVP_DigestVerifyUpdate()\fR and \fBEVP_DigestVerifyFinal()\fR +were added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_EncodeInit.3 b/secure/lib/libcrypto/man/EVP_EncodeInit.3 index 0cc531b9eb7c..e4da7962f90a 100644 --- a/secure/lib/libcrypto/man/EVP_EncodeInit.3 +++ b/secure/lib/libcrypto/man/EVP_EncodeInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_ENCODEINIT 3" -.TH EVP_ENCODEINIT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_ENCODEINIT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -167,10 +171,10 @@ plus some occasional newlines (see below). If the input data length is not a multiple of 3 then the output data will be padded at the end using the \*(L"=\*(R" character. .PP -\&\fIEVP_ENCODE_CTX_new()\fR allocates, initializes and returns a context to be used for +\&\fBEVP_ENCODE_CTX_new()\fR allocates, initializes and returns a context to be used for the encode/decode functions. .PP -\&\fIEVP_ENCODE_CTX_free()\fR cleans up an encode/decode context \fBctx\fR and frees up the +\&\fBEVP_ENCODE_CTX_free()\fR cleans up an encode/decode context \fBctx\fR and frees up the space allocated to it. .PP Encoding of binary data is performed in blocks of 48 input bytes (or less for @@ -181,38 +185,38 @@ bytes of input. If the data length is not divisible by 3 then a full 4 bytes is still output for the final 1 or 2 bytes of input. Similarly a newline character will also be output. .PP -\&\fIEVP_EncodeInit()\fR initialises \fBctx\fR for the start of a new encoding operation. +\&\fBEVP_EncodeInit()\fR initialises \fBctx\fR for the start of a new encoding operation. .PP -\&\fIEVP_EncodeUpdate()\fR encode \fBinl\fR bytes of data found in the buffer pointed to by +\&\fBEVP_EncodeUpdate()\fR encode \fBinl\fR bytes of data found in the buffer pointed to by \&\fBin\fR. The output is stored in the buffer \fBout\fR and the number of bytes output is stored in \fB*outl\fR. It is the caller's responsibility to ensure that the buffer at \fBout\fR is sufficiently large to accommodate the output data. Only full blocks of data (48 bytes) will be immediately processed and output by this function. Any remainder is held in the \fBctx\fR object and will be processed by a -subsequent call to \fIEVP_EncodeUpdate()\fR or \fIEVP_EncodeFinal()\fR. To calculate the +subsequent call to \fBEVP_EncodeUpdate()\fR or \fBEVP_EncodeFinal()\fR. To calculate the required size of the output buffer add together the value of \fBinl\fR with the amount of unprocessed data held in \fBctx\fR and divide the result by 48 (ignore any remainder). This gives the number of blocks of data that will be processed. Ensure the output buffer contains 65 bytes of storage for each block, plus an -additional byte for a \s-1NUL\s0 terminator. \fIEVP_EncodeUpdate()\fR may be called +additional byte for a \s-1NUL\s0 terminator. \fBEVP_EncodeUpdate()\fR may be called repeatedly to process large amounts of input data. In the event of an error -\&\fIEVP_EncodeUpdate()\fR will set \fB*outl\fR to 0 and return 0. On success 1 will be +\&\fBEVP_EncodeUpdate()\fR will set \fB*outl\fR to 0 and return 0. On success 1 will be returned. .PP -\&\fIEVP_EncodeFinal()\fR must be called at the end of an encoding operation. It will +\&\fBEVP_EncodeFinal()\fR must be called at the end of an encoding operation. It will process any partial block of data remaining in the \fBctx\fR object. The output data will be stored in \fBout\fR and the length of the data written will be stored in \fB*outl\fR. It is the caller's responsibility to ensure that \fBout\fR is sufficiently large to accommodate the output data which will never be more than 65 bytes plus an additional \s-1NUL\s0 terminator (i.e. 66 bytes in total). .PP -\&\fIEVP_ENCODE_CTX_copy()\fR can be used to copy a context \fBsctx\fR to a context +\&\fBEVP_ENCODE_CTX_copy()\fR can be used to copy a context \fBsctx\fR to a context \&\fBdctx\fR. \fBdctx\fR must be initialized before calling this function. .PP -\&\fIEVP_ENCODE_CTX_num()\fR will return the number of as yet unprocessed bytes still to +\&\fBEVP_ENCODE_CTX_num()\fR will return the number of as yet unprocessed bytes still to be encoded or decoded that are pending in the \fBctx\fR object. .PP -\&\fIEVP_EncodeBlock()\fR encodes a full block of input data in \fBf\fR and of length +\&\fBEVP_EncodeBlock()\fR encodes a full block of input data in \fBf\fR and of length \&\fBdlen\fR and stores it in \fBt\fR. For every 3 bytes of input provided 4 bytes of output data will be produced. If \fBdlen\fR is not divisible by 3 then the block is encoded as a final block of data and the output is padded such that it is always @@ -221,16 +225,16 @@ example if 16 bytes of input data is provided then 24 bytes of encoded data is created plus 1 byte for a \s-1NUL\s0 terminator (i.e. 25 bytes in total). The length of the data generated \fIwithout\fR the \s-1NUL\s0 terminator is returned from the function. .PP -\&\fIEVP_DecodeInit()\fR initialises \fBctx\fR for the start of a new decoding operation. +\&\fBEVP_DecodeInit()\fR initialises \fBctx\fR for the start of a new decoding operation. .PP -\&\fIEVP_DecodeUpdate()\fR decodes \fBinl\fR characters of data found in the buffer pointed +\&\fBEVP_DecodeUpdate()\fR decodes \fBinl\fR characters of data found in the buffer pointed to by \fBin\fR. The output is stored in the buffer \fBout\fR and the number of bytes output is stored in \fB*outl\fR. It is the caller's responsibility to ensure that the buffer at \fBout\fR is sufficiently large to accommodate the output data. This function will attempt to decode as much data as possible in 4 byte chunks. Any whitespace, newline or carriage return characters are ignored. Any partial chunk of unprocessed data (1, 2 or 3 bytes) that remains at the end will be held in -the \fBctx\fR object and processed by a subsequent call to \fIEVP_DecodeUpdate()\fR. If +the \fBctx\fR object and processed by a subsequent call to \fBEVP_DecodeUpdate()\fR. If any illegal base 64 characters are encountered or if the base 64 padding character \*(L"=\*(R" is encountered in the middle of the data then the function returns \&\-1 to indicate an error. A return value of 0 or 1 indicates successful @@ -241,12 +245,12 @@ every 4 valid base 64 bytes processed (ignoring whitespace, carriage returns and line feeds), 3 bytes of binary output data will be produced (or less at the end of the data where the padding character \*(L"=\*(R" has been used). .PP -\&\fIEVP_DecodeFinal()\fR must be called at the end of a decoding operation. If there +\&\fBEVP_DecodeFinal()\fR must be called at the end of a decoding operation. If there is any unprocessed data still in \fBctx\fR then the input data must not have been a multiple of 4 and therefore an error has occurred. The function will return \-1 in this case. Otherwise the function returns 1 on success. .PP -\&\fIEVP_DecodeBlock()\fR will decode the block of \fBn\fR characters of base 64 data +\&\fBEVP_DecodeBlock()\fR will decode the block of \fBn\fR characters of base 64 data contained in \fBf\fR and store the result in \fBt\fR. Any leading whitespace will be trimmed as will any trailing whitespace, newlines, carriage returns or \s-1EOF\s0 characters. After such trimming the length of the data in \fBf\fR must be divisible @@ -256,26 +260,26 @@ always 3 bytes for every 4 input bytes. This function will return the length of the data decoded or \-1 on error. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_ENCODE_CTX_new()\fR returns a pointer to the newly allocated \s-1EVP_ENCODE_CTX\s0 +\&\fBEVP_ENCODE_CTX_new()\fR returns a pointer to the newly allocated \s-1EVP_ENCODE_CTX\s0 object or \s-1NULL\s0 on error. .PP -\&\fIEVP_ENCODE_CTX_num()\fR returns the number of bytes pending encoding or decoding in +\&\fBEVP_ENCODE_CTX_num()\fR returns the number of bytes pending encoding or decoding in \&\fBctx\fR. .PP -\&\fIEVP_EncodeUpdate()\fR returns 0 on error or 1 on success. +\&\fBEVP_EncodeUpdate()\fR returns 0 on error or 1 on success. .PP -\&\fIEVP_EncodeBlock()\fR returns the number of bytes encoded excluding the \s-1NUL\s0 +\&\fBEVP_EncodeBlock()\fR returns the number of bytes encoded excluding the \s-1NUL\s0 terminator. .PP -\&\fIEVP_DecodeUpdate()\fR returns \-1 on error and 0 or 1 on success. If 0 is returned +\&\fBEVP_DecodeUpdate()\fR returns \-1 on error and 0 or 1 on success. If 0 is returned then no more non-padding base 64 characters are expected. .PP -\&\fIEVP_DecodeFinal()\fR returns \-1 on error or 1 on success. +\&\fBEVP_DecodeFinal()\fR returns \-1 on error or 1 on success. .PP -\&\fIEVP_DecodeBlock()\fR returns the length of the data decoded or \-1 on error. +\&\fBEVP_DecodeBlock()\fR returns the length of the data decoded or \-1 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(7) +\&\fBevp\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_EncryptInit.3 b/secure/lib/libcrypto/man/EVP_EncryptInit.3 index ace2df58d457..d2e3a60bc539 100644 --- a/secure/lib/libcrypto/man/EVP_EncryptInit.3 +++ b/secure/lib/libcrypto/man/EVP_EncryptInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_ENCRYPTINIT 3" -.TH EVP_ENCRYPTINIT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_ENCRYPTINIT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -210,18 +214,18 @@ EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX_free, EVP_EncryptInit_e The \s-1EVP\s0 cipher routines are a high level interface to certain symmetric ciphers. .PP -\&\fIEVP_CIPHER_CTX_new()\fR creates a cipher context. +\&\fBEVP_CIPHER_CTX_new()\fR creates a cipher context. .PP -\&\fIEVP_CIPHER_CTX_free()\fR clears all information from a cipher context +\&\fBEVP_CIPHER_CTX_free()\fR clears all information from a cipher context and free up any allocated memory associate with it, including \fBctx\fR itself. This function should be called after all operations using a cipher are complete so sensitive information does not remain in memory. .PP -\&\fIEVP_EncryptInit_ex()\fR sets up cipher context \fBctx\fR for encryption +\&\fBEVP_EncryptInit_ex()\fR sets up cipher context \fBctx\fR for encryption with cipher \fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be created before calling this function. \fBtype\fR is normally supplied -by a function such as \fIEVP_aes_256_cbc()\fR. If \fBimpl\fR is \s-1NULL\s0 then the +by a function such as \fBEVP_aes_256_cbc()\fR. If \fBimpl\fR is \s-1NULL\s0 then the default implementation is used. \fBkey\fR is the symmetric key to use and \fBiv\fR is the \s-1IV\s0 to use (if necessary), the actual number of bytes used for the key and \s-1IV\s0 depends on the cipher. It is possible to set @@ -230,7 +234,7 @@ the remaining parameters in subsequent calls, all of which have \fBtype\fR set to \s-1NULL.\s0 This is done when the default cipher parameters are not appropriate. .PP -\&\fIEVP_EncryptUpdate()\fR encrypts \fBinl\fR bytes from the buffer \fBin\fR and +\&\fBEVP_EncryptUpdate()\fR encrypts \fBinl\fR bytes from the buffer \fBin\fR and writes the encrypted version to \fBout\fR. This function can be called multiple times to encrypt successive blocks of data. The amount of data written depends on the block alignment of the encrypted data: @@ -240,178 +244,178 @@ room. The actual number of bytes written is placed in \fBoutl\fR. It also checks if \fBin\fR and \fBout\fR are partially overlapping, and if they are 0 is returned to indicate failure. .PP -If padding is enabled (the default) then \fIEVP_EncryptFinal_ex()\fR encrypts +If padding is enabled (the default) then \fBEVP_EncryptFinal_ex()\fR encrypts the \*(L"final\*(R" data, that is any data that remains in a partial block. It uses standard block padding (aka \s-1PKCS\s0 padding) as described in the \s-1NOTES\s0 section, below. The encrypted final data is written to \fBout\fR which should have sufficient space for one cipher block. The number of bytes written is placed in \fBoutl\fR. After this function is called the encryption operation is finished and no further -calls to \fIEVP_EncryptUpdate()\fR should be made. +calls to \fBEVP_EncryptUpdate()\fR should be made. .PP -If padding is disabled then \fIEVP_EncryptFinal_ex()\fR will not encrypt any more +If padding is disabled then \fBEVP_EncryptFinal_ex()\fR will not encrypt any more data and it will return an error if any data remains in a partial block: that is if the total data length is not a multiple of the block size. .PP -\&\fIEVP_DecryptInit_ex()\fR, \fIEVP_DecryptUpdate()\fR and \fIEVP_DecryptFinal_ex()\fR are the -corresponding decryption operations. \fIEVP_DecryptFinal()\fR will return an +\&\fBEVP_DecryptInit_ex()\fR, \fBEVP_DecryptUpdate()\fR and \fBEVP_DecryptFinal_ex()\fR are the +corresponding decryption operations. \fBEVP_DecryptFinal()\fR will return an error code if padding is enabled and the final block is not correctly formatted. The parameters and restrictions are identical to the encryption operations except that if padding is enabled the decrypted data buffer \fBout\fR -passed to \fIEVP_DecryptUpdate()\fR should have sufficient room for +passed to \fBEVP_DecryptUpdate()\fR should have sufficient room for (\fBinl\fR + cipher_block_size) bytes unless the cipher block size is 1 in which case \fBinl\fR bytes is sufficient. .PP -\&\fIEVP_CipherInit_ex()\fR, \fIEVP_CipherUpdate()\fR and \fIEVP_CipherFinal_ex()\fR are +\&\fBEVP_CipherInit_ex()\fR, \fBEVP_CipherUpdate()\fR and \fBEVP_CipherFinal_ex()\fR are functions that can be used for decryption or encryption. The operation performed depends on the value of the \fBenc\fR parameter. It should be set to 1 for encryption, 0 for decryption and \-1 to leave the value unchanged (the actual value of 'enc' being supplied in a previous call). .PP -\&\fIEVP_CIPHER_CTX_reset()\fR clears all information from a cipher context +\&\fBEVP_CIPHER_CTX_reset()\fR clears all information from a cipher context and free up any allocated memory associate with it, except the \fBctx\fR itself. This function should be called anytime \fBctx\fR is to be reused -for another \fIEVP_CipherInit()\fR / \fIEVP_CipherUpdate()\fR / \fIEVP_CipherFinal()\fR +for another \fBEVP_CipherInit()\fR / \fBEVP_CipherUpdate()\fR / \fBEVP_CipherFinal()\fR series of calls. .PP -\&\fIEVP_EncryptInit()\fR, \fIEVP_DecryptInit()\fR and \fIEVP_CipherInit()\fR behave in a -similar way to \fIEVP_EncryptInit_ex()\fR, \fIEVP_DecryptInit_ex()\fR and -\&\fIEVP_CipherInit_ex()\fR except they always use the default cipher implementation. +\&\fBEVP_EncryptInit()\fR, \fBEVP_DecryptInit()\fR and \fBEVP_CipherInit()\fR behave in a +similar way to \fBEVP_EncryptInit_ex()\fR, \fBEVP_DecryptInit_ex()\fR and +\&\fBEVP_CipherInit_ex()\fR except they always use the default cipher implementation. .PP -\&\fIEVP_EncryptFinal()\fR, \fIEVP_DecryptFinal()\fR and \fIEVP_CipherFinal()\fR are -identical to \fIEVP_EncryptFinal_ex()\fR, \fIEVP_DecryptFinal_ex()\fR and -\&\fIEVP_CipherFinal_ex()\fR. In previous releases they also cleaned up -the \fBctx\fR, but this is no longer done and \fIEVP_CIPHER_CTX_clean()\fR +\&\fBEVP_EncryptFinal()\fR, \fBEVP_DecryptFinal()\fR and \fBEVP_CipherFinal()\fR are +identical to \fBEVP_EncryptFinal_ex()\fR, \fBEVP_DecryptFinal_ex()\fR and +\&\fBEVP_CipherFinal_ex()\fR. In previous releases they also cleaned up +the \fBctx\fR, but this is no longer done and \fBEVP_CIPHER_CTX_clean()\fR must be called to free any context resources. .PP -\&\fIEVP_get_cipherbyname()\fR, \fIEVP_get_cipherbynid()\fR and \fIEVP_get_cipherbyobj()\fR +\&\fBEVP_get_cipherbyname()\fR, \fBEVP_get_cipherbynid()\fR and \fBEVP_get_cipherbyobj()\fR return an \s-1EVP_CIPHER\s0 structure when passed a cipher name, a \s-1NID\s0 or an \&\s-1ASN1_OBJECT\s0 structure. .PP -\&\fIEVP_CIPHER_nid()\fR and \fIEVP_CIPHER_CTX_nid()\fR return the \s-1NID\s0 of a cipher when +\&\fBEVP_CIPHER_nid()\fR and \fBEVP_CIPHER_CTX_nid()\fR return the \s-1NID\s0 of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR structure. The actual \s-1NID\s0 value is an internal value which may not have a corresponding \s-1OBJECT IDENTIFIER.\s0 .PP -\&\fIEVP_CIPHER_CTX_set_padding()\fR enables or disables padding. This +\&\fBEVP_CIPHER_CTX_set_padding()\fR enables or disables padding. This function should be called after the context is set up for encryption -or decryption with \fIEVP_EncryptInit_ex()\fR, \fIEVP_DecryptInit_ex()\fR or -\&\fIEVP_CipherInit_ex()\fR. By default encryption operations are padded using +or decryption with \fBEVP_EncryptInit_ex()\fR, \fBEVP_DecryptInit_ex()\fR or +\&\fBEVP_CipherInit_ex()\fR. By default encryption operations are padded using standard block padding and the padding is checked and removed when decrypting. If the \fBpad\fR parameter is zero then no padding is performed, the total amount of data encrypted or decrypted must then be a multiple of the block size or an error will occur. .PP -\&\fIEVP_CIPHER_key_length()\fR and \fIEVP_CIPHER_CTX_key_length()\fR return the key +\&\fBEVP_CIPHER_key_length()\fR and \fBEVP_CIPHER_CTX_key_length()\fR return the key length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR structure. The constant \fB\s-1EVP_MAX_KEY_LENGTH\s0\fR is the maximum key length -for all ciphers. Note: although \fIEVP_CIPHER_key_length()\fR is fixed for a -given cipher, the value of \fIEVP_CIPHER_CTX_key_length()\fR may be different +for all ciphers. Note: although \fBEVP_CIPHER_key_length()\fR is fixed for a +given cipher, the value of \fBEVP_CIPHER_CTX_key_length()\fR may be different for variable key length ciphers. .PP -\&\fIEVP_CIPHER_CTX_set_key_length()\fR sets the key length of the cipher ctx. +\&\fBEVP_CIPHER_CTX_set_key_length()\fR sets the key length of the cipher ctx. If the cipher is a fixed length cipher then attempting to set the key length to any value other than the fixed value is an error. .PP -\&\fIEVP_CIPHER_iv_length()\fR and \fIEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0 +\&\fBEVP_CIPHER_iv_length()\fR and \fBEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0 length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR. It will return zero if the cipher does not use an \s-1IV.\s0 The constant \&\fB\s-1EVP_MAX_IV_LENGTH\s0\fR is the maximum \s-1IV\s0 length for all ciphers. .PP -\&\fIEVP_CIPHER_block_size()\fR and \fIEVP_CIPHER_CTX_block_size()\fR return the block +\&\fBEVP_CIPHER_block_size()\fR and \fBEVP_CIPHER_CTX_block_size()\fR return the block size of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR structure. The constant \fB\s-1EVP_MAX_BLOCK_LENGTH\s0\fR is also the maximum block length for all ciphers. .PP -\&\fIEVP_CIPHER_type()\fR and \fIEVP_CIPHER_CTX_type()\fR return the type of the passed +\&\fBEVP_CIPHER_type()\fR and \fBEVP_CIPHER_CTX_type()\fR return the type of the passed cipher or context. This \*(L"type\*(R" is the actual \s-1NID\s0 of the cipher \s-1OBJECT IDENTIFIER\s0 as such it ignores the cipher parameters and 40 bit \s-1RC2\s0 and 128 bit \s-1RC2\s0 have the same \s-1NID.\s0 If the cipher does not have an object identifier or does not have \s-1ASN1\s0 support this function will return \&\fBNID_undef\fR. .PP -\&\fIEVP_CIPHER_CTX_cipher()\fR returns the \fB\s-1EVP_CIPHER\s0\fR structure when passed +\&\fBEVP_CIPHER_CTX_cipher()\fR returns the \fB\s-1EVP_CIPHER\s0\fR structure when passed an \fB\s-1EVP_CIPHER_CTX\s0\fR structure. .PP -\&\fIEVP_CIPHER_mode()\fR and \fIEVP_CIPHER_CTX_mode()\fR return the block cipher mode: +\&\fBEVP_CIPHER_mode()\fR and \fBEVP_CIPHER_CTX_mode()\fR return the block cipher mode: \&\s-1EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, EVP_CIPH_WRAP_MODE\s0 or \s-1EVP_CIPH_OCB_MODE.\s0 If the cipher is a stream cipher then \&\s-1EVP_CIPH_STREAM_CIPHER\s0 is returned. .PP -\&\fIEVP_CIPHER_param_to_asn1()\fR sets the AlgorithmIdentifier \*(L"parameter\*(R" based +\&\fBEVP_CIPHER_param_to_asn1()\fR sets the AlgorithmIdentifier \*(L"parameter\*(R" based on the passed cipher. This will typically include any parameters and an \&\s-1IV.\s0 The cipher \s-1IV\s0 (if any) must be set when this call is made. This call should be made before the cipher is actually \*(L"used\*(R" (before any -\&\fIEVP_EncryptUpdate()\fR, \fIEVP_DecryptUpdate()\fR calls for example). This function +\&\fBEVP_EncryptUpdate()\fR, \fBEVP_DecryptUpdate()\fR calls for example). This function may fail if the cipher does not have any \s-1ASN1\s0 support. .PP -\&\fIEVP_CIPHER_asn1_to_param()\fR sets the cipher parameters based on an \s-1ASN1\s0 +\&\fBEVP_CIPHER_asn1_to_param()\fR sets the cipher parameters based on an \s-1ASN1\s0 AlgorithmIdentifier \*(L"parameter\*(R". The precise effect depends on the cipher In the case of \s-1RC2,\s0 for example, it will set the \s-1IV\s0 and effective key length. This function should be called after the base cipher type is set but before -the key is set. For example \fIEVP_CipherInit()\fR will be called with the \s-1IV\s0 and -key set to \s-1NULL,\s0 \fIEVP_CIPHER_asn1_to_param()\fR will be called and finally -\&\fIEVP_CipherInit()\fR again with all parameters except the key set to \s-1NULL.\s0 It is +the key is set. For example \fBEVP_CipherInit()\fR will be called with the \s-1IV\s0 and +key set to \s-1NULL,\s0 \fBEVP_CIPHER_asn1_to_param()\fR will be called and finally +\&\fBEVP_CipherInit()\fR again with all parameters except the key set to \s-1NULL.\s0 It is possible for this function to fail if the cipher does not have any \s-1ASN1\s0 support or the parameters cannot be set (for example the \s-1RC2\s0 effective key length is not supported. .PP -\&\fIEVP_CIPHER_CTX_ctrl()\fR allows various cipher specific parameters to be determined +\&\fBEVP_CIPHER_CTX_ctrl()\fR allows various cipher specific parameters to be determined and set. .PP -\&\fIEVP_CIPHER_CTX_rand_key()\fR generates a random key of the appropriate length +\&\fBEVP_CIPHER_CTX_rand_key()\fR generates a random key of the appropriate length based on the cipher context. The \s-1EVP_CIPHER\s0 can provide its own random key generation routine to support keys of a specific form. \fBKey\fR must point to a -buffer at least as big as the value returned by \fIEVP_CIPHER_CTX_key_length()\fR. +buffer at least as big as the value returned by \fBEVP_CIPHER_CTX_key_length()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_CIPHER_CTX_new()\fR returns a pointer to a newly created +\&\fBEVP_CIPHER_CTX_new()\fR returns a pointer to a newly created \&\fB\s-1EVP_CIPHER_CTX\s0\fR for success and \fB\s-1NULL\s0\fR for failure. .PP -\&\fIEVP_EncryptInit_ex()\fR, \fIEVP_EncryptUpdate()\fR and \fIEVP_EncryptFinal_ex()\fR +\&\fBEVP_EncryptInit_ex()\fR, \fBEVP_EncryptUpdate()\fR and \fBEVP_EncryptFinal_ex()\fR return 1 for success and 0 for failure. .PP -\&\fIEVP_DecryptInit_ex()\fR and \fIEVP_DecryptUpdate()\fR return 1 for success and 0 for failure. -\&\fIEVP_DecryptFinal_ex()\fR returns 0 if the decrypt failed or 1 for success. +\&\fBEVP_DecryptInit_ex()\fR and \fBEVP_DecryptUpdate()\fR return 1 for success and 0 for failure. +\&\fBEVP_DecryptFinal_ex()\fR returns 0 if the decrypt failed or 1 for success. .PP -\&\fIEVP_CipherInit_ex()\fR and \fIEVP_CipherUpdate()\fR return 1 for success and 0 for failure. -\&\fIEVP_CipherFinal_ex()\fR returns 0 for a decryption failure or 1 for success. +\&\fBEVP_CipherInit_ex()\fR and \fBEVP_CipherUpdate()\fR return 1 for success and 0 for failure. +\&\fBEVP_CipherFinal_ex()\fR returns 0 for a decryption failure or 1 for success. .PP -\&\fIEVP_CIPHER_CTX_reset()\fR returns 1 for success and 0 for failure. +\&\fBEVP_CIPHER_CTX_reset()\fR returns 1 for success and 0 for failure. .PP -\&\fIEVP_get_cipherbyname()\fR, \fIEVP_get_cipherbynid()\fR and \fIEVP_get_cipherbyobj()\fR +\&\fBEVP_get_cipherbyname()\fR, \fBEVP_get_cipherbynid()\fR and \fBEVP_get_cipherbyobj()\fR return an \fB\s-1EVP_CIPHER\s0\fR structure or \s-1NULL\s0 on error. .PP -\&\fIEVP_CIPHER_nid()\fR and \fIEVP_CIPHER_CTX_nid()\fR return a \s-1NID.\s0 +\&\fBEVP_CIPHER_nid()\fR and \fBEVP_CIPHER_CTX_nid()\fR return a \s-1NID.\s0 .PP -\&\fIEVP_CIPHER_block_size()\fR and \fIEVP_CIPHER_CTX_block_size()\fR return the block +\&\fBEVP_CIPHER_block_size()\fR and \fBEVP_CIPHER_CTX_block_size()\fR return the block size. .PP -\&\fIEVP_CIPHER_key_length()\fR and \fIEVP_CIPHER_CTX_key_length()\fR return the key +\&\fBEVP_CIPHER_key_length()\fR and \fBEVP_CIPHER_CTX_key_length()\fR return the key length. .PP -\&\fIEVP_CIPHER_CTX_set_padding()\fR always returns 1. +\&\fBEVP_CIPHER_CTX_set_padding()\fR always returns 1. .PP -\&\fIEVP_CIPHER_iv_length()\fR and \fIEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0 +\&\fBEVP_CIPHER_iv_length()\fR and \fBEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0 length or zero if the cipher does not use an \s-1IV.\s0 .PP -\&\fIEVP_CIPHER_type()\fR and \fIEVP_CIPHER_CTX_type()\fR return the \s-1NID\s0 of the cipher's +\&\fBEVP_CIPHER_type()\fR and \fBEVP_CIPHER_CTX_type()\fR return the \s-1NID\s0 of the cipher's \&\s-1OBJECT IDENTIFIER\s0 or NID_undef if it has no defined \s-1OBJECT IDENTIFIER.\s0 .PP -\&\fIEVP_CIPHER_CTX_cipher()\fR returns an \fB\s-1EVP_CIPHER\s0\fR structure. +\&\fBEVP_CIPHER_CTX_cipher()\fR returns an \fB\s-1EVP_CIPHER\s0\fR structure. .PP -\&\fIEVP_CIPHER_param_to_asn1()\fR and \fIEVP_CIPHER_asn1_to_param()\fR return greater +\&\fBEVP_CIPHER_param_to_asn1()\fR and \fBEVP_CIPHER_asn1_to_param()\fR return greater than zero for success and zero or a negative number on failure. .PP -\&\fIEVP_CIPHER_CTX_rand_key()\fR returns 1 for success. +\&\fBEVP_CIPHER_CTX_rand_key()\fR returns 1 for success. .SH "CIPHER LISTING" .IX Header "CIPHER LISTING" All algorithms have a fixed key length unless otherwise stated. .PP Refer to \*(L"\s-1SEE ALSO\*(R"\s0 for the full list of ciphers available through the \s-1EVP\s0 interface. -.IP "\fIEVP_enc_null()\fR" 4 +.IP "\fBEVP_enc_null()\fR" 4 .IX Item "EVP_enc_null()" Null cipher: does nothing. .SH "AEAD Interface" @@ -420,11 +424,11 @@ The \s-1EVP\s0 interface for Authenticated Encryption with Associated Data (\s-1 modes are subtly altered and several additional \fIctrl\fR operations are supported depending on the mode specified. .PP -To specify additional authenticated data (\s-1AAD\s0), a call to \fIEVP_CipherUpdate()\fR, -\&\fIEVP_EncryptUpdate()\fR or \fIEVP_DecryptUpdate()\fR should be made with the output +To specify additional authenticated data (\s-1AAD\s0), a call to \fBEVP_CipherUpdate()\fR, +\&\fBEVP_EncryptUpdate()\fR or \fBEVP_DecryptUpdate()\fR should be made with the output parameter \fBout\fR set to \fB\s-1NULL\s0\fR. .PP -When decrypting, the return value of \fIEVP_DecryptFinal()\fR or \fIEVP_CipherFinal()\fR +When decrypting, the return value of \fBEVP_DecryptFinal()\fR or \fBEVP_CipherFinal()\fR indicates whether the operation was successful. If it does not indicate success, the authentication operation has failed and any output data \fB\s-1MUST NOT\s0\fR be used as it is corrupted. @@ -442,7 +446,7 @@ maximum is 15. .IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)" Writes \f(CW\*(C`taglen\*(C'\fR bytes of the tag value to the buffer indicated by \f(CW\*(C`tag\*(C'\fR. This call can only be made when encrypting data and \fBafter\fR all data has been -processed (e.g. after an \fIEVP_EncryptFinal()\fR call). +processed (e.g. after an \fBEVP_EncryptFinal()\fR call). .Sp For \s-1OCB,\s0 \f(CW\*(C`taglen\*(C'\fR must either be 16 or the value previously set via \&\fB\s-1EVP_CTRL_AEAD_SET_TAG\s0\fR. @@ -469,7 +473,7 @@ The \s-1EVP\s0 interface for \s-1CCM\s0 mode is similar to that of the \s-1GCM\s few additional requirements and different \fIctrl\fR values. .PP For \s-1CCM\s0 mode, the total plaintext or ciphertext length \fB\s-1MUST\s0\fR be passed to -\&\fIEVP_CipherUpdate()\fR, \fIEVP_EncryptUpdate()\fR or \fIEVP_DecryptUpdate()\fR with the output +\&\fBEVP_CipherUpdate()\fR, \fBEVP_EncryptUpdate()\fR or \fBEVP_DecryptUpdate()\fR with the output and input parameters (\fBin\fR and \fBout\fR) set to \fB\s-1NULL\s0\fR and the length passed in the \fBinl\fR parameter. .PP @@ -500,7 +504,7 @@ nonce length is 16 (\fB\s-1CHACHA_CTR_SIZE\s0\fR, i.e. 128\-bits). .IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)" Writes \f(CW\*(C`taglen\*(C'\fR bytes of the tag value to the buffer indicated by \f(CW\*(C`tag\*(C'\fR. This call can only be made when encrypting data and \fBafter\fR all data has been -processed (e.g. after an \fIEVP_EncryptFinal()\fR call). +processed (e.g. after an \fBEVP_EncryptFinal()\fR call). .Sp \&\f(CW\*(C`taglen\*(C'\fR specified here must be 16 (\fB\s-1POLY1305_BLOCK_SIZE\s0\fR, i.e. 128\-bits) or less. @@ -535,14 +539,14 @@ the input data earlier on will not produce a final decrypt error. If padding is disabled then the decryption operation will always succeed if the total amount of data decrypted is a multiple of the block size. .PP -The functions \fIEVP_EncryptInit()\fR, \fIEVP_EncryptFinal()\fR, \fIEVP_DecryptInit()\fR, -\&\fIEVP_CipherInit()\fR and \fIEVP_CipherFinal()\fR are obsolete but are retained for -compatibility with existing code. New code should use \fIEVP_EncryptInit_ex()\fR, -\&\fIEVP_EncryptFinal_ex()\fR, \fIEVP_DecryptInit_ex()\fR, \fIEVP_DecryptFinal_ex()\fR, -\&\fIEVP_CipherInit_ex()\fR and \fIEVP_CipherFinal_ex()\fR because they can reuse an +The functions \fBEVP_EncryptInit()\fR, \fBEVP_EncryptFinal()\fR, \fBEVP_DecryptInit()\fR, +\&\fBEVP_CipherInit()\fR and \fBEVP_CipherFinal()\fR are obsolete but are retained for +compatibility with existing code. New code should use \fBEVP_EncryptInit_ex()\fR, +\&\fBEVP_EncryptFinal_ex()\fR, \fBEVP_DecryptInit_ex()\fR, \fBEVP_DecryptFinal_ex()\fR, +\&\fBEVP_CipherInit_ex()\fR and \fBEVP_CipherFinal_ex()\fR because they can reuse an existing context without allocating and freeing it up on each call. .PP -\&\fIEVP_get_cipherbynid()\fR, and \fIEVP_get_cipherbyobj()\fR are implemented as macros. +\&\fBEVP_get_cipherbynid()\fR, and \fBEVP_get_cipherbyobj()\fR are implemented as macros. .SH "BUGS" .IX Header "BUGS" \&\fB\s-1EVP_MAX_KEY_LENGTH\s0\fR and \fB\s-1EVP_MAX_IV_LENGTH\s0\fR only refer to the internal @@ -667,32 +671,32 @@ with a 128\-bit key: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(7) +\&\fBevp\fR\|(7) .PP Supported ciphers are listed in: .PP -\&\fIEVP_aes\fR\|(3), -\&\fIEVP_aria\fR\|(3), -\&\fIEVP_bf\fR\|(3), -\&\fIEVP_camellia\fR\|(3), -\&\fIEVP_cast5\fR\|(3), -\&\fIEVP_chacha20\fR\|(3), -\&\fIEVP_des\fR\|(3), -\&\fIEVP_desx\fR\|(3), -\&\fIEVP_idea\fR\|(3), -\&\fIEVP_rc2\fR\|(3), -\&\fIEVP_rc4\fR\|(3), -\&\fIEVP_rc5\fR\|(3), -\&\fIEVP_seed\fR\|(3), -\&\fIEVP_sm4\fR\|(3) +\&\fBEVP_aes\fR\|(3), +\&\fBEVP_aria\fR\|(3), +\&\fBEVP_bf\fR\|(3), +\&\fBEVP_camellia\fR\|(3), +\&\fBEVP_cast5\fR\|(3), +\&\fBEVP_chacha20\fR\|(3), +\&\fBEVP_des\fR\|(3), +\&\fBEVP_desx\fR\|(3), +\&\fBEVP_idea\fR\|(3), +\&\fBEVP_rc2\fR\|(3), +\&\fBEVP_rc4\fR\|(3), +\&\fBEVP_rc5\fR\|(3), +\&\fBEVP_seed\fR\|(3), +\&\fBEVP_sm4\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -Support for \s-1OCB\s0 mode was added in OpenSSL 1.1.0 +Support for \s-1OCB\s0 mode was added in OpenSSL 1.1.0. .PP \&\fB\s-1EVP_CIPHER_CTX\s0\fR was made opaque in OpenSSL 1.1.0. As a result, -\&\fIEVP_CIPHER_CTX_reset()\fR appeared and \fIEVP_CIPHER_CTX_cleanup()\fR -disappeared. \fIEVP_CIPHER_CTX_init()\fR remains as an alias for -\&\fIEVP_CIPHER_CTX_reset()\fR. +\&\fBEVP_CIPHER_CTX_reset()\fR appeared and \fBEVP_CIPHER_CTX_cleanup()\fR +disappeared. \fBEVP_CIPHER_CTX_init()\fR remains as an alias for +\&\fBEVP_CIPHER_CTX_reset()\fR. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_MD_meth_new.3 b/secure/lib/libcrypto/man/EVP_MD_meth_new.3 index 3fb1079a55af..bdd8768b6fff 100644 --- a/secure/lib/libcrypto/man/EVP_MD_meth_new.3 +++ b/secure/lib/libcrypto/man/EVP_MD_meth_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_MD_METH_NEW 3" -.TH EVP_MD_METH_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_MD_METH_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -183,23 +187,23 @@ The \fB\s-1EVP_MD\s0\fR type is a structure for digest method implementation. It can also have associated public/private key signing and verifying routines. .PP -\&\fIEVP_MD_meth_new()\fR creates a new \fB\s-1EVP_MD\s0\fR structure. +\&\fBEVP_MD_meth_new()\fR creates a new \fB\s-1EVP_MD\s0\fR structure. .PP -\&\fIEVP_MD_meth_dup()\fR creates a copy of \fBmd\fR. +\&\fBEVP_MD_meth_dup()\fR creates a copy of \fBmd\fR. .PP -\&\fIEVP_MD_meth_free()\fR destroys a \fB\s-1EVP_MD\s0\fR structure. +\&\fBEVP_MD_meth_free()\fR destroys a \fB\s-1EVP_MD\s0\fR structure. .PP -\&\fIEVP_MD_meth_set_input_blocksize()\fR sets the internal input block size +\&\fBEVP_MD_meth_set_input_blocksize()\fR sets the internal input block size for the method \fBmd\fR to \fBblocksize\fR bytes. .PP -\&\fIEVP_MD_meth_set_result_size()\fR sets the size of the result that the +\&\fBEVP_MD_meth_set_result_size()\fR sets the size of the result that the digest method in \fBmd\fR is expected to produce to \fBresultsize\fR bytes. .PP The digest method may have its own private data, which OpenSSL will -allocate for it. \fIEVP_MD_meth_set_app_datasize()\fR should be used to +allocate for it. \fBEVP_MD_meth_set_app_datasize()\fR should be used to set the size for it to \fBdatasize\fR. .PP -\&\fIEVP_MD_meth_set_flags()\fR sets the flags to describe optional +\&\fBEVP_MD_meth_set_flags()\fR sets the flags to describe optional behaviours in the particular \fBmd\fR. Several flags can be or'd together. The available flags are: .IP "\s-1EVP_MD_FLAG_ONESHOT\s0" 4 @@ -222,58 +226,58 @@ Custom DigestAlgorithmIdentifier handling via ctrl, with \&\s-1EVP_MD_FLAG_DIGALGID_NULL,\s0 the latter will be overridden.\fR Currently unused. .PP -\&\fIEVP_MD_meth_set_init()\fR sets the digest init function for \fBmd\fR. -The digest init function is called by \fIEVP_DigestInit()\fR, -\&\fIEVP_DigestInit_ex()\fR, EVP_SignInit, \fIEVP_SignInit_ex()\fR, \fIEVP_VerifyInit()\fR -and \fIEVP_VerifyInit_ex()\fR. +\&\fBEVP_MD_meth_set_init()\fR sets the digest init function for \fBmd\fR. +The digest init function is called by \fBEVP_DigestInit()\fR, +\&\fBEVP_DigestInit_ex()\fR, EVP_SignInit, \fBEVP_SignInit_ex()\fR, \fBEVP_VerifyInit()\fR +and \fBEVP_VerifyInit_ex()\fR. .PP -\&\fIEVP_MD_meth_set_update()\fR sets the digest update function for \fBmd\fR. -The digest update function is called by \fIEVP_DigestUpdate()\fR, -\&\fIEVP_SignUpdate()\fR. +\&\fBEVP_MD_meth_set_update()\fR sets the digest update function for \fBmd\fR. +The digest update function is called by \fBEVP_DigestUpdate()\fR, +\&\fBEVP_SignUpdate()\fR. .PP -\&\fIEVP_MD_meth_set_final()\fR sets the digest final function for \fBmd\fR. -The digest final function is called by \fIEVP_DigestFinal()\fR, -\&\fIEVP_DigestFinal_ex()\fR, \fIEVP_SignFinal()\fR and \fIEVP_VerifyFinal()\fR. +\&\fBEVP_MD_meth_set_final()\fR sets the digest final function for \fBmd\fR. +The digest final function is called by \fBEVP_DigestFinal()\fR, +\&\fBEVP_DigestFinal_ex()\fR, \fBEVP_SignFinal()\fR and \fBEVP_VerifyFinal()\fR. .PP -\&\fIEVP_MD_meth_set_copy()\fR sets the function for \fBmd\fR to do extra +\&\fBEVP_MD_meth_set_copy()\fR sets the function for \fBmd\fR to do extra computations after the method's private data structure has been copied from one \fB\s-1EVP_MD_CTX\s0\fR to another. If all that's needed is to copy the data, there is no need for this copy function. Note that the copy function is passed two \fB\s-1EVP_MD_CTX\s0 *\fR, the private -data structure is then available with \fIEVP_MD_CTX_md_data()\fR. -This copy function is called by \fIEVP_MD_CTX_copy()\fR and -\&\fIEVP_MD_CTX_copy_ex()\fR. +data structure is then available with \fBEVP_MD_CTX_md_data()\fR. +This copy function is called by \fBEVP_MD_CTX_copy()\fR and +\&\fBEVP_MD_CTX_copy_ex()\fR. .PP -\&\fIEVP_MD_meth_set_cleanup()\fR sets the function for \fBmd\fR to do extra +\&\fBEVP_MD_meth_set_cleanup()\fR sets the function for \fBmd\fR to do extra cleanup before the method's private data structure is cleaned out and freed. Note that the cleanup function is passed a \fB\s-1EVP_MD_CTX\s0 *\fR, the -private data structure is then available with \fIEVP_MD_CTX_md_data()\fR. -This cleanup function is called by \fIEVP_MD_CTX_reset()\fR and -\&\fIEVP_MD_CTX_free()\fR. +private data structure is then available with \fBEVP_MD_CTX_md_data()\fR. +This cleanup function is called by \fBEVP_MD_CTX_reset()\fR and +\&\fBEVP_MD_CTX_free()\fR. .PP -\&\fIEVP_MD_meth_set_ctrl()\fR sets the control function for \fBmd\fR. +\&\fBEVP_MD_meth_set_ctrl()\fR sets the control function for \fBmd\fR. .PP -\&\fIEVP_MD_meth_get_input_blocksize()\fR, \fIEVP_MD_meth_get_result_size()\fR, -\&\fIEVP_MD_meth_get_app_datasize()\fR, \fIEVP_MD_meth_get_flags()\fR, -\&\fIEVP_MD_meth_get_init()\fR, \fIEVP_MD_meth_get_update()\fR, -\&\fIEVP_MD_meth_get_final()\fR, \fIEVP_MD_meth_get_copy()\fR, -\&\fIEVP_MD_meth_get_cleanup()\fR and \fIEVP_MD_meth_get_ctrl()\fR are all used +\&\fBEVP_MD_meth_get_input_blocksize()\fR, \fBEVP_MD_meth_get_result_size()\fR, +\&\fBEVP_MD_meth_get_app_datasize()\fR, \fBEVP_MD_meth_get_flags()\fR, +\&\fBEVP_MD_meth_get_init()\fR, \fBEVP_MD_meth_get_update()\fR, +\&\fBEVP_MD_meth_get_final()\fR, \fBEVP_MD_meth_get_copy()\fR, +\&\fBEVP_MD_meth_get_cleanup()\fR and \fBEVP_MD_meth_get_ctrl()\fR are all used to retrieve the method data given with the EVP_MD_meth_set_*() functions above. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_MD_meth_new()\fR and \fIEVP_MD_meth_dup()\fR return a pointer to a newly +\&\fBEVP_MD_meth_new()\fR and \fBEVP_MD_meth_dup()\fR return a pointer to a newly created \fB\s-1EVP_MD\s0\fR, or \s-1NULL\s0 on failure. All EVP_MD_meth_set_*() functions return 1. -\&\fIEVP_MD_get_input_blocksize()\fR, \fIEVP_MD_meth_get_result_size()\fR, -\&\fIEVP_MD_meth_get_app_datasize()\fR and \fIEVP_MD_meth_get_flags()\fR return the +\&\fBEVP_MD_get_input_blocksize()\fR, \fBEVP_MD_meth_get_result_size()\fR, +\&\fBEVP_MD_meth_get_app_datasize()\fR and \fBEVP_MD_meth_get_flags()\fR return the indicated sizes or flags. All other EVP_CIPHER_meth_get_*() functions return pointers to their respective \fBmd\fR function. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_DigestInit\fR\|(3), \fIEVP_SignInit\fR\|(3), \fIEVP_VerifyInit\fR\|(3) +\&\fBEVP_DigestInit\fR\|(3), \fBEVP_SignInit\fR\|(3), \fBEVP_VerifyInit\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fB\s-1EVP_MD\s0\fR structure was openly available in OpenSSL before version diff --git a/secure/lib/libcrypto/man/EVP_OpenInit.3 b/secure/lib/libcrypto/man/EVP_OpenInit.3 index dbea8cf6caa5..5d8f33860b51 100644 --- a/secure/lib/libcrypto/man/EVP_OpenInit.3 +++ b/secure/lib/libcrypto/man/EVP_OpenInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_OPENINIT 3" -.TH EVP_OPENINIT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_OPENINIT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,19 +157,19 @@ The \s-1EVP\s0 envelope routines are a high level interface to envelope decryption. They decrypt a public key encrypted symmetric key and then decrypt data using it. .PP -\&\fIEVP_OpenInit()\fR initializes a cipher context \fBctx\fR for decryption +\&\fBEVP_OpenInit()\fR initializes a cipher context \fBctx\fR for decryption with cipher \fBtype\fR. It decrypts the encrypted symmetric key of length \&\fBekl\fR bytes passed in the \fBek\fR parameter using the private key \fBpriv\fR. The \s-1IV\s0 is supplied in the \fBiv\fR parameter. .PP -\&\fIEVP_OpenUpdate()\fR and \fIEVP_OpenFinal()\fR have exactly the same properties -as the \fIEVP_DecryptUpdate()\fR and \fIEVP_DecryptFinal()\fR routines, as -documented on the \fIEVP_EncryptInit\fR\|(3) manual +\&\fBEVP_OpenUpdate()\fR and \fBEVP_OpenFinal()\fR have exactly the same properties +as the \fBEVP_DecryptUpdate()\fR and \fBEVP_DecryptFinal()\fR routines, as +documented on the \fBEVP_EncryptInit\fR\|(3) manual page. .SH "NOTES" .IX Header "NOTES" -It is possible to call \fIEVP_OpenInit()\fR twice in the same way as -\&\fIEVP_DecryptInit()\fR. The first call should have \fBpriv\fR set to \s-1NULL\s0 +It is possible to call \fBEVP_OpenInit()\fR twice in the same way as +\&\fBEVP_DecryptInit()\fR. The first call should have \fBpriv\fR set to \s-1NULL\s0 and (after setting any cipher parameters) it should be called again with \fBtype\fR set to \s-1NULL.\s0 .PP @@ -175,17 +179,17 @@ key length. If the cipher is a fixed length cipher then the recovered key length must match the fixed cipher length. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_OpenInit()\fR returns 0 on error or a non zero integer (actually the +\&\fBEVP_OpenInit()\fR returns 0 on error or a non zero integer (actually the recovered secret key size) if successful. .PP -\&\fIEVP_OpenUpdate()\fR returns 1 for success or 0 for failure. +\&\fBEVP_OpenUpdate()\fR returns 1 for success or 0 for failure. .PP -\&\fIEVP_OpenFinal()\fR returns 0 if the decrypt failed or 1 for success. +\&\fBEVP_OpenFinal()\fR returns 0 if the decrypt failed or 1 for success. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(7), \fIRAND_bytes\fR\|(3), -\&\fIEVP_EncryptInit\fR\|(3), -\&\fIEVP_SealInit\fR\|(3) +\&\fBevp\fR\|(7), \fBRAND_bytes\fR\|(3), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_SealInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_ASN1_METHOD.3 b/secure/lib/libcrypto/man/EVP_PKEY_ASN1_METHOD.3 index 0e302ea4ffe8..d85770bdc8c1 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_ASN1_METHOD.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_ASN1_METHOD.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_ASN1_METHOD 3" -.TH EVP_PKEY_ASN1_METHOD 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_PKEY_ASN1_METHOD 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -260,7 +264,7 @@ There are two places where the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR objects are stored: one is a built-in array representing the standard methods for different algorithms, and the other one is a stack of user-defined application-specific methods, which can be manipulated by using -\&\fIEVP_PKEY_asn1_add0\fR\|(3). +\&\fBEVP_PKEY_asn1_add0\fR\|(3). .SS "Methods" .IX Subsection "Methods" The methods are the underlying implementations of a particular public @@ -274,20 +278,20 @@ key algorithm present by the \fB\s-1EVP_PKEY\s0\fR object. \& ASN1_PCTX *pctx); .Ve .PP -The \fIpub_decode()\fR and \fIpub_encode()\fR methods are called to decode / +The \fBpub_decode()\fR and \fBpub_encode()\fR methods are called to decode / encode \fBX509_PUBKEY\fR \s-1ASN.1\s0 parameters to / from \fBpk\fR. They \s-1MUST\s0 return 0 on error, 1 on success. -They're called by \fIX509_PUBKEY_get0\fR\|(3) and \fIX509_PUBKEY_set\fR\|(3). +They're called by \fBX509_PUBKEY_get0\fR\|(3) and \fBX509_PUBKEY_set\fR\|(3). .PP -The \fIpub_cmp()\fR method is called when two public keys are to be +The \fBpub_cmp()\fR method is called when two public keys are to be compared. It \s-1MUST\s0 return 1 when the keys are equal, 0 otherwise. -It's called by \fIEVP_PKEY_cmp\fR\|(3). +It's called by \fBEVP_PKEY_cmp\fR\|(3). .PP -The \fIpub_print()\fR method is called to print a public key in humanly +The \fBpub_print()\fR method is called to print a public key in humanly readable text to \fBout\fR, indented \fBindent\fR spaces. It \s-1MUST\s0 return 0 on error, 1 on success. -It's called by \fIEVP_PKEY_print_public\fR\|(3). +It's called by \fBEVP_PKEY_print_public\fR\|(3). .PP .Vb 4 \& int (*priv_decode) (EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf); @@ -296,15 +300,15 @@ It's called by \fIEVP_PKEY_print_public\fR\|(3). \& ASN1_PCTX *pctx); .Ve .PP -The \fIpriv_decode()\fR and \fIpriv_encode()\fR methods are called to decode / +The \fBpriv_decode()\fR and \fBpriv_encode()\fR methods are called to decode / encode \fB\s-1PKCS8_PRIV_KEY_INFO\s0\fR form private key to / from \fBpk\fR. They \s-1MUST\s0 return 0 on error, 1 on success. -They're called by \s-1\fIEVP_PKCS82PKEY\s0\fR\|(3) and \s-1\fIEVP_PKEY2PKCS8\s0\fR\|(3). +They're called by \s-1\fBEVP_PKCS82PKEY\s0\fR\|(3) and \s-1\fBEVP_PKEY2PKCS8\s0\fR\|(3). .PP -The \fIpriv_print()\fR method is called to print a private key in humanly +The \fBpriv_print()\fR method is called to print a private key in humanly readable text to \fBout\fR, indented \fBindent\fR spaces. It \s-1MUST\s0 return 0 on error, 1 on success. -It's called by \fIEVP_PKEY_print_private\fR\|(3). +It's called by \fBEVP_PKEY_print_private\fR\|(3). .PP .Vb 3 \& int (*pkey_size) (const EVP_PKEY *pk); @@ -312,11 +316,11 @@ It's called by \fIEVP_PKEY_print_private\fR\|(3). \& int (*pkey_security_bits) (const EVP_PKEY *pk); .Ve .PP -The \fIpkey_size()\fR method returns the key size in bytes. -It's called by \fIEVP_PKEY_size\fR\|(3). +The \fBpkey_size()\fR method returns the key size in bytes. +It's called by \fBEVP_PKEY_size\fR\|(3). .PP -The \fIpkey_bits()\fR method returns the key size in bits. -It's called by \fIEVP_PKEY_bits\fR\|(3). +The \fBpkey_bits()\fR method returns the key size in bits. +It's called by \fBEVP_PKEY_bits\fR\|(3). .PP .Vb 8 \& int (*param_decode) (EVP_PKEY *pkey, @@ -329,29 +333,29 @@ It's called by \fIEVP_PKEY_bits\fR\|(3). \& ASN1_PCTX *pctx); .Ve .PP -The \fIparam_decode()\fR and \fIparam_encode()\fR methods are called to decode / +The \fBparam_decode()\fR and \fBparam_encode()\fR methods are called to decode / encode \s-1DER\s0 formatted parameters to / from \fBpk\fR. They \s-1MUST\s0 return 0 on error, 1 on success. -They're called by \fIPEM_read_bio_Parameters\fR\|(3) and the \fBfile:\fR -\&\s-1\fIOSSL_STORE_LOADER\s0\fR\|(3). +They're called by \fBPEM_read_bio_Parameters\fR\|(3) and the \fBfile:\fR +\&\s-1\fBOSSL_STORE_LOADER\s0\fR\|(3). .PP -The \fIparam_missing()\fR method returns 0 if a key parameter is missing, +The \fBparam_missing()\fR method returns 0 if a key parameter is missing, otherwise 1. -It's called by \fIEVP_PKEY_missing_parameters\fR\|(3). +It's called by \fBEVP_PKEY_missing_parameters\fR\|(3). .PP -The \fIparam_copy()\fR method copies key parameters from \fBfrom\fR to \fBto\fR. +The \fBparam_copy()\fR method copies key parameters from \fBfrom\fR to \fBto\fR. It \s-1MUST\s0 return 0 on error, 1 on success. -It's called by \fIEVP_PKEY_copy_parameters\fR\|(3). +It's called by \fBEVP_PKEY_copy_parameters\fR\|(3). .PP -The \fIparam_cmp()\fR method compares the parameters of keys \fBa\fR and \fBb\fR. +The \fBparam_cmp()\fR method compares the parameters of keys \fBa\fR and \fBb\fR. It \s-1MUST\s0 return 1 when the keys are equal, 0 when not equal, or a negative number on error. -It's called by \fIEVP_PKEY_cmp_parameters\fR\|(3). +It's called by \fBEVP_PKEY_cmp_parameters\fR\|(3). .PP -The \fIparam_print()\fR method prints the private key parameters in humanly +The \fBparam_print()\fR method prints the private key parameters in humanly readable text to \fBout\fR, indented \fBindent\fR spaces. It \s-1MUST\s0 return 0 on error, 1 on success. -It's called by \fIEVP_PKEY_print_params\fR\|(3). +It's called by \fBEVP_PKEY_print_params\fR\|(3). .PP .Vb 3 \& int (*sig_print) (BIO *out, @@ -359,31 +363,31 @@ It's called by \fIEVP_PKEY_print_params\fR\|(3). \& int indent, ASN1_PCTX *pctx); .Ve .PP -The \fIsig_print()\fR method prints a signature in humanly readable text to +The \fBsig_print()\fR method prints a signature in humanly readable text to \&\fBout\fR, indented \fBindent\fR spaces. \&\fBsigalg\fR contains the exact signature algorithm. If the signature in \fBsig\fR doesn't correspond to what this method -expects, \fIX509_signature_dump()\fR must be used as a last resort. +expects, \fBX509_signature_dump()\fR must be used as a last resort. It \s-1MUST\s0 return 0 on error, 1 on success. -It's called by \fIX509_signature_print\fR\|(3). +It's called by \fBX509_signature_print\fR\|(3). .PP .Vb 1 \& void (*pkey_free) (EVP_PKEY *pkey); .Ve .PP -The \fIpkey_free()\fR method helps freeing the internals of \fBpkey\fR. -It's called by \fIEVP_PKEY_free\fR\|(3), \fIEVP_PKEY_set_type\fR\|(3), -\&\fIEVP_PKEY_set_type_str\fR\|(3), and \fIEVP_PKEY_assign\fR\|(3). +The \fBpkey_free()\fR method helps freeing the internals of \fBpkey\fR. +It's called by \fBEVP_PKEY_free\fR\|(3), \fBEVP_PKEY_set_type\fR\|(3), +\&\fBEVP_PKEY_set_type_str\fR\|(3), and \fBEVP_PKEY_assign\fR\|(3). .PP .Vb 1 \& int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2); .Ve .PP -The \fIpkey_ctrl()\fR method adds extra algorithm specific control. -It's called by \fIEVP_PKEY_get_default_digest_nid\fR\|(3), -\&\fIEVP_PKEY_set1_tls_encodedpoint\fR\|(3), -\&\fIEVP_PKEY_get1_tls_encodedpoint\fR\|(3), \fIPKCS7_SIGNER_INFO_set\fR\|(3), -\&\fIPKCS7_RECIP_INFO_set\fR\|(3), ... +The \fBpkey_ctrl()\fR method adds extra algorithm specific control. +It's called by \fBEVP_PKEY_get_default_digest_nid\fR\|(3), +\&\fBEVP_PKEY_set1_tls_encodedpoint\fR\|(3), +\&\fBEVP_PKEY_get1_tls_encodedpoint\fR\|(3), \fBPKCS7_SIGNER_INFO_set\fR\|(3), +\&\fBPKCS7_RECIP_INFO_set\fR\|(3), ... .PP .Vb 3 \& int (*old_priv_decode) (EVP_PKEY *pkey, @@ -391,14 +395,14 @@ It's called by \fIEVP_PKEY_get_default_digest_nid\fR\|(3), \& int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder); .Ve .PP -The \fIold_priv_decode()\fR and \fIold_priv_encode()\fR methods decode / encode +The \fBold_priv_decode()\fR and \fBold_priv_encode()\fR methods decode / encode they private key \fBpkey\fR from / to a \s-1DER\s0 formatted array. These are exclusively used to help decoding / encoding older (pre PKCS#8) \s-1PEM\s0 formatted encrypted private keys. -\&\fIold_priv_decode()\fR \s-1MUST\s0 return 0 on error, 1 on success. -\&\fIold_priv_encode()\fR \s-1MUST\s0 the return same kind of values as -\&\fIi2d_PrivateKey()\fR. -They're called by \fId2i_PrivateKey\fR\|(3) and \fIi2d_PrivateKey\fR\|(3). +\&\fBold_priv_decode()\fR \s-1MUST\s0 return 0 on error, 1 on success. +\&\fBold_priv_encode()\fR \s-1MUST\s0 the return same kind of values as +\&\fBi2d_PrivateKey()\fR. +They're called by \fBd2i_PrivateKey\fR\|(3) and \fBi2d_PrivateKey\fR\|(3). .PP .Vb 5 \& int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, @@ -408,53 +412,53 @@ They're called by \fId2i_PrivateKey\fR\|(3) and \fIi2d_PrivateKey\fR\|(3). \& ASN1_BIT_STRING *sig); .Ve .PP -The \fIitem_sign()\fR and \fIitem_verify()\fR methods make it possible to have +The \fBitem_sign()\fR and \fBitem_verify()\fR methods make it possible to have algorithm specific signatures and verification of them. .PP -\&\fIitem_sign()\fR \s-1MUST\s0 return one of: +\&\fBitem_sign()\fR \s-1MUST\s0 return one of: .IP "<=0" 4 .IX Item "<=0" error .IP "1" 4 .IX Item "1" -\&\fIitem_sign()\fR did everything, OpenSSL internals just needs to pass the +\&\fBitem_sign()\fR did everything, OpenSSL internals just needs to pass the signature length back. .IP "2" 4 .IX Item "2" -\&\fIitem_sign()\fR did nothing, OpenSSL internal standard routines are +\&\fBitem_sign()\fR did nothing, OpenSSL internal standard routines are expected to continue with the default signature production. .IP "3" 4 .IX Item "3" -\&\fIitem_sign()\fR set the algorithm identifier \fBalgor1\fR and \fBalgor2\fR, +\&\fBitem_sign()\fR set the algorithm identifier \fBalgor1\fR and \fBalgor2\fR, OpenSSL internals should just sign using those algorithms. .PP -\&\fIitem_verify()\fR \s-1MUST\s0 return one of: +\&\fBitem_verify()\fR \s-1MUST\s0 return one of: .IP "<=0" 4 .IX Item "<=0" error .IP "1" 4 .IX Item "1" -\&\fIitem_sign()\fR did everything, OpenSSL internals just needs to pass the +\&\fBitem_sign()\fR did everything, OpenSSL internals just needs to pass the signature length back. .IP "2" 4 .IX Item "2" -\&\fIitem_sign()\fR did nothing, OpenSSL internal standard routines are +\&\fBitem_sign()\fR did nothing, OpenSSL internal standard routines are expected to continue with the default signature production. .PP -\&\fIitem_verify()\fR and \fIitem_sign()\fR are called by \fIASN1_item_verify\fR\|(3) and -\&\fIASN1_item_sign\fR\|(3), and by extension, \fIX509_verify\fR\|(3), -\&\fIX509_REQ_verify\fR\|(3), \fIX509_sign\fR\|(3), \fIX509_REQ_sign\fR\|(3), ... +\&\fBitem_verify()\fR and \fBitem_sign()\fR are called by \fBASN1_item_verify\fR\|(3) and +\&\fBASN1_item_sign\fR\|(3), and by extension, \fBX509_verify\fR\|(3), +\&\fBX509_REQ_verify\fR\|(3), \fBX509_sign\fR\|(3), \fBX509_REQ_sign\fR\|(3), ... .PP .Vb 2 \& int (*siginf_set) (X509_SIG_INFO *siginf, const X509_ALGOR *alg, \& const ASN1_STRING *sig); .Ve .PP -The \fIsiginf_set()\fR method is used to set custom \fBX509_SIG_INFO\fR +The \fBsiginf_set()\fR method is used to set custom \fBX509_SIG_INFO\fR parameters. It \s-1MUST\s0 return 0 on error, or 1 on success. -It's called as part of \fIX509_check_purpose\fR\|(3), \fIX509_check_ca\fR\|(3) -and \fIX509_check_issued\fR\|(3). +It's called as part of \fBX509_check_purpose\fR\|(3), \fBX509_check_ca\fR\|(3) +and \fBX509_check_issued\fR\|(3). .PP .Vb 3 \& int (*pkey_check) (const EVP_PKEY *pk); @@ -462,25 +466,25 @@ and \fIX509_check_issued\fR\|(3). \& int (*pkey_param_check) (const EVP_PKEY *pk); .Ve .PP -The \fIpkey_check()\fR, \fIpkey_public_check()\fR and \fIpkey_param_check()\fR methods are used +The \fBpkey_check()\fR, \fBpkey_public_check()\fR and \fBpkey_param_check()\fR methods are used to check the validity of \fBpk\fR for key-pair, public component and parameters, respectively. They \s-1MUST\s0 return 0 for an invalid key, or 1 for a valid key. -They are called by \fIEVP_PKEY_check\fR\|(3), \fIEVP_PKEY_public_check\fR\|(3) and -\&\fIEVP_PKEY_param_check\fR\|(3) respectively. +They are called by \fBEVP_PKEY_check\fR\|(3), \fBEVP_PKEY_public_check\fR\|(3) and +\&\fBEVP_PKEY_param_check\fR\|(3) respectively. .PP .Vb 2 \& int (*set_priv_key) (EVP_PKEY *pk, const unsigned char *priv, size_t len); \& int (*set_pub_key) (EVP_PKEY *pk, const unsigned char *pub, size_t len); .Ve .PP -The \fIset_priv_key()\fR and \fIset_pub_key()\fR methods are used to set the raw private and +The \fBset_priv_key()\fR and \fBset_pub_key()\fR methods are used to set the raw private and public key data for an \s-1EVP_PKEY.\s0 They \s-1MUST\s0 return 0 on error, or 1 on success. -They are called by \fIEVP_PKEY_new_raw_private_key\fR\|(3), and -\&\fIEVP_PKEY_new_raw_public_key\fR\|(3) respectively. +They are called by \fBEVP_PKEY_new_raw_private_key\fR\|(3), and +\&\fBEVP_PKEY_new_raw_public_key\fR\|(3) respectively. .SS "Functions" .IX Subsection "Functions" -\&\fIEVP_PKEY_asn1_new()\fR creates and returns a new \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR +\&\fBEVP_PKEY_asn1_new()\fR creates and returns a new \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object, and associates the given \fBid\fR, \fBflags\fR, \fBpem_str\fR and \&\fBinfo\fR. \&\fBid\fR is a \s-1NID,\s0 \fBpem_str\fR is the \s-1PEM\s0 type string, \fBinfo\fR is a @@ -495,49 +499,49 @@ If \fB\s-1ASN1_PKEY_SIGPARAM_NULL\s0\fR is set, then the signature algorithm parameters are given the type \fBV_ASN1_NULL\fR by default, otherwise they will be given the type \fBV_ASN1_UNDEF\fR (i.e. the parameter is omitted). -See \fIX509_ALGOR_set0\fR\|(3) for more information. +See \fBX509_ALGOR_set0\fR\|(3) for more information. .PP -\&\fIEVP_PKEY_asn1_copy()\fR copies an \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object from +\&\fBEVP_PKEY_asn1_copy()\fR copies an \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object from \&\fBsrc\fR to \fBdst\fR. This function is not thread safe, it's recommended to only use this when initializing the application. .PP -\&\fIEVP_PKEY_asn1_free()\fR frees an existing \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR pointed +\&\fBEVP_PKEY_asn1_free()\fR frees an existing \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR pointed by \fBameth\fR. .PP -\&\fIEVP_PKEY_asn1_add0()\fR adds \fBameth\fR to the user defined stack of +\&\fBEVP_PKEY_asn1_add0()\fR adds \fBameth\fR to the user defined stack of methods unless another \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with the same \s-1NID\s0 is already there. This function is not thread safe, it's recommended to only use this when initializing the application. .PP -\&\fIEVP_PKEY_asn1_add_alias()\fR creates an alias with the \s-1NID\s0 \fBto\fR for the +\&\fBEVP_PKEY_asn1_add_alias()\fR creates an alias with the \s-1NID\s0 \fBto\fR for the \&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with \s-1NID\s0 \fBfrom\fR unless another \&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with the same \s-1NID\s0 is already added. This function is not thread safe, it's recommended to only use this when initializing the application. .PP -\&\fIEVP_PKEY_asn1_set_public()\fR, \fIEVP_PKEY_asn1_set_private()\fR, -\&\fIEVP_PKEY_asn1_set_param()\fR, \fIEVP_PKEY_asn1_set_free()\fR, -\&\fIEVP_PKEY_asn1_set_ctrl()\fR, \fIEVP_PKEY_asn1_set_item()\fR, -\&\fIEVP_PKEY_asn1_set_siginf()\fR, \fIEVP_PKEY_asn1_set_check()\fR, -\&\fIEVP_PKEY_asn1_set_public_check()\fR, \fIEVP_PKEY_asn1_set_param_check()\fR, -\&\fIEVP_PKEY_asn1_set_security_bits()\fR, \fIEVP_PKEY_asn1_set_set_priv_key()\fR, -\&\fIEVP_PKEY_asn1_set_set_pub_key()\fR, \fIEVP_PKEY_asn1_set_get_priv_key()\fR and -\&\fIEVP_PKEY_asn1_set_get_pub_key()\fR set the diverse methods of the given +\&\fBEVP_PKEY_asn1_set_public()\fR, \fBEVP_PKEY_asn1_set_private()\fR, +\&\fBEVP_PKEY_asn1_set_param()\fR, \fBEVP_PKEY_asn1_set_free()\fR, +\&\fBEVP_PKEY_asn1_set_ctrl()\fR, \fBEVP_PKEY_asn1_set_item()\fR, +\&\fBEVP_PKEY_asn1_set_siginf()\fR, \fBEVP_PKEY_asn1_set_check()\fR, +\&\fBEVP_PKEY_asn1_set_public_check()\fR, \fBEVP_PKEY_asn1_set_param_check()\fR, +\&\fBEVP_PKEY_asn1_set_security_bits()\fR, \fBEVP_PKEY_asn1_set_set_priv_key()\fR, +\&\fBEVP_PKEY_asn1_set_set_pub_key()\fR, \fBEVP_PKEY_asn1_set_get_priv_key()\fR and +\&\fBEVP_PKEY_asn1_set_get_pub_key()\fR set the diverse methods of the given \&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object. .PP -\&\fIEVP_PKEY_get0_asn1()\fR finds the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR associated +\&\fBEVP_PKEY_get0_asn1()\fR finds the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR associated with the key \fBpkey\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_PKEY_asn1_new()\fR returns \s-1NULL\s0 on error, or a pointer to an +\&\fBEVP_PKEY_asn1_new()\fR returns \s-1NULL\s0 on error, or a pointer to an \&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object otherwise. .PP -\&\fIEVP_PKEY_asn1_add0()\fR and \fIEVP_PKEY_asn1_add_alias()\fR return 0 on error, +\&\fBEVP_PKEY_asn1_add0()\fR and \fBEVP_PKEY_asn1_add_alias()\fR return 0 on error, or 1 on success. .PP -\&\fIEVP_PKEY_get0_asn1()\fR returns \s-1NULL\s0 on error, or a pointer to a constant +\&\fBEVP_PKEY_get0_asn1()\fR returns \s-1NULL\s0 on error, or a pointer to a constant \&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object otherwise. .SH "COPYRIGHT" .IX Header "COPYRIGHT" diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 index 209076cc7f22..1731160abb5a 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_CTRL 3" -.TH EVP_PKEY_CTX_CTRL 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_PKEY_CTX_CTRL 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -217,7 +221,7 @@ EVP_PKEY_CTX_ctrl, EVP_PKEY_CTX_ctrl_str, EVP_PKEY_CTX_ctrl_uint64, EVP_PKEY_CTX .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The function \fIEVP_PKEY_CTX_ctrl()\fR sends a control operation to the context +The function \fBEVP_PKEY_CTX_ctrl()\fR sends a control operation to the context \&\fBctx\fR. The key type used must match \fBkeytype\fR if it is not \-1. The parameter \&\fBoptype\fR is a mask indicating which operations the control can be applied to. The control command is indicated in \fBcmd\fR and any additional arguments in @@ -226,50 +230,50 @@ The control command is indicated in \fBcmd\fR and any additional arguments in For \fBcmd\fR = \fB\s-1EVP_PKEY_CTRL_SET_MAC_KEY\s0\fR, \fBp1\fR is the length of the \s-1MAC\s0 key, and \fBp2\fR is \s-1MAC\s0 key. This is used by Poly1305, SipHash, \s-1HMAC\s0 and \s-1CMAC.\s0 .PP -Applications will not normally call \fIEVP_PKEY_CTX_ctrl()\fR directly but will +Applications will not normally call \fBEVP_PKEY_CTX_ctrl()\fR directly but will instead call one of the algorithm specific macros below. .PP -The function \fIEVP_PKEY_CTX_ctrl_uint64()\fR is a wrapper that directly passes a -uint64 value as \fBp2\fR to \fIEVP_PKEY_CTX_ctrl()\fR. +The function \fBEVP_PKEY_CTX_ctrl_uint64()\fR is a wrapper that directly passes a +uint64 value as \fBp2\fR to \fBEVP_PKEY_CTX_ctrl()\fR. .PP -The function \fIEVP_PKEY_CTX_ctrl_str()\fR allows an application to send an algorithm +The function \fBEVP_PKEY_CTX_ctrl_str()\fR allows an application to send an algorithm specific control operation to a context \fBctx\fR in string form. This is intended to be used for options specified on the command line or in text files. The commands supported are documented in the openssl utility command line pages for the option \fB\-pkeyopt\fR which is supported by the \&\fBpkeyutl\fR, \fBgenpkey\fR and \fBreq\fR commands. .PP -The function \fIEVP_PKEY_CTX_md()\fR sends a message digest control operation +The function \fBEVP_PKEY_CTX_md()\fR sends a message digest control operation to the context \fBctx\fR. The message digest is specified by its name \fBmd\fR. .PP All the remaining \*(L"functions\*(R" are implemented as macros. .PP -The \fIEVP_PKEY_CTX_set_signature_md()\fR macro sets the message digest type used +The \fBEVP_PKEY_CTX_set_signature_md()\fR macro sets the message digest type used in a signature. It can be used in the \s-1RSA, DSA\s0 and \s-1ECDSA\s0 algorithms. .PP -The \fIEVP_PKEY_CTX_get_signature_md()\fR macro gets the message digest type used in a +The \fBEVP_PKEY_CTX_get_signature_md()\fR macro gets the message digest type used in a signature. It can be used in the \s-1RSA, DSA\s0 and \s-1ECDSA\s0 algorithms. .PP Key generation typically involves setting up parameters to be used and generating the private and public key data. Some algorithm implementations -allow private key data to be set explicitly using the \fIEVP_PKEY_CTX_set_mac_key()\fR +allow private key data to be set explicitly using the \fBEVP_PKEY_CTX_set_mac_key()\fR macro. In this case key generation is simply the process of setting up the parameters for the key and then setting the raw key data to the value explicitly provided by that macro. Normally applications would call -\&\fIEVP_PKEY_new_raw_private_key\fR\|(3) or similar functions instead of this macro. +\&\fBEVP_PKEY_new_raw_private_key\fR\|(3) or similar functions instead of this macro. .PP -The \fIEVP_PKEY_CTX_set_mac_key()\fR macro can be used with any of the algorithms -supported by the \fIEVP_PKEY_new_raw_private_key\fR\|(3) function. +The \fBEVP_PKEY_CTX_set_mac_key()\fR macro can be used with any of the algorithms +supported by the \fBEVP_PKEY_new_raw_private_key\fR\|(3) function. .SS "\s-1RSA\s0 parameters" .IX Subsection "RSA parameters" -The \fIEVP_PKEY_CTX_set_rsa_padding()\fR macro sets the \s-1RSA\s0 padding mode for \fBctx\fR. +The \fBEVP_PKEY_CTX_set_rsa_padding()\fR macro sets the \s-1RSA\s0 padding mode for \fBctx\fR. The \fBpad\fR parameter can take the value \fB\s-1RSA_PKCS1_PADDING\s0\fR for PKCS#1 padding, \fB\s-1RSA_SSLV23_PADDING\s0\fR for SSLv23 padding, \fB\s-1RSA_NO_PADDING\s0\fR for no padding, \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR for \s-1OAEP\s0 padding (encrypt and decrypt only), \fB\s-1RSA_X931_PADDING\s0\fR for X9.31 padding (signature operations only) and \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR (sign and verify only). .PP -Two \s-1RSA\s0 padding modes behave differently if \fIEVP_PKEY_CTX_set_signature_md()\fR +Two \s-1RSA\s0 padding modes behave differently if \fBEVP_PKEY_CTX_set_signature_md()\fR is used. If this macro is called for PKCS#1 padding the plaintext buffer is an actual digest value and is encapsulated in a DigestInfo structure according to PKCS#1 when signing and this structure is expected (and stripped off) when @@ -279,9 +283,9 @@ padding for \s-1RSA\s0 the algorithm identifier byte is added or checked and rem if this control is called. If it is not called then the first byte of the plaintext buffer is expected to be the algorithm identifier byte. .PP -The \fIEVP_PKEY_CTX_get_rsa_padding()\fR macro gets the \s-1RSA\s0 padding mode for \fBctx\fR. +The \fBEVP_PKEY_CTX_get_rsa_padding()\fR macro gets the \s-1RSA\s0 padding mode for \fBctx\fR. .PP -The \fIEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR macro sets the \s-1RSA PSS\s0 salt length to +The \fBEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR macro sets the \s-1RSA PSS\s0 salt length to \&\fBlen\fR. As its name implies it is only supported for \s-1PSS\s0 padding. Three special values are supported: \fB\s-1RSA_PSS_SALTLEN_DIGEST\s0\fR sets the salt length to the digest length, \fB\s-1RSA_PSS_SALTLEN_MAX\s0\fR sets the salt length to the maximum @@ -290,81 +294,81 @@ to be automatically determined based on the \fB\s-1PSS\s0\fR block structure. If macro is not called maximum salt length is used when signing and auto detection when verifying is used by default. .PP -The \fIEVP_PKEY_CTX_get_rsa_pss_saltlen()\fR macro gets the \s-1RSA PSS\s0 salt length +The \fBEVP_PKEY_CTX_get_rsa_pss_saltlen()\fR macro gets the \s-1RSA PSS\s0 salt length for \fBctx\fR. The padding mode must have been set to \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR. .PP -The \fIEVP_PKEY_CTX_set_rsa_keygen_bits()\fR macro sets the \s-1RSA\s0 key length for +The \fBEVP_PKEY_CTX_set_rsa_keygen_bits()\fR macro sets the \s-1RSA\s0 key length for \&\s-1RSA\s0 key generation to \fBbits\fR. If not specified 1024 bits is used. .PP -The \fIEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR macro sets the public exponent value +The \fBEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR macro sets the public exponent value for \s-1RSA\s0 key generation to \fBpubexp\fR. Currently it should be an odd integer. The \&\fBpubexp\fR pointer is used internally by this function so it should not be modified or freed after the call. If not specified 65537 is used. .PP -The \fIEVP_PKEY_CTX_set_rsa_keygen_primes()\fR macro sets the number of primes for +The \fBEVP_PKEY_CTX_set_rsa_keygen_primes()\fR macro sets the number of primes for \&\s-1RSA\s0 key generation to \fBprimes\fR. If not specified 2 is used. .PP -The \fIEVP_PKEY_CTX_set_rsa_mgf1_md()\fR macro sets the \s-1MGF1\s0 digest for \s-1RSA\s0 padding +The \fBEVP_PKEY_CTX_set_rsa_mgf1_md()\fR macro sets the \s-1MGF1\s0 digest for \s-1RSA\s0 padding schemes to \fBmd\fR. If not explicitly set the signing digest is used. The padding mode must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR or \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR. .PP -The \fIEVP_PKEY_CTX_get_rsa_mgf1_md()\fR macro gets the \s-1MGF1\s0 digest for \fBctx\fR. +The \fBEVP_PKEY_CTX_get_rsa_mgf1_md()\fR macro gets the \s-1MGF1\s0 digest for \fBctx\fR. If not explicitly set the signing digest is used. The padding mode must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR or \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR. .PP -The \fIEVP_PKEY_CTX_set_rsa_oaep_md()\fR macro sets the message digest type used +The \fBEVP_PKEY_CTX_set_rsa_oaep_md()\fR macro sets the message digest type used in \s-1RSA OAEP\s0 to \fBmd\fR. The padding mode must have been set to \&\fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. .PP -The \fIEVP_PKEY_CTX_get_rsa_oaep_md()\fR macro gets the message digest type used +The \fBEVP_PKEY_CTX_get_rsa_oaep_md()\fR macro gets the message digest type used in \s-1RSA OAEP\s0 to \fBmd\fR. The padding mode must have been set to \&\fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. .PP -The \fIEVP_PKEY_CTX_set0_rsa_oaep_label()\fR macro sets the \s-1RSA OAEP\s0 label to +The \fBEVP_PKEY_CTX_set0_rsa_oaep_label()\fR macro sets the \s-1RSA OAEP\s0 label to \&\fBlabel\fR and its length to \fBlen\fR. If \fBlabel\fR is \s-1NULL\s0 or \fBlen\fR is 0, the label is cleared. The library takes ownership of the label so the caller should not free the original memory pointed to by \fBlabel\fR. The padding mode must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. .PP -The \fIEVP_PKEY_CTX_get0_rsa_oaep_label()\fR macro gets the \s-1RSA OAEP\s0 label to +The \fBEVP_PKEY_CTX_get0_rsa_oaep_label()\fR macro gets the \s-1RSA OAEP\s0 label to \&\fBlabel\fR. The return value is the label length. The padding mode must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. The resulting pointer is owned by the library and should not be freed by the caller. .SS "\s-1DSA\s0 parameters" .IX Subsection "DSA parameters" -The \fIEVP_PKEY_CTX_set_dsa_paramgen_bits()\fR macro sets the number of bits used +The \fBEVP_PKEY_CTX_set_dsa_paramgen_bits()\fR macro sets the number of bits used for \s-1DSA\s0 parameter generation to \fBbits\fR. If not specified 1024 is used. .SS "\s-1DH\s0 parameters" .IX Subsection "DH parameters" -The \fIEVP_PKEY_CTX_set_dh_paramgen_prime_len()\fR macro sets the length of the \s-1DH\s0 +The \fBEVP_PKEY_CTX_set_dh_paramgen_prime_len()\fR macro sets the length of the \s-1DH\s0 prime parameter \fBp\fR for \s-1DH\s0 parameter generation. If this macro is not called then 1024 is used. Only accepts lengths greater than or equal to 256. .PP -The \fIEVP_PKEY_CTX_set_dh_paramgen_subprime_len()\fR macro sets the length of the \s-1DH\s0 +The \fBEVP_PKEY_CTX_set_dh_paramgen_subprime_len()\fR macro sets the length of the \s-1DH\s0 optional subprime parameter \fBq\fR for \s-1DH\s0 parameter generation. The default is 256 if the prime is at least 2048 bits long or 160 otherwise. The \s-1DH\s0 paramgen type must have been set to x9.42. .PP -The \fIEVP_PKEY_CTX_set_dh_paramgen_generator()\fR macro sets \s-1DH\s0 generator to \fBgen\fR +The \fBEVP_PKEY_CTX_set_dh_paramgen_generator()\fR macro sets \s-1DH\s0 generator to \fBgen\fR for \s-1DH\s0 parameter generation. If not specified 2 is used. .PP -The \fIEVP_PKEY_CTX_set_dh_paramgen_type()\fR macro sets the key type for \s-1DH\s0 +The \fBEVP_PKEY_CTX_set_dh_paramgen_type()\fR macro sets the key type for \s-1DH\s0 parameter generation. Use 0 for PKCS#3 \s-1DH\s0 and 1 for X9.42 \s-1DH.\s0 The default is 0. .PP -The \fIEVP_PKEY_CTX_set_dh_pad()\fR macro sets the \s-1DH\s0 padding mode. If \fBpad\fR is +The \fBEVP_PKEY_CTX_set_dh_pad()\fR macro sets the \s-1DH\s0 padding mode. If \fBpad\fR is 1 the shared secret is padded with zeroes up to the size of the \s-1DH\s0 prime \fBp\fR. If \fBpad\fR is zero (the default) then no padding is performed. .PP -\&\fIEVP_PKEY_CTX_set_dh_nid()\fR sets the \s-1DH\s0 parameters to values corresponding to +\&\fBEVP_PKEY_CTX_set_dh_nid()\fR sets the \s-1DH\s0 parameters to values corresponding to \&\fBnid\fR as defined in \s-1RFC7919.\s0 The \fBnid\fR parameter must be \fBNID_ffdhe2048\fR, \&\fBNID_ffdhe3072\fR, \fBNID_ffdhe4096\fR, \fBNID_ffdhe6144\fR, \fBNID_ffdhe8192\fR or \fBNID_undef\fR to clear the stored value. This macro can be called during parameter or key generation. The nid parameter and the rfc5114 parameter are mutually exclusive. .PP -The \fIEVP_PKEY_CTX_set_dh_rfc5114()\fR and \fIEVP_PKEY_CTX_set_dhx_rfc5114()\fR macros are +The \fBEVP_PKEY_CTX_set_dh_rfc5114()\fR and \fBEVP_PKEY_CTX_set_dhx_rfc5114()\fR macros are synonymous. They set the \s-1DH\s0 parameters to the values defined in \s-1RFC5114.\s0 The \&\fBrfc5114\fR parameter must be 1, 2 or 3 corresponding to \s-1RFC5114\s0 sections 2.1, 2.2 and 2.3. or 0 to clear the stored value. This macro can be called @@ -375,142 +379,143 @@ The rfc5114 parameter and the nid parameter are mutually exclusive. .IX Subsection "DH key derivation function parameters" Note that all of the following functions require that the \fBctx\fR parameter has a private key type of \fB\s-1EVP_PKEY_DHX\s0\fR. When using key derivation, the output of -\&\fIEVP_PKEY_derive()\fR is the output of the \s-1KDF\s0 instead of the \s-1DH\s0 shared secret. +\&\fBEVP_PKEY_derive()\fR is the output of the \s-1KDF\s0 instead of the \s-1DH\s0 shared secret. The \s-1KDF\s0 output is typically used as a Key Encryption Key (\s-1KEK\s0) that in turn encrypts a Content Encryption Key (\s-1CEK\s0). .PP -The \fIEVP_PKEY_CTX_set_dh_kdf_type()\fR macro sets the key derivation function type +The \fBEVP_PKEY_CTX_set_dh_kdf_type()\fR macro sets the key derivation function type to \fBkdf\fR for \s-1DH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_DH_KDF_NONE\s0\fR and \fB\s-1EVP_PKEY_DH_KDF_X9_42\s0\fR which uses the key derivation specified in \s-1RFC2631\s0 (based on the keying algorithm described in X9.42). When using key derivation, the \fBkdf_oid\fR, \fBkdf_md\fR and \fBkdf_outlen\fR parameters must also be specified. .PP -The \fIEVP_PKEY_CTX_get_dh_kdf_type()\fR macro gets the key derivation function type +The \fBEVP_PKEY_CTX_get_dh_kdf_type()\fR macro gets the key derivation function type for \fBctx\fR used for \s-1DH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_DH_KDF_NONE\s0\fR and \fB\s-1EVP_PKEY_DH_KDF_X9_42\s0\fR. .PP -The \fIEVP_PKEY_CTX_set0_dh_kdf_oid()\fR macro sets the key derivation function +The \fBEVP_PKEY_CTX_set0_dh_kdf_oid()\fR macro sets the key derivation function object identifier to \fBoid\fR for \s-1DH\s0 key derivation. This \s-1OID\s0 should identify the algorithm to be used with the Content Encryption Key. The library takes ownership of the object identifier so the caller should not free the original memory pointed to by \fBoid\fR. .PP -The \fIEVP_PKEY_CTX_get0_dh_kdf_oid()\fR macro gets the key derivation function oid +The \fBEVP_PKEY_CTX_get0_dh_kdf_oid()\fR macro gets the key derivation function oid for \fBctx\fR used for \s-1DH\s0 key derivation. The resulting pointer is owned by the library and should not be freed by the caller. .PP -The \fIEVP_PKEY_CTX_set_dh_kdf_md()\fR macro sets the key derivation function +The \fBEVP_PKEY_CTX_set_dh_kdf_md()\fR macro sets the key derivation function message digest to \fBmd\fR for \s-1DH\s0 key derivation. Note that \s-1RFC2631\s0 specifies that this digest should be \s-1SHA1\s0 but OpenSSL tolerates other digests. .PP -The \fIEVP_PKEY_CTX_get_dh_kdf_md()\fR macro gets the key derivation function +The \fBEVP_PKEY_CTX_get_dh_kdf_md()\fR macro gets the key derivation function message digest for \fBctx\fR used for \s-1DH\s0 key derivation. .PP -The \fIEVP_PKEY_CTX_set_dh_kdf_outlen()\fR macro sets the key derivation function +The \fBEVP_PKEY_CTX_set_dh_kdf_outlen()\fR macro sets the key derivation function output length to \fBlen\fR for \s-1DH\s0 key derivation. .PP -The \fIEVP_PKEY_CTX_get_dh_kdf_outlen()\fR macro gets the key derivation function +The \fBEVP_PKEY_CTX_get_dh_kdf_outlen()\fR macro gets the key derivation function output length for \fBctx\fR used for \s-1DH\s0 key derivation. .PP -The \fIEVP_PKEY_CTX_set0_dh_kdf_ukm()\fR macro sets the user key material to +The \fBEVP_PKEY_CTX_set0_dh_kdf_ukm()\fR macro sets the user key material to \&\fBukm\fR and its length to \fBlen\fR for \s-1DH\s0 key derivation. This parameter is optional and corresponds to the partyAInfo field in \s-1RFC2631\s0 terms. The specification requires that it is 512 bits long but this is not enforced by OpenSSL. The library takes ownership of the user key material so the caller should not free the original memory pointed to by \fBukm\fR. .PP -The \fIEVP_PKEY_CTX_get0_dh_kdf_ukm()\fR macro gets the user key material for \fBctx\fR. +The \fBEVP_PKEY_CTX_get0_dh_kdf_ukm()\fR macro gets the user key material for \fBctx\fR. The return value is the user key material length. The resulting pointer is owned by the library and should not be freed by the caller. .SS "\s-1EC\s0 parameters" .IX Subsection "EC parameters" -The \fIEVP_PKEY_CTX_set_ec_paramgen_curve_nid()\fR sets the \s-1EC\s0 curve for \s-1EC\s0 parameter +The \fBEVP_PKEY_CTX_set_ec_paramgen_curve_nid()\fR sets the \s-1EC\s0 curve for \s-1EC\s0 parameter generation to \fBnid\fR. For \s-1EC\s0 parameter generation this macro must be called or an error occurs because there is no default curve. This function can also be called to set the curve explicitly when generating an \s-1EC\s0 key. .PP -The \fIEVP_PKEY_CTX_set_ec_param_enc()\fR macro sets the \s-1EC\s0 parameter encoding to +The \fBEVP_PKEY_CTX_set_ec_param_enc()\fR macro sets the \s-1EC\s0 parameter encoding to \&\fBparam_enc\fR when generating \s-1EC\s0 parameters or an \s-1EC\s0 key. The encoding can be \&\fB\s-1OPENSSL_EC_EXPLICIT_CURVE\s0\fR for explicit parameters (the default in versions of OpenSSL before 1.1.0) or \fB\s-1OPENSSL_EC_NAMED_CURVE\s0\fR to use named curve form. For maximum compatibility the named curve form should be used. Note: the -\&\fB\s-1OPENSSL_EC_NAMED_CURVE\s0\fR value was only added to OpenSSL 1.1.0; previous +\&\fB\s-1OPENSSL_EC_NAMED_CURVE\s0\fR value was added in OpenSSL 1.1.0; previous versions should use 0 instead. .SS "\s-1ECDH\s0 parameters" .IX Subsection "ECDH parameters" -The \fIEVP_PKEY_CTX_set_ecdh_cofactor_mode()\fR macro sets the cofactor mode to +The \fBEVP_PKEY_CTX_set_ecdh_cofactor_mode()\fR macro sets the cofactor mode to \&\fBcofactor_mode\fR for \s-1ECDH\s0 key derivation. Possible values are 1 to enable cofactor key derivation, 0 to disable it and \-1 to clear the stored cofactor mode and fallback to the private key cofactor mode. .PP -The \fIEVP_PKEY_CTX_get_ecdh_cofactor_mode()\fR macro returns the cofactor mode for +The \fBEVP_PKEY_CTX_get_ecdh_cofactor_mode()\fR macro returns the cofactor mode for \&\fBctx\fR used for \s-1ECDH\s0 key derivation. Possible values are 1 when cofactor key derivation is enabled and 0 otherwise. .SS "\s-1ECDH\s0 key derivation function parameters" .IX Subsection "ECDH key derivation function parameters" -The \fIEVP_PKEY_CTX_set_ecdh_kdf_type()\fR macro sets the key derivation function type +The \fBEVP_PKEY_CTX_set_ecdh_kdf_type()\fR macro sets the key derivation function type to \fBkdf\fR for \s-1ECDH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_ECDH_KDF_NONE\s0\fR and \fB\s-1EVP_PKEY_ECDH_KDF_X9_63\s0\fR which uses the key derivation specified in X9.63. When using key derivation, the \fBkdf_md\fR and \fBkdf_outlen\fR parameters must also be specified. .PP -The \fIEVP_PKEY_CTX_get_ecdh_kdf_type()\fR macro returns the key derivation function +The \fBEVP_PKEY_CTX_get_ecdh_kdf_type()\fR macro returns the key derivation function type for \fBctx\fR used for \s-1ECDH\s0 key derivation. Possible values are \&\fB\s-1EVP_PKEY_ECDH_KDF_NONE\s0\fR and \fB\s-1EVP_PKEY_ECDH_KDF_X9_63\s0\fR. .PP -The \fIEVP_PKEY_CTX_set_ecdh_kdf_md()\fR macro sets the key derivation function +The \fBEVP_PKEY_CTX_set_ecdh_kdf_md()\fR macro sets the key derivation function message digest to \fBmd\fR for \s-1ECDH\s0 key derivation. Note that X9.63 specifies that this digest should be \s-1SHA1\s0 but OpenSSL tolerates other digests. .PP -The \fIEVP_PKEY_CTX_get_ecdh_kdf_md()\fR macro gets the key derivation function +The \fBEVP_PKEY_CTX_get_ecdh_kdf_md()\fR macro gets the key derivation function message digest for \fBctx\fR used for \s-1ECDH\s0 key derivation. .PP -The \fIEVP_PKEY_CTX_set_ecdh_kdf_outlen()\fR macro sets the key derivation function +The \fBEVP_PKEY_CTX_set_ecdh_kdf_outlen()\fR macro sets the key derivation function output length to \fBlen\fR for \s-1ECDH\s0 key derivation. .PP -The \fIEVP_PKEY_CTX_get_ecdh_kdf_outlen()\fR macro gets the key derivation function +The \fBEVP_PKEY_CTX_get_ecdh_kdf_outlen()\fR macro gets the key derivation function output length for \fBctx\fR used for \s-1ECDH\s0 key derivation. .PP -The \fIEVP_PKEY_CTX_set0_ecdh_kdf_ukm()\fR macro sets the user key material to \fBukm\fR +The \fBEVP_PKEY_CTX_set0_ecdh_kdf_ukm()\fR macro sets the user key material to \fBukm\fR for \s-1ECDH\s0 key derivation. This parameter is optional and corresponds to the shared info in X9.63 terms. The library takes ownership of the user key material so the caller should not free the original memory pointed to by \fBukm\fR. .PP -The \fIEVP_PKEY_CTX_get0_ecdh_kdf_ukm()\fR macro gets the user key material for \fBctx\fR. +The \fBEVP_PKEY_CTX_get0_ecdh_kdf_ukm()\fR macro gets the user key material for \fBctx\fR. The return value is the user key material length. The resulting pointer is owned by the library and should not be freed by the caller. .SS "Other parameters" .IX Subsection "Other parameters" -The \fIEVP_PKEY_CTX_set1_id()\fR, \fIEVP_PKEY_CTX_get1_id()\fR and \fIEVP_PKEY_CTX_get1_id_len()\fR +The \fBEVP_PKEY_CTX_set1_id()\fR, \fBEVP_PKEY_CTX_get1_id()\fR and \fBEVP_PKEY_CTX_get1_id_len()\fR macros are used to manipulate the special identifier field for specific signature -algorithms such as \s-1SM2.\s0 The \fIEVP_PKEY_CTX_set1_id()\fR sets an \s-1ID\s0 pointed by \fBid\fR with +algorithms such as \s-1SM2.\s0 The \fBEVP_PKEY_CTX_set1_id()\fR sets an \s-1ID\s0 pointed by \fBid\fR with the length \fBid_len\fR to the library. The library takes a copy of the id so that the caller can safely free the original memory pointed to by \fBid\fR. The -\&\fIEVP_PKEY_CTX_get1_id_len()\fR macro returns the length of the \s-1ID\s0 set via a previous -call to \fIEVP_PKEY_CTX_set1_id()\fR. The length is usually used to allocate adequate -memory for further calls to \fIEVP_PKEY_CTX_get1_id()\fR. The \fIEVP_PKEY_CTX_get1_id()\fR +\&\fBEVP_PKEY_CTX_get1_id_len()\fR macro returns the length of the \s-1ID\s0 set via a previous +call to \fBEVP_PKEY_CTX_set1_id()\fR. The length is usually used to allocate adequate +memory for further calls to \fBEVP_PKEY_CTX_get1_id()\fR. The \fBEVP_PKEY_CTX_get1_id()\fR macro returns the previously set \s-1ID\s0 value to caller in \fBid\fR. The caller should -allocate adequate memory space for the \fBid\fR before calling \fIEVP_PKEY_CTX_get1_id()\fR. +allocate adequate memory space for the \fBid\fR before calling \fBEVP_PKEY_CTX_get1_id()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_PKEY_CTX_ctrl()\fR and its macros return a positive value for success and 0 +\&\fBEVP_PKEY_CTX_ctrl()\fR and its macros return a positive value for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_CTX_new\fR\|(3), -\&\fIEVP_PKEY_encrypt\fR\|(3), -\&\fIEVP_PKEY_decrypt\fR\|(3), -\&\fIEVP_PKEY_sign\fR\|(3), -\&\fIEVP_PKEY_verify\fR\|(3), -\&\fIEVP_PKEY_verify_recover\fR\|(3), -\&\fIEVP_PKEY_derive\fR\|(3), -\&\fIEVP_PKEY_keygen\fR\|(3) +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3), +\&\fBEVP_PKEY_keygen\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIEVP_PKEY_CTX_set1_id()\fR, \fIEVP_PKEY_CTX_get1_id()\fR and \fIEVP_PKEY_CTX_get1_id_len()\fR -macros were added in 1.1.1, other functions were first added to OpenSSL 1.0.0. +The +\&\fBEVP_PKEY_CTX_set1_id()\fR, \fBEVP_PKEY_CTX_get1_id()\fR and \fBEVP_PKEY_CTX_get1_id_len()\fR +macros were added in 1.1.1, other functions were added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 index 4cb06710825b..b91336b4bcdb 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_NEW 3" -.TH EVP_PKEY_CTX_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_PKEY_CTX_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,17 +152,17 @@ EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free \- pu .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIEVP_PKEY_CTX_new()\fR function allocates public key algorithm context using +The \fBEVP_PKEY_CTX_new()\fR function allocates public key algorithm context using the algorithm specified in \fBpkey\fR and \s-1ENGINE\s0 \fBe\fR. .PP -The \fIEVP_PKEY_CTX_new_id()\fR function allocates public key algorithm context +The \fBEVP_PKEY_CTX_new_id()\fR function allocates public key algorithm context using the algorithm specified by \fBid\fR and \s-1ENGINE\s0 \fBe\fR. It is normally used when no \fB\s-1EVP_PKEY\s0\fR structure is associated with the operations, for example during parameter generation of key generation for some algorithms. .PP -\&\fIEVP_PKEY_CTX_dup()\fR duplicates the context \fBctx\fR. +\&\fBEVP_PKEY_CTX_dup()\fR duplicates the context \fBctx\fR. .PP -\&\fIEVP_PKEY_CTX_free()\fR frees up the context \fBctx\fR. +\&\fBEVP_PKEY_CTX_free()\fR frees up the context \fBctx\fR. If \fBctx\fR is \s-1NULL,\s0 nothing is done. .SH "NOTES" .IX Header "NOTES" @@ -168,16 +172,16 @@ threads: that is it is not permissible to use the same context simultaneously in two threads. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_PKEY_CTX_new()\fR, \fIEVP_PKEY_CTX_new_id()\fR, \fIEVP_PKEY_CTX_dup()\fR returns either +\&\fBEVP_PKEY_CTX_new()\fR, \fBEVP_PKEY_CTX_new_id()\fR, \fBEVP_PKEY_CTX_dup()\fR returns either the newly allocated \fB\s-1EVP_PKEY_CTX\s0\fR structure of \fB\s-1NULL\s0\fR if an error occurred. .PP -\&\fIEVP_PKEY_CTX_free()\fR does not return a value. +\&\fBEVP_PKEY_CTX_free()\fR does not return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_new\fR\|(3) +\&\fBEVP_PKEY_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -These functions were first added to OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set1_pbe_pass.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set1_pbe_pass.3 index 87cf931a203f..ac2bc0bbcca4 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set1_pbe_pass.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set1_pbe_pass.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_SET1_PBE_PASS 3" -.TH EVP_PKEY_CTX_SET1_PBE_PASS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_PKEY_CTX_SET1_PBE_PASS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,12 +152,12 @@ EVP_PKEY_CTX_set1_pbe_pass \&\- generic KDF support functions .IX Header "DESCRIPTION" These functions are generic support functions for all \s-1KDF\s0 algorithms. .PP -\&\fIEVP_PKEY_CTX_set1_pbe_pass()\fR sets the password to the \fBpasslen\fR first +\&\fBEVP_PKEY_CTX_set1_pbe_pass()\fR sets the password to the \fBpasslen\fR first bytes from \fBpass\fR. .SH "STRING CTRLS" .IX Header "STRING CTRLS" There is also support for string based control operations via -\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3). +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3). The \fBpassword\fR can be directly specified using the \fBtype\fR parameter \&\*(L"pass\*(R" or given in hex encoding using the \*(L"hexpass\*(R" parameter. .SH "NOTES" @@ -166,9 +170,9 @@ In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_CTX_new\fR\|(3), -\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3), -\&\fIEVP_PKEY_derive\fR\|(3) +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_hkdf_md.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_hkdf_md.3 index 7eec64fa9678..d87266844f1e 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_hkdf_md.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_hkdf_md.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_SET_HKDF_MD 3" -.TH EVP_PKEY_CTX_SET_HKDF_MD 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_PKEY_CTX_SET_HKDF_MD 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -163,11 +167,11 @@ and \*(L"extracts\*(R" from it a fixed-length pseudorandom key K. The second sta \&\*(L"expands\*(R" the key K into several additional pseudorandom keys (the output of the \s-1KDF\s0). .PP -\&\fIEVP_PKEY_CTX_hkdf_mode()\fR sets the mode for the \s-1HKDF\s0 operation. There are three +\&\fBEVP_PKEY_CTX_hkdf_mode()\fR sets the mode for the \s-1HKDF\s0 operation. There are three modes that are currently defined: .IP "\s-1EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND\s0" 4 .IX Item "EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND" -This is the default mode. Calling \fIEVP_PKEY_derive\fR\|(3) on an \s-1EVP_PKEY_CTX\s0 set +This is the default mode. Calling \fBEVP_PKEY_derive\fR\|(3) on an \s-1EVP_PKEY_CTX\s0 set up for \s-1HKDF\s0 will perform an extract followed by an expand operation in one go. The derived key returned will be the result after the expand operation. The intermediate fixed-length pseudorandom key K is not returned. @@ -176,7 +180,7 @@ In this mode the digest, key, salt and info values must be set before a key is derived or an error occurs. .IP "\s-1EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY\s0" 4 .IX Item "EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY" -In this mode calling \fIEVP_PKEY_derive\fR\|(3) will just perform the extract +In this mode calling \fBEVP_PKEY_derive\fR\|(3) will just perform the extract operation. The value returned will be the intermediate fixed-length pseudorandom key K. .Sp @@ -184,28 +188,28 @@ The digest, key and salt values must be set before a key is derived or an error occurs. .IP "\s-1EVP_PKEY_HKDEF_MODE_EXPAND_ONLY\s0" 4 .IX Item "EVP_PKEY_HKDEF_MODE_EXPAND_ONLY" -In this mode calling \fIEVP_PKEY_derive\fR\|(3) will just perform the expand +In this mode calling \fBEVP_PKEY_derive\fR\|(3) will just perform the expand operation. The input key should be set to the intermediate fixed-length pseudorandom key K returned from a previous extract operation. .Sp The digest, key and info values must be set before a key is derived or an error occurs. .PP -\&\fIEVP_PKEY_CTX_set_hkdf_md()\fR sets the message digest associated with the \s-1HKDF.\s0 +\&\fBEVP_PKEY_CTX_set_hkdf_md()\fR sets the message digest associated with the \s-1HKDF.\s0 .PP -\&\fIEVP_PKEY_CTX_set1_hkdf_salt()\fR sets the salt to \fBsaltlen\fR bytes of the +\&\fBEVP_PKEY_CTX_set1_hkdf_salt()\fR sets the salt to \fBsaltlen\fR bytes of the buffer \fBsalt\fR. Any existing value is replaced. .PP -\&\fIEVP_PKEY_CTX_set1_hkdf_key()\fR sets the key to \fBkeylen\fR bytes of the buffer +\&\fBEVP_PKEY_CTX_set1_hkdf_key()\fR sets the key to \fBkeylen\fR bytes of the buffer \&\fBkey\fR. Any existing value is replaced. .PP -\&\fIEVP_PKEY_CTX_add1_hkdf_info()\fR sets the info value to \fBinfolen\fR bytes of the +\&\fBEVP_PKEY_CTX_add1_hkdf_info()\fR sets the info value to \fBinfolen\fR bytes of the buffer \fBinfo\fR. If a value is already set, it is appended to the existing value. .SH "STRING CTRLS" .IX Header "STRING CTRLS" \&\s-1HKDF\s0 also supports string based control operations via -\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3). +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3). The \fBtype\fR parameter \*(L"md\*(R" uses the supplied \fBvalue\fR as the name of the digest algorithm to use. The \fBtype\fR parameter \*(L"mode\*(R" uses the values \*(L"\s-1EXTRACT_AND_EXPAND\*(R", @@ -228,11 +232,11 @@ The total length of the info buffer cannot exceed 1024 bytes in length: this should be more than enough for any normal use of \s-1HKDF.\s0 .PP The output length of an \s-1HKDF\s0 expand operation is specified via the length -parameter to the \fIEVP_PKEY_derive\fR\|(3) function. +parameter to the \fBEVP_PKEY_derive\fR\|(3) function. Since the \s-1HKDF\s0 output length is variable, passing a \fB\s-1NULL\s0\fR buffer as a means to obtain the requisite length is not meaningful with \s-1HKDF\s0 in any mode that performs an expand operation. Instead, the caller must allocate a buffer of the -desired length, and pass that buffer to \fIEVP_PKEY_derive\fR\|(3) along with (a +desired length, and pass that buffer to \fBEVP_PKEY_derive\fR\|(3) along with (a pointer initialized to) the desired length. Passing a \fB\s-1NULL\s0\fR buffer to obtain the length is allowed when using \s-1EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY.\s0 .PP @@ -271,9 +275,9 @@ salt value \*(L"salt\*(R" and info value \*(L"label\*(R": \&\s-1RFC 5869\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_CTX_new\fR\|(3), -\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3), -\&\fIEVP_PKEY_derive\fR\|(3) +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 index 33d70752a1f3..c2d3d758b016 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD 3" -.TH EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,29 +154,29 @@ EVP_PKEY_CTX_set_rsa_pss_keygen_md, EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md, EVP .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -These are the functions that implement \s-1\fIRSA\-PSS\s0\fR\|(7). +These are the functions that implement \s-1\fBRSA\-PSS\s0\fR\|(7). .SS "Signing and Verification" .IX Subsection "Signing and Verification" -The macro \fIEVP_PKEY_CTX_set_rsa_padding()\fR is supported but an error is +The macro \fBEVP_PKEY_CTX_set_rsa_padding()\fR is supported but an error is returned if an attempt is made to set the padding mode to anything other than \fB\s-1PSS\s0\fR. It is otherwise similar to the \fB\s-1RSA\s0\fR version. .PP -The \fIEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR macro is used to set the salt length. +The \fBEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR macro is used to set the salt length. If the key has usage restrictions then an error is returned if an attempt is made to set the salt length below the minimum value. It is otherwise similar to the \fB\s-1RSA\s0\fR operation except detection of the salt length (using \&\s-1RSA_PSS_SALTLEN_AUTO\s0) is not supported for verification if the key has usage restrictions. .PP -The \fIEVP_PKEY_CTX_set_signature_md()\fR and \fIEVP_PKEY_CTX_set_rsa_mgf1_md()\fR macros +The \fBEVP_PKEY_CTX_set_signature_md()\fR and \fBEVP_PKEY_CTX_set_rsa_mgf1_md()\fR macros are used to set the digest and \s-1MGF1\s0 algorithms respectively. If the key has usage restrictions then an error is returned if an attempt is made to set the digest to anything other than the restricted value. Otherwise these are similar to the \fB\s-1RSA\s0\fR versions. .SS "Key Generation" .IX Subsection "Key Generation" -As with \s-1RSA\s0 key generation the \fIEVP_PKEY_CTX_set_rsa_keygen_bits()\fR -and \fIEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR macros are supported for RSA-PSS: +As with \s-1RSA\s0 key generation the \fBEVP_PKEY_CTX_set_rsa_keygen_bits()\fR +and \fBEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR macros are supported for RSA-PSS: they have exactly the same meaning as for the \s-1RSA\s0 algorithm. .PP Optional parameter restrictions can be specified when generating a \s-1PSS\s0 key. @@ -182,13 +186,13 @@ restricts the digest and \s-1MGF1\s0 algorithms. If any restrictions are in plac then they are reflected in the corresponding parameters of the public key when (for example) a certificate request is signed. .PP -\&\fIEVP_PKEY_CTX_set_rsa_pss_keygen_md()\fR restricts the digest algorithm the +\&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_md()\fR restricts the digest algorithm the generated key can use to \fBmd\fR. .PP -\&\fIEVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md()\fR restricts the \s-1MGF1\s0 algorithm the +\&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md()\fR restricts the \s-1MGF1\s0 algorithm the generated key can use to \fBmd\fR. .PP -\&\fIEVP_PKEY_CTX_set_rsa_pss_keygen_saltlen()\fR restricts the minimum salt length +\&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_saltlen()\fR restricts the minimum salt length to \fBsaltlen\fR. .SH "NOTES" .IX Header "NOTES" @@ -204,10 +208,10 @@ In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fIRSA\-PSS\s0\fR\|(7), -\&\fIEVP_PKEY_CTX_new\fR\|(3), -\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3), -\&\fIEVP_PKEY_derive\fR\|(3) +\&\s-1\fBRSA\-PSS\s0\fR\|(7), +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_scrypt_N.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_scrypt_N.3 index a34d354ab383..bc482a7e4d92 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_scrypt_N.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_scrypt_N.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_SET_SCRYPT_N 3" -.TH EVP_PKEY_CTX_SET_SCRYPT_N 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_PKEY_CTX_SET_SCRYPT_N 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -157,22 +161,22 @@ EVP_PKEY_CTX_set1_scrypt_salt, EVP_PKEY_CTX_set_scrypt_N, EVP_PKEY_CTX_set_scryp .IX Header "DESCRIPTION" These functions are used to set up the necessary data to use the scrypt \s-1KDF.\s0 -For more information on scrypt, see \fIscrypt\fR\|(7). +For more information on scrypt, see \fBscrypt\fR\|(7). .PP -\&\fIEVP_PKEY_CTX_set1_scrypt_salt()\fR sets the \fBsaltlen\fR bytes long salt +\&\fBEVP_PKEY_CTX_set1_scrypt_salt()\fR sets the \fBsaltlen\fR bytes long salt value. .PP -\&\fIEVP_PKEY_CTX_set_scrypt_N()\fR, \fIEVP_PKEY_CTX_set_scrypt_r()\fR and -\&\fIEVP_PKEY_CTX_set_scrypt_p()\fR configure the work factors N, r and p. +\&\fBEVP_PKEY_CTX_set_scrypt_N()\fR, \fBEVP_PKEY_CTX_set_scrypt_r()\fR and +\&\fBEVP_PKEY_CTX_set_scrypt_p()\fR configure the work factors N, r and p. .PP -\&\fIEVP_PKEY_CTX_set_scrypt_maxmem_bytes()\fR sets how much \s-1RAM\s0 key +\&\fBEVP_PKEY_CTX_set_scrypt_maxmem_bytes()\fR sets how much \s-1RAM\s0 key derivation may maximally use, given in bytes. If \s-1RAM\s0 is exceeded because the load factors are chosen too high, the key derivation will fail. .SH "STRING CTRLS" .IX Header "STRING CTRLS" scrypt also supports string based control operations via -\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3). +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3). Similarly, the \fBsalt\fR can either be specified using the \fBtype\fR parameter \*(L"salt\*(R" or in hex encoding by using the \*(L"hexsalt\*(R" parameter. The work factors \fBN\fR, \fBr\fR and \fBp\fR as well as \fBmaxmem_bytes\fR can be @@ -180,9 +184,9 @@ set by using the parameters \*(L"N\*(R", \*(L"r\*(R", \*(L"p\*(R" and \*(L"maxme respectively. .SH "NOTES" .IX Header "NOTES" -The scrypt \s-1KDF\s0 also uses \fIEVP_PKEY_CTX_set1_pbe_pass()\fR as well as +The scrypt \s-1KDF\s0 also uses \fBEVP_PKEY_CTX_set1_pbe_pass()\fR as well as the value from the string controls \*(L"pass\*(R" and \*(L"hexpass\*(R". -See \fIEVP_PKEY_CTX_set1_pbe_pass\fR\|(3). +See \fBEVP_PKEY_CTX_set1_pbe_pass\fR\|(3). .PP All the functions described here are implemented as macros. .SH "RETURN VALUES" @@ -193,10 +197,10 @@ In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIscrypt\fR\|(7), -\&\fIEVP_PKEY_CTX_new\fR\|(3), -\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3), -\&\fIEVP_PKEY_derive\fR\|(3) +\&\fBscrypt\fR\|(7), +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3 index 1b08c5286262..1ef02e37986a 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_SET_TLS1_PRF_MD 3" -.TH EVP_PKEY_CTX_SET_TLS1_PRF_MD 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_PKEY_CTX_SET_TLS1_PRF_MD 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,22 +155,22 @@ EVP_PKEY_CTX_set_tls1_prf_md, EVP_PKEY_CTX_set1_tls1_prf_secret, EVP_PKEY_CTX_ad .IX Header "DESCRIPTION" The \fB\s-1EVP_PKEY_TLS1_PRF\s0\fR algorithm implements the \s-1PRF\s0 key derivation function for \&\s-1TLS.\s0 It has no associated private key and only implements key derivation -using \fIEVP_PKEY_derive\fR\|(3). +using \fBEVP_PKEY_derive\fR\|(3). .PP -\&\fIEVP_PKEY_set_tls1_prf_md()\fR sets the message digest associated with the -\&\s-1TLS PRF.\s0 \fIEVP_md5_sha1()\fR is treated as a special case which uses the \s-1PRF\s0 +\&\fBEVP_PKEY_set_tls1_prf_md()\fR sets the message digest associated with the +\&\s-1TLS PRF.\s0 \fBEVP_md5_sha1()\fR is treated as a special case which uses the \s-1PRF\s0 algorithm using both \fB\s-1MD5\s0\fR and \fB\s-1SHA1\s0\fR as used in \s-1TLS 1.0\s0 and 1.1. .PP -\&\fIEVP_PKEY_CTX_set_tls1_prf_secret()\fR sets the secret value of the \s-1TLS PRF\s0 +\&\fBEVP_PKEY_CTX_set_tls1_prf_secret()\fR sets the secret value of the \s-1TLS PRF\s0 to \fBseclen\fR bytes of the buffer \fBsec\fR. Any existing secret value is replaced and any seed is reset. .PP -\&\fIEVP_PKEY_CTX_add1_tls1_prf_seed()\fR sets the seed to \fBseedlen\fR bytes of \fBseed\fR. +\&\fBEVP_PKEY_CTX_add1_tls1_prf_seed()\fR sets the seed to \fBseedlen\fR bytes of \fBseed\fR. If a seed is already set it is appended to the existing value. .SH "STRING CTRLS" .IX Header "STRING CTRLS" The \s-1TLS PRF\s0 also supports string based control operations using -\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3). +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3). The \fBtype\fR parameter \*(L"md\*(R" uses the supplied \fBvalue\fR as the name of the digest algorithm to use. The \fBtype\fR parameters \*(L"secret\*(R" and \*(L"seed\*(R" use the supplied \fBvalue\fR parameter @@ -190,7 +194,7 @@ The total length of all seeds cannot exceed 1024 bytes in length: this should be more than enough for any normal use of the \s-1TLS PRF.\s0 .PP The output length of the \s-1PRF\s0 is specified by the length parameter in the -\&\fIEVP_PKEY_derive()\fR function. Since the output length is variable, setting +\&\fBEVP_PKEY_derive()\fR function. Since the output length is variable, setting the buffer to \fB\s-1NULL\s0\fR is not meaningful for the \s-1TLS PRF.\s0 .PP Optimised versions of the \s-1TLS PRF\s0 can be implemented in an \s-1ENGINE.\s0 @@ -223,9 +227,9 @@ and seed value \*(L"seed\*(R": .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_CTX_new\fR\|(3), -\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3), -\&\fIEVP_PKEY_derive\fR\|(3) +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3 b/secure/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3 index 93e27d9732d8..8e01573f79d7 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_ASN1_GET_COUNT 3" -.TH EVP_PKEY_ASN1_GET_COUNT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_PKEY_ASN1_GET_COUNT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,49 +157,49 @@ EVP_PKEY_asn1_find, EVP_PKEY_asn1_find_str, EVP_PKEY_asn1_get_count, EVP_PKEY_as .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIEVP_PKEY_asn1_count()\fR returns a count of the number of public key +\&\fBEVP_PKEY_asn1_count()\fR returns a count of the number of public key \&\s-1ASN.1\s0 methods available: it includes standard methods and any methods added by the application. .PP -\&\fIEVP_PKEY_asn1_get0()\fR returns the public key \s-1ASN.1\s0 method \fBidx\fR. -The value of \fBidx\fR must be between zero and \fIEVP_PKEY_asn1_get_count()\fR +\&\fBEVP_PKEY_asn1_get0()\fR returns the public key \s-1ASN.1\s0 method \fBidx\fR. +The value of \fBidx\fR must be between zero and \fBEVP_PKEY_asn1_get_count()\fR \&\- 1. .PP -\&\fIEVP_PKEY_asn1_find()\fR looks up the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with \s-1NID\s0 +\&\fBEVP_PKEY_asn1_find()\fR looks up the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with \s-1NID\s0 \&\fBtype\fR. If \fBpe\fR isn't \fB\s-1NULL\s0\fR, then it will look up an engine implementing a \&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR for the \s-1NID\s0 \fBtype\fR and return that instead, and also set \fB*pe\fR to point at the engine that implements it. .PP -\&\fIEVP_PKEY_asn1_find_str()\fR looks up the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with \s-1PEM\s0 +\&\fBEVP_PKEY_asn1_find_str()\fR looks up the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with \s-1PEM\s0 type string \fBstr\fR. -Just like \fIEVP_PKEY_asn1_find()\fR, if \fBpe\fR isn't \fB\s-1NULL\s0\fR, then it will +Just like \fBEVP_PKEY_asn1_find()\fR, if \fBpe\fR isn't \fB\s-1NULL\s0\fR, then it will look up an engine implementing a \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR for the \s-1NID\s0 \&\fBtype\fR and return that instead, and also set \fB*pe\fR to point at the engine that implements it. .PP -\&\fIEVP_PKEY_asn1_get0_info()\fR returns the public key \s-1ID,\s0 base public key +\&\fBEVP_PKEY_asn1_get0_info()\fR returns the public key \s-1ID,\s0 base public key \&\s-1ID\s0 (both NIDs), any flags, the method description and \s-1PEM\s0 type string associated with the public key \s-1ASN.1\s0 method \fB*ameth\fR. .PP -\&\fIEVP_PKEY_asn1_count()\fR, \fIEVP_PKEY_asn1_get0()\fR, \fIEVP_PKEY_asn1_find()\fR and -\&\fIEVP_PKEY_asn1_find_str()\fR are not thread safe, but as long as all +\&\fBEVP_PKEY_asn1_count()\fR, \fBEVP_PKEY_asn1_get0()\fR, \fBEVP_PKEY_asn1_find()\fR and +\&\fBEVP_PKEY_asn1_find_str()\fR are not thread safe, but as long as all \&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR objects are added before the application gets -threaded, using them is safe. See \fIEVP_PKEY_asn1_add0\fR\|(3). +threaded, using them is safe. See \fBEVP_PKEY_asn1_add0\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_PKEY_asn1_count()\fR returns the number of available public key methods. +\&\fBEVP_PKEY_asn1_count()\fR returns the number of available public key methods. .PP -\&\fIEVP_PKEY_asn1_get0()\fR return a public key method or \fB\s-1NULL\s0\fR if \fBidx\fR is +\&\fBEVP_PKEY_asn1_get0()\fR return a public key method or \fB\s-1NULL\s0\fR if \fBidx\fR is out of range. .PP -\&\fIEVP_PKEY_asn1_get0_info()\fR returns 0 on failure, 1 on success. +\&\fBEVP_PKEY_asn1_get0_info()\fR returns 0 on failure, 1 on success. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_asn1_new\fR\|(3), \fIEVP_PKEY_asn1_add0\fR\|(3) +\&\fBEVP_PKEY_asn1_new\fR\|(3), \fBEVP_PKEY_asn1_add0\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 b/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 index 44c4fc1ffa07..c5936fc32302 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_CMP 3" -.TH EVP_PKEY_CMP 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_PKEY_CMP 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,46 +153,46 @@ EVP_PKEY_copy_parameters, EVP_PKEY_missing_parameters, EVP_PKEY_cmp_parameters, .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The function \fIEVP_PKEY_missing_parameters()\fR returns 1 if the public key +The function \fBEVP_PKEY_missing_parameters()\fR returns 1 if the public key parameters of \fBpkey\fR are missing and 0 if they are present or the algorithm doesn't use parameters. .PP -The function \fIEVP_PKEY_copy_parameters()\fR copies the parameters from key +The function \fBEVP_PKEY_copy_parameters()\fR copies the parameters from key \&\fBfrom\fR to key \fBto\fR. An error is returned if the parameters are missing in \&\fBfrom\fR or present in both \fBfrom\fR and \fBto\fR and mismatch. If the parameters in \fBfrom\fR and \fBto\fR are both present and match this function has no effect. .PP -The function \fIEVP_PKEY_cmp_parameters()\fR compares the parameters of keys +The function \fBEVP_PKEY_cmp_parameters()\fR compares the parameters of keys \&\fBa\fR and \fBb\fR. .PP -The function \fIEVP_PKEY_cmp()\fR compares the public key components and parameters +The function \fBEVP_PKEY_cmp()\fR compares the public key components and parameters (if present) of keys \fBa\fR and \fBb\fR. .SH "NOTES" .IX Header "NOTES" -The main purpose of the functions \fIEVP_PKEY_missing_parameters()\fR and -\&\fIEVP_PKEY_copy_parameters()\fR is to handle public keys in certificates where the +The main purpose of the functions \fBEVP_PKEY_missing_parameters()\fR and +\&\fBEVP_PKEY_copy_parameters()\fR is to handle public keys in certificates where the parameters are sometimes omitted from a public key if they are inherited from the \s-1CA\s0 that signed it. .PP Since OpenSSL private keys contain public key components too the function -\&\fIEVP_PKEY_cmp()\fR can also be used to determine if a private key matches +\&\fBEVP_PKEY_cmp()\fR can also be used to determine if a private key matches a public key. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The function \fIEVP_PKEY_missing_parameters()\fR returns 1 if the public key +The function \fBEVP_PKEY_missing_parameters()\fR returns 1 if the public key parameters of \fBpkey\fR are missing and 0 if they are present or the algorithm doesn't use parameters. .PP -These functions \fIEVP_PKEY_copy_parameters()\fR returns 1 for success and 0 for +These functions \fBEVP_PKEY_copy_parameters()\fR returns 1 for success and 0 for failure. .PP -The function \fIEVP_PKEY_cmp_parameters()\fR and \fIEVP_PKEY_cmp()\fR return 1 if the +The function \fBEVP_PKEY_cmp_parameters()\fR and \fBEVP_PKEY_cmp()\fR return 1 if the keys match, 0 if they don't match, \-1 if the key types are different and \&\-2 if the operation is not supported. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_CTX_new\fR\|(3), -\&\fIEVP_PKEY_keygen\fR\|(3) +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_keygen\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 b/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 index 03a1e5c36dea..ae561b288738 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_DECRYPT 3" -.TH EVP_PKEY_DECRYPT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_PKEY_DECRYPT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,10 +152,10 @@ EVP_PKEY_decrypt_init, EVP_PKEY_decrypt \- decrypt using a public key algorithm .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIEVP_PKEY_decrypt_init()\fR function initializes a public key algorithm +The \fBEVP_PKEY_decrypt_init()\fR function initializes a public key algorithm context using key \fBpkey\fR for a decryption operation. .PP -The \fIEVP_PKEY_decrypt()\fR function performs a public key decryption operation +The \fBEVP_PKEY_decrypt()\fR function performs a public key decryption operation using \fBctx\fR. The data to be decrypted is specified using the \fBin\fR and \&\fBinlen\fR parameters. If \fBout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to the \fBoutlen\fR parameter. If \fBout\fR is not \fB\s-1NULL\s0\fR then @@ -160,15 +164,15 @@ before the call the \fBoutlen\fR parameter should contain the length of the \&\fBout\fR and the amount of data written to \fBoutlen\fR. .SH "NOTES" .IX Header "NOTES" -After the call to \fIEVP_PKEY_decrypt_init()\fR algorithm specific control +After the call to \fBEVP_PKEY_decrypt_init()\fR algorithm specific control operations can be performed to set any appropriate parameters for the operation. .PP -The function \fIEVP_PKEY_decrypt()\fR can be called more than once on the same +The function \fBEVP_PKEY_decrypt()\fR can be called more than once on the same context if several operations are performed using the same parameters. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_PKEY_decrypt_init()\fR and \fIEVP_PKEY_decrypt()\fR return 1 for success and 0 +\&\fBEVP_PKEY_decrypt_init()\fR and \fBEVP_PKEY_decrypt()\fR return 1 for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .SH "EXAMPLE" @@ -213,15 +217,15 @@ Decrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys): .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_CTX_new\fR\|(3), -\&\fIEVP_PKEY_encrypt\fR\|(3), -\&\fIEVP_PKEY_sign\fR\|(3), -\&\fIEVP_PKEY_verify\fR\|(3), -\&\fIEVP_PKEY_verify_recover\fR\|(3), -\&\fIEVP_PKEY_derive\fR\|(3) +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -These functions were first added to OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_derive.3 b/secure/lib/libcrypto/man/EVP_PKEY_derive.3 index 58c0eb082c88..4c666f6820f1 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_derive.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_derive.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_DERIVE 3" -.TH EVP_PKEY_DERIVE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_PKEY_DERIVE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,13 +151,13 @@ EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, EVP_PKEY_derive \- derive public .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIEVP_PKEY_derive_init()\fR function initializes a public key algorithm +The \fBEVP_PKEY_derive_init()\fR function initializes a public key algorithm context using key \fBpkey\fR for shared secret derivation. .PP -The \fIEVP_PKEY_derive_set_peer()\fR function sets the peer key: this will normally +The \fBEVP_PKEY_derive_set_peer()\fR function sets the peer key: this will normally be a public key. .PP -The \fIEVP_PKEY_derive()\fR derives a shared secret using \fBctx\fR. +The \fBEVP_PKEY_derive()\fR derives a shared secret using \fBctx\fR. If \fBkey\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to the \fBkeylen\fR parameter. If \fBkey\fR is not \fB\s-1NULL\s0\fR then before the call the \&\fBkeylen\fR parameter should contain the length of the \fBkey\fR buffer, if the call @@ -161,15 +165,15 @@ is successful the shared secret is written to \fBkey\fR and the amount of data written to \fBkeylen\fR. .SH "NOTES" .IX Header "NOTES" -After the call to \fIEVP_PKEY_derive_init()\fR algorithm specific control +After the call to \fBEVP_PKEY_derive_init()\fR algorithm specific control operations can be performed to set any appropriate parameters for the operation. .PP -The function \fIEVP_PKEY_derive()\fR can be called more than once on the same +The function \fBEVP_PKEY_derive()\fR can be called more than once on the same context if several operations are performed using the same parameters. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_PKEY_derive_init()\fR and \fIEVP_PKEY_derive()\fR return 1 for success and 0 +\&\fBEVP_PKEY_derive_init()\fR and \fBEVP_PKEY_derive()\fR return 1 for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .SH "EXAMPLE" @@ -211,15 +215,15 @@ Derive shared secret (for example \s-1DH\s0 or \s-1EC\s0 keys): .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_CTX_new\fR\|(3), -\&\fIEVP_PKEY_encrypt\fR\|(3), -\&\fIEVP_PKEY_decrypt\fR\|(3), -\&\fIEVP_PKEY_sign\fR\|(3), -\&\fIEVP_PKEY_verify\fR\|(3), -\&\fIEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), .SH "HISTORY" .IX Header "HISTORY" -These functions were first added to OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 b/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 index 08bdd09dfee5..0201d4f9700e 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_ENCRYPT 3" -.TH EVP_PKEY_ENCRYPT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_PKEY_ENCRYPT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,10 +152,10 @@ EVP_PKEY_encrypt_init, EVP_PKEY_encrypt \- encrypt using a public key algorithm .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIEVP_PKEY_encrypt_init()\fR function initializes a public key algorithm +The \fBEVP_PKEY_encrypt_init()\fR function initializes a public key algorithm context using key \fBpkey\fR for an encryption operation. .PP -The \fIEVP_PKEY_encrypt()\fR function performs a public key encryption operation +The \fBEVP_PKEY_encrypt()\fR function performs a public key encryption operation using \fBctx\fR. The data to be encrypted is specified using the \fBin\fR and \&\fBinlen\fR parameters. If \fBout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to the \fBoutlen\fR parameter. If \fBout\fR is not \fB\s-1NULL\s0\fR then @@ -160,21 +164,21 @@ before the call the \fBoutlen\fR parameter should contain the length of the \&\fBout\fR and the amount of data written to \fBoutlen\fR. .SH "NOTES" .IX Header "NOTES" -After the call to \fIEVP_PKEY_encrypt_init()\fR algorithm specific control +After the call to \fBEVP_PKEY_encrypt_init()\fR algorithm specific control operations can be performed to set any appropriate parameters for the operation. .PP -The function \fIEVP_PKEY_encrypt()\fR can be called more than once on the same +The function \fBEVP_PKEY_encrypt()\fR can be called more than once on the same context if several operations are performed using the same parameters. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_PKEY_encrypt_init()\fR and \fIEVP_PKEY_encrypt()\fR return 1 for success and 0 +\&\fBEVP_PKEY_encrypt_init()\fR and \fBEVP_PKEY_encrypt()\fR return 1 for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .SH "EXAMPLE" .IX Header "EXAMPLE" -Encrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys). See also \fIPEM_read_PUBKEY\fR\|(3) or -\&\fId2i_X509\fR\|(3) for means to load a public key. You may also simply +Encrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys). See also \fBPEM_read_PUBKEY\fR\|(3) or +\&\fBd2i_X509\fR\|(3) for means to load a public key. You may also simply set 'eng = \s-1NULL\s0;' to start with the default OpenSSL \s-1RSA\s0 implementation: .PP .Vb 3 @@ -216,17 +220,17 @@ set 'eng = \s-1NULL\s0;' to start with the default OpenSSL \s-1RSA\s0 implementa .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fId2i_X509\fR\|(3), -\&\fIENGINE_by_id\fR\|(3), -\&\fIEVP_PKEY_CTX_new\fR\|(3), -\&\fIEVP_PKEY_decrypt\fR\|(3), -\&\fIEVP_PKEY_sign\fR\|(3), -\&\fIEVP_PKEY_verify\fR\|(3), -\&\fIEVP_PKEY_verify_recover\fR\|(3), -\&\fIEVP_PKEY_derive\fR\|(3) +\&\fBd2i_X509\fR\|(3), +\&\fBENGINE_by_id\fR\|(3), +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -These functions were first added to OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3 b/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3 index 0b55bb1d25a5..4f8a52dbcd4d 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_GET_DEFAULT_DIGEST_NID 3" -.TH EVP_PKEY_GET_DEFAULT_DIGEST_NID 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_PKEY_GET_DEFAULT_DIGEST_NID 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -144,7 +148,7 @@ EVP_PKEY_get_default_digest_nid \- get default signature digest .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIEVP_PKEY_get_default_digest_nid()\fR function sets \fBpnid\fR to the default +The \fBEVP_PKEY_get_default_digest_nid()\fR function sets \fBpnid\fR to the default message digest \s-1NID\s0 for the public key signature operations associated with key \&\fBpkey\fR. Note that some signature algorithms (i.e. Ed25519 and Ed448) do not use a digest during signing. In this case \fBpnid\fR will be set to NID_undef. @@ -153,20 +157,20 @@ a digest during signing. In this case \fBpnid\fR will be set to NID_undef. For all current standard OpenSSL public key algorithms \s-1SHA1\s0 is returned. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The \fIEVP_PKEY_get_default_digest_nid()\fR function returns 1 if the message digest +The \fBEVP_PKEY_get_default_digest_nid()\fR function returns 1 if the message digest is advisory (that is other digests can be used) and 2 if it is mandatory (other digests can not be used). It returns 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_CTX_new\fR\|(3), -\&\fIEVP_PKEY_sign\fR\|(3), -\&\fIEVP_PKEY_verify\fR\|(3), -\&\fIEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), .SH "HISTORY" .IX Header "HISTORY" -This function was first added to OpenSSL 1.0.0. +This function was added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 b/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 index 9eaf4acac95e..43b88b9fd8e4 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_KEYGEN 3" -.TH EVP_PKEY_KEYGEN 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_PKEY_KEYGEN 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -162,52 +166,52 @@ EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, EVP_PKEY_paramgen .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIEVP_PKEY_keygen_init()\fR function initializes a public key algorithm +The \fBEVP_PKEY_keygen_init()\fR function initializes a public key algorithm context using key \fBpkey\fR for a key generation operation. .PP -The \fIEVP_PKEY_keygen()\fR function performs a key generation operation, the +The \fBEVP_PKEY_keygen()\fR function performs a key generation operation, the generated key is written to \fBppkey\fR. .PP -The functions \fIEVP_PKEY_paramgen_init()\fR and \fIEVP_PKEY_paramgen()\fR are similar +The functions \fBEVP_PKEY_paramgen_init()\fR and \fBEVP_PKEY_paramgen()\fR are similar except parameters are generated. .PP -The function \fIEVP_PKEY_set_cb()\fR sets the key or parameter generation callback -to \fBcb\fR. The function \fIEVP_PKEY_CTX_get_cb()\fR returns the key or parameter +The function \fBEVP_PKEY_set_cb()\fR sets the key or parameter generation callback +to \fBcb\fR. The function \fBEVP_PKEY_CTX_get_cb()\fR returns the key or parameter generation callback. .PP -The function \fIEVP_PKEY_CTX_get_keygen_info()\fR returns parameters associated +The function \fBEVP_PKEY_CTX_get_keygen_info()\fR returns parameters associated with the generation operation. If \fBidx\fR is \-1 the total number of parameters available is returned. Any non negative value returns the value of -that parameter. \fIEVP_PKEY_CTX_gen_keygen_info()\fR with a non-negative value for +that parameter. \fBEVP_PKEY_CTX_gen_keygen_info()\fR with a non-negative value for \&\fBidx\fR should only be called within the generation callback. .PP If the callback returns 0 then the key generation operation is aborted and an error occurs. This might occur during a time consuming operation where a user clicks on a \*(L"cancel\*(R" button. .PP -The functions \fIEVP_PKEY_CTX_set_app_data()\fR and \fIEVP_PKEY_CTX_get_app_data()\fR set +The functions \fBEVP_PKEY_CTX_set_app_data()\fR and \fBEVP_PKEY_CTX_get_app_data()\fR set and retrieve an opaque pointer. This can be used to set some application defined value which can be retrieved in the callback: for example a handle which is used to update a \*(L"progress dialog\*(R". .PP -\&\fIEVP_PKEY_check()\fR validates the key-pair given by \fBctx\fR. This function first tries +\&\fBEVP_PKEY_check()\fR validates the key-pair given by \fBctx\fR. This function first tries to use customized key check method in \fB\s-1EVP_PKEY_METHOD\s0\fR if it's present; otherwise it calls a default one defined in \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR. .PP -\&\fIEVP_PKEY_public_check()\fR validates the public component of the key-pair given by \fBctx\fR. +\&\fBEVP_PKEY_public_check()\fR validates the public component of the key-pair given by \fBctx\fR. This function first tries to use customized key check method in \fB\s-1EVP_PKEY_METHOD\s0\fR if it's present; otherwise it calls a default one defined in \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR. .PP -\&\fIEVP_PKEY_param_check()\fR validates the algorithm parameters of the key-pair given by \fBctx\fR. +\&\fBEVP_PKEY_param_check()\fR validates the algorithm parameters of the key-pair given by \fBctx\fR. This function first tries to use customized key check method in \fB\s-1EVP_PKEY_METHOD\s0\fR if it's present; otherwise it calls a default one defined in \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR. .SH "NOTES" .IX Header "NOTES" -After the call to \fIEVP_PKEY_keygen_init()\fR or \fIEVP_PKEY_paramgen_init()\fR algorithm +After the call to \fBEVP_PKEY_keygen_init()\fR or \fBEVP_PKEY_paramgen_init()\fR algorithm specific control operations can be performed to set any appropriate parameters for the operation. .PP -The functions \fIEVP_PKEY_keygen()\fR and \fIEVP_PKEY_paramgen()\fR can be called more than +The functions \fBEVP_PKEY_keygen()\fR and \fBEVP_PKEY_paramgen()\fR can be called more than once on the same context if several operations are performed using the same parameters. .PP @@ -226,12 +230,12 @@ equivalent to what some libraries call a \*(L"key pair\*(R". A private key can b in functions which require the use of a public key or parameters. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_PKEY_keygen_init()\fR, \fIEVP_PKEY_paramgen_init()\fR, \fIEVP_PKEY_keygen()\fR and -\&\fIEVP_PKEY_paramgen()\fR return 1 for success and 0 or a negative value for failure. +\&\fBEVP_PKEY_keygen_init()\fR, \fBEVP_PKEY_paramgen_init()\fR, \fBEVP_PKEY_keygen()\fR and +\&\fBEVP_PKEY_paramgen()\fR return 1 for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .PP -\&\fIEVP_PKEY_check()\fR, \fIEVP_PKEY_public_check()\fR and \fIEVP_PKEY_param_check()\fR return 1 +\&\fBEVP_PKEY_check()\fR, \fBEVP_PKEY_public_check()\fR and \fBEVP_PKEY_param_check()\fR return 1 for success or others for failure. They return \-2 if the operation is not supported for the specific algorithm. .SH "EXAMPLES" @@ -308,18 +312,18 @@ Example of generation callback for OpenSSL public key implementations: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_CTX_new\fR\|(3), -\&\fIEVP_PKEY_encrypt\fR\|(3), -\&\fIEVP_PKEY_decrypt\fR\|(3), -\&\fIEVP_PKEY_sign\fR\|(3), -\&\fIEVP_PKEY_verify\fR\|(3), -\&\fIEVP_PKEY_verify_recover\fR\|(3), -\&\fIEVP_PKEY_derive\fR\|(3) +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -These functions were first added to OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. .PP -\&\fIEVP_PKEY_check()\fR, \fIEVP_PKEY_public_check()\fR and \fIEVP_PKEY_param_check()\fR were added +\&\fBEVP_PKEY_check()\fR, \fBEVP_PKEY_public_check()\fR and \fBEVP_PKEY_param_check()\fR were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" diff --git a/secure/lib/libcrypto/man/EVP_PKEY_meth_get_count.3 b/secure/lib/libcrypto/man/EVP_PKEY_meth_get_count.3 index 0c378ff5d29d..fd2082c06427 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_meth_get_count.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_meth_get_count.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_METH_GET_COUNT 3" -.TH EVP_PKEY_METH_GET_COUNT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_PKEY_METH_GET_COUNT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,26 +152,26 @@ EVP_PKEY_meth_get_count, EVP_PKEY_meth_get0, EVP_PKEY_meth_get0_info \- enumerat .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIEVP_PKEY_meth_count()\fR returns a count of the number of public key methods +\&\fBEVP_PKEY_meth_count()\fR returns a count of the number of public key methods available: it includes standard methods and any methods added by the application. .PP -\&\fIEVP_PKEY_meth_get0()\fR returns the public key method \fBidx\fR. The value of \fBidx\fR -must be between zero and \fIEVP_PKEY_meth_get_count()\fR \- 1. +\&\fBEVP_PKEY_meth_get0()\fR returns the public key method \fBidx\fR. The value of \fBidx\fR +must be between zero and \fBEVP_PKEY_meth_get_count()\fR \- 1. .PP -\&\fIEVP_PKEY_meth_get0_info()\fR returns the public key \s-1ID\s0 (a \s-1NID\s0) and any flags +\&\fBEVP_PKEY_meth_get0_info()\fR returns the public key \s-1ID\s0 (a \s-1NID\s0) and any flags associated with the public key method \fB*meth\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_PKEY_meth_count()\fR returns the number of available public key methods. +\&\fBEVP_PKEY_meth_count()\fR returns the number of available public key methods. .PP -\&\fIEVP_PKEY_meth_get0()\fR return a public key method or \fB\s-1NULL\s0\fR if \fBidx\fR is +\&\fBEVP_PKEY_meth_get0()\fR return a public key method or \fB\s-1NULL\s0\fR if \fBidx\fR is out of range. .PP -\&\fIEVP_PKEY_meth_get0_info()\fR does not return a value. +\&\fBEVP_PKEY_meth_get0_info()\fR does not return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_new\fR\|(3) +\&\fBEVP_PKEY_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3 index 4e9fe173b13f..1570c5e8eef9 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_METH_NEW 3" -.TH EVP_PKEY_METH_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_PKEY_METH_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -336,7 +340,7 @@ verifying, encrypting or decrypting, etc. There are two places where the \fB\s-1EVP_PKEY_METHOD\s0\fR objects are stored: one is a built-in static array representing the standard methods for different algorithms, and the other one is a stack of user-defined application-specific -methods, which can be manipulated by using \fIEVP_PKEY_meth_add0\fR\|(3). +methods, which can be manipulated by using \fBEVP_PKEY_meth_add0\fR\|(3). .PP The \fB\s-1EVP_PKEY_METHOD\s0\fR objects are usually referenced by \fB\s-1EVP_PKEY_CTX\s0\fR objects. @@ -351,19 +355,19 @@ algorithm present by the \fB\s-1EVP_PKEY_CTX\s0\fR object. \& void (*cleanup) (EVP_PKEY_CTX *ctx); .Ve .PP -The \fIinit()\fR method is called to initialize algorithm-specific data when a new -\&\fB\s-1EVP_PKEY_CTX\s0\fR is created. As opposed to \fIinit()\fR, the \fIcleanup()\fR method is called -when an \fB\s-1EVP_PKEY_CTX\s0\fR is freed. The \fIcopy()\fR method is called when an \fB\s-1EVP_PKEY_CTX\s0\fR -is being duplicated. Refer to \fIEVP_PKEY_CTX_new\fR\|(3), \fIEVP_PKEY_CTX_new_id\fR\|(3), -\&\fIEVP_PKEY_CTX_free\fR\|(3) and \fIEVP_PKEY_CTX_dup\fR\|(3). +The \fBinit()\fR method is called to initialize algorithm-specific data when a new +\&\fB\s-1EVP_PKEY_CTX\s0\fR is created. As opposed to \fBinit()\fR, the \fBcleanup()\fR method is called +when an \fB\s-1EVP_PKEY_CTX\s0\fR is freed. The \fBcopy()\fR method is called when an \fB\s-1EVP_PKEY_CTX\s0\fR +is being duplicated. Refer to \fBEVP_PKEY_CTX_new\fR\|(3), \fBEVP_PKEY_CTX_new_id\fR\|(3), +\&\fBEVP_PKEY_CTX_free\fR\|(3) and \fBEVP_PKEY_CTX_dup\fR\|(3). .PP .Vb 2 \& int (*paramgen_init) (EVP_PKEY_CTX *ctx); \& int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); .Ve .PP -The \fIparamgen_init()\fR and \fIparamgen()\fR methods deal with key parameter generation. -They are called by \fIEVP_PKEY_paramgen_init\fR\|(3) and \fIEVP_PKEY_paramgen\fR\|(3) to +The \fBparamgen_init()\fR and \fBparamgen()\fR methods deal with key parameter generation. +They are called by \fBEVP_PKEY_paramgen_init\fR\|(3) and \fBEVP_PKEY_paramgen\fR\|(3) to handle the parameter generation process. .PP .Vb 2 @@ -371,9 +375,9 @@ handle the parameter generation process. \& int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); .Ve .PP -The \fIkeygen_init()\fR and \fIkeygen()\fR methods are used to generate the actual key for -the specified algorithm. They are called by \fIEVP_PKEY_keygen_init\fR\|(3) and -\&\fIEVP_PKEY_keygen\fR\|(3). +The \fBkeygen_init()\fR and \fBkeygen()\fR methods are used to generate the actual key for +the specified algorithm. They are called by \fBEVP_PKEY_keygen_init\fR\|(3) and +\&\fBEVP_PKEY_keygen\fR\|(3). .PP .Vb 3 \& int (*sign_init) (EVP_PKEY_CTX *ctx); @@ -381,9 +385,9 @@ the specified algorithm. They are called by \fIEVP_PKEY_keygen_init\fR\|(3) and \& const unsigned char *tbs, size_t tbslen); .Ve .PP -The \fIsign_init()\fR and \fIsign()\fR methods are used to generate the signature of a -piece of data using a private key. They are called by \fIEVP_PKEY_sign_init\fR\|(3) -and \fIEVP_PKEY_sign\fR\|(3). +The \fBsign_init()\fR and \fBsign()\fR methods are used to generate the signature of a +piece of data using a private key. They are called by \fBEVP_PKEY_sign_init\fR\|(3) +and \fBEVP_PKEY_sign\fR\|(3). .PP .Vb 4 \& int (*verify_init) (EVP_PKEY_CTX *ctx); @@ -392,8 +396,8 @@ and \fIEVP_PKEY_sign\fR\|(3). \& const unsigned char *tbs, size_t tbslen); .Ve .PP -The \fIverify_init()\fR and \fIverify()\fR methods are used to verify whether a signature is -valid. They are called by \fIEVP_PKEY_verify_init\fR\|(3) and \fIEVP_PKEY_verify\fR\|(3). +The \fBverify_init()\fR and \fBverify()\fR methods are used to verify whether a signature is +valid. They are called by \fBEVP_PKEY_verify_init\fR\|(3) and \fBEVP_PKEY_verify\fR\|(3). .PP .Vb 4 \& int (*verify_recover_init) (EVP_PKEY_CTX *ctx); @@ -402,10 +406,10 @@ valid. They are called by \fIEVP_PKEY_verify_init\fR\|(3) and \fIEVP_PKEY_verify \& const unsigned char *sig, size_t siglen); .Ve .PP -The \fIverify_recover_init()\fR and \fIverify_recover()\fR methods are used to verify a +The \fBverify_recover_init()\fR and \fBverify_recover()\fR methods are used to verify a signature and then recover the digest from the signature (for instance, a signature that was generated by \s-1RSA\s0 signing algorithm). They are called by -\&\fIEVP_PKEY_verify_recover_init\fR\|(3) and \fIEVP_PKEY_verify_recover\fR\|(3). +\&\fBEVP_PKEY_verify_recover_init\fR\|(3) and \fBEVP_PKEY_verify_recover\fR\|(3). .PP .Vb 3 \& int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); @@ -413,9 +417,9 @@ signature that was generated by \s-1RSA\s0 signing algorithm). They are called b \& EVP_MD_CTX *mctx); .Ve .PP -The \fIsignctx_init()\fR and \fIsignctx()\fR methods are used to sign a digest present by +The \fBsignctx_init()\fR and \fBsignctx()\fR methods are used to sign a digest present by a \fB\s-1EVP_MD_CTX\s0\fR object. They are called by the EVP_DigestSign functions. See -\&\fIEVP_DigestSignInit\fR\|(3) for detail. +\&\fBEVP_DigestSignInit\fR\|(3) for detail. .PP .Vb 3 \& int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); @@ -423,9 +427,9 @@ a \fB\s-1EVP_MD_CTX\s0\fR object. They are called by the EVP_DigestSign function \& EVP_MD_CTX *mctx); .Ve .PP -The \fIverifyctx_init()\fR and \fIverifyctx()\fR methods are used to verify a signature +The \fBverifyctx_init()\fR and \fBverifyctx()\fR methods are used to verify a signature against the data in a \fB\s-1EVP_MD_CTX\s0\fR object. They are called by the various -EVP_DigestVerify functions. See \fIEVP_DigestVerifyInit\fR\|(3) for detail. +EVP_DigestVerify functions. See \fBEVP_DigestVerifyInit\fR\|(3) for detail. .PP .Vb 3 \& int (*encrypt_init) (EVP_PKEY_CTX *ctx); @@ -433,8 +437,8 @@ EVP_DigestVerify functions. See \fIEVP_DigestVerifyInit\fR\|(3) for detail. \& const unsigned char *in, size_t inlen); .Ve .PP -The \fIencrypt_init()\fR and \fIencrypt()\fR methods are used to encrypt a piece of data. -They are called by \fIEVP_PKEY_encrypt_init\fR\|(3) and \fIEVP_PKEY_encrypt\fR\|(3). +The \fBencrypt_init()\fR and \fBencrypt()\fR methods are used to encrypt a piece of data. +They are called by \fBEVP_PKEY_encrypt_init\fR\|(3) and \fBEVP_PKEY_encrypt\fR\|(3). .PP .Vb 3 \& int (*decrypt_init) (EVP_PKEY_CTX *ctx); @@ -442,25 +446,25 @@ They are called by \fIEVP_PKEY_encrypt_init\fR\|(3) and \fIEVP_PKEY_encrypt\fR\| \& const unsigned char *in, size_t inlen); .Ve .PP -The \fIdecrypt_init()\fR and \fIdecrypt()\fR methods are used to decrypt a piece of data. -They are called by \fIEVP_PKEY_decrypt_init\fR\|(3) and \fIEVP_PKEY_decrypt\fR\|(3). +The \fBdecrypt_init()\fR and \fBdecrypt()\fR methods are used to decrypt a piece of data. +They are called by \fBEVP_PKEY_decrypt_init\fR\|(3) and \fBEVP_PKEY_decrypt\fR\|(3). .PP .Vb 2 \& int (*derive_init) (EVP_PKEY_CTX *ctx); \& int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); .Ve .PP -The \fIderive_init()\fR and \fIderive()\fR methods are used to derive the shared secret +The \fBderive_init()\fR and \fBderive()\fR methods are used to derive the shared secret from a public key algorithm (for instance, the \s-1DH\s0 algorithm). They are called by -\&\fIEVP_PKEY_derive_init\fR\|(3) and \fIEVP_PKEY_derive\fR\|(3). +\&\fBEVP_PKEY_derive_init\fR\|(3) and \fBEVP_PKEY_derive\fR\|(3). .PP .Vb 2 \& int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2); \& int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value); .Ve .PP -The \fIctrl()\fR and \fIctrl_str()\fR methods are used to adjust algorithm-specific -settings. See \fIEVP_PKEY_CTX_ctrl\fR\|(3) and related functions for detail. +The \fBctrl()\fR and \fBctrl_str()\fR methods are used to adjust algorithm-specific +settings. See \fBEVP_PKEY_CTX_ctrl\fR\|(3) and related functions for detail. .PP .Vb 5 \& int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, @@ -470,9 +474,9 @@ settings. See \fIEVP_PKEY_CTX_ctrl\fR\|(3) and related functions for detail. \& size_t tbslen); .Ve .PP -The \fIdigestsign()\fR and \fIdigestverify()\fR methods are used to generate or verify -a signature in a one-shot mode. They could be called by \fIEVP_DigetSign\fR\|(3) -and \fIEVP_DigestVerify\fR\|(3). +The \fBdigestsign()\fR and \fBdigestverify()\fR methods are used to generate or verify +a signature in a one-shot mode. They could be called by \fBEVP_DigetSign\fR\|(3) +and \fBEVP_DigestVerify\fR\|(3). .PP .Vb 3 \& int (*check) (EVP_PKEY *pkey); @@ -480,24 +484,24 @@ and \fIEVP_DigestVerify\fR\|(3). \& int (*param_check) (EVP_PKEY *pkey); .Ve .PP -The \fIcheck()\fR, \fIpublic_check()\fR and \fIparam_check()\fR methods are used to validate a +The \fBcheck()\fR, \fBpublic_check()\fR and \fBparam_check()\fR methods are used to validate a key-pair, the public component and parameters respectively for a given \fBpkey\fR. -They could be called by \fIEVP_PKEY_check\fR\|(3), \fIEVP_PKEY_public_check\fR\|(3) and -\&\fIEVP_PKEY_param_check\fR\|(3) respectively. +They could be called by \fBEVP_PKEY_check\fR\|(3), \fBEVP_PKEY_public_check\fR\|(3) and +\&\fBEVP_PKEY_param_check\fR\|(3) respectively. .PP .Vb 1 \& int (*digest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); .Ve .PP -The \fIdigest_custom()\fR method is used to generate customized digest content before -the real message is passed to functions like \fIEVP_DigestSignUpdate\fR\|(3) or -\&\fIEVP_DigestVerifyInit\fR\|(3). This is usually required by some public key +The \fBdigest_custom()\fR method is used to generate customized digest content before +the real message is passed to functions like \fBEVP_DigestSignUpdate\fR\|(3) or +\&\fBEVP_DigestVerifyInit\fR\|(3). This is usually required by some public key signature algorithms like \s-1SM2\s0 which requires a hashed prefix to the message to -be signed. The \fIdigest_custom()\fR function will be called by \fIEVP_DigestSignInit\fR\|(3) -and \fIEVP_DigestVerifyInit\fR\|(3). +be signed. The \fBdigest_custom()\fR function will be called by \fBEVP_DigestSignInit\fR\|(3) +and \fBEVP_DigestVerifyInit\fR\|(3). .SS "Functions" .IX Subsection "Functions" -\&\fIEVP_PKEY_meth_new()\fR creates and returns a new \fB\s-1EVP_PKEY_METHOD\s0\fR object, +\&\fBEVP_PKEY_meth_new()\fR creates and returns a new \fB\s-1EVP_PKEY_METHOD\s0\fR object, and associates the given \fBid\fR and \fBflags\fR. The following flags are supported: .PP @@ -511,26 +515,26 @@ maximum size of the output buffer will be automatically calculated or checked in corresponding \s-1EVP\s0 methods by the \s-1EVP\s0 framework. Thus the implementations of these methods don't need to care about handling the case of returning output buffer size by themselves. For details on the output buffer size, refer to -\&\fIEVP_PKEY_sign\fR\|(3). +\&\fBEVP_PKEY_sign\fR\|(3). .PP -The \fB\s-1EVP_PKEY_FLAG_SIGCTX_CUSTOM\s0\fR is used to indicate the \fIsignctx()\fR method +The \fB\s-1EVP_PKEY_FLAG_SIGCTX_CUSTOM\s0\fR is used to indicate the \fBsignctx()\fR method of an \fB\s-1EVP_PKEY_METHOD\s0\fR is always called by the \s-1EVP\s0 framework while doing a -digest signing operation by calling \fIEVP_DigestSignFinal\fR\|(3). +digest signing operation by calling \fBEVP_DigestSignFinal\fR\|(3). .PP -\&\fIEVP_PKEY_meth_free()\fR frees an existing \fB\s-1EVP_PKEY_METHOD\s0\fR pointed by +\&\fBEVP_PKEY_meth_free()\fR frees an existing \fB\s-1EVP_PKEY_METHOD\s0\fR pointed by \&\fBpmeth\fR. .PP -\&\fIEVP_PKEY_meth_copy()\fR copies an \fB\s-1EVP_PKEY_METHOD\s0\fR object from \fBsrc\fR +\&\fBEVP_PKEY_meth_copy()\fR copies an \fB\s-1EVP_PKEY_METHOD\s0\fR object from \fBsrc\fR to \fBdst\fR. .PP -\&\fIEVP_PKEY_meth_find()\fR finds an \fB\s-1EVP_PKEY_METHOD\s0\fR object with the \fBid\fR. +\&\fBEVP_PKEY_meth_find()\fR finds an \fB\s-1EVP_PKEY_METHOD\s0\fR object with the \fBid\fR. This function first searches through the user-defined method objects and then the built-in objects. .PP -\&\fIEVP_PKEY_meth_add0()\fR adds \fBpmeth\fR to the user defined stack of methods. +\&\fBEVP_PKEY_meth_add0()\fR adds \fBpmeth\fR to the user defined stack of methods. .PP -\&\fIEVP_PKEY_meth_remove()\fR removes an \fB\s-1EVP_PKEY_METHOD\s0\fR object added by -\&\fIEVP_PKEY_meth_add0()\fR. +\&\fBEVP_PKEY_meth_remove()\fR removes an \fB\s-1EVP_PKEY_METHOD\s0\fR object added by +\&\fBEVP_PKEY_meth_add0()\fR. .PP The EVP_PKEY_meth_set functions set the corresponding fields of \&\fB\s-1EVP_PKEY_METHOD\s0\fR structure with the arguments passed. @@ -539,18 +543,18 @@ The EVP_PKEY_meth_get functions get the corresponding fields of \&\fB\s-1EVP_PKEY_METHOD\s0\fR structure to the arguments provided. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_PKEY_meth_new()\fR returns a pointer to a new \fB\s-1EVP_PKEY_METHOD\s0\fR +\&\fBEVP_PKEY_meth_new()\fR returns a pointer to a new \fB\s-1EVP_PKEY_METHOD\s0\fR object or returns \s-1NULL\s0 on error. .PP -\&\fIEVP_PKEY_meth_free()\fR and \fIEVP_PKEY_meth_copy()\fR do not return values. +\&\fBEVP_PKEY_meth_free()\fR and \fBEVP_PKEY_meth_copy()\fR do not return values. .PP -\&\fIEVP_PKEY_meth_find()\fR returns a pointer to the found \fB\s-1EVP_PKEY_METHOD\s0\fR +\&\fBEVP_PKEY_meth_find()\fR returns a pointer to the found \fB\s-1EVP_PKEY_METHOD\s0\fR object or returns \s-1NULL\s0 if not found. .PP -\&\fIEVP_PKEY_meth_add0()\fR returns 1 if method is added successfully or 0 +\&\fBEVP_PKEY_meth_add0()\fR returns 1 if method is added successfully or 0 if an error occurred. .PP -\&\fIEVP_PKEY_meth_remove()\fR returns 1 if method is removed successfully or +\&\fBEVP_PKEY_meth_remove()\fR returns 1 if method is removed successfully or 0 if an error occurred. .PP All EVP_PKEY_meth_set and EVP_PKEY_meth_get functions have no return diff --git a/secure/lib/libcrypto/man/EVP_PKEY_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_new.3 index 15c9d567aa48..a5050598a00a 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_new.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_NEW 3" -.TH EVP_PKEY_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_PKEY_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -161,16 +165,16 @@ EVP_PKEY_new, EVP_PKEY_up_ref, EVP_PKEY_free, EVP_PKEY_new_raw_private_key, EVP_ .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIEVP_PKEY_new()\fR function allocates an empty \fB\s-1EVP_PKEY\s0\fR structure which is +The \fBEVP_PKEY_new()\fR function allocates an empty \fB\s-1EVP_PKEY\s0\fR structure which is used by OpenSSL to store public and private keys. The reference count is set to \&\fB1\fR. .PP -\&\fIEVP_PKEY_up_ref()\fR increments the reference count of \fBkey\fR. +\&\fBEVP_PKEY_up_ref()\fR increments the reference count of \fBkey\fR. .PP -\&\fIEVP_PKEY_free()\fR decrements the reference count of \fBkey\fR and, if the reference +\&\fBEVP_PKEY_free()\fR decrements the reference count of \fBkey\fR and, if the reference count is zero, frees it up. If \fBkey\fR is \s-1NULL,\s0 nothing is done. .PP -\&\fIEVP_PKEY_new_raw_private_key()\fR allocates a new \fB\s-1EVP_PKEY\s0\fR. If \fBe\fR is non-NULL +\&\fBEVP_PKEY_new_raw_private_key()\fR allocates a new \fB\s-1EVP_PKEY\s0\fR. If \fBe\fR is non-NULL then the new \fB\s-1EVP_PKEY\s0\fR structure is associated with the engine \fBe\fR. The \&\fBtype\fR argument indicates what kind of key this is. The value should be a \s-1NID\s0 for a public key algorithm that supports raw private keys, i.e. one of @@ -181,21 +185,21 @@ The length should be appropriate for the type of the key. The public key data will be automatically derived from the given private key data (if appropriate for the algorithm type). .PP -\&\fIEVP_PKEY_new_raw_public_key()\fR works in the same way as -\&\fIEVP_PKEY_new_raw_private_key()\fR except that \fBkey\fR points to the raw public key +\&\fBEVP_PKEY_new_raw_public_key()\fR works in the same way as +\&\fBEVP_PKEY_new_raw_private_key()\fR except that \fBkey\fR points to the raw public key data. The \fB\s-1EVP_PKEY\s0\fR structure will be initialised without any private key information. Algorithm types that support raw public keys are \&\fB\s-1EVP_PKEY_X25519\s0\fR, \fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \fB\s-1EVP_PKEY_ED448\s0\fR. .PP -\&\fIEVP_PKEY_new_CMAC_key()\fR works in the same way as \fIEVP_PKEY_new_raw_private_key()\fR +\&\fBEVP_PKEY_new_CMAC_key()\fR works in the same way as \fBEVP_PKEY_new_raw_private_key()\fR except it is only for the \fB\s-1EVP_PKEY_CMAC\s0\fR algorithm type. In addition to the raw private key data, it also takes a cipher algorithm to be used during creation of a \s-1CMAC\s0 in the \fBcipher\fR argument. .PP -\&\fIEVP_PKEY_new_mac_key()\fR works in the same way as \fIEVP_PKEY_new_raw_private_key()\fR. -New applications should use \fIEVP_PKEY_new_raw_private_key()\fR instead. +\&\fBEVP_PKEY_new_mac_key()\fR works in the same way as \fBEVP_PKEY_new_raw_private_key()\fR. +New applications should use \fBEVP_PKEY_new_raw_private_key()\fR instead. .PP -\&\fIEVP_PKEY_get_raw_private_key()\fR fills the buffer provided by \fBpriv\fR with raw +\&\fBEVP_PKEY_get_raw_private_key()\fR fills the buffer provided by \fBpriv\fR with raw private key data. The number of bytes written is populated in \fB*len\fR. If the buffer \fBpriv\fR is \s-1NULL\s0 then \fB*len\fR is populated with the number of bytes required to hold the key. The calling application is responsible for ensuring @@ -204,7 +208,7 @@ only works for algorithms that support raw private keys. Currently this is: \&\fB\s-1EVP_PKEY_HMAC\s0\fR, \fB\s-1EVP_PKEY_POLY1305\s0\fR, \fB\s-1EVP_PKEY_SIPHASH\s0\fR, \fB\s-1EVP_PKEY_X25519\s0\fR, \&\fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \fB\s-1EVP_PKEY_ED448\s0\fR. .PP -\&\fIEVP_PKEY_get_raw_public_key()\fR fills the buffer provided by \fBpub\fR with raw +\&\fBEVP_PKEY_get_raw_public_key()\fR fills the buffer provided by \fBpub\fR with raw public key data. The number of bytes written is populated in \fB*len\fR. If the buffer \fBpub\fR is \s-1NULL\s0 then \fB*len\fR is populated with the number of bytes required to hold the key. The calling application is responsible for ensuring @@ -216,30 +220,33 @@ only works for algorithms that support raw public keys. Currently this is: The \fB\s-1EVP_PKEY\s0\fR structure is used by various OpenSSL functions which require a general private key without reference to any particular algorithm. .PP -The structure returned by \fIEVP_PKEY_new()\fR is empty. To add a private or public +The structure returned by \fBEVP_PKEY_new()\fR is empty. To add a private or public key to this empty structure use the appropriate functions described in -\&\fIEVP_PKEY_set1_RSA\fR\|(3), EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH or +\&\fBEVP_PKEY_set1_RSA\fR\|(3), EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH or EVP_PKEY_set1_EC_KEY. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_PKEY_new()\fR, \fIEVP_PKEY_new_raw_private_key()\fR, \fIEVP_PKEY_new_raw_public_key()\fR, -\&\fIEVP_PKEY_new_CMAC_key()\fR and \fIEVP_PKEY_new_mac_key()\fR return either the newly +\&\fBEVP_PKEY_new()\fR, \fBEVP_PKEY_new_raw_private_key()\fR, \fBEVP_PKEY_new_raw_public_key()\fR, +\&\fBEVP_PKEY_new_CMAC_key()\fR and \fBEVP_PKEY_new_mac_key()\fR return either the newly allocated \fB\s-1EVP_PKEY\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. .PP -\&\fIEVP_PKEY_up_ref()\fR, \fIEVP_PKEY_get_raw_private_key()\fR and -\&\fIEVP_PKEY_get_raw_public_key()\fR return 1 for success and 0 for failure. +\&\fBEVP_PKEY_up_ref()\fR, \fBEVP_PKEY_get_raw_private_key()\fR and +\&\fBEVP_PKEY_get_raw_public_key()\fR return 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_set1_RSA\fR\|(3), EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH or +\&\fBEVP_PKEY_set1_RSA\fR\|(3), EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH or EVP_PKEY_set1_EC_KEY .SH "HISTORY" .IX Header "HISTORY" -\&\fIEVP_PKEY_new()\fR and \fIEVP_PKEY_free()\fR exist in all versions of OpenSSL. +The +\&\fBEVP_PKEY_new()\fR and \fBEVP_PKEY_free()\fR functions exist in all versions of OpenSSL. .PP -\&\fIEVP_PKEY_up_ref()\fR was first added to OpenSSL 1.1.0. -\&\fIEVP_PKEY_new_raw_private_key()\fR, \fIEVP_PKEY_new_raw_public_key()\fR, -\&\fIEVP_PKEY_new_CMAC_key()\fR, \fIEVP_PKEY_new_raw_private_key()\fR and -\&\fIEVP_PKEY_get_raw_public_key()\fR were first added to OpenSSL 1.1.1. +The \fBEVP_PKEY_up_ref()\fR function was added in OpenSSL 1.1.0. +.PP +The +\&\fBEVP_PKEY_new_raw_private_key()\fR, \fBEVP_PKEY_new_raw_public_key()\fR, +\&\fBEVP_PKEY_new_CMAC_key()\fR, \fBEVP_PKEY_new_raw_private_key()\fR and +\&\fBEVP_PKEY_get_raw_public_key()\fR functions were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 b/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 index a0c80534dbb4..43ebf4e5f838 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_PRINT_PRIVATE 3" -.TH EVP_PKEY_PRINT_PRIVATE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_PKEY_PRINT_PRIVATE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,8 +154,8 @@ EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params \- public k .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The functions \fIEVP_PKEY_print_public()\fR, \fIEVP_PKEY_print_private()\fR and -\&\fIEVP_PKEY_print_params()\fR print out the public, private or parameter components +The functions \fBEVP_PKEY_print_public()\fR, \fBEVP_PKEY_print_private()\fR and +\&\fBEVP_PKEY_print_params()\fR print out the public, private or parameter components of key \fBpkey\fR respectively. The key is sent to \s-1BIO\s0 \fBout\fR in human readable form. The parameter \fBindent\fR indicated how far the printout should be indented. .PP @@ -164,7 +168,7 @@ Currently no public key algorithms include any options in the \fBpctx\fR paramet .PP If the key does not include all the components indicated by the function then only those contained in the key will be printed. For example passing a public -key to \fIEVP_PKEY_print_private()\fR will only print the public components. +key to \fBEVP_PKEY_print_private()\fR will only print the public components. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions all return 1 for success and 0 or a negative value for failure. @@ -172,11 +176,11 @@ In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_CTX_new\fR\|(3), -\&\fIEVP_PKEY_keygen\fR\|(3) +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_keygen\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -These functions were first added to OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2006\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 index 411d592a5364..3276d3c40800 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_SET1_RSA 3" -.TH EVP_PKEY_SET1_RSA 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_PKEY_SET1_RSA 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -175,44 +179,44 @@ EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, EV .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIEVP_PKEY_set1_RSA()\fR, \fIEVP_PKEY_set1_DSA()\fR, \fIEVP_PKEY_set1_DH()\fR and -\&\fIEVP_PKEY_set1_EC_KEY()\fR set the key referenced by \fBpkey\fR to \fBkey\fR. +\&\fBEVP_PKEY_set1_RSA()\fR, \fBEVP_PKEY_set1_DSA()\fR, \fBEVP_PKEY_set1_DH()\fR and +\&\fBEVP_PKEY_set1_EC_KEY()\fR set the key referenced by \fBpkey\fR to \fBkey\fR. .PP -\&\fIEVP_PKEY_get1_RSA()\fR, \fIEVP_PKEY_get1_DSA()\fR, \fIEVP_PKEY_get1_DH()\fR and -\&\fIEVP_PKEY_get1_EC_KEY()\fR return the referenced key in \fBpkey\fR or +\&\fBEVP_PKEY_get1_RSA()\fR, \fBEVP_PKEY_get1_DSA()\fR, \fBEVP_PKEY_get1_DH()\fR and +\&\fBEVP_PKEY_get1_EC_KEY()\fR return the referenced key in \fBpkey\fR or \&\fB\s-1NULL\s0\fR if the key is not of the correct type. .PP -\&\fIEVP_PKEY_get0_hmac()\fR, \fIEVP_PKEY_get0_poly1305()\fR, \fIEVP_PKEY_get0_siphash()\fR, -\&\fIEVP_PKEY_get0_RSA()\fR, \fIEVP_PKEY_get0_DSA()\fR, \fIEVP_PKEY_get0_DH()\fR -and \fIEVP_PKEY_get0_EC_KEY()\fR also return the referenced key in \fBpkey\fR or \fB\s-1NULL\s0\fR +\&\fBEVP_PKEY_get0_hmac()\fR, \fBEVP_PKEY_get0_poly1305()\fR, \fBEVP_PKEY_get0_siphash()\fR, +\&\fBEVP_PKEY_get0_RSA()\fR, \fBEVP_PKEY_get0_DSA()\fR, \fBEVP_PKEY_get0_DH()\fR +and \fBEVP_PKEY_get0_EC_KEY()\fR also return the referenced key in \fBpkey\fR or \fB\s-1NULL\s0\fR if the key is not of the correct type but the reference count of the returned key is \fBnot\fR incremented and so must not be freed up after use. .PP -\&\fIEVP_PKEY_assign_RSA()\fR, \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR, -\&\fIEVP_PKEY_assign_EC_KEY()\fR, \fIEVP_PKEY_assign_POLY1305()\fR and -\&\fIEVP_PKEY_assign_SIPHASH()\fR also set the referenced key to \fBkey\fR +\&\fBEVP_PKEY_assign_RSA()\fR, \fBEVP_PKEY_assign_DSA()\fR, \fBEVP_PKEY_assign_DH()\fR, +\&\fBEVP_PKEY_assign_EC_KEY()\fR, \fBEVP_PKEY_assign_POLY1305()\fR and +\&\fBEVP_PKEY_assign_SIPHASH()\fR also set the referenced key to \fBkey\fR however these use the supplied \fBkey\fR internally and so \fBkey\fR will be freed when the parent \fBpkey\fR is freed. .PP -\&\fIEVP_PKEY_base_id()\fR returns the type of \fBpkey\fR. For example +\&\fBEVP_PKEY_base_id()\fR returns the type of \fBpkey\fR. For example an \s-1RSA\s0 key will return \fB\s-1EVP_PKEY_RSA\s0\fR. .PP -\&\fIEVP_PKEY_id()\fR returns the actual \s-1OID\s0 associated with \fBpkey\fR. Historically keys +\&\fBEVP_PKEY_id()\fR returns the actual \s-1OID\s0 associated with \fBpkey\fR. Historically keys using the same algorithm could use different OIDs. For example an \s-1RSA\s0 key could use the OIDs corresponding to the NIDs \fBNID_rsaEncryption\fR (equivalent to \&\fB\s-1EVP_PKEY_RSA\s0\fR) or \fBNID_rsa\fR (equivalent to \fB\s-1EVP_PKEY_RSA2\s0\fR). The use of alternative non-standard OIDs is now rare so \fB\s-1EVP_PKEY_RSA2\s0\fR et al are not often seen in practice. .PP -\&\fIEVP_PKEY_type()\fR returns the underlying type of the \s-1NID\s0 \fBtype\fR. For example +\&\fBEVP_PKEY_type()\fR returns the underlying type of the \s-1NID\s0 \fBtype\fR. For example EVP_PKEY_type(\s-1EVP_PKEY_RSA2\s0) will return \fB\s-1EVP_PKEY_RSA\s0\fR. .PP -\&\fIEVP_PKEY_set1_engine()\fR sets the \s-1ENGINE\s0 handling \fBpkey\fR to \fBengine\fR. It +\&\fBEVP_PKEY_set1_engine()\fR sets the \s-1ENGINE\s0 handling \fBpkey\fR to \fBengine\fR. It must be called after the key algorithm and components are set up. If \fBengine\fR does not include an \fB\s-1EVP_PKEY_METHOD\s0\fR for \fBpkey\fR an error occurs. .PP -\&\fIEVP_PKEY_set_alias_type()\fR allows modifying a \s-1EVP_PKEY\s0 to use a +\&\fBEVP_PKEY_set_alias_type()\fR allows modifying a \s-1EVP_PKEY\s0 to use a different set of algorithms than the default. This is currently used to support \s-1SM2\s0 keys, which use an identical encoding to \s-1ECDSA.\s0 .SH "NOTES" @@ -221,19 +225,19 @@ In accordance with the OpenSSL naming convention the key obtained from or assigned to the \fBpkey\fR using the \fB1\fR functions must be freed as well as \fBpkey\fR. .PP -\&\fIEVP_PKEY_assign_RSA()\fR, \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR, -\&\fIEVP_PKEY_assign_EC_KEY()\fR, \fIEVP_PKEY_assign_POLY1305()\fR -and \fIEVP_PKEY_assign_SIPHASH()\fR are implemented as macros. +\&\fBEVP_PKEY_assign_RSA()\fR, \fBEVP_PKEY_assign_DSA()\fR, \fBEVP_PKEY_assign_DH()\fR, +\&\fBEVP_PKEY_assign_EC_KEY()\fR, \fBEVP_PKEY_assign_POLY1305()\fR +and \fBEVP_PKEY_assign_SIPHASH()\fR are implemented as macros. .PP Most applications wishing to know a key type will simply call -\&\fIEVP_PKEY_base_id()\fR and will not care about the actual type: +\&\fBEVP_PKEY_base_id()\fR and will not care about the actual type: which will be identical in almost all cases. .PP Previous versions of this document suggested using EVP_PKEY_type(pkey\->type) to determine the type of a key. Since \fB\s-1EVP_PKEY\s0\fR is now opaque this is no longer possible: the equivalent is EVP_PKEY_base_id(pkey). .PP -\&\fIEVP_PKEY_set1_engine()\fR is typically used by an \s-1ENGINE\s0 returning an \s-1HSM\s0 +\&\fBEVP_PKEY_set1_engine()\fR is typically used by an \s-1ENGINE\s0 returning an \s-1HSM\s0 key as part of its routine to load a private key. .SH "EXAMPLES" .IX Header "EXAMPLES" @@ -245,26 +249,26 @@ algorithms with EVP_PKEY_set_alias_type: .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_PKEY_set1_RSA()\fR, \fIEVP_PKEY_set1_DSA()\fR, \fIEVP_PKEY_set1_DH()\fR and -\&\fIEVP_PKEY_set1_EC_KEY()\fR return 1 for success or 0 for failure. +\&\fBEVP_PKEY_set1_RSA()\fR, \fBEVP_PKEY_set1_DSA()\fR, \fBEVP_PKEY_set1_DH()\fR and +\&\fBEVP_PKEY_set1_EC_KEY()\fR return 1 for success or 0 for failure. .PP -\&\fIEVP_PKEY_get1_RSA()\fR, \fIEVP_PKEY_get1_DSA()\fR, \fIEVP_PKEY_get1_DH()\fR and -\&\fIEVP_PKEY_get1_EC_KEY()\fR return the referenced key or \fB\s-1NULL\s0\fR if +\&\fBEVP_PKEY_get1_RSA()\fR, \fBEVP_PKEY_get1_DSA()\fR, \fBEVP_PKEY_get1_DH()\fR and +\&\fBEVP_PKEY_get1_EC_KEY()\fR return the referenced key or \fB\s-1NULL\s0\fR if an error occurred. .PP -\&\fIEVP_PKEY_assign_RSA()\fR, \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR, -\&\fIEVP_PKEY_assign_EC_KEY()\fR, \fIEVP_PKEY_assign_POLY1305()\fR -and \fIEVP_PKEY_assign_SIPHASH()\fR return 1 for success and 0 for failure. +\&\fBEVP_PKEY_assign_RSA()\fR, \fBEVP_PKEY_assign_DSA()\fR, \fBEVP_PKEY_assign_DH()\fR, +\&\fBEVP_PKEY_assign_EC_KEY()\fR, \fBEVP_PKEY_assign_POLY1305()\fR +and \fBEVP_PKEY_assign_SIPHASH()\fR return 1 for success and 0 for failure. .PP -\&\fIEVP_PKEY_base_id()\fR, \fIEVP_PKEY_id()\fR and \fIEVP_PKEY_type()\fR return a key +\&\fBEVP_PKEY_base_id()\fR, \fBEVP_PKEY_id()\fR and \fBEVP_PKEY_type()\fR return a key type or \fBNID_undef\fR (equivalently \fB\s-1EVP_PKEY_NONE\s0\fR) on error. .PP -\&\fIEVP_PKEY_set1_engine()\fR returns 1 for success and 0 for failure. +\&\fBEVP_PKEY_set1_engine()\fR returns 1 for success and 0 for failure. .PP -\&\fIEVP_PKEY_set_alias_type()\fR returns 1 for success and 0 for error. +\&\fBEVP_PKEY_set_alias_type()\fR returns 1 for success and 0 for error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_new\fR\|(3) +\&\fBEVP_PKEY_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_sign.3 b/secure/lib/libcrypto/man/EVP_PKEY_sign.3 index bdc74d104dd8..08df42d8ee53 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_sign.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_SIGN 3" -.TH EVP_PKEY_SIGN 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_PKEY_SIGN 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,10 +152,10 @@ EVP_PKEY_sign_init, EVP_PKEY_sign \- sign using a public key algorithm .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIEVP_PKEY_sign_init()\fR function initializes a public key algorithm +The \fBEVP_PKEY_sign_init()\fR function initializes a public key algorithm context using key \fBpkey\fR for a signing operation. .PP -The \fIEVP_PKEY_sign()\fR function performs a public key signing operation +The \fBEVP_PKEY_sign()\fR function performs a public key signing operation using \fBctx\fR. The data to be signed is specified using the \fBtbs\fR and \&\fBtbslen\fR parameters. If \fBsig\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to the \fBsiglen\fR parameter. If \fBsig\fR is not \fB\s-1NULL\s0\fR then @@ -160,20 +164,20 @@ before the call the \fBsiglen\fR parameter should contain the length of the \&\fBsig\fR and the amount of data written to \fBsiglen\fR. .SH "NOTES" .IX Header "NOTES" -\&\fIEVP_PKEY_sign()\fR does not hash the data to be signed, and therefore is +\&\fBEVP_PKEY_sign()\fR does not hash the data to be signed, and therefore is normally used to sign digests. For signing arbitrary messages, see the -\&\fIEVP_DigestSignInit\fR\|(3) and -\&\fIEVP_SignInit\fR\|(3) signing interfaces instead. +\&\fBEVP_DigestSignInit\fR\|(3) and +\&\fBEVP_SignInit\fR\|(3) signing interfaces instead. .PP -After the call to \fIEVP_PKEY_sign_init()\fR algorithm specific control +After the call to \fBEVP_PKEY_sign_init()\fR algorithm specific control operations can be performed to set any appropriate parameters for the -operation (see \fIEVP_PKEY_CTX_ctrl\fR\|(3)). +operation (see \fBEVP_PKEY_CTX_ctrl\fR\|(3)). .PP -The function \fIEVP_PKEY_sign()\fR can be called more than once on the same +The function \fBEVP_PKEY_sign()\fR can be called more than once on the same context if several operations are performed using the same parameters. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_PKEY_sign_init()\fR and \fIEVP_PKEY_sign()\fR return 1 for success and 0 +\&\fBEVP_PKEY_sign_init()\fR and \fBEVP_PKEY_sign()\fR return 1 for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .SH "EXAMPLE" @@ -221,16 +225,16 @@ Sign data using \s-1RSA\s0 with PKCS#1 padding and \s-1SHA256\s0 digest: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_CTX_new\fR\|(3), -\&\fIEVP_PKEY_CTX_ctrl\fR\|(3), -\&\fIEVP_PKEY_encrypt\fR\|(3), -\&\fIEVP_PKEY_decrypt\fR\|(3), -\&\fIEVP_PKEY_verify\fR\|(3), -\&\fIEVP_PKEY_verify_recover\fR\|(3), -\&\fIEVP_PKEY_derive\fR\|(3) +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_CTX_ctrl\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -These functions were first added to OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_verify.3 b/secure/lib/libcrypto/man/EVP_PKEY_verify.3 index 88a2284e8b3f..047cdba02c03 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_verify.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_verify.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_VERIFY 3" -.TH EVP_PKEY_VERIFY 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_PKEY_VERIFY 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,26 +152,26 @@ EVP_PKEY_verify_init, EVP_PKEY_verify \- signature verification using a public k .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIEVP_PKEY_verify_init()\fR function initializes a public key algorithm +The \fBEVP_PKEY_verify_init()\fR function initializes a public key algorithm context using key \fBpkey\fR for a signature verification operation. .PP -The \fIEVP_PKEY_verify()\fR function performs a public key verification operation +The \fBEVP_PKEY_verify()\fR function performs a public key verification operation using \fBctx\fR. The signature is specified using the \fBsig\fR and \&\fBsiglen\fR parameters. The verified data (i.e. the data believed originally signed) is specified using the \fBtbs\fR and \fBtbslen\fR parameters. .SH "NOTES" .IX Header "NOTES" -After the call to \fIEVP_PKEY_verify_init()\fR algorithm specific control +After the call to \fBEVP_PKEY_verify_init()\fR algorithm specific control operations can be performed to set any appropriate parameters for the operation. .PP -The function \fIEVP_PKEY_verify()\fR can be called more than once on the same +The function \fBEVP_PKEY_verify()\fR can be called more than once on the same context if several operations are performed using the same parameters. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_PKEY_verify_init()\fR and \fIEVP_PKEY_verify()\fR return 1 if the verification was +\&\fBEVP_PKEY_verify_init()\fR and \fBEVP_PKEY_verify()\fR return 1 if the verification was successful and 0 if it failed. Unlike other functions the return value 0 from -\&\fIEVP_PKEY_verify()\fR only indicates that the signature did not verify +\&\fBEVP_PKEY_verify()\fR only indicates that the signature did not verify successfully (that is tbs did not match the original data or the signature was of invalid form) it is not an indication of a more serious error. .PP @@ -211,15 +215,15 @@ Verify signature using PKCS#1 and \s-1SHA256\s0 digest: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_CTX_new\fR\|(3), -\&\fIEVP_PKEY_encrypt\fR\|(3), -\&\fIEVP_PKEY_decrypt\fR\|(3), -\&\fIEVP_PKEY_sign\fR\|(3), -\&\fIEVP_PKEY_verify_recover\fR\|(3), -\&\fIEVP_PKEY_derive\fR\|(3) +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -These functions were first added to OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 b/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 index cd53ae332637..dea4f31a27fe 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_VERIFY_RECOVER 3" -.TH EVP_PKEY_VERIFY_RECOVER 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_PKEY_VERIFY_RECOVER 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,10 +152,10 @@ EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover \- recover signature using .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIEVP_PKEY_verify_recover_init()\fR function initializes a public key algorithm +The \fBEVP_PKEY_verify_recover_init()\fR function initializes a public key algorithm context using key \fBpkey\fR for a verify recover operation. .PP -The \fIEVP_PKEY_verify_recover()\fR function recovers signed data +The \fBEVP_PKEY_verify_recover()\fR function recovers signed data using \fBctx\fR. The signature is specified using the \fBsig\fR and \&\fBsiglen\fR parameters. If \fBrout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to the \fBroutlen\fR parameter. If \fBrout\fR is not \fB\s-1NULL\s0\fR then @@ -161,22 +165,22 @@ before the call the \fBroutlen\fR parameter should contain the length of the .SH "NOTES" .IX Header "NOTES" Normally an application is only interested in whether a signature verification -operation is successful in those cases the \fIEVP_verify()\fR function should be +operation is successful in those cases the \fBEVP_verify()\fR function should be used. .PP Sometimes however it is useful to obtain the data originally signed using a signing operation. Only certain public key algorithms can recover a signature in this way (for example \s-1RSA\s0 in \s-1PKCS\s0 padding mode). .PP -After the call to \fIEVP_PKEY_verify_recover_init()\fR algorithm specific control +After the call to \fBEVP_PKEY_verify_recover_init()\fR algorithm specific control operations can be performed to set any appropriate parameters for the operation. .PP -The function \fIEVP_PKEY_verify_recover()\fR can be called more than once on the same +The function \fBEVP_PKEY_verify_recover()\fR can be called more than once on the same context if several operations are performed using the same parameters. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_PKEY_verify_recover_init()\fR and \fIEVP_PKEY_verify_recover()\fR return 1 for success +\&\fBEVP_PKEY_verify_recover_init()\fR and \fBEVP_PKEY_verify_recover()\fR return 1 for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .SH "EXAMPLE" @@ -222,15 +226,15 @@ Recover digest originally signed using PKCS#1 and \s-1SHA256\s0 digest: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_CTX_new\fR\|(3), -\&\fIEVP_PKEY_encrypt\fR\|(3), -\&\fIEVP_PKEY_decrypt\fR\|(3), -\&\fIEVP_PKEY_sign\fR\|(3), -\&\fIEVP_PKEY_verify\fR\|(3), -\&\fIEVP_PKEY_derive\fR\|(3) +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -These functions were first added to OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_SealInit.3 b/secure/lib/libcrypto/man/EVP_SealInit.3 index a836dbc9b648..99531bd74e74 100644 --- a/secure/lib/libcrypto/man/EVP_SealInit.3 +++ b/secure/lib/libcrypto/man/EVP_SealInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SEALINIT 3" -.TH EVP_SEALINIT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_SEALINIT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,9 +159,9 @@ encryption. They generate a random key and \s-1IV\s0 (if required) then \&\*(L"envelope\*(R" it by using public key encryption. Data can then be encrypted using this key. .PP -\&\fIEVP_SealInit()\fR initializes a cipher context \fBctx\fR for encryption +\&\fBEVP_SealInit()\fR initializes a cipher context \fBctx\fR for encryption with cipher \fBtype\fR using a random secret key and \s-1IV.\s0 \fBtype\fR is normally -supplied by a function such as \fIEVP_aes_256_cbc()\fR. The secret key is encrypted +supplied by a function such as \fBEVP_aes_256_cbc()\fR. The secret key is encrypted using one or more public keys, this allows the same encrypted data to be decrypted using any of the corresponding private keys. \fBek\fR is an array of buffers where the public key encrypted secret key will be written, each buffer @@ -173,20 +177,20 @@ example) EVP_CIPHER_iv_length(type). If the cipher does not require an \s-1IV\s0 then the \fBiv\fR parameter is ignored and can be \fB\s-1NULL\s0\fR. .PP -\&\fIEVP_SealUpdate()\fR and \fIEVP_SealFinal()\fR have exactly the same properties -as the \fIEVP_EncryptUpdate()\fR and \fIEVP_EncryptFinal()\fR routines, as -documented on the \fIEVP_EncryptInit\fR\|(3) manual +\&\fBEVP_SealUpdate()\fR and \fBEVP_SealFinal()\fR have exactly the same properties +as the \fBEVP_EncryptUpdate()\fR and \fBEVP_EncryptFinal()\fR routines, as +documented on the \fBEVP_EncryptInit\fR\|(3) manual page. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_SealInit()\fR returns 0 on error or \fBnpubk\fR if successful. +\&\fBEVP_SealInit()\fR returns 0 on error or \fBnpubk\fR if successful. .PP -\&\fIEVP_SealUpdate()\fR and \fIEVP_SealFinal()\fR return 1 for success and 0 for +\&\fBEVP_SealUpdate()\fR and \fBEVP_SealFinal()\fR return 1 for success and 0 for failure. .SH "NOTES" .IX Header "NOTES" Because a random secret key is generated the random number generator -must be seeded before calling \fIEVP_SealInit()\fR. +must be seeded before calling \fBEVP_SealInit()\fR. .PP The public key must be \s-1RSA\s0 because it is the only OpenSSL public key algorithm that supports key transport. @@ -197,15 +201,15 @@ but symmetric encryption is fast. So symmetric encryption is used for bulk encryption and the small random symmetric key used is transferred using public key encryption. .PP -It is possible to call \fIEVP_SealInit()\fR twice in the same way as -\&\fIEVP_EncryptInit()\fR. The first call should have \fBnpubk\fR set to 0 +It is possible to call \fBEVP_SealInit()\fR twice in the same way as +\&\fBEVP_EncryptInit()\fR. The first call should have \fBnpubk\fR set to 0 and (after setting any cipher parameters) it should be called again with \fBtype\fR set to \s-1NULL.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(7), \fIRAND_bytes\fR\|(3), -\&\fIEVP_EncryptInit\fR\|(3), -\&\fIEVP_OpenInit\fR\|(3) +\&\fBevp\fR\|(7), \fBRAND_bytes\fR\|(3), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_OpenInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_SignInit.3 b/secure/lib/libcrypto/man/EVP_SignInit.3 index 1d7dff0770a2..ef1e5f04cebe 100644 --- a/secure/lib/libcrypto/man/EVP_SignInit.3 +++ b/secure/lib/libcrypto/man/EVP_SignInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SIGNINIT 3" -.TH EVP_SIGNINIT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_SIGNINIT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,7 +151,7 @@ EVP_PKEY_size, EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal, EVP \& \& void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type); \& -\& int EVP_PKEY_size(EVP_PKEY *pkey); +\& int EVP_PKEY_size(const EVP_PKEY *pkey); \& int EVP_PKEY_security_bits(const EVP_PKEY *pkey); .Ve .SH "DESCRIPTION" @@ -155,39 +159,39 @@ EVP_PKEY_size, EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal, EVP The \s-1EVP\s0 signature routines are a high level interface to digital signatures. .PP -\&\fIEVP_SignInit_ex()\fR sets up signing context \fBctx\fR to use digest +\&\fBEVP_SignInit_ex()\fR sets up signing context \fBctx\fR to use digest \&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be created with -\&\fIEVP_MD_CTX_new()\fR before calling this function. +\&\fBEVP_MD_CTX_new()\fR before calling this function. .PP -\&\fIEVP_SignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the +\&\fBEVP_SignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the signature context \fBctx\fR. This function can be called several times on the same \fBctx\fR to include additional data. .PP -\&\fIEVP_SignFinal()\fR signs the data in \fBctx\fR using the private key \fBpkey\fR and +\&\fBEVP_SignFinal()\fR signs the data in \fBctx\fR using the private key \fBpkey\fR and places the signature in \fBsig\fR. \fBsig\fR must be at least EVP_PKEY_size(pkey) bytes in size. \fBs\fR is an \s-1OUT\s0 parameter, and not used as an \s-1IN\s0 parameter. The number of bytes of data written (i.e. the length of the signature) will be written to the integer at \fBs\fR, at most EVP_PKEY_size(pkey) bytes will be written. .PP -\&\fIEVP_SignInit()\fR initializes a signing context \fBctx\fR to use the default +\&\fBEVP_SignInit()\fR initializes a signing context \fBctx\fR to use the default implementation of digest \fBtype\fR. .PP -\&\fIEVP_PKEY_size()\fR returns the maximum size of a signature in bytes. The actual -signature returned by \fIEVP_SignFinal()\fR may be smaller. +\&\fBEVP_PKEY_size()\fR returns the maximum size of a signature in bytes. The actual +signature returned by \fBEVP_SignFinal()\fR may be smaller. .PP -\&\fIEVP_PKEY_security_bits()\fR returns the number of security bits of the given \fBpkey\fR, +\&\fBEVP_PKEY_security_bits()\fR returns the number of security bits of the given \fBpkey\fR, bits of security is defined in \s-1NIST SP800\-57.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_SignInit_ex()\fR, \fIEVP_SignUpdate()\fR and \fIEVP_SignFinal()\fR return 1 +\&\fBEVP_SignInit_ex()\fR, \fBEVP_SignUpdate()\fR and \fBEVP_SignFinal()\fR return 1 for success and 0 for failure. .PP -\&\fIEVP_PKEY_size()\fR returns the maximum size of a signature in bytes. +\&\fBEVP_PKEY_size()\fR returns the maximum size of a signature in bytes. .PP -The error codes can be obtained by \fIERR_get_error\fR\|(3). +The error codes can be obtained by \fBERR_get_error\fR\|(3). .PP -\&\fIEVP_PKEY_security_bits()\fR returns the number of security bits. +\&\fBEVP_PKEY_security_bits()\fR returns the number of security bits. .SH "NOTES" .IX Header "NOTES" The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in @@ -198,33 +202,33 @@ When signing with \s-1DSA\s0 private keys the random number generator must be se or the operation will fail. The random number generator does not need to be seeded for \s-1RSA\s0 signatures. .PP -The call to \fIEVP_SignFinal()\fR internally finalizes a copy of the digest context. -This means that calls to \fIEVP_SignUpdate()\fR and \fIEVP_SignFinal()\fR can be called +The call to \fBEVP_SignFinal()\fR internally finalizes a copy of the digest context. +This means that calls to \fBEVP_SignUpdate()\fR and \fBEVP_SignFinal()\fR can be called later to digest and sign additional data. .PP Since only a copy of the digest context is ever finalized the context must -be cleaned up after use by calling \fIEVP_MD_CTX_free()\fR or a memory leak +be cleaned up after use by calling \fBEVP_MD_CTX_free()\fR or a memory leak will occur. .SH "BUGS" .IX Header "BUGS" Older versions of this documentation wrongly stated that calls to -\&\fIEVP_SignUpdate()\fR could not be made after calling \fIEVP_SignFinal()\fR. +\&\fBEVP_SignUpdate()\fR could not be made after calling \fBEVP_SignFinal()\fR. .PP -Since the private key is passed in the call to \fIEVP_SignFinal()\fR any error +Since the private key is passed in the call to \fBEVP_SignFinal()\fR any error relating to the private key (for example an unsuitable key and digest combination) will not be indicated until after potentially large amounts of -data have been passed through \fIEVP_SignUpdate()\fR. +data have been passed through \fBEVP_SignUpdate()\fR. .PP It is not possible to change the signing parameters using these function. .PP The previous two bugs are fixed in the newer EVP_SignDigest*() function. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_VerifyInit\fR\|(3), -\&\fIEVP_DigestInit\fR\|(3), -\&\fIevp\fR\|(7), \s-1\fIHMAC\s0\fR\|(3), \s-1\fIMD2\s0\fR\|(3), -\&\s-1\fIMD5\s0\fR\|(3), \s-1\fIMDC2\s0\fR\|(3), \s-1\fIRIPEMD160\s0\fR\|(3), -\&\s-1\fISHA1\s0\fR\|(3), \fIdgst\fR\|(1) +\&\fBEVP_VerifyInit\fR\|(3), +\&\fBEVP_DigestInit\fR\|(3), +\&\fBevp\fR\|(7), \s-1\fBHMAC\s0\fR\|(3), \s-1\fBMD2\s0\fR\|(3), +\&\s-1\fBMD5\s0\fR\|(3), \s-1\fBMDC2\s0\fR\|(3), \s-1\fBRIPEMD160\s0\fR\|(3), +\&\s-1\fBSHA1\s0\fR\|(3), \fBdgst\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_VerifyInit.3 b/secure/lib/libcrypto/man/EVP_VerifyInit.3 index 4b45b0cf21e2..eef0a83fa713 100644 --- a/secure/lib/libcrypto/man/EVP_VerifyInit.3 +++ b/secure/lib/libcrypto/man/EVP_VerifyInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_VERIFYINIT 3" -.TH EVP_VERIFYINIT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_VERIFYINIT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,62 +157,62 @@ EVP_VerifyInit_ex, EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal \&\- EVP si The \s-1EVP\s0 signature verification routines are a high level interface to digital signatures. .PP -\&\fIEVP_VerifyInit_ex()\fR sets up verification context \fBctx\fR to use digest +\&\fBEVP_VerifyInit_ex()\fR sets up verification context \fBctx\fR to use digest \&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be created by calling -\&\fIEVP_MD_CTX_new()\fR before calling this function. +\&\fBEVP_MD_CTX_new()\fR before calling this function. .PP -\&\fIEVP_VerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the +\&\fBEVP_VerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the verification context \fBctx\fR. This function can be called several times on the same \fBctx\fR to include additional data. .PP -\&\fIEVP_VerifyFinal()\fR verifies the data in \fBctx\fR using the public key \fBpkey\fR +\&\fBEVP_VerifyFinal()\fR verifies the data in \fBctx\fR using the public key \fBpkey\fR and against the \fBsiglen\fR bytes at \fBsigbuf\fR. .PP -\&\fIEVP_VerifyInit()\fR initializes verification context \fBctx\fR to use the default +\&\fBEVP_VerifyInit()\fR initializes verification context \fBctx\fR to use the default implementation of digest \fBtype\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_VerifyInit_ex()\fR and \fIEVP_VerifyUpdate()\fR return 1 for success and 0 for +\&\fBEVP_VerifyInit_ex()\fR and \fBEVP_VerifyUpdate()\fR return 1 for success and 0 for failure. .PP -\&\fIEVP_VerifyFinal()\fR returns 1 for a correct signature, 0 for failure and \-1 if some +\&\fBEVP_VerifyFinal()\fR returns 1 for a correct signature, 0 for failure and \-1 if some other error occurred. .PP -The error codes can be obtained by \fIERR_get_error\fR\|(3). +The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "NOTES" .IX Header "NOTES" The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in preference to the low level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. .PP -The call to \fIEVP_VerifyFinal()\fR internally finalizes a copy of the digest context. -This means that calls to \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR can be called +The call to \fBEVP_VerifyFinal()\fR internally finalizes a copy of the digest context. +This means that calls to \fBEVP_VerifyUpdate()\fR and \fBEVP_VerifyFinal()\fR can be called later to digest and verify additional data. .PP Since only a copy of the digest context is ever finalized the context must -be cleaned up after use by calling \fIEVP_MD_CTX_free()\fR or a memory leak +be cleaned up after use by calling \fBEVP_MD_CTX_free()\fR or a memory leak will occur. .SH "BUGS" .IX Header "BUGS" Older versions of this documentation wrongly stated that calls to -\&\fIEVP_VerifyUpdate()\fR could not be made after calling \fIEVP_VerifyFinal()\fR. +\&\fBEVP_VerifyUpdate()\fR could not be made after calling \fBEVP_VerifyFinal()\fR. .PP -Since the public key is passed in the call to \fIEVP_SignFinal()\fR any error +Since the public key is passed in the call to \fBEVP_SignFinal()\fR any error relating to the private key (for example an unsuitable key and digest combination) will not be indicated until after potentially large amounts of -data have been passed through \fIEVP_SignUpdate()\fR. +data have been passed through \fBEVP_SignUpdate()\fR. .PP It is not possible to change the signing parameters using these function. .PP The previous two bugs are fixed in the newer EVP_VerifyDigest*() function. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(7), -\&\fIEVP_SignInit\fR\|(3), -\&\fIEVP_DigestInit\fR\|(3), -\&\fIevp\fR\|(7), \s-1\fIHMAC\s0\fR\|(3), \s-1\fIMD2\s0\fR\|(3), -\&\s-1\fIMD5\s0\fR\|(3), \s-1\fIMDC2\s0\fR\|(3), \s-1\fIRIPEMD160\s0\fR\|(3), -\&\s-1\fISHA1\s0\fR\|(3), \fIdgst\fR\|(1) +\&\fBevp\fR\|(7), +\&\fBEVP_SignInit\fR\|(3), +\&\fBEVP_DigestInit\fR\|(3), +\&\fBevp\fR\|(7), \s-1\fBHMAC\s0\fR\|(3), \s-1\fBMD2\s0\fR\|(3), +\&\s-1\fBMD5\s0\fR\|(3), \s-1\fBMDC2\s0\fR\|(3), \s-1\fBRIPEMD160\s0\fR\|(3), +\&\s-1\fBSHA1\s0\fR\|(3), \fBdgst\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_aes.3 b/secure/lib/libcrypto/man/EVP_aes.3 index c8edbb5b0ead..8d968608812d 100644 --- a/secure/lib/libcrypto/man/EVP_aes.3 +++ b/secure/lib/libcrypto/man/EVP_aes.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_AES 3" -.TH EVP_AES 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_AES 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,11 +153,11 @@ functions, such as \fIEVP_aes_128_cbc\fR. .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1AES\s0 encryption algorithm for \s-1EVP.\s0 -.IP "\fIEVP_aes_128_cbc()\fR, \fIEVP_aes_192_cbc()\fR, \fIEVP_aes_256_cbc()\fR, \fIEVP_aes_128_cfb()\fR, \fIEVP_aes_192_cfb()\fR, \fIEVP_aes_256_cfb()\fR, \fIEVP_aes_128_cfb1()\fR, \fIEVP_aes_192_cfb1()\fR, \fIEVP_aes_256_cfb1()\fR, \fIEVP_aes_128_cfb8()\fR, \fIEVP_aes_192_cfb8()\fR, \fIEVP_aes_256_cfb8()\fR, \fIEVP_aes_128_cfb128()\fR, \fIEVP_aes_192_cfb128()\fR, \fIEVP_aes_256_cfb128()\fR, \fIEVP_aes_128_ctr()\fR, \fIEVP_aes_192_ctr()\fR, \fIEVP_aes_256_ctr()\fR, \fIEVP_aes_128_ecb()\fR, \fIEVP_aes_192_ecb()\fR, \fIEVP_aes_256_ecb()\fR, \fIEVP_aes_128_ofb()\fR, \fIEVP_aes_192_ofb()\fR, \fIEVP_aes_256_ofb()\fR" 4 +.IP "\fBEVP_aes_128_cbc()\fR, \fBEVP_aes_192_cbc()\fR, \fBEVP_aes_256_cbc()\fR, \fBEVP_aes_128_cfb()\fR, \fBEVP_aes_192_cfb()\fR, \fBEVP_aes_256_cfb()\fR, \fBEVP_aes_128_cfb1()\fR, \fBEVP_aes_192_cfb1()\fR, \fBEVP_aes_256_cfb1()\fR, \fBEVP_aes_128_cfb8()\fR, \fBEVP_aes_192_cfb8()\fR, \fBEVP_aes_256_cfb8()\fR, \fBEVP_aes_128_cfb128()\fR, \fBEVP_aes_192_cfb128()\fR, \fBEVP_aes_256_cfb128()\fR, \fBEVP_aes_128_ctr()\fR, \fBEVP_aes_192_ctr()\fR, \fBEVP_aes_256_ctr()\fR, \fBEVP_aes_128_ecb()\fR, \fBEVP_aes_192_ecb()\fR, \fBEVP_aes_256_ecb()\fR, \fBEVP_aes_128_ofb()\fR, \fBEVP_aes_192_ofb()\fR, \fBEVP_aes_256_ofb()\fR" 4 .IX Item "EVP_aes_128_cbc(), EVP_aes_192_cbc(), EVP_aes_256_cbc(), EVP_aes_128_cfb(), EVP_aes_192_cfb(), EVP_aes_256_cfb(), EVP_aes_128_cfb1(), EVP_aes_192_cfb1(), EVP_aes_256_cfb1(), EVP_aes_128_cfb8(), EVP_aes_192_cfb8(), EVP_aes_256_cfb8(), EVP_aes_128_cfb128(), EVP_aes_192_cfb128(), EVP_aes_256_cfb128(), EVP_aes_128_ctr(), EVP_aes_192_ctr(), EVP_aes_256_ctr(), EVP_aes_128_ecb(), EVP_aes_192_ecb(), EVP_aes_256_ecb(), EVP_aes_128_ofb(), EVP_aes_192_ofb(), EVP_aes_256_ofb()" \&\s-1AES\s0 for 128, 192 and 256 bit keys in the following modes: \s-1CBC, CFB\s0 with 128\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift, \s-1CTR, ECB,\s0 and \s-1OFB.\s0 -.IP "\fIEVP_aes_128_cbc_hmac_sha1()\fR, \fIEVP_aes_256_cbc_hmac_sha1()\fR" 4 +.IP "\fBEVP_aes_128_cbc_hmac_sha1()\fR, \fBEVP_aes_256_cbc_hmac_sha1()\fR" 4 .IX Item "EVP_aes_128_cbc_hmac_sha1(), EVP_aes_256_cbc_hmac_sha1()" Authenticated encryption with \s-1AES\s0 in \s-1CBC\s0 mode using \s-1SHA\-1\s0 as \s-1HMAC,\s0 with keys of 128 and 256 bits length respectively. The authentication tag is 160 bits long. @@ -161,7 +165,7 @@ Authenticated encryption with \s-1AES\s0 in \s-1CBC\s0 mode using \s-1SHA\-1\s0 \&\s-1WARNING:\s0 this is not intended for usage outside of \s-1TLS\s0 and requires calling of some undocumented ctrl functions. These ciphers do not conform to the \s-1EVP AEAD\s0 interface. -.IP "\fIEVP_aes_128_cbc_hmac_sha256()\fR, \fIEVP_aes_256_cbc_hmac_sha256()\fR" 4 +.IP "\fBEVP_aes_128_cbc_hmac_sha256()\fR, \fBEVP_aes_256_cbc_hmac_sha256()\fR" 4 .IX Item "EVP_aes_128_cbc_hmac_sha256(), EVP_aes_256_cbc_hmac_sha256()" Authenticated encryption with \s-1AES\s0 in \s-1CBC\s0 mode using \s-1SHA256\s0 (\s-1SHA\-2,\s0 256\-bits) as \&\s-1HMAC,\s0 with keys of 128 and 256 bits length respectively. The authentication tag @@ -170,17 +174,17 @@ is 256 bits long. \&\s-1WARNING:\s0 this is not intended for usage outside of \s-1TLS\s0 and requires calling of some undocumented ctrl functions. These ciphers do not conform to the \s-1EVP AEAD\s0 interface. -.IP "\fIEVP_aes_128_ccm()\fR, \fIEVP_aes_192_ccm()\fR, \fIEVP_aes_256_ccm()\fR, \fIEVP_aes_128_gcm()\fR, \fIEVP_aes_192_gcm()\fR, \fIEVP_aes_256_gcm()\fR, \fIEVP_aes_128_ocb()\fR, \fIEVP_aes_192_ocb()\fR, \fIEVP_aes_256_ocb()\fR" 4 +.IP "\fBEVP_aes_128_ccm()\fR, \fBEVP_aes_192_ccm()\fR, \fBEVP_aes_256_ccm()\fR, \fBEVP_aes_128_gcm()\fR, \fBEVP_aes_192_gcm()\fR, \fBEVP_aes_256_gcm()\fR, \fBEVP_aes_128_ocb()\fR, \fBEVP_aes_192_ocb()\fR, \fBEVP_aes_256_ocb()\fR" 4 .IX Item "EVP_aes_128_ccm(), EVP_aes_192_ccm(), EVP_aes_256_ccm(), EVP_aes_128_gcm(), EVP_aes_192_gcm(), EVP_aes_256_gcm(), EVP_aes_128_ocb(), EVP_aes_192_ocb(), EVP_aes_256_ocb()" \&\s-1AES\s0 for 128, 192 and 256 bit keys in CBC-MAC Mode (\s-1CCM\s0), Galois Counter Mode (\s-1GCM\s0) and \s-1OCB\s0 Mode respectively. These ciphers require additional control -operations to function correctly, see the \*(L"\s-1AEAD\s0 Interface\*(R" in \fIEVP_EncryptInit\fR\|(3) +operations to function correctly, see the \*(L"\s-1AEAD\s0 Interface\*(R" in \fBEVP_EncryptInit\fR\|(3) section for details. -.IP "\fIEVP_aes_128_wrap()\fR, \fIEVP_aes_192_wrap()\fR, \fIEVP_aes_256_wrap()\fR, \fIEVP_aes_128_wrap_pad()\fR, \fIEVP_aes_128_wrap()\fR, \fIEVP_aes_192_wrap()\fR, \fIEVP_aes_256_wrap()\fR, \fIEVP_aes_192_wrap_pad()\fR, \fIEVP_aes_128_wrap()\fR, \fIEVP_aes_192_wrap()\fR, \fIEVP_aes_256_wrap()\fR, \fIEVP_aes_256_wrap_pad()\fR" 4 +.IP "\fBEVP_aes_128_wrap()\fR, \fBEVP_aes_192_wrap()\fR, \fBEVP_aes_256_wrap()\fR, \fBEVP_aes_128_wrap_pad()\fR, \fBEVP_aes_128_wrap()\fR, \fBEVP_aes_192_wrap()\fR, \fBEVP_aes_256_wrap()\fR, \fBEVP_aes_192_wrap_pad()\fR, \fBEVP_aes_128_wrap()\fR, \fBEVP_aes_192_wrap()\fR, \fBEVP_aes_256_wrap()\fR, \fBEVP_aes_256_wrap_pad()\fR" 4 .IX Item "EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_128_wrap_pad(), EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_192_wrap_pad(), EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_256_wrap_pad()" \&\s-1AES\s0 key wrap with 128, 192 and 256 bit keys, as according to \s-1RFC 3394\s0 section 2.2.1 (\*(L"wrap\*(R") and \s-1RFC 5649\s0 section 4.1 (\*(L"wrap with padding\*(R") respectively. -.IP "\fIEVP_aes_128_xts()\fR, \fIEVP_aes_256_xts()\fR" 4 +.IP "\fBEVP_aes_128_xts()\fR, \fBEVP_aes_256_xts()\fR" 4 .IX Item "EVP_aes_128_xts(), EVP_aes_256_xts()" \&\s-1AES XTS\s0 mode (XTS-AES) is standardized in \s-1IEEE\s0 Std. 1619\-2007 and described in \s-1NIST SP 800\-38E.\s0 The \s-1XTS\s0 (XEX-based tweaked-codebook mode with ciphertext stealing) @@ -195,13 +199,13 @@ of a 512\-bit key to achieve \s-1AES\s0 256\-bit security. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the -implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for details of the \fB\s-1EVP_CIPHER\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(7), -\&\fIEVP_EncryptInit\fR\|(3), -\&\fIEVP_CIPHER_meth_new\fR\|(3) +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_aria.3 b/secure/lib/libcrypto/man/EVP_aria.3 index e94c02d3c5c0..1ed332aa4177 100644 --- a/secure/lib/libcrypto/man/EVP_aria.3 +++ b/secure/lib/libcrypto/man/EVP_aria.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_ARIA 3" -.TH EVP_ARIA 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_ARIA 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,25 +153,25 @@ functions, such as \fIEVP_aria_128_cbc\fR. .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1ARIA\s0 encryption algorithm for \s-1EVP.\s0 -.IP "\fIEVP_aria_128_cbc()\fR, \fIEVP_aria_192_cbc()\fR, \fIEVP_aria_256_cbc()\fR, \fIEVP_aria_128_cfb()\fR, \fIEVP_aria_192_cfb()\fR, \fIEVP_aria_256_cfb()\fR, \fIEVP_aria_128_cfb1()\fR, \fIEVP_aria_192_cfb1()\fR, \fIEVP_aria_256_cfb1()\fR, \fIEVP_aria_128_cfb8()\fR, \fIEVP_aria_192_cfb8()\fR, \fIEVP_aria_256_cfb8()\fR, \fIEVP_aria_128_cfb128()\fR, \fIEVP_aria_192_cfb128()\fR, \fIEVP_aria_256_cfb128()\fR, \fIEVP_aria_128_ctr()\fR, \fIEVP_aria_192_ctr()\fR, \fIEVP_aria_256_ctr()\fR, \fIEVP_aria_128_ecb()\fR, \fIEVP_aria_192_ecb()\fR, \fIEVP_aria_256_ecb()\fR, \fIEVP_aria_128_ofb()\fR, \fIEVP_aria_192_ofb()\fR, \fIEVP_aria_256_ofb()\fR" 4 +.IP "\fBEVP_aria_128_cbc()\fR, \fBEVP_aria_192_cbc()\fR, \fBEVP_aria_256_cbc()\fR, \fBEVP_aria_128_cfb()\fR, \fBEVP_aria_192_cfb()\fR, \fBEVP_aria_256_cfb()\fR, \fBEVP_aria_128_cfb1()\fR, \fBEVP_aria_192_cfb1()\fR, \fBEVP_aria_256_cfb1()\fR, \fBEVP_aria_128_cfb8()\fR, \fBEVP_aria_192_cfb8()\fR, \fBEVP_aria_256_cfb8()\fR, \fBEVP_aria_128_cfb128()\fR, \fBEVP_aria_192_cfb128()\fR, \fBEVP_aria_256_cfb128()\fR, \fBEVP_aria_128_ctr()\fR, \fBEVP_aria_192_ctr()\fR, \fBEVP_aria_256_ctr()\fR, \fBEVP_aria_128_ecb()\fR, \fBEVP_aria_192_ecb()\fR, \fBEVP_aria_256_ecb()\fR, \fBEVP_aria_128_ofb()\fR, \fBEVP_aria_192_ofb()\fR, \fBEVP_aria_256_ofb()\fR" 4 .IX Item "EVP_aria_128_cbc(), EVP_aria_192_cbc(), EVP_aria_256_cbc(), EVP_aria_128_cfb(), EVP_aria_192_cfb(), EVP_aria_256_cfb(), EVP_aria_128_cfb1(), EVP_aria_192_cfb1(), EVP_aria_256_cfb1(), EVP_aria_128_cfb8(), EVP_aria_192_cfb8(), EVP_aria_256_cfb8(), EVP_aria_128_cfb128(), EVP_aria_192_cfb128(), EVP_aria_256_cfb128(), EVP_aria_128_ctr(), EVP_aria_192_ctr(), EVP_aria_256_ctr(), EVP_aria_128_ecb(), EVP_aria_192_ecb(), EVP_aria_256_ecb(), EVP_aria_128_ofb(), EVP_aria_192_ofb(), EVP_aria_256_ofb()" \&\s-1ARIA\s0 for 128, 192 and 256 bit keys in the following modes: \s-1CBC, CFB\s0 with 128\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift, \s-1CTR, ECB\s0 and \s-1OFB.\s0 -.IP "\fIEVP_aria_128_ccm()\fR, \fIEVP_aria_192_ccm()\fR, \fIEVP_aria_256_ccm()\fR, \fIEVP_aria_128_gcm()\fR, \fIEVP_aria_192_gcm()\fR, \fIEVP_aria_256_gcm()\fR," 4 +.IP "\fBEVP_aria_128_ccm()\fR, \fBEVP_aria_192_ccm()\fR, \fBEVP_aria_256_ccm()\fR, \fBEVP_aria_128_gcm()\fR, \fBEVP_aria_192_gcm()\fR, \fBEVP_aria_256_gcm()\fR," 4 .IX Item "EVP_aria_128_ccm(), EVP_aria_192_ccm(), EVP_aria_256_ccm(), EVP_aria_128_gcm(), EVP_aria_192_gcm(), EVP_aria_256_gcm()," \&\s-1ARIA\s0 for 128, 192 and 256 bit keys in CBC-MAC Mode (\s-1CCM\s0) and Galois Counter Mode (\s-1GCM\s0). These ciphers require additional control operations to function -correctly, see the \*(L"\s-1AEAD\s0 Interface\*(R" in \fIEVP_EncryptInit\fR\|(3) section for details. +correctly, see the \*(L"\s-1AEAD\s0 Interface\*(R" in \fBEVP_EncryptInit\fR\|(3) section for details. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the -implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for details of the \fB\s-1EVP_CIPHER\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(7), -\&\fIEVP_EncryptInit\fR\|(3), -\&\fIEVP_CIPHER_meth_new\fR\|(3) +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_bf_cbc.3 b/secure/lib/libcrypto/man/EVP_bf_cbc.3 index bdd02a6d04c9..b823e87b401a 100644 --- a/secure/lib/libcrypto/man/EVP_bf_cbc.3 +++ b/secure/lib/libcrypto/man/EVP_bf_cbc.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_BF_CBC 3" -.TH EVP_BF_CBC 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_BF_CBC 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -152,19 +156,19 @@ EVP_bf_cbc, EVP_bf_cfb, EVP_bf_cfb64, EVP_bf_ecb, EVP_bf_ofb \&\- EVP Blowfish c The Blowfish encryption algorithm for \s-1EVP.\s0 .PP This is a variable key length cipher. -.IP "\fIEVP_bf_cbc()\fR, \fIEVP_bf_cfb()\fR, \fIEVP_bf_cfb64()\fR, \fIEVP_bf_ecb()\fR, \fIEVP_bf_ofb()\fR" 4 +.IP "\fBEVP_bf_cbc()\fR, \fBEVP_bf_cfb()\fR, \fBEVP_bf_cfb64()\fR, \fBEVP_bf_ecb()\fR, \fBEVP_bf_ofb()\fR" 4 .IX Item "EVP_bf_cbc(), EVP_bf_cfb(), EVP_bf_cfb64(), EVP_bf_ecb(), EVP_bf_ofb()" Blowfish encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the -implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for details of the \fB\s-1EVP_CIPHER\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(7), -\&\fIEVP_EncryptInit\fR\|(3), -\&\fIEVP_CIPHER_meth_new\fR\|(3) +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_blake2b512.3 b/secure/lib/libcrypto/man/EVP_blake2b512.3 index ebe656dc5fc4..631e45e608ce 100644 --- a/secure/lib/libcrypto/man/EVP_blake2b512.3 +++ b/secure/lib/libcrypto/man/EVP_blake2b512.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_BLAKE2B512 3" -.TH EVP_BLAKE2B512 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_BLAKE2B512 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,16 +153,16 @@ EVP_blake2b512, EVP_blake2s256 \&\- BLAKE2 For EVP \&\s-1BLAKE2\s0 is an improved version of \s-1BLAKE,\s0 which was submitted to the \s-1NIST SHA\-3\s0 algorithm competition. The BLAKE2s and BLAKE2b algorithms are described in \&\s-1RFC 7693.\s0 -.IP "\fIEVP_blake2s256()\fR" 4 +.IP "\fBEVP_blake2s256()\fR" 4 .IX Item "EVP_blake2s256()" The BLAKE2s algorithm that produces a 256\-bit output from a given input. -.IP "\fIEVP_blake2b512()\fR" 4 +.IP "\fBEVP_blake2b512()\fR" 4 .IX Item "EVP_blake2b512()" The BLAKE2b algorithm that produces a 512\-bit output from a given input. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the -implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for details of the \fB\s-1EVP_MD\s0\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" @@ -170,8 +174,8 @@ this implementation outputs a digest of a fixed length (the maximum length supported), which is 512\-bits for BLAKE2b and 256\-bits for BLAKE2s. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(7), -\&\fIEVP_DigestInit\fR\|(3) +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_camellia.3 b/secure/lib/libcrypto/man/EVP_camellia.3 index 42c383f8060e..36f44fa03614 100644 --- a/secure/lib/libcrypto/man/EVP_camellia.3 +++ b/secure/lib/libcrypto/man/EVP_camellia.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_CAMELLIA 3" -.TH EVP_CAMELLIA 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_CAMELLIA 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,20 +153,20 @@ functions, such as \fIEVP_camellia_128_cbc\fR. .SH "DESCRIPTION" .IX Header "DESCRIPTION" The Camellia encryption algorithm for \s-1EVP.\s0 -.IP "\fIEVP_camellia_128_cbc()\fR, \fIEVP_camellia_192_cbc()\fR, \fIEVP_camellia_256_cbc()\fR, \fIEVP_camellia_128_cfb()\fR, \fIEVP_camellia_192_cfb()\fR, \fIEVP_camellia_256_cfb()\fR, \fIEVP_camellia_128_cfb1()\fR, \fIEVP_camellia_192_cfb1()\fR, \fIEVP_camellia_256_cfb1()\fR, \fIEVP_camellia_128_cfb8()\fR, \fIEVP_camellia_192_cfb8()\fR, \fIEVP_camellia_256_cfb8()\fR, \fIEVP_camellia_128_cfb128()\fR, \fIEVP_camellia_192_cfb128()\fR, \fIEVP_camellia_256_cfb128()\fR, \fIEVP_camellia_128_ctr()\fR, \fIEVP_camellia_192_ctr()\fR, \fIEVP_camellia_256_ctr()\fR, \fIEVP_camellia_128_ecb()\fR, \fIEVP_camellia_192_ecb()\fR, \fIEVP_camellia_256_ecb()\fR, \fIEVP_camellia_128_ofb()\fR, \fIEVP_camellia_192_ofb()\fR, \fIEVP_camellia_256_ofb()\fR" 4 +.IP "\fBEVP_camellia_128_cbc()\fR, \fBEVP_camellia_192_cbc()\fR, \fBEVP_camellia_256_cbc()\fR, \fBEVP_camellia_128_cfb()\fR, \fBEVP_camellia_192_cfb()\fR, \fBEVP_camellia_256_cfb()\fR, \fBEVP_camellia_128_cfb1()\fR, \fBEVP_camellia_192_cfb1()\fR, \fBEVP_camellia_256_cfb1()\fR, \fBEVP_camellia_128_cfb8()\fR, \fBEVP_camellia_192_cfb8()\fR, \fBEVP_camellia_256_cfb8()\fR, \fBEVP_camellia_128_cfb128()\fR, \fBEVP_camellia_192_cfb128()\fR, \fBEVP_camellia_256_cfb128()\fR, \fBEVP_camellia_128_ctr()\fR, \fBEVP_camellia_192_ctr()\fR, \fBEVP_camellia_256_ctr()\fR, \fBEVP_camellia_128_ecb()\fR, \fBEVP_camellia_192_ecb()\fR, \fBEVP_camellia_256_ecb()\fR, \fBEVP_camellia_128_ofb()\fR, \fBEVP_camellia_192_ofb()\fR, \fBEVP_camellia_256_ofb()\fR" 4 .IX Item "EVP_camellia_128_cbc(), EVP_camellia_192_cbc(), EVP_camellia_256_cbc(), EVP_camellia_128_cfb(), EVP_camellia_192_cfb(), EVP_camellia_256_cfb(), EVP_camellia_128_cfb1(), EVP_camellia_192_cfb1(), EVP_camellia_256_cfb1(), EVP_camellia_128_cfb8(), EVP_camellia_192_cfb8(), EVP_camellia_256_cfb8(), EVP_camellia_128_cfb128(), EVP_camellia_192_cfb128(), EVP_camellia_256_cfb128(), EVP_camellia_128_ctr(), EVP_camellia_192_ctr(), EVP_camellia_256_ctr(), EVP_camellia_128_ecb(), EVP_camellia_192_ecb(), EVP_camellia_256_ecb(), EVP_camellia_128_ofb(), EVP_camellia_192_ofb(), EVP_camellia_256_ofb()" Camellia for 128, 192 and 256 bit keys in the following modes: \s-1CBC, CFB\s0 with 128\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift, \s-1CTR, ECB\s0 and \s-1OFB.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the -implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for details of the \fB\s-1EVP_CIPHER\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(7), -\&\fIEVP_EncryptInit\fR\|(3), -\&\fIEVP_CIPHER_meth_new\fR\|(3) +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_cast5_cbc.3 b/secure/lib/libcrypto/man/EVP_cast5_cbc.3 index e4f45eb9411d..3e5005cccda8 100644 --- a/secure/lib/libcrypto/man/EVP_cast5_cbc.3 +++ b/secure/lib/libcrypto/man/EVP_cast5_cbc.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_CAST5_CBC 3" -.TH EVP_CAST5_CBC 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_CAST5_CBC 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -152,19 +156,19 @@ EVP_cast5_cbc, EVP_cast5_cfb, EVP_cast5_cfb64, EVP_cast5_ecb, EVP_cast5_ofb \&\- The \s-1CAST\s0 encryption algorithm for \s-1EVP.\s0 .PP This is a variable key length cipher. -.IP "\fIEVP_cast5_cbc()\fR, \fIEVP_cast5_ecb()\fR, \fIEVP_cast5_cfb()\fR, \fIEVP_cast5_cfb64()\fR, \fIEVP_cast5_ofb()\fR" 4 +.IP "\fBEVP_cast5_cbc()\fR, \fBEVP_cast5_ecb()\fR, \fBEVP_cast5_cfb()\fR, \fBEVP_cast5_cfb64()\fR, \fBEVP_cast5_ofb()\fR" 4 .IX Item "EVP_cast5_cbc(), EVP_cast5_ecb(), EVP_cast5_cfb(), EVP_cast5_cfb64(), EVP_cast5_ofb()" \&\s-1CAST\s0 encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the -implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for details of the \fB\s-1EVP_CIPHER\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(7), -\&\fIEVP_EncryptInit\fR\|(3), -\&\fIEVP_CIPHER_meth_new\fR\|(3) +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_chacha20.3 b/secure/lib/libcrypto/man/EVP_chacha20.3 index 0aecec394cca..6694e4eee2e5 100644 --- a/secure/lib/libcrypto/man/EVP_chacha20.3 +++ b/secure/lib/libcrypto/man/EVP_chacha20.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_CHACHA20 3" -.TH EVP_CHACHA20 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_CHACHA20 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,25 +151,25 @@ EVP_chacha20, EVP_chacha20_poly1305 \&\- EVP ChaCha20 stream cipher .SH "DESCRIPTION" .IX Header "DESCRIPTION" The ChaCha20 stream cipher for \s-1EVP.\s0 -.IP "\fIEVP_chacha20()\fR" 4 +.IP "\fBEVP_chacha20()\fR" 4 .IX Item "EVP_chacha20()" The ChaCha20 stream cipher. The key length is 256 bits, the \s-1IV\s0 is 96 bits long. -.IP "\fIEVP_chacha20_poly1305()\fR" 4 +.IP "\fBEVP_chacha20_poly1305()\fR" 4 .IX Item "EVP_chacha20_poly1305()" -Authenticated encryption with ChaCha20\-Poly1305. Like \fIEVP_chacha20()\fR, the key +Authenticated encryption with ChaCha20\-Poly1305. Like \fBEVP_chacha20()\fR, the key is 256 bits and the \s-1IV\s0 is 96 bits. This supports additional authenticated data (\s-1AAD\s0) and produces a 128\-bit authentication tag. See the -\&\*(L"\s-1AEAD\s0 Interface\*(R" in \fIEVP_EncryptInit\fR\|(3) section for more information. +\&\*(L"\s-1AEAD\s0 Interface\*(R" in \fBEVP_EncryptInit\fR\|(3) section for more information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the -implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for details of the \fB\s-1EVP_CIPHER\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(7), -\&\fIEVP_EncryptInit\fR\|(3), -\&\fIEVP_CIPHER_meth_new\fR\|(3) +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_des.3 b/secure/lib/libcrypto/man/EVP_des.3 index 54319776111e..c71f52066540 100644 --- a/secure/lib/libcrypto/man/EVP_des.3 +++ b/secure/lib/libcrypto/man/EVP_des.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_DES 3" -.TH EVP_DES 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_DES 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,30 +153,30 @@ functions, such as \fIEVP_des_cbc\fR. .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1DES\s0 encryption algorithm for \s-1EVP.\s0 -.IP "\fIEVP_des_cbc()\fR, \fIEVP_des_ecb()\fR, \fIEVP_des_cfb()\fR, \fIEVP_des_cfb1()\fR, \fIEVP_des_cfb8()\fR, \fIEVP_des_cfb64()\fR, \fIEVP_des_ofb()\fR" 4 +.IP "\fBEVP_des_cbc()\fR, \fBEVP_des_ecb()\fR, \fBEVP_des_cfb()\fR, \fBEVP_des_cfb1()\fR, \fBEVP_des_cfb8()\fR, \fBEVP_des_cfb64()\fR, \fBEVP_des_ofb()\fR" 4 .IX Item "EVP_des_cbc(), EVP_des_ecb(), EVP_des_cfb(), EVP_des_cfb1(), EVP_des_cfb8(), EVP_des_cfb64(), EVP_des_ofb()" \&\s-1DES\s0 in \s-1CBC, ECB, CFB\s0 with 64\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift and \s-1OFB\s0 modes. -.IP "\fIEVP_des_ede()\fR, \fIEVP_des_ede_cbc()\fR, \fIEVP_des_ede_cfb()\fR, \fIEVP_des_ede_cfb64()\fR, \fIEVP_des_ede_ecb()\fR, \fIEVP_des_ede_ofb()\fR" 4 +.IP "\fBEVP_des_ede()\fR, \fBEVP_des_ede_cbc()\fR, \fBEVP_des_ede_cfb()\fR, \fBEVP_des_ede_cfb64()\fR, \fBEVP_des_ede_ecb()\fR, \fBEVP_des_ede_ofb()\fR" 4 .IX Item "EVP_des_ede(), EVP_des_ede_cbc(), EVP_des_ede_cfb(), EVP_des_ede_cfb64(), EVP_des_ede_ecb(), EVP_des_ede_ofb()" Two key triple \s-1DES\s0 in \s-1ECB, CBC, CFB\s0 with 64\-bit shift and \s-1OFB\s0 modes. -.IP "\fIEVP_des_ede3()\fR, \fIEVP_des_ede3_cbc()\fR, \fIEVP_des_ede3_cfb()\fR, \fIEVP_des_ede3_cfb1()\fR, \fIEVP_des_ede3_cfb8()\fR, \fIEVP_des_ede3_cfb64()\fR, \fIEVP_des_ede3_ecb()\fR, \fIEVP_des_ede3_ofb()\fR" 4 +.IP "\fBEVP_des_ede3()\fR, \fBEVP_des_ede3_cbc()\fR, \fBEVP_des_ede3_cfb()\fR, \fBEVP_des_ede3_cfb1()\fR, \fBEVP_des_ede3_cfb8()\fR, \fBEVP_des_ede3_cfb64()\fR, \fBEVP_des_ede3_ecb()\fR, \fBEVP_des_ede3_ofb()\fR" 4 .IX Item "EVP_des_ede3(), EVP_des_ede3_cbc(), EVP_des_ede3_cfb(), EVP_des_ede3_cfb1(), EVP_des_ede3_cfb8(), EVP_des_ede3_cfb64(), EVP_des_ede3_ecb(), EVP_des_ede3_ofb()" Three-key triple \s-1DES\s0 in \s-1ECB, CBC, CFB\s0 with 64\-bit shift, \s-1CFB\s0 with 1\-bit shift, \&\s-1CFB\s0 with 8\-bit shift and \s-1OFB\s0 modes. -.IP "\fIEVP_des_ede3_wrap()\fR" 4 +.IP "\fBEVP_des_ede3_wrap()\fR" 4 .IX Item "EVP_des_ede3_wrap()" Triple-DES key wrap according to \s-1RFC 3217\s0 Section 3. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the -implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for details of the \fB\s-1EVP_CIPHER\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(7), -\&\fIEVP_EncryptInit\fR\|(3), -\&\fIEVP_CIPHER_meth_new\fR\|(3) +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_desx_cbc.3 b/secure/lib/libcrypto/man/EVP_desx_cbc.3 index 27705c77bb0e..66ece0a82859 100644 --- a/secure/lib/libcrypto/man/EVP_desx_cbc.3 +++ b/secure/lib/libcrypto/man/EVP_desx_cbc.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_DESX_CBC 3" -.TH EVP_DESX_CBC 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_DESX_CBC 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,19 +152,19 @@ EVP_desx_cbc \&\- EVP DES\-X cipher The DES-X encryption algorithm for \s-1EVP.\s0 .PP All modes below use a key length of 128 bits and acts on blocks of 128\-bits. -.IP "\fIEVP_desx_cbc()\fR" 4 +.IP "\fBEVP_desx_cbc()\fR" 4 .IX Item "EVP_desx_cbc()" The DES-X algorithm in \s-1CBC\s0 mode. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the -implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for details of the \fB\s-1EVP_CIPHER\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(7), -\&\fIEVP_EncryptInit\fR\|(3), -\&\fIEVP_CIPHER_meth_new\fR\|(3) +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_idea_cbc.3 b/secure/lib/libcrypto/man/EVP_idea_cbc.3 index 89baa25db8b7..28b831542c4f 100644 --- a/secure/lib/libcrypto/man/EVP_idea_cbc.3 +++ b/secure/lib/libcrypto/man/EVP_idea_cbc.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_IDEA_CBC 3" -.TH EVP_IDEA_CBC 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_IDEA_CBC 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,19 +154,19 @@ EVP_idea_cbc, EVP_idea_cfb, EVP_idea_cfb64, EVP_idea_ecb, EVP_idea_ofb \&\- EVP .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1IDEA\s0 encryption algorithm for \s-1EVP.\s0 -.IP "\fIEVP_idea_cbc()\fR, \fIEVP_idea_cfb()\fR, \fIEVP_idea_cfb64()\fR, \fIEVP_idea_ecb()\fR, \fIEVP_idea_ofb()\fR" 4 +.IP "\fBEVP_idea_cbc()\fR, \fBEVP_idea_cfb()\fR, \fBEVP_idea_cfb64()\fR, \fBEVP_idea_ecb()\fR, \fBEVP_idea_ofb()\fR" 4 .IX Item "EVP_idea_cbc(), EVP_idea_cfb(), EVP_idea_cfb64(), EVP_idea_ecb(), EVP_idea_ofb()" The \s-1IDEA\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the -implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for details of the \fB\s-1EVP_CIPHER\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(7), -\&\fIEVP_EncryptInit\fR\|(3), -\&\fIEVP_CIPHER_meth_new\fR\|(3) +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_md2.3 b/secure/lib/libcrypto/man/EVP_md2.3 index 320a29ab19b5..209f81f6deb4 100644 --- a/secure/lib/libcrypto/man/EVP_md2.3 +++ b/secure/lib/libcrypto/man/EVP_md2.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_MD2 3" -.TH EVP_MD2 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_MD2 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,21 +151,21 @@ EVP_md2 \&\- MD2 For EVP .IX Header "DESCRIPTION" \&\s-1MD2\s0 is a cryptographic hash function standardized in \s-1RFC 1319\s0 and designed by Ronald Rivest. -.IP "\fIEVP_md2()\fR" 4 +.IP "\fBEVP_md2()\fR" 4 .IX Item "EVP_md2()" The \s-1MD2\s0 algorithm which produces a 128\-bit output from a given input. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the -implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for details of the \fB\s-1EVP_MD\s0\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1IETF RFC 1319.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(7), -\&\fIEVP_DigestInit\fR\|(3) +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_md4.3 b/secure/lib/libcrypto/man/EVP_md4.3 index b6d3bc78de7c..e4fc9798d24c 100644 --- a/secure/lib/libcrypto/man/EVP_md4.3 +++ b/secure/lib/libcrypto/man/EVP_md4.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_MD4 3" -.TH EVP_MD4 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_MD4 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,21 +151,21 @@ EVP_md4 \&\- MD4 For EVP .IX Header "DESCRIPTION" \&\s-1MD4\s0 is a cryptographic hash function standardized in \s-1RFC 1320\s0 and designed by Ronald Rivest, first published in 1990. -.IP "\fIEVP_md4()\fR" 4 +.IP "\fBEVP_md4()\fR" 4 .IX Item "EVP_md4()" The \s-1MD4\s0 algorithm which produces a 128\-bit output from a given input. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the -implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for details of the \fB\s-1EVP_MD\s0\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1IETF RFC 1320.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(7), -\&\fIEVP_DigestInit\fR\|(3) +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_md5.3 b/secure/lib/libcrypto/man/EVP_md5.3 index 0286bf4f67aa..25712040d976 100644 --- a/secure/lib/libcrypto/man/EVP_md5.3 +++ b/secure/lib/libcrypto/man/EVP_md5.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_MD5 3" -.TH EVP_MD5 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_MD5 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,10 +155,10 @@ Ronald Rivest. .PP The \s-1CMU\s0 Software Engineering Institute considers \s-1MD5\s0 unsuitable for further use since its security has been severely compromised. -.IP "\fIEVP_md5()\fR" 4 +.IP "\fBEVP_md5()\fR" 4 .IX Item "EVP_md5()" The \s-1MD5\s0 algorithm which produces a 128\-bit output from a given input. -.IP "\fIEVP_md5_sha1()\fR" 4 +.IP "\fBEVP_md5_sha1()\fR" 4 .IX Item "EVP_md5_sha1()" A hash algorithm of \s-1SSL\s0 v3 that combines \s-1MD5\s0 with \s-1SHA\-1\s0 as decirbed in \s-1RFC 6101.\s0 @@ -163,15 +167,15 @@ A hash algorithm of \s-1SSL\s0 v3 that combines \s-1MD5\s0 with \s-1SHA\-1\s0 as .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the -implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for details of the \fB\s-1EVP_MD\s0\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1IETF RFC 1321.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(7), -\&\fIEVP_DigestInit\fR\|(3) +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_mdc2.3 b/secure/lib/libcrypto/man/EVP_mdc2.3 index b4b30330b827..68575aeaf276 100644 --- a/secure/lib/libcrypto/man/EVP_mdc2.3 +++ b/secure/lib/libcrypto/man/EVP_mdc2.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_MDC2 3" -.TH EVP_MDC2 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_MDC2 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,22 +151,22 @@ EVP_mdc2 \&\- MDC\-2 For EVP .IX Header "DESCRIPTION" \&\s-1MDC\-2\s0 (Modification Detection Code 2 or Meyer-Schilling) is a cryptographic hash function based on a block cipher. -.IP "\fIEVP_mdc2()\fR" 4 +.IP "\fBEVP_mdc2()\fR" 4 .IX Item "EVP_mdc2()" The \s-1MDC\-2DES\s0 algorithm of using \s-1MDC\-2\s0 with the \s-1DES\s0 block cipher. It produces a 128\-bit output from a given input. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the -implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for details of the \fB\s-1EVP_MD\s0\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1ISO/IEC 10118\-2:2000\s0 Hash-Function 2, with \s-1DES\s0 as the underlying block cipher. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(7), -\&\fIEVP_DigestInit\fR\|(3) +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_rc2_cbc.3 b/secure/lib/libcrypto/man/EVP_rc2_cbc.3 index 53bb1c88f100..9b6e18ca4f3f 100644 --- a/secure/lib/libcrypto/man/EVP_rc2_cbc.3 +++ b/secure/lib/libcrypto/man/EVP_rc2_cbc.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_RC2_CBC 3" -.TH EVP_RC2_CBC 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_RC2_CBC 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -152,29 +156,29 @@ EVP_rc2_cbc, EVP_rc2_cfb, EVP_rc2_cfb64, EVP_rc2_ecb, EVP_rc2_ofb, EVP_rc2_40_cb .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1RC2\s0 encryption algorithm for \s-1EVP.\s0 -.IP "\fIEVP_rc2_cbc()\fR, \fIEVP_rc2_cfb()\fR, \fIEVP_rc2_cfb64()\fR, \fIEVP_rc2_ecb()\fR, \fIEVP_rc2_ofb()\fR" 4 +.IP "\fBEVP_rc2_cbc()\fR, \fBEVP_rc2_cfb()\fR, \fBEVP_rc2_cfb64()\fR, \fBEVP_rc2_ecb()\fR, \fBEVP_rc2_ofb()\fR" 4 .IX Item "EVP_rc2_cbc(), EVP_rc2_cfb(), EVP_rc2_cfb64(), EVP_rc2_ecb(), EVP_rc2_ofb()" \&\s-1RC2\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. This is a variable key length cipher with an additional parameter called \*(L"effective key bits\*(R" or \*(L"effective key length\*(R". By default both are set to 128 bits. -.IP "\fIEVP_rc2_40_cbc()\fR, \fIEVP_rc2_64_cbc()\fR" 4 +.IP "\fBEVP_rc2_40_cbc()\fR, \fBEVP_rc2_64_cbc()\fR" 4 .IX Item "EVP_rc2_40_cbc(), EVP_rc2_64_cbc()" \&\s-1RC2\s0 algorithm in \s-1CBC\s0 mode with a default key length and effective key length of 40 and 64 bits. .Sp \&\s-1WARNING:\s0 these functions are obsolete. Their usage should be replaced with the -\&\fIEVP_rc2_cbc()\fR, \fIEVP_CIPHER_CTX_set_key_length()\fR and \fIEVP_CIPHER_CTX_ctrl()\fR +\&\fBEVP_rc2_cbc()\fR, \fBEVP_CIPHER_CTX_set_key_length()\fR and \fBEVP_CIPHER_CTX_ctrl()\fR functions to set the key length and effective key length. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the -implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for details of the \fB\s-1EVP_CIPHER\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(7), -\&\fIEVP_EncryptInit\fR\|(3), -\&\fIEVP_CIPHER_meth_new\fR\|(3) +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_rc4.3 b/secure/lib/libcrypto/man/EVP_rc4.3 index 3d5e6abfef0f..2eb748f5ff04 100644 --- a/secure/lib/libcrypto/man/EVP_rc4.3 +++ b/secure/lib/libcrypto/man/EVP_rc4.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_RC4 3" -.TH EVP_RC4 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_RC4 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,17 +152,17 @@ EVP_rc4, EVP_rc4_40, EVP_rc4_hmac_md5 \&\- EVP RC4 stream cipher .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1RC4\s0 stream cipher for \s-1EVP.\s0 -.IP "\fIEVP_rc4()\fR" 4 +.IP "\fBEVP_rc4()\fR" 4 .IX Item "EVP_rc4()" \&\s-1RC4\s0 stream cipher. This is a variable key length cipher with a default key length of 128 bits. -.IP "\fIEVP_rc4_40()\fR" 4 +.IP "\fBEVP_rc4_40()\fR" 4 .IX Item "EVP_rc4_40()" \&\s-1RC4\s0 stream cipher with 40 bit key length. .Sp \&\s-1WARNING:\s0 this function is obsolete. Its usage should be replaced with the -\&\fIEVP_rc4()\fR and the \fIEVP_CIPHER_CTX_set_key_length()\fR functions. -.IP "\fIEVP_rc4_hmac_md5()\fR" 4 +\&\fBEVP_rc4()\fR and the \fBEVP_CIPHER_CTX_set_key_length()\fR functions. +.IP "\fBEVP_rc4_hmac_md5()\fR" 4 .IX Item "EVP_rc4_hmac_md5()" Authenticated encryption with the \s-1RC4\s0 stream cipher with \s-1MD5\s0 as \s-1HMAC.\s0 .Sp @@ -168,13 +172,13 @@ interface. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the -implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for details of the \fB\s-1EVP_CIPHER\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(7), -\&\fIEVP_EncryptInit\fR\|(3), -\&\fIEVP_CIPHER_meth_new\fR\|(3) +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_rc5_32_12_16_cbc.3 b/secure/lib/libcrypto/man/EVP_rc5_32_12_16_cbc.3 index cff026382058..e0628ae0ca10 100644 --- a/secure/lib/libcrypto/man/EVP_rc5_32_12_16_cbc.3 +++ b/secure/lib/libcrypto/man/EVP_rc5_32_12_16_cbc.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_RC5_32_12_16_CBC 3" -.TH EVP_RC5_32_12_16_CBC 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_RC5_32_12_16_CBC 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,7 +154,7 @@ EVP_rc5_32_12_16_cbc, EVP_rc5_32_12_16_cfb, EVP_rc5_32_12_16_cfb64, EVP_rc5_32_1 .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1RC5\s0 encryption algorithm for \s-1EVP.\s0 -.IP "\fIEVP_rc5_32_12_16_cbc()\fR, \fIEVP_rc5_32_12_16_cfb()\fR, \fIEVP_rc5_32_12_16_cfb64()\fR, \fIEVP_rc5_32_12_16_ecb()\fR, \fIEVP_rc5_32_12_16_ofb()\fR" 4 +.IP "\fBEVP_rc5_32_12_16_cbc()\fR, \fBEVP_rc5_32_12_16_cfb()\fR, \fBEVP_rc5_32_12_16_cfb64()\fR, \fBEVP_rc5_32_12_16_ecb()\fR, \fBEVP_rc5_32_12_16_ofb()\fR" 4 .IX Item "EVP_rc5_32_12_16_cbc(), EVP_rc5_32_12_16_cfb(), EVP_rc5_32_12_16_cfb64(), EVP_rc5_32_12_16_ecb(), EVP_rc5_32_12_16_ofb()" \&\s-1RC5\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. This is a variable key length cipher with an additional \*(L"number of rounds\*(R" parameter. By @@ -158,7 +162,7 @@ default the key length is set to 128 bits and 12 rounds. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the -implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for details of the \fB\s-1EVP_CIPHER\s0\fR structure. .SH "BUGS" .IX Header "BUGS" @@ -166,9 +170,9 @@ Currently the number of rounds in \s-1RC5\s0 can only be set to 8, 12 or 16. This is a limitation of the current \s-1RC5\s0 code rather than the \s-1EVP\s0 interface. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(7), -\&\fIEVP_EncryptInit\fR\|(3), -\&\fIEVP_CIPHER_meth_new\fR\|(3) +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_ripemd160.3 b/secure/lib/libcrypto/man/EVP_ripemd160.3 index 62a7288df44b..92fcc317e05a 100644 --- a/secure/lib/libcrypto/man/EVP_ripemd160.3 +++ b/secure/lib/libcrypto/man/EVP_ripemd160.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_RIPEMD160 3" -.TH EVP_RIPEMD160 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_RIPEMD160 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,21 +151,21 @@ EVP_ripemd160 \&\- RIPEMD160 For EVP .IX Header "DESCRIPTION" \&\s-1RIPEMD\-160\s0 is a cryptographic hash function first published in 1996 belonging to the \s-1RIPEMD\s0 family (\s-1RACE\s0 Integrity Primitives Evaluation Message Digest). -.IP "\fIEVP_ripemd160()\fR" 4 +.IP "\fBEVP_ripemd160()\fR" 4 .IX Item "EVP_ripemd160()" The \s-1RIPEMD\-160\s0 algorithm which produces a 160\-bit output from a given input. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the -implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for details of the \fB\s-1EVP_MD\s0\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1ISO/IEC 10118\-3:2016\s0 Dedicated Hash-Function 1 (\s-1RIPEMD\-160\s0). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(7), -\&\fIEVP_DigestInit\fR\|(3) +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_seed_cbc.3 b/secure/lib/libcrypto/man/EVP_seed_cbc.3 index 17c3178bf7a0..79776ee2b23a 100644 --- a/secure/lib/libcrypto/man/EVP_seed_cbc.3 +++ b/secure/lib/libcrypto/man/EVP_seed_cbc.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SEED_CBC 3" -.TH EVP_SEED_CBC 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_SEED_CBC 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -152,19 +156,19 @@ EVP_seed_cbc, EVP_seed_cfb, EVP_seed_cfb128, EVP_seed_ecb, EVP_seed_ofb \&\- EVP The \s-1SEED\s0 encryption algorithm for \s-1EVP.\s0 .PP All modes below use a key length of 128 bits and acts on blocks of 128\-bits. -.IP "\fIEVP_seed_cbc()\fR, \fIEVP_seed_cfb()\fR, \fIEVP_seed_cfb128()\fR, \fIEVP_seed_ecb()\fR, \fIEVP_seed_ofb()\fR" 4 +.IP "\fBEVP_seed_cbc()\fR, \fBEVP_seed_cfb()\fR, \fBEVP_seed_cfb128()\fR, \fBEVP_seed_ecb()\fR, \fBEVP_seed_ofb()\fR" 4 .IX Item "EVP_seed_cbc(), EVP_seed_cfb(), EVP_seed_cfb128(), EVP_seed_ecb(), EVP_seed_ofb()" The \s-1SEED\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the -implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for details of the \fB\s-1EVP_CIPHER\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(7), -\&\fIEVP_EncryptInit\fR\|(3), -\&\fIEVP_CIPHER_meth_new\fR\|(3) +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_sha1.3 b/secure/lib/libcrypto/man/EVP_sha1.3 index 5f5ad182be67..cff8f467c50c 100644 --- a/secure/lib/libcrypto/man/EVP_sha1.3 +++ b/secure/lib/libcrypto/man/EVP_sha1.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SHA1 3" -.TH EVP_SHA1 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_SHA1 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,21 +152,21 @@ EVP_sha1 \&\- SHA\-1 For EVP \&\s-1SHA\-1\s0 (Secure Hash Algorithm 1) is a cryptographic hash function standardized in \s-1NIST FIPS 180\-4.\s0 The algorithm was designed by the United States National Security Agency and initially published in 1995. -.IP "\fIEVP_sha1()\fR" 4 +.IP "\fBEVP_sha1()\fR" 4 .IX Item "EVP_sha1()" The \s-1SHA\-1\s0 algorithm which produces a 160\-bit output from a given input. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the -implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for details of the \fB\s-1EVP_MD\s0\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1NIST FIPS 180\-4.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(7), -\&\fIEVP_DigestInit\fR\|(3) +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_sha224.3 b/secure/lib/libcrypto/man/EVP_sha224.3 index be2d5054189b..c27a68833e41 100644 --- a/secure/lib/libcrypto/man/EVP_sha224.3 +++ b/secure/lib/libcrypto/man/EVP_sha224.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SHA224 3" -.TH EVP_SHA224 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_SHA224 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -152,7 +156,7 @@ EVP_sha224, EVP_sha256, EVP_sha512_224, EVP_sha512_256, EVP_sha384, EVP_sha512 \ .IX Header "DESCRIPTION" \&\s-1SHA\-2\s0 (Secure Hash Algorithm 2) is a family of cryptographic hash functions standardized in \s-1NIST FIPS 180\-4,\s0 first published in 2001. -.IP "\fIEVP_sha224()\fR, \fIEVP_sha256()\fR, EVP_sha512_224, EVP_sha512_256, \fIEVP_sha384()\fR, \fIEVP_sha512()\fR" 4 +.IP "\fBEVP_sha224()\fR, \fBEVP_sha256()\fR, EVP_sha512_224, EVP_sha512_256, \fBEVP_sha384()\fR, \fBEVP_sha512()\fR" 4 .IX Item "EVP_sha224(), EVP_sha256(), EVP_sha512_224, EVP_sha512_256, EVP_sha384(), EVP_sha512()" The \s-1SHA\-2 SHA\-224, SHA\-256, SHA\-512/224, SHA512/256, SHA\-384\s0 and \s-1SHA\-512\s0 algorithms, which generate 224, 256, 224, 256, 384 and 512 bits @@ -164,15 +168,15 @@ their outputs are of the same size. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the -implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for details of the \fB\s-1EVP_MD\s0\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1NIST FIPS 180\-4.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(7), -\&\fIEVP_DigestInit\fR\|(3) +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_sha3_224.3 b/secure/lib/libcrypto/man/EVP_sha3_224.3 index faaaed878a55..b6f915a7f884 100644 --- a/secure/lib/libcrypto/man/EVP_sha3_224.3 +++ b/secure/lib/libcrypto/man/EVP_sha3_224.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SHA3_224 3" -.TH EVP_SHA3_224 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_SHA3_224 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -154,12 +158,12 @@ EVP_sha3_224, EVP_sha3_256, EVP_sha3_384, EVP_sha3_512, EVP_shake128, EVP_shake2 \&\s-1SHA\-3\s0 (Secure Hash Algorithm 3) is a family of cryptographic hash functions standardized in \s-1NIST FIPS 202,\s0 first published in 2015. It is based on the Keccak algorithm. -.IP "\fIEVP_sha3_224()\fR, \fIEVP_sha3_256()\fR, \fIEVP_sha3_384()\fR, \fIEVP_sha3_512()\fR" 4 +.IP "\fBEVP_sha3_224()\fR, \fBEVP_sha3_256()\fR, \fBEVP_sha3_384()\fR, \fBEVP_sha3_512()\fR" 4 .IX Item "EVP_sha3_224(), EVP_sha3_256(), EVP_sha3_384(), EVP_sha3_512()" The \s-1SHA\-3 SHA\-3\-224, SHA\-3\-256, SHA\-3\-384,\s0 and \s-1SHA\-3\-512\s0 algorithms respectively. They produce 224, 256, 384 and 512 bits of output from a given input. -.IP "\fIEVP_shake128()\fR, \fIEVP_shake256()\fR" 4 +.IP "\fBEVP_shake128()\fR, \fBEVP_shake256()\fR" 4 .IX Item "EVP_shake128(), EVP_shake256()" The \s-1SHAKE\-128\s0 and \s-1SHAKE\-256\s0 Extendable Output Functions (\s-1XOF\s0) that can generate a variable hash length. @@ -169,15 +173,15 @@ Specifically, \fBEVP_shake128\fR provides an overall security of 128 bits, while .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the -implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for details of the \fB\s-1EVP_MD\s0\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1NIST FIPS 202.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(7), -\&\fIEVP_DigestInit\fR\|(3) +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_sm3.3 b/secure/lib/libcrypto/man/EVP_sm3.3 index b847a97d5321..6fdfebcf05c2 100644 --- a/secure/lib/libcrypto/man/EVP_sm3.3 +++ b/secure/lib/libcrypto/man/EVP_sm3.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SM3 3" -.TH EVP_SM3 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_SM3 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,21 +151,21 @@ EVP_sm3 \&\- SM3 for EVP .IX Header "DESCRIPTION" \&\s-1SM3\s0 is a cryptographic hash function with a 256\-bit output, defined in \s-1GB/T 32905\-2016.\s0 -.IP "\fIEVP_sm3()\fR" 4 +.IP "\fBEVP_sm3()\fR" 4 .IX Item "EVP_sm3()" The \s-1SM3\s0 hash function. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the -implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for details of the \fB\s-1EVP_MD\s0\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1GB/T 32905\-2016\s0 and \s-1GM/T 0004\-2012.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(7), -\&\fIEVP_DigestInit\fR\|(3) +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_sm4_cbc.3 b/secure/lib/libcrypto/man/EVP_sm4_cbc.3 index da3e22b91cd2..31874926abd5 100644 --- a/secure/lib/libcrypto/man/EVP_sm4_cbc.3 +++ b/secure/lib/libcrypto/man/EVP_sm4_cbc.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SM4_CBC 3" -.TH EVP_SM4_CBC 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_SM4_CBC 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,20 +157,20 @@ EVP_sm4_cbc, EVP_sm4_ecb, EVP_sm4_cfb, EVP_sm4_cfb128, EVP_sm4_ofb, EVP_sm4_ctr The \s-1SM4\s0 blockcipher (\s-1GB/T 32907\-2016\s0) for \s-1EVP.\s0 .PP All modes below use a key length of 128 bits and acts on blocks of 128 bits. -.IP "\fIEVP_sm4_cbc()\fR, \fIEVP_sm4_ecb()\fR, \fIEVP_sm4_cfb()\fR, \fIEVP_sm4_cfb128()\fR, \fIEVP_sm4_ofb()\fR, \fIEVP_sm4_ctr()\fR" 4 +.IP "\fBEVP_sm4_cbc()\fR, \fBEVP_sm4_ecb()\fR, \fBEVP_sm4_cfb()\fR, \fBEVP_sm4_cfb128()\fR, \fBEVP_sm4_ofb()\fR, \fBEVP_sm4_ctr()\fR" 4 .IX Item "EVP_sm4_cbc(), EVP_sm4_ecb(), EVP_sm4_cfb(), EVP_sm4_cfb128(), EVP_sm4_ofb(), EVP_sm4_ctr()" The \s-1SM4\s0 blockcipher with a 128\-bit key in \s-1CBC, ECB, CFB, OFB\s0 and \s-1CTR\s0 modes respectively. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return a \fB\s-1EVP_CIPHER\s0\fR structure that contains the -implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for details of the \fB\s-1EVP_CIPHER\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(7), -\&\fIEVP_EncryptInit\fR\|(3), -\&\fIEVP_CIPHER_meth_new\fR\|(3) +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/EVP_whirlpool.3 b/secure/lib/libcrypto/man/EVP_whirlpool.3 index e917626b2d67..dbd0bbc760df 100644 --- a/secure/lib/libcrypto/man/EVP_whirlpool.3 +++ b/secure/lib/libcrypto/man/EVP_whirlpool.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_WHIRLPOOL 3" -.TH EVP_WHIRLPOOL 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EVP_WHIRLPOOL 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,22 +151,22 @@ EVP_whirlpool \&\- WHIRLPOOL For EVP .IX Header "DESCRIPTION" \&\s-1WHIRLPOOL\s0 is a cryptographic hash function standardized in \s-1ISO/IEC 10118\-3:2004\s0 designed by Vincent Rijmen and Paulo S. L. M. Barreto. -.IP "\fIEVP_whirlpool()\fR" 4 +.IP "\fBEVP_whirlpool()\fR" 4 .IX Item "EVP_whirlpool()" The \s-1WHIRLPOOL\s0 algorithm that produces a message digest of 512\-bits from a given input. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the -implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for details of the \fB\s-1EVP_MD\s0\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1ISO/IEC 10118\-3:2004.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(7), -\&\fIEVP_DigestInit\fR\|(3) +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/HMAC.3 b/secure/lib/libcrypto/man/HMAC.3 index 39577fc8ee77..88a1c799db3e 100644 --- a/secure/lib/libcrypto/man/HMAC.3 +++ b/secure/lib/libcrypto/man/HMAC.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "HMAC 3" -.TH HMAC 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH HMAC 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -176,7 +180,7 @@ Deprecated: function used for message authentication, which is based on a hash function. .PP -\&\s-1\fIHMAC\s0()\fR computes the message authentication code of the \fBn\fR bytes at +\&\s-1\fBHMAC\s0()\fR computes the message authentication code of the \fBn\fR bytes at \&\fBd\fR using the hash function \fBevp_md\fR and the key \fBkey\fR which is \&\fBkey_len\fR bytes long. .PP @@ -186,86 +190,86 @@ If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static array. The size of the output is placed in \fBmd_len\fR, unless it is \fB\s-1NULL\s0\fR. Note: passing a \s-1NULL\s0 value for \fBmd\fR to use the static array is not thread safe. .PP -\&\fBevp_md\fR can be \fIEVP_sha1()\fR, \fIEVP_ripemd160()\fR etc. +\&\fBevp_md\fR can be \fBEVP_sha1()\fR, \fBEVP_ripemd160()\fR etc. .PP -\&\fIHMAC_CTX_new()\fR creates a new \s-1HMAC_CTX\s0 in heap memory. +\&\fBHMAC_CTX_new()\fR creates a new \s-1HMAC_CTX\s0 in heap memory. .PP -\&\fIHMAC_CTX_reset()\fR zeroes an existing \fB\s-1HMAC_CTX\s0\fR and associated +\&\fBHMAC_CTX_reset()\fR zeroes an existing \fB\s-1HMAC_CTX\s0\fR and associated resources, making it suitable for new computations as if it was newly -created with \fIHMAC_CTX_new()\fR. +created with \fBHMAC_CTX_new()\fR. .PP -\&\fIHMAC_CTX_free()\fR erases the key and other data from the \fB\s-1HMAC_CTX\s0\fR, +\&\fBHMAC_CTX_free()\fR erases the key and other data from the \fB\s-1HMAC_CTX\s0\fR, releases any associated resources and finally frees the \fB\s-1HMAC_CTX\s0\fR itself. .PP The following functions may be used if the message is not completely stored in memory: .PP -\&\fIHMAC_Init_ex()\fR initializes or reuses a \fB\s-1HMAC_CTX\s0\fR structure to use the hash +\&\fBHMAC_Init_ex()\fR initializes or reuses a \fB\s-1HMAC_CTX\s0\fR structure to use the hash function \fBevp_md\fR and key \fBkey\fR. If both are \s-1NULL,\s0 or if \fBkey\fR is \s-1NULL\s0 and \fBevp_md\fR is the same as the previous call, then the existing key is -reused. \fBctx\fR must have been created with \fIHMAC_CTX_new()\fR before the first use +reused. \fBctx\fR must have been created with \fBHMAC_CTX_new()\fR before the first use of an \fB\s-1HMAC_CTX\s0\fR in this function. .PP -If \fIHMAC_Init_ex()\fR is called with \fBkey\fR \s-1NULL\s0 and \fBevp_md\fR is not the +If \fBHMAC_Init_ex()\fR is called with \fBkey\fR \s-1NULL\s0 and \fBevp_md\fR is not the same as the previous digest used by \fBctx\fR then an error is returned because reuse of an existing key with a different digest is not supported. .PP -\&\fIHMAC_Init()\fR initializes a \fB\s-1HMAC_CTX\s0\fR structure to use the hash +\&\fBHMAC_Init()\fR initializes a \fB\s-1HMAC_CTX\s0\fR structure to use the hash function \fBevp_md\fR and the key \fBkey\fR which is \fBkey_len\fR bytes long. .PP -\&\fIHMAC_Update()\fR can be called repeatedly with chunks of the message to +\&\fBHMAC_Update()\fR can be called repeatedly with chunks of the message to be authenticated (\fBlen\fR bytes at \fBdata\fR). .PP -\&\fIHMAC_Final()\fR places the message authentication code in \fBmd\fR, which +\&\fBHMAC_Final()\fR places the message authentication code in \fBmd\fR, which must have space for the hash function output. .PP -\&\fIHMAC_CTX_copy()\fR copies all of the internal state from \fBsctx\fR into \fBdctx\fR. +\&\fBHMAC_CTX_copy()\fR copies all of the internal state from \fBsctx\fR into \fBdctx\fR. .PP -\&\fIHMAC_CTX_set_flags()\fR applies the specified flags to the internal EVP_MD_CTXs. -These flags have the same meaning as for \fIEVP_MD_CTX_set_flags\fR\|(3). +\&\fBHMAC_CTX_set_flags()\fR applies the specified flags to the internal EVP_MD_CTXs. +These flags have the same meaning as for \fBEVP_MD_CTX_set_flags\fR\|(3). .PP -\&\fIHMAC_CTX_get_md()\fR returns the \s-1EVP_MD\s0 that has previously been set for the +\&\fBHMAC_CTX_get_md()\fR returns the \s-1EVP_MD\s0 that has previously been set for the supplied \s-1HMAC_CTX.\s0 .PP -\&\fIHMAC_size()\fR returns the length in bytes of the underlying hash function output. +\&\fBHMAC_size()\fR returns the length in bytes of the underlying hash function output. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\s-1\fIHMAC\s0()\fR returns a pointer to the message authentication code or \s-1NULL\s0 if +\&\s-1\fBHMAC\s0()\fR returns a pointer to the message authentication code or \s-1NULL\s0 if an error occurred. .PP -\&\fIHMAC_CTX_new()\fR returns a pointer to a new \fB\s-1HMAC_CTX\s0\fR on success or +\&\fBHMAC_CTX_new()\fR returns a pointer to a new \fB\s-1HMAC_CTX\s0\fR on success or \&\fB\s-1NULL\s0\fR if an error occurred. .PP -\&\fIHMAC_CTX_reset()\fR, \fIHMAC_Init_ex()\fR, \fIHMAC_Update()\fR, \fIHMAC_Final()\fR and -\&\fIHMAC_CTX_copy()\fR return 1 for success or 0 if an error occurred. +\&\fBHMAC_CTX_reset()\fR, \fBHMAC_Init_ex()\fR, \fBHMAC_Update()\fR, \fBHMAC_Final()\fR and +\&\fBHMAC_CTX_copy()\fR return 1 for success or 0 if an error occurred. .PP -\&\fIHMAC_CTX_get_md()\fR return the \s-1EVP_MD\s0 previously set for the supplied \s-1HMAC_CTX\s0 or +\&\fBHMAC_CTX_get_md()\fR return the \s-1EVP_MD\s0 previously set for the supplied \s-1HMAC_CTX\s0 or \&\s-1NULL\s0 if no \s-1EVP_MD\s0 has been set. .PP -\&\fIHMAC_size()\fR returns the length in bytes of the underlying hash function output +\&\fBHMAC_size()\fR returns the length in bytes of the underlying hash function output or zero on error. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1RFC 2104\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fISHA1\s0\fR\|(3), \fIevp\fR\|(7) +\&\s-1\fBSHA1\s0\fR\|(3), \fBevp\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" -\&\fIHMAC_CTX_init()\fR was replaced with \fIHMAC_CTX_reset()\fR in OpenSSL 1.1.0. +\&\fBHMAC_CTX_init()\fR was replaced with \fBHMAC_CTX_reset()\fR in OpenSSL 1.1.0. .PP -\&\fIHMAC_CTX_cleanup()\fR existed in OpenSSL before version 1.1.0. +\&\fBHMAC_CTX_cleanup()\fR existed in OpenSSL before version 1.1.0. .PP -\&\fIHMAC_CTX_new()\fR, \fIHMAC_CTX_free()\fR and \fIHMAC_CTX_get_md()\fR are new in OpenSSL 1.1.0. +\&\fBHMAC_CTX_new()\fR, \fBHMAC_CTX_free()\fR and \fBHMAC_CTX_get_md()\fR are new in OpenSSL 1.1.0. .PP -\&\fIHMAC_Init_ex()\fR, \fIHMAC_Update()\fR and \fIHMAC_Final()\fR did not return values in +\&\fBHMAC_Init_ex()\fR, \fBHMAC_Update()\fR and \fBHMAC_Final()\fR did not return values in OpenSSL before version 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/MD5.3 b/secure/lib/libcrypto/man/MD5.3 index 1d5411b3621e..28c4ecc835d6 100644 --- a/secure/lib/libcrypto/man/MD5.3 +++ b/secure/lib/libcrypto/man/MD5.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "MD5 3" -.TH MD5 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH MD5 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -169,7 +173,7 @@ MD2, MD4, MD5, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update, MD4_Final, .IX Header "DESCRIPTION" \&\s-1MD2, MD4,\s0 and \s-1MD5\s0 are cryptographic hash functions with a 128 bit output. .PP -\&\s-1\fIMD2\s0()\fR, \s-1\fIMD4\s0()\fR, and \s-1\fIMD5\s0()\fR compute the \s-1MD2, MD4,\s0 and \s-1MD5\s0 message digest +\&\s-1\fBMD2\s0()\fR, \s-1\fBMD4\s0()\fR, and \s-1\fBMD5\s0()\fR compute the \s-1MD2, MD4,\s0 and \s-1MD5\s0 message digest of the \fBn\fR bytes at \fBd\fR and place it in \fBmd\fR (which must have space for \s-1MD2_DIGEST_LENGTH\s0 == \s-1MD4_DIGEST_LENGTH\s0 == \s-1MD5_DIGEST_LENGTH\s0 == 16 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static @@ -178,19 +182,19 @@ array. The following functions may be used if the message is not completely stored in memory: .PP -\&\fIMD2_Init()\fR initializes a \fB\s-1MD2_CTX\s0\fR structure. +\&\fBMD2_Init()\fR initializes a \fB\s-1MD2_CTX\s0\fR structure. .PP -\&\fIMD2_Update()\fR can be called repeatedly with chunks of the message to +\&\fBMD2_Update()\fR can be called repeatedly with chunks of the message to be hashed (\fBlen\fR bytes at \fBdata\fR). .PP -\&\fIMD2_Final()\fR places the message digest in \fBmd\fR, which must have space +\&\fBMD2_Final()\fR places the message digest in \fBmd\fR, which must have space for \s-1MD2_DIGEST_LENGTH\s0 == 16 bytes of output, and erases the \fB\s-1MD2_CTX\s0\fR. .PP -\&\fIMD4_Init()\fR, \fIMD4_Update()\fR, \fIMD4_Final()\fR, \fIMD5_Init()\fR, \fIMD5_Update()\fR, and -\&\fIMD5_Final()\fR are analogous using an \fB\s-1MD4_CTX\s0\fR and \fB\s-1MD5_CTX\s0\fR structure. +\&\fBMD4_Init()\fR, \fBMD4_Update()\fR, \fBMD4_Final()\fR, \fBMD5_Init()\fR, \fBMD5_Update()\fR, and +\&\fBMD5_Final()\fR are analogous using an \fB\s-1MD4_CTX\s0\fR and \fB\s-1MD5_CTX\s0\fR structure. .PP Applications should use the higher level functions -\&\fIEVP_DigestInit\fR\|(3) +\&\fBEVP_DigestInit\fR\|(3) etc. instead of calling the hash functions directly. .SH "NOTE" .IX Header "NOTE" @@ -199,17 +203,17 @@ applications. In new applications, \s-1SHA\-1\s0 or \s-1RIPEMD\-160\s0 should be preferred. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\s-1\fIMD2\s0()\fR, \s-1\fIMD4\s0()\fR, and \s-1\fIMD5\s0()\fR return pointers to the hash value. +\&\s-1\fBMD2\s0()\fR, \s-1\fBMD4\s0()\fR, and \s-1\fBMD5\s0()\fR return pointers to the hash value. .PP -\&\fIMD2_Init()\fR, \fIMD2_Update()\fR, \fIMD2_Final()\fR, \fIMD4_Init()\fR, \fIMD4_Update()\fR, -\&\fIMD4_Final()\fR, \fIMD5_Init()\fR, \fIMD5_Update()\fR, and \fIMD5_Final()\fR return 1 for +\&\fBMD2_Init()\fR, \fBMD2_Update()\fR, \fBMD2_Final()\fR, \fBMD4_Init()\fR, \fBMD4_Update()\fR, +\&\fBMD4_Final()\fR, \fBMD5_Init()\fR, \fBMD5_Update()\fR, and \fBMD5_Final()\fR return 1 for success, 0 otherwise. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1RFC 1319, RFC 1320, RFC 1321\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_DigestInit\fR\|(3) +\&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/MDC2_Init.3 b/secure/lib/libcrypto/man/MDC2_Init.3 index 25aadc30f378..6d2d8c884da1 100644 --- a/secure/lib/libcrypto/man/MDC2_Init.3 +++ b/secure/lib/libcrypto/man/MDC2_Init.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "MDC2_INIT 3" -.TH MDC2_INIT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH MDC2_INIT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,7 +159,7 @@ MDC2, MDC2_Init, MDC2_Update, MDC2_Final \- MDC2 hash function block ciphers. These functions are an implementation of \s-1MDC2\s0 with \&\s-1DES.\s0 .PP -\&\s-1\fIMDC2\s0()\fR computes the \s-1MDC2\s0 message digest of the \fBn\fR +\&\s-1\fBMDC2\s0()\fR computes the \s-1MDC2\s0 message digest of the \fBn\fR bytes at \fBd\fR and places it in \fBmd\fR (which must have space for \&\s-1MDC2_DIGEST_LENGTH\s0 == 16 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static array. @@ -163,28 +167,28 @@ is placed in a static array. The following functions may be used if the message is not completely stored in memory: .PP -\&\fIMDC2_Init()\fR initializes a \fB\s-1MDC2_CTX\s0\fR structure. +\&\fBMDC2_Init()\fR initializes a \fB\s-1MDC2_CTX\s0\fR structure. .PP -\&\fIMDC2_Update()\fR can be called repeatedly with chunks of the message to +\&\fBMDC2_Update()\fR can be called repeatedly with chunks of the message to be hashed (\fBlen\fR bytes at \fBdata\fR). .PP -\&\fIMDC2_Final()\fR places the message digest in \fBmd\fR, which must have space +\&\fBMDC2_Final()\fR places the message digest in \fBmd\fR, which must have space for \s-1MDC2_DIGEST_LENGTH\s0 == 16 bytes of output, and erases the \fB\s-1MDC2_CTX\s0\fR. .PP Applications should use the higher level functions -\&\fIEVP_DigestInit\fR\|(3) etc. instead of calling the +\&\fBEVP_DigestInit\fR\|(3) etc. instead of calling the hash functions directly. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\s-1\fIMDC2\s0()\fR returns a pointer to the hash value. +\&\s-1\fBMDC2\s0()\fR returns a pointer to the hash value. .PP -\&\fIMDC2_Init()\fR, \fIMDC2_Update()\fR and \fIMDC2_Final()\fR return 1 for success, 0 otherwise. +\&\fBMDC2_Init()\fR, \fBMDC2_Update()\fR and \fBMDC2_Final()\fR return 1 for success, 0 otherwise. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1ISO/IEC 10118\-2:2000\s0 Hash-Function 2, with \s-1DES\s0 as the underlying block cipher. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_DigestInit\fR\|(3) +\&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/OBJ_nid2obj.3 b/secure/lib/libcrypto/man/OBJ_nid2obj.3 index ebf38334c646..7f5b0b478795 100644 --- a/secure/lib/libcrypto/man/OBJ_nid2obj.3 +++ b/secure/lib/libcrypto/man/OBJ_nid2obj.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OBJ_NID2OBJ 3" -.TH OBJ_NID2OBJ 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH OBJ_NID2OBJ 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -183,23 +187,23 @@ are available as defined constants. For the functions below, application code should treat all returned values \*(-- OIDs, NIDs, or names \*(-- as constants. .PP -\&\fIOBJ_nid2obj()\fR, \fIOBJ_nid2ln()\fR and \fIOBJ_nid2sn()\fR convert the \s-1NID\s0 \fBn\fR to +\&\fBOBJ_nid2obj()\fR, \fBOBJ_nid2ln()\fR and \fBOBJ_nid2sn()\fR convert the \s-1NID\s0 \fBn\fR to an \s-1ASN1_OBJECT\s0 structure, its long name and its short name respectively, or \fB\s-1NULL\s0\fR if an error occurred. .PP -\&\fIOBJ_obj2nid()\fR, \fIOBJ_ln2nid()\fR, \fIOBJ_sn2nid()\fR return the corresponding \s-1NID\s0 +\&\fBOBJ_obj2nid()\fR, \fBOBJ_ln2nid()\fR, \fBOBJ_sn2nid()\fR return the corresponding \s-1NID\s0 for the object \fBo\fR, the long name <ln> or the short name <sn> respectively or NID_undef if an error occurred. .PP -\&\fIOBJ_txt2nid()\fR returns \s-1NID\s0 corresponding to text string <s>. \fBs\fR can be +\&\fBOBJ_txt2nid()\fR returns \s-1NID\s0 corresponding to text string <s>. \fBs\fR can be a long name, a short name or the numerical representation of an object. .PP -\&\fIOBJ_txt2obj()\fR converts the text string \fBs\fR into an \s-1ASN1_OBJECT\s0 structure. +\&\fBOBJ_txt2obj()\fR converts the text string \fBs\fR into an \s-1ASN1_OBJECT\s0 structure. If \fBno_name\fR is 0 then long names and short names will be interpreted as well as numerical forms. If \fBno_name\fR is 1 only the numerical form is acceptable. .PP -\&\fIOBJ_obj2txt()\fR converts the \fB\s-1ASN1_OBJECT\s0\fR \fBa\fR into a textual representation. +\&\fBOBJ_obj2txt()\fR converts the \fB\s-1ASN1_OBJECT\s0\fR \fBa\fR into a textual representation. The representation is written as a null terminated string to \fBbuf\fR at most \fBbuf_len\fR bytes are written, truncating the result if necessary. The total amount of space required is returned. If \fBno_name\fR is 0 then @@ -207,23 +211,23 @@ if the object has a long or short name then that will be used, otherwise the numerical form will be used. If \fBno_name\fR is 1 then the numerical form will always be used. .PP -\&\fIi2t_ASN1_OBJECT()\fR is the same as \fIOBJ_obj2txt()\fR with the \fBno_name\fR set to zero. +\&\fBi2t_ASN1_OBJECT()\fR is the same as \fBOBJ_obj2txt()\fR with the \fBno_name\fR set to zero. .PP -\&\fIOBJ_cmp()\fR compares \fBa\fR to \fBb\fR. If the two are identical 0 is returned. +\&\fBOBJ_cmp()\fR compares \fBa\fR to \fBb\fR. If the two are identical 0 is returned. .PP -\&\fIOBJ_dup()\fR returns a copy of \fBo\fR. +\&\fBOBJ_dup()\fR returns a copy of \fBo\fR. .PP -\&\fIOBJ_create()\fR adds a new object to the internal table. \fBoid\fR is the +\&\fBOBJ_create()\fR adds a new object to the internal table. \fBoid\fR is the numerical form of the object, \fBsn\fR the short name and \fBln\fR the long name. A new \s-1NID\s0 is returned for the created object in case of success and NID_undef in case of failure. .PP -\&\fIOBJ_length()\fR returns the size of the content octets of \fBobj\fR. +\&\fBOBJ_length()\fR returns the size of the content octets of \fBobj\fR. .PP -\&\fIOBJ_get0_data()\fR returns a pointer to the content octets of \fBobj\fR. +\&\fBOBJ_get0_data()\fR returns a pointer to the content octets of \fBobj\fR. The returned pointer is an internal pointer which \fBmust not\fR be freed. .PP -\&\fIOBJ_cleanup()\fR releases any resources allocated by creating new objects. +\&\fBOBJ_cleanup()\fR releases any resources allocated by creating new objects. .SH "NOTES" .IX Header "NOTES" Objects in OpenSSL can have a short name, a long name and a numerical @@ -239,7 +243,7 @@ For example the \s-1OID\s0 for commonName has the following definitions: \& #define NID_commonName 13 .Ve .PP -New objects can be added by calling \fIOBJ_create()\fR. +New objects can be added by calling \fBOBJ_create()\fR. .PP Table objects have certain advantages over other objects: for example their NIDs can be used in a C language switch statement. They are @@ -249,14 +253,14 @@ is only a single constant structure for each table object. Objects which are not in the table have the \s-1NID\s0 value NID_undef. .PP Objects do not need to be in the internal tables to be processed, -the functions \fIOBJ_txt2obj()\fR and \fIOBJ_obj2txt()\fR can process the numerical +the functions \fBOBJ_txt2obj()\fR and \fBOBJ_obj2txt()\fR can process the numerical form of an \s-1OID.\s0 .PP Some objects are used to represent algorithms which do not have a corresponding \s-1ASN.1 OBJECT IDENTIFIER\s0 encoding (for example no \s-1OID\s0 currently exists for a particular algorithm). As a result they \fBcannot\fR be encoded or decoded as part of \s-1ASN.1\s0 structures. Applications can determine if there -is a corresponding \s-1OBJECT IDENTIFIER\s0 by checking \fIOBJ_length()\fR is not zero. +is a corresponding \s-1OBJECT IDENTIFIER\s0 by checking \fBOBJ_length()\fR is not zero. .PP These functions cannot return \fBconst\fR because an \fB\s-1ASN1_OBJECT\s0\fR can represent both an internal, constant, \s-1OID\s0 and a dynamically-created one. @@ -290,7 +294,7 @@ Create a new object directly: .Ve .SH "BUGS" .IX Header "BUGS" -\&\fIOBJ_obj2txt()\fR is awkward and messy to use: it doesn't follow the +\&\fBOBJ_obj2txt()\fR is awkward and messy to use: it doesn't follow the convention of other OpenSSL functions where the buffer can be set to \fB\s-1NULL\s0\fR to determine the amount of data that should be written. Instead \fBbuf\fR must point to a valid buffer and \fBbuf_len\fR should @@ -298,20 +302,20 @@ be set to a positive value. A buffer length of 80 should be more than enough to handle any \s-1OID\s0 encountered in practice. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIOBJ_nid2obj()\fR returns an \fB\s-1ASN1_OBJECT\s0\fR structure or \fB\s-1NULL\s0\fR is an +\&\fBOBJ_nid2obj()\fR returns an \fB\s-1ASN1_OBJECT\s0\fR structure or \fB\s-1NULL\s0\fR is an error occurred. .PP -\&\fIOBJ_nid2ln()\fR and \fIOBJ_nid2sn()\fR returns a valid string or \fB\s-1NULL\s0\fR +\&\fBOBJ_nid2ln()\fR and \fBOBJ_nid2sn()\fR returns a valid string or \fB\s-1NULL\s0\fR on error. .PP -\&\fIOBJ_obj2nid()\fR, \fIOBJ_ln2nid()\fR, \fIOBJ_sn2nid()\fR and \fIOBJ_txt2nid()\fR return +\&\fBOBJ_obj2nid()\fR, \fBOBJ_ln2nid()\fR, \fBOBJ_sn2nid()\fR and \fBOBJ_txt2nid()\fR return a \s-1NID\s0 or \fBNID_undef\fR on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3) +\&\fBERR_get_error\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIOBJ_cleanup()\fR was deprecated in OpenSSL 1.1.0 by \fIOPENSSL_init_crypto\fR\|(3) +\&\fBOBJ_cleanup()\fR was deprecated in OpenSSL 1.1.0 by \fBOPENSSL_init_crypto\fR\|(3) and should not be used. .SH "COPYRIGHT" .IX Header "COPYRIGHT" diff --git a/secure/lib/libcrypto/man/OCSP_REQUEST_new.3 b/secure/lib/libcrypto/man/OCSP_REQUEST_new.3 index da08771450f5..82f41c161174 100644 --- a/secure/lib/libcrypto/man/OCSP_REQUEST_new.3 +++ b/secure/lib/libcrypto/man/OCSP_REQUEST_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OCSP_REQUEST_NEW 3" -.TH OCSP_REQUEST_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH OCSP_REQUEST_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -157,51 +161,51 @@ OCSP_REQUEST_new, OCSP_REQUEST_free, OCSP_request_add0_id, OCSP_request_sign, OC .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIOCSP_REQUEST_new()\fR allocates and returns an empty \fB\s-1OCSP_REQUEST\s0\fR structure. +\&\fBOCSP_REQUEST_new()\fR allocates and returns an empty \fB\s-1OCSP_REQUEST\s0\fR structure. .PP -\&\fIOCSP_REQUEST_free()\fR frees up the request structure \fBreq\fR. +\&\fBOCSP_REQUEST_free()\fR frees up the request structure \fBreq\fR. .PP -\&\fIOCSP_request_add0_id()\fR adds certificate \s-1ID\s0 \fBcid\fR to \fBreq\fR. It returns +\&\fBOCSP_request_add0_id()\fR adds certificate \s-1ID\s0 \fBcid\fR to \fBreq\fR. It returns the \fB\s-1OCSP_ONEREQ\s0\fR structure added so an application can add additional extensions to the request. The \fBid\fR parameter \fB\s-1MUST NOT\s0\fR be freed up after the operation. .PP -\&\fIOCSP_request_sign()\fR signs \s-1OCSP\s0 request \fBreq\fR using certificate +\&\fBOCSP_request_sign()\fR signs \s-1OCSP\s0 request \fBreq\fR using certificate \&\fBsigner\fR, private key \fBkey\fR, digest \fBdgst\fR and additional certificates \&\fBcerts\fR. If the \fBflags\fR option \fB\s-1OCSP_NOCERTS\s0\fR is set then no certificates will be included in the request. .PP -\&\fIOCSP_request_add1_cert()\fR adds certificate \fBcert\fR to request \fBreq\fR. The +\&\fBOCSP_request_add1_cert()\fR adds certificate \fBcert\fR to request \fBreq\fR. The application is responsible for freeing up \fBcert\fR after use. .PP -\&\fIOCSP_request_onereq_count()\fR returns the total number of \fB\s-1OCSP_ONEREQ\s0\fR +\&\fBOCSP_request_onereq_count()\fR returns the total number of \fB\s-1OCSP_ONEREQ\s0\fR structures in \fBreq\fR. .PP -\&\fIOCSP_request_onereq_get0()\fR returns an internal pointer to the \fB\s-1OCSP_ONEREQ\s0\fR +\&\fBOCSP_request_onereq_get0()\fR returns an internal pointer to the \fB\s-1OCSP_ONEREQ\s0\fR contained in \fBreq\fR of index \fBi\fR. The index value \fBi\fR runs from 0 to OCSP_request_onereq_count(req) \- 1. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIOCSP_REQUEST_new()\fR returns an empty \fB\s-1OCSP_REQUEST\s0\fR structure or \fB\s-1NULL\s0\fR if +\&\fBOCSP_REQUEST_new()\fR returns an empty \fB\s-1OCSP_REQUEST\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. .PP -\&\fIOCSP_request_add0_id()\fR returns the \fB\s-1OCSP_ONEREQ\s0\fR structure containing \fBcid\fR +\&\fBOCSP_request_add0_id()\fR returns the \fB\s-1OCSP_ONEREQ\s0\fR structure containing \fBcid\fR or \fB\s-1NULL\s0\fR if an error occurred. .PP -\&\fIOCSP_request_sign()\fR and \fIOCSP_request_add1_cert()\fR return 1 for success and 0 +\&\fBOCSP_request_sign()\fR and \fBOCSP_request_add1_cert()\fR return 1 for success and 0 for failure. .PP -\&\fIOCSP_request_onereq_count()\fR returns the total number of \fB\s-1OCSP_ONEREQ\s0\fR +\&\fBOCSP_request_onereq_count()\fR returns the total number of \fB\s-1OCSP_ONEREQ\s0\fR structures in \fBreq\fR. .PP -\&\fIOCSP_request_onereq_get0()\fR returns a pointer to an \fB\s-1OCSP_ONEREQ\s0\fR structure +\&\fBOCSP_request_onereq_get0()\fR returns a pointer to an \fB\s-1OCSP_ONEREQ\s0\fR structure or \fB\s-1NULL\s0\fR if the index value is out or range. .SH "NOTES" .IX Header "NOTES" An \s-1OCSP\s0 request structure contains one or more \fB\s-1OCSP_ONEREQ\s0\fR structures corresponding to each certificate. .PP -\&\fIOCSP_request_onereq_count()\fR and \fIOCSP_request_onereq_get0()\fR are mainly used by +\&\fBOCSP_request_onereq_count()\fR and \fBOCSP_request_onereq_get0()\fR are mainly used by \&\s-1OCSP\s0 responders. .SH "EXAMPLE" .IX Header "EXAMPLE" @@ -228,12 +232,12 @@ Create an \fB\s-1OCSP_REQUEST\s0\fR structure for certificate \fBcert\fR with is .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrypto\fR\|(7), -\&\fIOCSP_cert_to_id\fR\|(3), -\&\fIOCSP_request_add1_nonce\fR\|(3), -\&\fIOCSP_resp_find_status\fR\|(3), -\&\fIOCSP_response_status\fR\|(3), -\&\fIOCSP_sendreq_new\fR\|(3) +\&\fBcrypto\fR\|(7), +\&\fBOCSP_cert_to_id\fR\|(3), +\&\fBOCSP_request_add1_nonce\fR\|(3), +\&\fBOCSP_resp_find_status\fR\|(3), +\&\fBOCSP_response_status\fR\|(3), +\&\fBOCSP_sendreq_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/OCSP_cert_to_id.3 b/secure/lib/libcrypto/man/OCSP_cert_to_id.3 index 941b1a538a82..b3ed391304c6 100644 --- a/secure/lib/libcrypto/man/OCSP_cert_to_id.3 +++ b/secure/lib/libcrypto/man/OCSP_cert_to_id.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OCSP_CERT_TO_ID 3" -.TH OCSP_CERT_TO_ID 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH OCSP_CERT_TO_ID 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -160,50 +164,50 @@ OCSP_cert_to_id, OCSP_cert_id_new, OCSP_CERTID_free, OCSP_id_issuer_cmp, OCSP_id .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIOCSP_cert_to_id()\fR creates and returns a new \fB\s-1OCSP_CERTID\s0\fR structure using +\&\fBOCSP_cert_to_id()\fR creates and returns a new \fB\s-1OCSP_CERTID\s0\fR structure using message digest \fBdgst\fR for certificate \fBsubject\fR with issuer \fBissuer\fR. If \&\fBdgst\fR is \fB\s-1NULL\s0\fR then \s-1SHA1\s0 is used. .PP -\&\fIOCSP_cert_id_new()\fR creates and returns a new \fB\s-1OCSP_CERTID\s0\fR using \fBdgst\fR and +\&\fBOCSP_cert_id_new()\fR creates and returns a new \fB\s-1OCSP_CERTID\s0\fR using \fBdgst\fR and issuer name \fBissuerName\fR, issuer key hash \fBissuerKey\fR and serial number \&\fBserialNumber\fR. .PP -\&\fIOCSP_CERTID_free()\fR frees up \fBid\fR. +\&\fBOCSP_CERTID_free()\fR frees up \fBid\fR. .PP -\&\fIOCSP_id_cmp()\fR compares \fB\s-1OCSP_CERTID\s0\fR \fBa\fR and \fBb\fR. +\&\fBOCSP_id_cmp()\fR compares \fB\s-1OCSP_CERTID\s0\fR \fBa\fR and \fBb\fR. .PP -\&\fIOCSP_id_issuer_cmp()\fR compares only the issuer name of \fB\s-1OCSP_CERTID\s0\fR \fBa\fR and \fBb\fR. +\&\fBOCSP_id_issuer_cmp()\fR compares only the issuer name of \fB\s-1OCSP_CERTID\s0\fR \fBa\fR and \fBb\fR. .PP -\&\fIOCSP_id_get0_info()\fR returns the issuer name hash, hash \s-1OID,\s0 issuer key hash and +\&\fBOCSP_id_get0_info()\fR returns the issuer name hash, hash \s-1OID,\s0 issuer key hash and serial number contained in \fBcid\fR. If any of the values are not required the corresponding parameter can be set to \fB\s-1NULL\s0\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIOCSP_cert_to_id()\fR and \fIOCSP_cert_id_new()\fR return either a pointer to a valid +\&\fBOCSP_cert_to_id()\fR and \fBOCSP_cert_id_new()\fR return either a pointer to a valid \&\fB\s-1OCSP_CERTID\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. .PP -\&\fIOCSP_id_cmp()\fR and \fIOCSP_id_issuer_cmp()\fR returns zero for a match and non-zero +\&\fBOCSP_id_cmp()\fR and \fBOCSP_id_issuer_cmp()\fR returns zero for a match and non-zero otherwise. .PP -\&\fIOCSP_CERTID_free()\fR does not return a value. +\&\fBOCSP_CERTID_free()\fR does not return a value. .PP -\&\fIOCSP_id_get0_info()\fR returns 1 for success and 0 for failure. +\&\fBOCSP_id_get0_info()\fR returns 1 for success and 0 for failure. .SH "NOTES" .IX Header "NOTES" -\&\s-1OCSP\s0 clients will typically only use \fIOCSP_cert_to_id()\fR or \fIOCSP_cert_id_new()\fR: +\&\s-1OCSP\s0 clients will typically only use \fBOCSP_cert_to_id()\fR or \fBOCSP_cert_id_new()\fR: the other functions are used by responder applications. .PP -The values returned by \fIOCSP_id_get0_info()\fR are internal pointers and \fB\s-1MUST +The values returned by \fBOCSP_id_get0_info()\fR are internal pointers and \fB\s-1MUST NOT\s0\fR be freed up by an application: they will be freed when the corresponding \&\fB\s-1OCSP_CERTID\s0\fR structure is freed. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrypto\fR\|(7), -\&\fIOCSP_request_add1_nonce\fR\|(3), -\&\fIOCSP_REQUEST_new\fR\|(3), -\&\fIOCSP_resp_find_status\fR\|(3), -\&\fIOCSP_response_status\fR\|(3), -\&\fIOCSP_sendreq_new\fR\|(3) +\&\fBcrypto\fR\|(7), +\&\fBOCSP_request_add1_nonce\fR\|(3), +\&\fBOCSP_REQUEST_new\fR\|(3), +\&\fBOCSP_resp_find_status\fR\|(3), +\&\fBOCSP_response_status\fR\|(3), +\&\fBOCSP_sendreq_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/OCSP_request_add1_nonce.3 b/secure/lib/libcrypto/man/OCSP_request_add1_nonce.3 index b04578abd115..60e883c31712 100644 --- a/secure/lib/libcrypto/man/OCSP_request_add1_nonce.3 +++ b/secure/lib/libcrypto/man/OCSP_request_add1_nonce.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OCSP_REQUEST_ADD1_NONCE 3" -.TH OCSP_REQUEST_ADD1_NONCE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH OCSP_REQUEST_ADD1_NONCE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,25 +152,25 @@ OCSP_request_add1_nonce, OCSP_basic_add1_nonce, OCSP_check_nonce, OCSP_copy_nonc .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIOCSP_request_add1_nonce()\fR adds a nonce of value \fBval\fR and length \fBlen\fR to +\&\fBOCSP_request_add1_nonce()\fR adds a nonce of value \fBval\fR and length \fBlen\fR to \&\s-1OCSP\s0 request \fBreq\fR. If \fBval\fR is \fB\s-1NULL\s0\fR a random nonce is used. If \fBlen\fR is zero or negative a default length will be used (currently 16 bytes). .PP -\&\fIOCSP_basic_add1_nonce()\fR is identical to \fIOCSP_request_add1_nonce()\fR except +\&\fBOCSP_basic_add1_nonce()\fR is identical to \fBOCSP_request_add1_nonce()\fR except it adds a nonce to \s-1OCSP\s0 basic response \fBresp\fR. .PP -\&\fIOCSP_check_nonce()\fR compares the nonce value in \fBreq\fR and \fBresp\fR. +\&\fBOCSP_check_nonce()\fR compares the nonce value in \fBreq\fR and \fBresp\fR. .PP -\&\fIOCSP_copy_nonce()\fR copys any nonce value present in \fBreq\fR to \fBresp\fR. +\&\fBOCSP_copy_nonce()\fR copys any nonce value present in \fBreq\fR to \fBresp\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIOCSP_request_add1_nonce()\fR and \fIOCSP_basic_add1_nonce()\fR return 1 for success +\&\fBOCSP_request_add1_nonce()\fR and \fBOCSP_basic_add1_nonce()\fR return 1 for success and 0 for failure. .PP -\&\fIOCSP_copy_nonce()\fR returns 1 if a nonce was successfully copied, 2 if no nonce +\&\fBOCSP_copy_nonce()\fR returns 1 if a nonce was successfully copied, 2 if no nonce was present in \fBreq\fR and 0 if an error occurred. .PP -\&\fIOCSP_check_nonce()\fR returns the result of the nonce comparison between \fBreq\fR +\&\fBOCSP_check_nonce()\fR returns the result of the nonce comparison between \fBreq\fR and \fBresp\fR. The return value indicates the result of the comparison. If nonces are present and equal 1 is returned. If the nonces are absent 2 is returned. If a nonce is present in the response only 3 is returned. If nonces @@ -175,7 +179,7 @@ only then \-1 is returned. .SH "NOTES" .IX Header "NOTES" For most purposes the nonce value in a request is set to a random value so -the \fBval\fR parameter in \fIOCSP_request_add1_nonce()\fR is usually \s-1NULL.\s0 +the \fBval\fR parameter in \fBOCSP_request_add1_nonce()\fR is usually \s-1NULL.\s0 .PP An \s-1OCSP\s0 nonce is typically added to an \s-1OCSP\s0 request to thwart replay attacks by checking the same nonce value appears in the response. @@ -186,7 +190,7 @@ supplied. Some responders cache \s-1OCSP\s0 responses and do not sign each response for performance reasons. As a result they do not support nonces. .PP -The return values of \fIOCSP_check_nonce()\fR can be checked to cover each case. A +The return values of \fBOCSP_check_nonce()\fR can be checked to cover each case. A positive return value effectively indicates success: nonces are both present and match, both absent or present in the response only. A non-zero return additionally covers the case where the nonce is present in the request only: @@ -195,12 +199,12 @@ indicates present and mismatched nonces: this should be treated as an error condition. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrypto\fR\|(7), -\&\fIOCSP_cert_to_id\fR\|(3), -\&\fIOCSP_REQUEST_new\fR\|(3), -\&\fIOCSP_resp_find_status\fR\|(3), -\&\fIOCSP_response_status\fR\|(3), -\&\fIOCSP_sendreq_new\fR\|(3) +\&\fBcrypto\fR\|(7), +\&\fBOCSP_cert_to_id\fR\|(3), +\&\fBOCSP_REQUEST_new\fR\|(3), +\&\fBOCSP_resp_find_status\fR\|(3), +\&\fBOCSP_response_status\fR\|(3), +\&\fBOCSP_sendreq_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/OCSP_resp_find_status.3 b/secure/lib/libcrypto/man/OCSP_resp_find_status.3 index 8cfea7b49cbb..d98518403f03 100644 --- a/secure/lib/libcrypto/man/OCSP_resp_find_status.3 +++ b/secure/lib/libcrypto/man/OCSP_resp_find_status.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OCSP_RESP_FIND_STATUS 3" -.TH OCSP_RESP_FIND_STATUS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH OCSP_RESP_FIND_STATUS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -182,7 +186,7 @@ OCSP_resp_get0_certs, OCSP_resp_get0_signer, OCSP_resp_get0_id, OCSP_resp_get1_i .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIOCSP_resp_find_status()\fR searches \fBbs\fR for an \s-1OCSP\s0 response for \fBid\fR. If it is +\&\fBOCSP_resp_find_status()\fR searches \fBbs\fR for an \s-1OCSP\s0 response for \fBid\fR. If it is successful the fields of the response are returned in \fB*status\fR, \fB*reason\fR, \&\fB*revtime\fR, \fB*thisupd\fR and \fB*nextupd\fR. The \fB*status\fR value will be one of \&\fBV_OCSP_CERTSTATUS_GOOD\fR, \fBV_OCSP_CERTSTATUS_REVOKED\fR or @@ -195,50 +199,50 @@ will be set to the revocation reason which will be one of \&\fB\s-1OCSP_REVOKED_STATUS_CESSATIONOFOPERATION\s0\fR, \&\fB\s-1OCSP_REVOKED_STATUS_CERTIFICATEHOLD\s0\fR or \fB\s-1OCSP_REVOKED_STATUS_REMOVEFROMCRL\s0\fR. .PP -\&\fIOCSP_resp_count()\fR returns the number of \fB\s-1OCSP_SINGLERESP\s0\fR structures in \fBbs\fR. +\&\fBOCSP_resp_count()\fR returns the number of \fB\s-1OCSP_SINGLERESP\s0\fR structures in \fBbs\fR. .PP -\&\fIOCSP_resp_get0()\fR returns the \fB\s-1OCSP_SINGLERESP\s0\fR structure in \fBbs\fR +\&\fBOCSP_resp_get0()\fR returns the \fB\s-1OCSP_SINGLERESP\s0\fR structure in \fBbs\fR corresponding to index \fBidx\fR. Where \fBidx\fR runs from 0 to OCSP_resp_count(bs) \- 1. .PP -\&\fIOCSP_resp_find()\fR searches \fBbs\fR for \fBid\fR and returns the index of the first +\&\fBOCSP_resp_find()\fR searches \fBbs\fR for \fBid\fR and returns the index of the first matching entry after \fBlast\fR or starting from the beginning if \fBlast\fR is \-1. .PP -\&\fIOCSP_single_get0_status()\fR extracts the fields of \fBsingle\fR in \fB*reason\fR, +\&\fBOCSP_single_get0_status()\fR extracts the fields of \fBsingle\fR in \fB*reason\fR, \&\fB*revtime\fR, \fB*thisupd\fR and \fB*nextupd\fR. .PP -\&\fIOCSP_resp_get0_produced_at()\fR extracts the \fBproducedAt\fR field from the +\&\fBOCSP_resp_get0_produced_at()\fR extracts the \fBproducedAt\fR field from the single response \fBbs\fR. .PP -\&\fIOCSP_resp_get0_signature()\fR returns the signature from \fBbs\fR. +\&\fBOCSP_resp_get0_signature()\fR returns the signature from \fBbs\fR. .PP -\&\fIOCSP_resp_get0_tbs_sigalg()\fR returns the \fBsignatureAlgorithm\fR from \fBbs\fR. +\&\fBOCSP_resp_get0_tbs_sigalg()\fR returns the \fBsignatureAlgorithm\fR from \fBbs\fR. .PP -\&\fIOCSP_resp_get0_respdata()\fR returns the \fBtbsResponseData\fR from \fBbs\fR. +\&\fBOCSP_resp_get0_respdata()\fR returns the \fBtbsResponseData\fR from \fBbs\fR. .PP -\&\fIOCSP_resp_get0_certs()\fR returns any certificates included in \fBbs\fR. +\&\fBOCSP_resp_get0_certs()\fR returns any certificates included in \fBbs\fR. .PP -\&\fIOCSP_resp_get0_signer()\fR attempts to retrieve the certificate that directly +\&\fBOCSP_resp_get0_signer()\fR attempts to retrieve the certificate that directly signed \fBbs\fR. The \s-1OCSP\s0 protocol does not require that this certificate is included in the \fBcerts\fR field of the response, so additional certificates can be supplied in \fBextra_certs\fR if the certificates that may have signed the response are known via some out-of-band mechanism. .PP -\&\fIOCSP_resp_get0_id()\fR gets the responder id of \fBbs\fR. If the responder \s-1ID\s0 is +\&\fBOCSP_resp_get0_id()\fR gets the responder id of \fBbs\fR. If the responder \s-1ID\s0 is a name then <*pname> is set to the name and \fB*pid\fR is set to \s-1NULL.\s0 If the responder \s-1ID\s0 is by key \s-1ID\s0 then \fB*pid\fR is set to the key \s-1ID\s0 and \fB*pname\fR -is set to \s-1NULL.\s0 \fIOCSP_resp_get1_id()\fR leaves ownership of \fB*pid\fR and \fB*pname\fR +is set to \s-1NULL.\s0 \fBOCSP_resp_get1_id()\fR leaves ownership of \fB*pid\fR and \fB*pname\fR with the caller, who is responsible for freeing them. Both functions return 1 -in case of success and 0 in case of failure. If \fIOCSP_resp_get1_id()\fR returns 0, +in case of success and 0 in case of failure. If \fBOCSP_resp_get1_id()\fR returns 0, no freeing of the results is necessary. .PP -\&\fIOCSP_check_validity()\fR checks the validity of \fBthisupd\fR and \fBnextupd\fR values -which will be typically obtained from \fIOCSP_resp_find_status()\fR or -\&\fIOCSP_single_get0_status()\fR. If \fBsec\fR is non-zero it indicates how many seconds +\&\fBOCSP_check_validity()\fR checks the validity of \fBthisupd\fR and \fBnextupd\fR values +which will be typically obtained from \fBOCSP_resp_find_status()\fR or +\&\fBOCSP_single_get0_status()\fR. If \fBsec\fR is non-zero it indicates how many seconds leeway should be allowed in the check. If \fBmaxsec\fR is positive it indicates the maximum age of \fBthisupd\fR in seconds. .PP -\&\fIOCSP_basic_verify()\fR checks that the basic response message \fBbs\fR is correctly +\&\fBOCSP_basic_verify()\fR checks that the basic response message \fBbs\fR is correctly signed and that the signer certificate can be validated. It takes \fBst\fR as the trusted store and \fBcerts\fR as a set of untrusted intermediate certificates. The function first tries to find the signer certificate of the response @@ -260,51 +264,51 @@ criteria including potential delegation. If this does not succeed and the trust for \s-1OCSP\s0 signing in the root \s-1CA\s0 certificate. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIOCSP_resp_find_status()\fR returns 1 if \fBid\fR is found in \fBbs\fR and 0 otherwise. +\&\fBOCSP_resp_find_status()\fR returns 1 if \fBid\fR is found in \fBbs\fR and 0 otherwise. .PP -\&\fIOCSP_resp_count()\fR returns the total number of \fB\s-1OCSP_SINGLERESP\s0\fR fields in +\&\fBOCSP_resp_count()\fR returns the total number of \fB\s-1OCSP_SINGLERESP\s0\fR fields in \&\fBbs\fR. .PP -\&\fIOCSP_resp_get0()\fR returns a pointer to an \fB\s-1OCSP_SINGLERESP\s0\fR structure or +\&\fBOCSP_resp_get0()\fR returns a pointer to an \fB\s-1OCSP_SINGLERESP\s0\fR structure or \&\fB\s-1NULL\s0\fR if \fBidx\fR is out of range. .PP -\&\fIOCSP_resp_find()\fR returns the index of \fBid\fR in \fBbs\fR (which may be 0) or \-1 if +\&\fBOCSP_resp_find()\fR returns the index of \fBid\fR in \fBbs\fR (which may be 0) or \-1 if \&\fBid\fR was not found. .PP -\&\fIOCSP_single_get0_status()\fR returns the status of \fBsingle\fR or \-1 if an error +\&\fBOCSP_single_get0_status()\fR returns the status of \fBsingle\fR or \-1 if an error occurred. .PP -\&\fIOCSP_resp_get0_signer()\fR returns 1 if the signing certificate was located, +\&\fBOCSP_resp_get0_signer()\fR returns 1 if the signing certificate was located, or 0 on error. .PP -\&\fIOCSP_basic_verify()\fR returns 1 on success, 0 on error, or \-1 on fatal error such +\&\fBOCSP_basic_verify()\fR returns 1 on success, 0 on error, or \-1 on fatal error such as malloc failure. .SH "NOTES" .IX Header "NOTES" -Applications will typically call \fIOCSP_resp_find_status()\fR using the certificate -\&\s-1ID\s0 of interest and then check its validity using \fIOCSP_check_validity()\fR. They +Applications will typically call \fBOCSP_resp_find_status()\fR using the certificate +\&\s-1ID\s0 of interest and then check its validity using \fBOCSP_check_validity()\fR. They can then take appropriate action based on the status of the certificate. .PP An \s-1OCSP\s0 response for a certificate contains \fBthisUpdate\fR and \fBnextUpdate\fR fields. Normally the current time should be between these two values. To account for clock skew the \fBmaxsec\fR field can be set to non-zero in -\&\fIOCSP_check_validity()\fR. Some responders do not set the \fBnextUpdate\fR field, this +\&\fBOCSP_check_validity()\fR. Some responders do not set the \fBnextUpdate\fR field, this would otherwise mean an ancient response would be considered valid: the -\&\fBmaxsec\fR parameter to \fIOCSP_check_validity()\fR can be used to limit the permitted +\&\fBmaxsec\fR parameter to \fBOCSP_check_validity()\fR can be used to limit the permitted age of responses. .PP The values written to \fB*revtime\fR, \fB*thisupd\fR and \fB*nextupd\fR by -\&\fIOCSP_resp_find_status()\fR and \fIOCSP_single_get0_status()\fR are internal pointers +\&\fBOCSP_resp_find_status()\fR and \fBOCSP_single_get0_status()\fR are internal pointers which \fB\s-1MUST NOT\s0\fR be freed up by the calling application. Any or all of these parameters can be set to \s-1NULL\s0 if their value is not required. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrypto\fR\|(7), -\&\fIOCSP_cert_to_id\fR\|(3), -\&\fIOCSP_request_add1_nonce\fR\|(3), -\&\fIOCSP_REQUEST_new\fR\|(3), -\&\fIOCSP_response_status\fR\|(3), -\&\fIOCSP_sendreq_new\fR\|(3) +\&\fBcrypto\fR\|(7), +\&\fBOCSP_cert_to_id\fR\|(3), +\&\fBOCSP_request_add1_nonce\fR\|(3), +\&\fBOCSP_REQUEST_new\fR\|(3), +\&\fBOCSP_response_status\fR\|(3), +\&\fBOCSP_sendreq_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/OCSP_response_status.3 b/secure/lib/libcrypto/man/OCSP_response_status.3 index 3d009243efde..7faaa3ed0542 100644 --- a/secure/lib/libcrypto/man/OCSP_response_status.3 +++ b/secure/lib/libcrypto/man/OCSP_response_status.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OCSP_RESPONSE_STATUS 3" -.TH OCSP_RESPONSE_STATUS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH OCSP_RESPONSE_STATUS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -158,78 +162,78 @@ OCSP_response_status, OCSP_response_get1_basic, OCSP_response_create, OCSP_RESPO .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIOCSP_response_status()\fR returns the \s-1OCSP\s0 response status of \fBresp\fR. It returns +\&\fBOCSP_response_status()\fR returns the \s-1OCSP\s0 response status of \fBresp\fR. It returns one of the values: \fB\s-1OCSP_RESPONSE_STATUS_SUCCESSFUL\s0\fR, \&\fB\s-1OCSP_RESPONSE_STATUS_MALFORMEDREQUEST\s0\fR, \&\fB\s-1OCSP_RESPONSE_STATUS_INTERNALERROR\s0\fR, \fB\s-1OCSP_RESPONSE_STATUS_TRYLATER\s0\fR \&\fB\s-1OCSP_RESPONSE_STATUS_SIGREQUIRED\s0\fR, or \fB\s-1OCSP_RESPONSE_STATUS_UNAUTHORIZED\s0\fR. .PP -\&\fIOCSP_response_get1_basic()\fR decodes and returns the \fB\s-1OCSP_BASICRESP\s0\fR structure +\&\fBOCSP_response_get1_basic()\fR decodes and returns the \fB\s-1OCSP_BASICRESP\s0\fR structure contained in \fBresp\fR. .PP -\&\fIOCSP_response_create()\fR creates and returns an \fB\s-1OCSP_RESPONSE\s0\fR structure for +\&\fBOCSP_response_create()\fR creates and returns an \fB\s-1OCSP_RESPONSE\s0\fR structure for \&\fBstatus\fR and optionally including basic response \fBbs\fR. .PP -\&\fIOCSP_RESPONSE_free()\fR frees up \s-1OCSP\s0 response \fBresp\fR. +\&\fBOCSP_RESPONSE_free()\fR frees up \s-1OCSP\s0 response \fBresp\fR. .PP -\&\fIOCSP_RESPID_set_by_name()\fR sets the name of the \s-1OCSP_RESPID\s0 to be the same as the +\&\fBOCSP_RESPID_set_by_name()\fR sets the name of the \s-1OCSP_RESPID\s0 to be the same as the subject name in the supplied X509 certificate \fBcert\fR for the \s-1OCSP\s0 responder. .PP -\&\fIOCSP_RESPID_set_by_key()\fR sets the key of the \s-1OCSP_RESPID\s0 to be the same as the +\&\fBOCSP_RESPID_set_by_key()\fR sets the key of the \s-1OCSP_RESPID\s0 to be the same as the key in the supplied X509 certificate \fBcert\fR for the \s-1OCSP\s0 responder. The key is stored as a \s-1SHA1\s0 hash. .PP Note that an \s-1OCSP_RESPID\s0 can only have one of the name, or the key set. Calling -\&\fIOCSP_RESPID_set_by_name()\fR or \fIOCSP_RESPID_set_by_key()\fR will clear any existing +\&\fBOCSP_RESPID_set_by_name()\fR or \fBOCSP_RESPID_set_by_key()\fR will clear any existing setting. .PP -\&\fIOCSP_RESPID_match()\fR tests whether the \s-1OCSP_RESPID\s0 given in \fBrespid\fR matches +\&\fBOCSP_RESPID_match()\fR tests whether the \s-1OCSP_RESPID\s0 given in \fBrespid\fR matches with the X509 certificate \fBcert\fR. .PP -\&\fIOCSP_basic_sign()\fR signs \s-1OCSP\s0 response \fBbrsp\fR using certificate \fBsigner\fR, private key +\&\fBOCSP_basic_sign()\fR signs \s-1OCSP\s0 response \fBbrsp\fR using certificate \fBsigner\fR, private key \&\fBkey\fR, digest \fBdgst\fR and additional certificates \fBcerts\fR. If the \fBflags\fR option \&\fB\s-1OCSP_NOCERTS\s0\fR is set then no certificates will be included in the request. If the \&\fBflags\fR option \fB\s-1OCSP_RESPID_KEY\s0\fR is set then the responder is identified by key \s-1ID\s0 -rather than by name. \fIOCSP_basic_sign_ctx()\fR also signs \s-1OCSP\s0 response \fBbrsp\fR but +rather than by name. \fBOCSP_basic_sign_ctx()\fR also signs \s-1OCSP\s0 response \fBbrsp\fR but uses the parameters contained in digest context \fBctx\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIOCSP_RESPONSE_status()\fR returns a status value. +\&\fBOCSP_RESPONSE_status()\fR returns a status value. .PP -\&\fIOCSP_response_get1_basic()\fR returns an \fB\s-1OCSP_BASICRESP\s0\fR structure pointer or +\&\fBOCSP_response_get1_basic()\fR returns an \fB\s-1OCSP_BASICRESP\s0\fR structure pointer or \&\fB\s-1NULL\s0\fR if an error occurred. .PP -\&\fIOCSP_response_create()\fR returns an \fB\s-1OCSP_RESPONSE\s0\fR structure pointer or \fB\s-1NULL\s0\fR +\&\fBOCSP_response_create()\fR returns an \fB\s-1OCSP_RESPONSE\s0\fR structure pointer or \fB\s-1NULL\s0\fR if an error occurred. .PP -\&\fIOCSP_RESPONSE_free()\fR does not return a value. +\&\fBOCSP_RESPONSE_free()\fR does not return a value. .PP -\&\fIOCSP_RESPID_set_by_name()\fR, \fIOCSP_RESPID_set_by_key()\fR, \fIOCSP_basic_sign()\fR, and -\&\fIOCSP_basic_sign_ctx()\fR return 1 on success or 0 +\&\fBOCSP_RESPID_set_by_name()\fR, \fBOCSP_RESPID_set_by_key()\fR, \fBOCSP_basic_sign()\fR, and +\&\fBOCSP_basic_sign_ctx()\fR return 1 on success or 0 on failure. .PP -\&\fIOCSP_RESPID_match()\fR returns 1 if the \s-1OCSP_RESPID\s0 and the X509 certificate match +\&\fBOCSP_RESPID_match()\fR returns 1 if the \s-1OCSP_RESPID\s0 and the X509 certificate match or 0 otherwise. .SH "NOTES" .IX Header "NOTES" -\&\fIOCSP_response_get1_basic()\fR is only called if the status of a response is +\&\fBOCSP_response_get1_basic()\fR is only called if the status of a response is \&\fB\s-1OCSP_RESPONSE_STATUS_SUCCESSFUL\s0\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrypto\fR\|(7) -\&\fIOCSP_cert_to_id\fR\|(3) -\&\fIOCSP_request_add1_nonce\fR\|(3) -\&\fIOCSP_REQUEST_new\fR\|(3) -\&\fIOCSP_resp_find_status\fR\|(3) -\&\fIOCSP_sendreq_new\fR\|(3) -\&\fIOCSP_RESPID_new\fR\|(3) -\&\fIOCSP_RESPID_free\fR\|(3) +\&\fBcrypto\fR\|(7) +\&\fBOCSP_cert_to_id\fR\|(3) +\&\fBOCSP_request_add1_nonce\fR\|(3) +\&\fBOCSP_REQUEST_new\fR\|(3) +\&\fBOCSP_resp_find_status\fR\|(3) +\&\fBOCSP_sendreq_new\fR\|(3) +\&\fBOCSP_RESPID_new\fR\|(3) +\&\fBOCSP_RESPID_free\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -The \fIOCSP_RESPID_set_by_name()\fR, \fIOCSP_RESPID_set_by_key()\fR and \fIOCSP_RESPID_match()\fR +The \fBOCSP_RESPID_set_by_name()\fR, \fBOCSP_RESPID_set_by_key()\fR and \fBOCSP_RESPID_match()\fR functions were added in OpenSSL 1.1.0a. .PP -The \fIOCSP_basic_sign_ctx()\fR function was added in OpenSSL 1.1.1. +The \fBOCSP_basic_sign_ctx()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/OCSP_sendreq_new.3 b/secure/lib/libcrypto/man/OCSP_sendreq_new.3 index f9ced2b33318..c91d8ce0a650 100644 --- a/secure/lib/libcrypto/man/OCSP_sendreq_new.3 +++ b/secure/lib/libcrypto/man/OCSP_sendreq_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OCSP_SENDREQ_NEW 3" -.TH OCSP_SENDREQ_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH OCSP_SENDREQ_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -160,48 +164,48 @@ OCSP_sendreq_new, OCSP_sendreq_nbio, OCSP_REQ_CTX_free, OCSP_set_max_response_le .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The function \fIOCSP_sendreq_new()\fR returns an \fB\s-1OCSP_CTX\s0\fR structure using the +The function \fBOCSP_sendreq_new()\fR returns an \fB\s-1OCSP_CTX\s0\fR structure using the responder \fBio\fR, the \s-1URL\s0 path \fBpath\fR, the \s-1OCSP\s0 request \fBreq\fR and with a response header maximum line length of \fBmaxline\fR. If \fBmaxline\fR is zero a default value of 4k is used. The \s-1OCSP\s0 request \fBreq\fR may be set to \fB\s-1NULL\s0\fR and provided later if required. .PP -\&\fIOCSP_sendreq_nbio()\fR performs non-blocking I/O on the \s-1OCSP\s0 request context +\&\fBOCSP_sendreq_nbio()\fR performs non-blocking I/O on the \s-1OCSP\s0 request context \&\fBrctx\fR. When the operation is complete it returns the response in \fB*presp\fR. .PP -\&\fIOCSP_REQ_CTX_free()\fR frees up the \s-1OCSP\s0 context \fBrctx\fR. +\&\fBOCSP_REQ_CTX_free()\fR frees up the \s-1OCSP\s0 context \fBrctx\fR. .PP -\&\fIOCSP_set_max_response_length()\fR sets the maximum response length for \fBrctx\fR +\&\fBOCSP_set_max_response_length()\fR sets the maximum response length for \fBrctx\fR to \fBlen\fR. If the response exceeds this length an error occurs. If not set a default value of 100k is used. .PP -\&\fIOCSP_REQ_CTX_add1_header()\fR adds header \fBname\fR with value \fBvalue\fR to the +\&\fBOCSP_REQ_CTX_add1_header()\fR adds header \fBname\fR with value \fBvalue\fR to the context \fBrctx\fR. It can be called more than once to add multiple headers. -It \fB\s-1MUST\s0\fR be called before any calls to \fIOCSP_sendreq_nbio()\fR. The \fBreq\fR -parameter in the initial to \fIOCSP_sendreq_new()\fR call \s-1MUST\s0 be set to \fB\s-1NULL\s0\fR if +It \fB\s-1MUST\s0\fR be called before any calls to \fBOCSP_sendreq_nbio()\fR. The \fBreq\fR +parameter in the initial to \fBOCSP_sendreq_new()\fR call \s-1MUST\s0 be set to \fB\s-1NULL\s0\fR if additional headers are set. .PP -\&\fIOCSP_REQ_CTX_set1_req()\fR sets the \s-1OCSP\s0 request in \fBrctx\fR to \fBreq\fR. This -function should be called after any calls to \fIOCSP_REQ_CTX_add1_header()\fR. +\&\fBOCSP_REQ_CTX_set1_req()\fR sets the \s-1OCSP\s0 request in \fBrctx\fR to \fBreq\fR. This +function should be called after any calls to \fBOCSP_REQ_CTX_add1_header()\fR. .PP -\&\fIOCSP_sendreq_bio()\fR performs an \s-1OCSP\s0 request using the responder \fBio\fR, the \s-1URL\s0 +\&\fBOCSP_sendreq_bio()\fR performs an \s-1OCSP\s0 request using the responder \fBio\fR, the \s-1URL\s0 path \fBpath\fR, the \s-1OCSP\s0 request \fBreq\fR and with a response header maximum line length of \fBmaxline\fR. If \fBmaxline\fR is zero a default value of 4k is used. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIOCSP_sendreq_new()\fR returns a valid \fB\s-1OCSP_REQ_CTX\s0\fR structure or \fB\s-1NULL\s0\fR if +\&\fBOCSP_sendreq_new()\fR returns a valid \fB\s-1OCSP_REQ_CTX\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. .PP -\&\fIOCSP_sendreq_nbio()\fR returns \fB1\fR if the operation was completed successfully, +\&\fBOCSP_sendreq_nbio()\fR returns \fB1\fR if the operation was completed successfully, \&\fB\-1\fR if the operation should be retried and \fB0\fR if an error occurred. .PP -\&\fIOCSP_REQ_CTX_add1_header()\fR and \fIOCSP_REQ_CTX_set1_req()\fR return \fB1\fR for success +\&\fBOCSP_REQ_CTX_add1_header()\fR and \fBOCSP_REQ_CTX_set1_req()\fR return \fB1\fR for success and \fB0\fR for failure. .PP -\&\fIOCSP_sendreq_bio()\fR returns the \fB\s-1OCSP_RESPONSE\s0\fR structure sent by the +\&\fBOCSP_sendreq_bio()\fR returns the \fB\s-1OCSP_RESPONSE\s0\fR structure sent by the responder or \fB\s-1NULL\s0\fR if an error occurred. .PP -\&\fIOCSP_REQ_CTX_free()\fR and \fIOCSP_set_max_response_length()\fR do not return values. +\&\fBOCSP_REQ_CTX_free()\fR and \fBOCSP_set_max_response_length()\fR do not return values. .SH "NOTES" .IX Header "NOTES" These functions only perform a minimal \s-1HTTP\s0 query to a responder. If an @@ -210,12 +214,12 @@ alternative more complete \s-1HTTP\s0 library. .PP Currently only \s-1HTTP POST\s0 queries to responders are supported. .PP -The arguments to \fIOCSP_sendreq_new()\fR correspond to the components of the \s-1URL.\s0 +The arguments to \fBOCSP_sendreq_new()\fR correspond to the components of the \s-1URL.\s0 For example if the responder \s-1URL\s0 is \fBhttp://ocsp.com/ocspreq\fR the \s-1BIO\s0 \&\fBio\fR should be connected to host \fBocsp.com\fR on port 80 and \fBpath\fR should be set to \fB\*(L"/ocspreq\*(R"\fR .PP -The headers added with \fIOCSP_REQ_CTX_add1_header()\fR are of the form +The headers added with \fBOCSP_REQ_CTX_add1_header()\fR are of the form "\fBname\fR: \fBvalue\fR\*(L" or just \*(R"\fBname\fR" if \fBvalue\fR is \fB\s-1NULL\s0\fR. So to add a Host header for \fBocsp.com\fR you would call: .PP @@ -223,22 +227,22 @@ a Host header for \fBocsp.com\fR you would call: \& OCSP_REQ_CTX_add1_header(ctx, "Host", "ocsp.com"); .Ve .PP -If \fIOCSP_sendreq_nbio()\fR indicates an operation should be retried the +If \fBOCSP_sendreq_nbio()\fR indicates an operation should be retried the corresponding \s-1BIO\s0 can be examined to determine which operation (read or -write) should be retried and appropriate action taken (for example a \fIselect()\fR +write) should be retried and appropriate action taken (for example a \fBselect()\fR call on the underlying socket). .PP -\&\fIOCSP_sendreq_bio()\fR does not support retries and so cannot handle non-blocking +\&\fBOCSP_sendreq_bio()\fR does not support retries and so cannot handle non-blocking I/O efficiently. It is retained for compatibility and its use in new applications is not recommended. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrypto\fR\|(7), -\&\fIOCSP_cert_to_id\fR\|(3), -\&\fIOCSP_request_add1_nonce\fR\|(3), -\&\fIOCSP_REQUEST_new\fR\|(3), -\&\fIOCSP_resp_find_status\fR\|(3), -\&\fIOCSP_response_status\fR\|(3) +\&\fBcrypto\fR\|(7), +\&\fBOCSP_cert_to_id\fR\|(3), +\&\fBOCSP_request_add1_nonce\fR\|(3), +\&\fBOCSP_REQUEST_new\fR\|(3), +\&\fBOCSP_resp_find_status\fR\|(3), +\&\fBOCSP_response_status\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/OPENSSL_Applink.3 b/secure/lib/libcrypto/man/OPENSSL_Applink.3 index ce0cc47b669e..9746f99c88ee 100644 --- a/secure/lib/libcrypto/man/OPENSSL_Applink.3 +++ b/secure/lib/libcrypto/man/OPENSSL_Applink.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_APPLINK 3" -.TH OPENSSL_APPLINK 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH OPENSSL_APPLINK 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_LH_COMPFUNC.3 b/secure/lib/libcrypto/man/OPENSSL_LH_COMPFUNC.3 index 22196785dc6e..179fe56533f6 100644 --- a/secure/lib/libcrypto/man/OPENSSL_LH_COMPFUNC.3 +++ b/secure/lib/libcrypto/man/OPENSSL_LH_COMPFUNC.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_LH_COMPFUNC 3" -.TH OPENSSL_LH_COMPFUNC 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH OPENSSL_LH_COMPFUNC 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -168,7 +172,7 @@ table entries can be arbitrary structures. Usually they consist of key and value fields. In the description here, \fI\s-1TYPE\s0\fR is used a placeholder for any of the OpenSSL datatypes, such as \fI\s-1SSL_SESSION\s0\fR. .PP -\&\fIlh_TYPE_new()\fR creates a new \fB\s-1LHASH_OF\s0(\s-1TYPE\s0)\fR structure to store +\&\fBlh_TYPE_new()\fR creates a new \fB\s-1LHASH_OF\s0(\s-1TYPE\s0)\fR structure to store arbitrary data entries, and specifies the 'hash' and 'compare' callbacks to be used in organising the table's entries. The \fBhash\fR callback takes a pointer to a table entry as its argument and returns @@ -183,7 +187,7 @@ will contain items of some particular type and the \fBhash\fR and \&\fBcompare\fR callbacks hash/compare these types, then the \&\fB\s-1IMPLEMENT_LHASH_HASH_FN\s0\fR and \fB\s-1IMPLEMENT_LHASH_COMP_FN\s0\fR macros can be used to create callback wrappers of the prototypes required by -\&\fIlh_TYPE_new()\fR as shown in this example: +\&\fBlh_TYPE_new()\fR as shown in this example: .PP .Vb 11 \& /* @@ -221,23 +225,23 @@ Then a hash table of \s-1TYPE\s0 objects can be created using this: \& htable = lh_TYPE_new(LHASH_HASH_FN(stuff), LHASH_COMP_FN(stuff)); .Ve .PP -\&\fIlh_TYPE_free()\fR frees the \fB\s-1LHASH_OF\s0(\s-1TYPE\s0)\fR structure +\&\fBlh_TYPE_free()\fR frees the \fB\s-1LHASH_OF\s0(\s-1TYPE\s0)\fR structure \&\fBtable\fR. Allocated hash table entries will not be freed; consider -using \fIlh_TYPE_doall()\fR to deallocate any remaining entries in the +using \fBlh_TYPE_doall()\fR to deallocate any remaining entries in the hash table (see below). .PP -\&\fIlh_TYPE_insert()\fR inserts the structure pointed to by \fBdata\fR into +\&\fBlh_TYPE_insert()\fR inserts the structure pointed to by \fBdata\fR into \&\fBtable\fR. If there already is an entry with the same key, the old -value is replaced. Note that \fIlh_TYPE_insert()\fR stores pointers, the +value is replaced. Note that \fBlh_TYPE_insert()\fR stores pointers, the data are not copied. .PP -\&\fIlh_TYPE_delete()\fR deletes an entry from \fBtable\fR. +\&\fBlh_TYPE_delete()\fR deletes an entry from \fBtable\fR. .PP -\&\fIlh_TYPE_retrieve()\fR looks up an entry in \fBtable\fR. Normally, \fBdata\fR +\&\fBlh_TYPE_retrieve()\fR looks up an entry in \fBtable\fR. Normally, \fBdata\fR is a structure with the key field(s) set; the function will return a pointer to a fully populated structure. .PP -\&\fIlh_TYPE_doall()\fR will, for every entry in the hash table, call +\&\fBlh_TYPE_doall()\fR will, for every entry in the hash table, call \&\fBfunc\fR with the data item as its parameter. For example: .PP @@ -264,11 +268,11 @@ you start (which will stop the hash table ever decreasing in size). The best solution is probably to avoid deleting items from the hash table inside a \*(L"doall\*(R" callback! .PP -\&\fIlh_TYPE_doall_arg()\fR is the same as \fIlh_TYPE_doall()\fR except that +\&\fBlh_TYPE_doall_arg()\fR is the same as \fBlh_TYPE_doall()\fR except that \&\fBfunc\fR will be called with \fBarg\fR as the second argument and \fBfunc\fR should be of type \fB\s-1LHASH_DOALL_ARG_FN_TYPE\s0\fR (a callback prototype that is passed both the table entry and an extra argument). As with -\&\fIlh_doall()\fR, you can instead choose to declare your callback with a +\&\fBlh_doall()\fR, you can instead choose to declare your callback with a prototype matching the types you are dealing with and use the declare/implement macros to create compatible wrappers that cast variables before calling your type-specific callbacks. An example of @@ -287,26 +291,26 @@ that is provided by the caller): \& logging_bio); .Ve .PP -\&\fIlh_TYPE_error()\fR can be used to determine if an error occurred in the last +\&\fBlh_TYPE_error()\fR can be used to determine if an error occurred in the last operation. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIlh_TYPE_new()\fR returns \fB\s-1NULL\s0\fR on error, otherwise a pointer to the new +\&\fBlh_TYPE_new()\fR returns \fB\s-1NULL\s0\fR on error, otherwise a pointer to the new \&\fB\s-1LHASH\s0\fR structure. .PP -When a hash table entry is replaced, \fIlh_TYPE_insert()\fR returns the value +When a hash table entry is replaced, \fBlh_TYPE_insert()\fR returns the value being replaced. \fB\s-1NULL\s0\fR is returned on normal operation and on error. .PP -\&\fIlh_TYPE_delete()\fR returns the entry being deleted. \fB\s-1NULL\s0\fR is returned if +\&\fBlh_TYPE_delete()\fR returns the entry being deleted. \fB\s-1NULL\s0\fR is returned if there is no such value in the hash table. .PP -\&\fIlh_TYPE_retrieve()\fR returns the hash table entry if it has been found, +\&\fBlh_TYPE_retrieve()\fR returns the hash table entry if it has been found, \&\fB\s-1NULL\s0\fR otherwise. .PP -\&\fIlh_TYPE_error()\fR returns 1 if an error occurred in the last operation, 0 +\&\fBlh_TYPE_error()\fR returns 1 if an error occurred in the last operation, 0 otherwise. It's meaningful only after non-retrieve operations. .PP -\&\fIlh_TYPE_free()\fR, \fIlh_TYPE_doall()\fR and \fIlh_TYPE_doall_arg()\fR return no values. +\&\fBlh_TYPE_free()\fR, \fBlh_TYPE_doall()\fR and \fBlh_TYPE_doall_arg()\fR return no values. .SH "NOTE" .IX Header "NOTE" The \s-1LHASH\s0 code is not thread safe. All updating operations, as well as @@ -314,12 +318,12 @@ lh_TYPE_error call must be performed under a write lock. All retrieve operations should be performed under a read lock, \fIunless\fR accurate usage statistics are desired. In which case, a write lock should be used for retrieve operations as well. For output of the usage statistics, -using the functions from \fIOPENSSL_LH_stats\fR\|(3), a read lock suffices. +using the functions from \fBOPENSSL_LH_stats\fR\|(3), a read lock suffices. .PP The \s-1LHASH\s0 code regards table entries as constant data. As such, it -internally represents \fIlh_insert()\fR'd items with a \*(L"const void *\*(R" -pointer type. This is why callbacks such as those used by \fIlh_doall()\fR -and \fIlh_doall_arg()\fR declare their prototypes with \*(L"const\*(R", even for the +internally represents \fBlh_insert()\fR'd items with a \*(L"const void *\*(R" +pointer type. This is why callbacks such as those used by \fBlh_doall()\fR +and \fBlh_doall_arg()\fR declare their prototypes with \*(L"const\*(R", even for the parameters that pass back the table items' data pointers \- for consistency, user-provided data is \*(L"const\*(R" at all times as far as the \&\s-1LHASH\s0 code is concerned. However, as callers are themselves providing @@ -332,8 +336,8 @@ indexed in the hash table (ie. it is returned as \*(L"const\*(R" from elsewhere in their code) \- in this case the \s-1LHASH\s0 prototypes are appropriate as-is. Conversely, if the caller is responsible for the life-time of the data in question, then they may well wish to make -modifications to table item passed back in the \fIlh_doall()\fR or -\&\fIlh_doall_arg()\fR callbacks (see the \*(L"TYPE_cleanup\*(R" example above). If +modifications to table item passed back in the \fBlh_doall()\fR or +\&\fBlh_doall_arg()\fR callbacks (see the \*(L"TYPE_cleanup\*(R" example above). If so, the caller can either cast the \*(L"const\*(R" away (if they're providing the raw callbacks themselves) or use the macros to declare/implement the wrapper functions without \*(L"const\*(R" types. @@ -347,10 +351,10 @@ DECLARE/IMPLEMENT_LHASH_DOALL_[\s-1ARG_\s0]_FN macros that provide types without any \*(L"const\*(R" qualifiers. .SH "BUGS" .IX Header "BUGS" -\&\fIlh_TYPE_insert()\fR returns \fB\s-1NULL\s0\fR both for success and error. +\&\fBlh_TYPE_insert()\fR returns \fB\s-1NULL\s0\fR both for success and error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIOPENSSL_LH_stats\fR\|(3) +\&\fBOPENSSL_LH_stats\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" In OpenSSL 1.0.0, the lhash interface was revamped for better diff --git a/secure/lib/libcrypto/man/OPENSSL_LH_stats.3 b/secure/lib/libcrypto/man/OPENSSL_LH_stats.3 index ed702af8995b..09ed621e70f9 100644 --- a/secure/lib/libcrypto/man/OPENSSL_LH_stats.3 +++ b/secure/lib/libcrypto/man/OPENSSL_LH_stats.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_LH_STATS 3" -.TH OPENSSL_LH_STATS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH OPENSSL_LH_STATS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -154,14 +158,14 @@ OPENSSL_LH_stats, OPENSSL_LH_node_stats, OPENSSL_LH_node_usage_stats, OPENSSL_LH The \fB\s-1LHASH\s0\fR structure records statistics about most aspects of accessing the hash table. .PP -\&\fIOPENSSL_LH_stats()\fR prints out statistics on the size of the hash table, how +\&\fBOPENSSL_LH_stats()\fR prints out statistics on the size of the hash table, how many entries are in it, and the number and result of calls to the routines in this library. .PP -\&\fIOPENSSL_LH_node_stats()\fR prints the number of entries for each 'bucket' in the +\&\fBOPENSSL_LH_node_stats()\fR prints the number of entries for each 'bucket' in the hash table. .PP -\&\fIOPENSSL_LH_node_usage_stats()\fR prints out a short summary of the state of the +\&\fBOPENSSL_LH_node_usage_stats()\fR prints out a short summary of the state of the hash table. It prints the 'load' and the 'actual load'. The load is the average number of data items per 'bucket' in the hash table. The \&'actual load' is the average number of items per 'bucket', but only @@ -170,7 +174,7 @@ average number of searches that will need to find an item in the hash table, while the 'load' is the average number that will be done to record a miss. .PP -\&\fIOPENSSL_LH_stats_bio()\fR, \fIOPENSSL_LH_node_stats_bio()\fR and \fIOPENSSL_LH_node_usage_stats_bio()\fR +\&\fBOPENSSL_LH_stats_bio()\fR, \fBOPENSSL_LH_node_stats_bio()\fR and \fBOPENSSL_LH_node_usage_stats_bio()\fR are the same as the above, except that the output goes to a \fB\s-1BIO\s0\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -178,11 +182,11 @@ These functions do not return values. .SH "NOTE" .IX Header "NOTE" These calls should be made under a read lock. Refer to -\&\*(L"\s-1NOTE\*(R"\s0 in \s-1\fIOPENSSL_LH_COMPFUNC\s0\fR\|(3) for more details about the locks required +\&\*(L"\s-1NOTE\*(R"\s0 in \s-1\fBOPENSSL_LH_COMPFUNC\s0\fR\|(3) for more details about the locks required when using the \s-1LHASH\s0 data structure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIbio\fR\|(7), \s-1\fIOPENSSL_LH_COMPFUNC\s0\fR\|(3) +\&\fBbio\fR\|(7), \s-1\fBOPENSSL_LH_COMPFUNC\s0\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 index dac17925003a..572078a9b84e 100644 --- a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 +++ b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_VERSION_NUMBER 3" -.TH OPENSSL_VERSION_NUMBER 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH OPENSSL_VERSION_NUMBER 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -190,9 +194,9 @@ number was therefore 0x0090581f. release date. For example, \&\*(L"OpenSSL 1.0.1a 15 Oct 2015\*(R". .PP -\&\fIOpenSSL_version_num()\fR returns the version number. +\&\fBOpenSSL_version_num()\fR returns the version number. .PP -\&\fIOpenSSL_version()\fR returns different strings depending on \fBt\fR: +\&\fBOpenSSL_version()\fR returns different strings depending on \fBt\fR: .IP "\s-1OPENSSL_VERSION\s0" 4 .IX Item "OPENSSL_VERSION" The text variant of the version number and the release date. For example, @@ -222,12 +226,12 @@ if available or \*(R"\s-1ENGINESDIR: N/A"\s0 otherwise. For an unknown \fBt\fR, the text \*(L"not available\*(R" is returned. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIOpenSSL_version_num()\fR returns the version number. +\&\fBOpenSSL_version_num()\fR returns the version number. .PP -\&\fIOpenSSL_version()\fR returns requested version strings. +\&\fBOpenSSL_version()\fR returns requested version strings. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrypto\fR\|(7) +\&\fBcrypto\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/OPENSSL_config.3 b/secure/lib/libcrypto/man/OPENSSL_config.3 index b8ddbb75bd05..ca177c928c86 100644 --- a/secure/lib/libcrypto/man/OPENSSL_config.3 +++ b/secure/lib/libcrypto/man/OPENSSL_config.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_CONFIG 3" -.TH OPENSSL_CONFIG 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH OPENSSL_CONFIG 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,27 +152,27 @@ OPENSSL_config, OPENSSL_no_config \- simple OpenSSL configuration functions .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIOPENSSL_config()\fR configures OpenSSL using the standard \fBopenssl.cnf\fR and +\&\fBOPENSSL_config()\fR configures OpenSSL using the standard \fBopenssl.cnf\fR and reads from the application section \fBappname\fR. If \fBappname\fR is \s-1NULL\s0 then the default section, \fBopenssl_conf\fR, will be used. Errors are silently ignored. Multiple calls have no effect. .PP -\&\fIOPENSSL_no_config()\fR disables configuration. If called before \fIOPENSSL_config()\fR +\&\fBOPENSSL_no_config()\fR disables configuration. If called before \fBOPENSSL_config()\fR no configuration takes place. .PP If the application is built with \fB\s-1OPENSSL_LOAD_CONF\s0\fR defined, then a -call to \fIOpenSSL_add_all_algorithms()\fR will implicitly call \fIOPENSSL_config()\fR +call to \fBOpenSSL_add_all_algorithms()\fR will implicitly call \fBOPENSSL_config()\fR first. .SH "NOTES" .IX Header "NOTES" -The \fIOPENSSL_config()\fR function is designed to be a very simple \*(L"call it and +The \fBOPENSSL_config()\fR function is designed to be a very simple \*(L"call it and forget it\*(R" function. It is however \fBmuch\fR better than nothing. Applications which need finer control over their configuration functionality should use the configuration -functions such as \fICONF_modules_load()\fR directly. This function is deprecated +functions such as \fBCONF_modules_load()\fR directly. This function is deprecated and its use should be avoided. -Applications should instead call \fICONF_modules_load()\fR during +Applications should instead call \fBCONF_modules_load()\fR during initialization (that is before starting any threads). .PP There are several reasons why calling the OpenSSL configuration routines is @@ -176,7 +180,7 @@ advisable. For example, to load dynamic ENGINEs from shared libraries (DSOs). However very few applications currently support the control interface and so very few can load and use dynamic ENGINEs. Equally in future more sophisticated ENGINEs will require certain control operations to customize them. If an -application calls \fIOPENSSL_config()\fR it doesn't need to know or care about +application calls \fBOPENSSL_config()\fR it doesn't need to know or care about \&\s-1ENGINE\s0 control operations because they can be performed by editing a configuration file. .SH "ENVIRONMENT" @@ -187,15 +191,15 @@ The path to the config file. Ignored in set-user-ID and set-group-ID programs. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -Neither \fIOPENSSL_config()\fR nor \fIOPENSSL_no_config()\fR return a value. +Neither \fBOPENSSL_config()\fR nor \fBOPENSSL_no_config()\fR return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIconfig\fR\|(5), -\&\fICONF_modules_load_file\fR\|(3) +\&\fBconfig\fR\|(5), +\&\fBCONF_modules_load_file\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -The \fIOPENSSL_no_config()\fR and \fIOPENSSL_config()\fR functions were -deprecated in OpenSSL 1.1.0 by \fIOPENSSL_init_crypto()\fR. +The \fBOPENSSL_no_config()\fR and \fBOPENSSL_config()\fR functions were +deprecated in OpenSSL 1.1.0 by \fBOPENSSL_init_crypto()\fR. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/OPENSSL_fork_prepare.3 b/secure/lib/libcrypto/man/OPENSSL_fork_prepare.3 index 43570681170b..fdca3d203354 100644 --- a/secure/lib/libcrypto/man/OPENSSL_fork_prepare.3 +++ b/secure/lib/libcrypto/man/OPENSSL_fork_prepare.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_FORK_PREPARE 3" -.TH OPENSSL_FORK_PREPARE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH OPENSSL_FORK_PREPARE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,30 +154,30 @@ OPENSSL_fork_prepare, OPENSSL_fork_parent, OPENSSL_fork_child \&\- OpenSSL fork OpenSSL has state that should be reset when a process forks. For example, the entropy pool used to generate random numbers (and therefore encryption keys) should not be shared across multiple programs. -The \fIOPENSSL_fork_prepare()\fR, \fIOPENSSL_fork_parent()\fR, and \fIOPENSSL_fork_child()\fR +The \fBOPENSSL_fork_prepare()\fR, \fBOPENSSL_fork_parent()\fR, and \fBOPENSSL_fork_child()\fR functions are used to reset this internal state. .PP -Platforms without \fIfork\fR\|(2) will probably not need to use these functions. -Platforms with \fIfork\fR\|(2) but without \fIpthreads_atfork\fR\|(3) will probably need +Platforms without \fBfork\fR\|(2) will probably not need to use these functions. +Platforms with \fBfork\fR\|(2) but without \fBpthreads_atfork\fR\|(3) will probably need to call them manually, as described in the following paragraph. Platforms such as Linux that have both functions will normally not need to call these functions as the OpenSSL library will do so automatically. .PP -\&\fIOPENSSL_init_crypto\fR\|(3) will register these functions with the appropriate +\&\fBOPENSSL_init_crypto\fR\|(3) will register these functions with the appropriate handler, when the \fB\s-1OPENSSL_INIT_ATFORK\s0\fR flag is used. For other applications, these functions can be called directly. They should be used -according to the calling sequence described by the \fIpthreads_atfork\fR\|(3) -documentation, which is summarized here. \fIOPENSSL_fork_prepare()\fR should -be called before a \fIfork()\fR is done. After the \fIfork()\fR returns, the parent -process should call \fIOPENSSL_fork_parent()\fR and the child process should -call \fIOPENSSL_fork_child()\fR. +according to the calling sequence described by the \fBpthreads_atfork\fR\|(3) +documentation, which is summarized here. \fBOPENSSL_fork_prepare()\fR should +be called before a \fBfork()\fR is done. After the \fBfork()\fR returns, the parent +process should call \fBOPENSSL_fork_parent()\fR and the child process should +call \fBOPENSSL_fork_child()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIOPENSSL_fork_prepare()\fR, \fIOPENSSL_fork_parent()\fR and \fIOPENSSL_fork_child()\fR do not +\&\fBOPENSSL_fork_prepare()\fR, \fBOPENSSL_fork_parent()\fR and \fBOPENSSL_fork_child()\fR do not return values. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIOPENSSL_init_crypto\fR\|(3) +\&\fBOPENSSL_init_crypto\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.1.1. diff --git a/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 b/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 index 70a719d9e8e4..ad603210f6ec 100644 --- a/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 +++ b/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_IA32CAP 3" -.TH OPENSSL_IA32CAP 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH OPENSSL_IA32CAP 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -196,7 +200,7 @@ clearing bit #24 disables \s-1SSE2\s0 code operating on 128\-bit \s-1XMM\s0 regi bank. You might have to do the latter if target OpenSSL application is executed on \s-1SSE2\s0 capable \s-1CPU,\s0 but under control of \s-1OS\s0 that does not enable \s-1XMM\s0 registers. Historically address of the capability vector copy -was exposed to application through \fIOPENSSL_ia32cap_loc()\fR, but not +was exposed to application through \fBOPENSSL_ia32cap_loc()\fR, but not anymore. Now the only way to affect the capability detection is to set OPENSSL_ia32cap environment variable prior target application start. To give a specific example, on Intel P4 processor 'env diff --git a/secure/lib/libcrypto/man/OPENSSL_init_crypto.3 b/secure/lib/libcrypto/man/OPENSSL_init_crypto.3 index a9ab73523a75..8642d9ca3ecc 100644 --- a/secure/lib/libcrypto/man/OPENSSL_init_crypto.3 +++ b/secure/lib/libcrypto/man/OPENSSL_init_crypto.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,13 +133,13 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_INIT_CRYPTO 3" -.TH OPENSSL_INIT_CRYPTO 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH OPENSSL_INIT_CRYPTO 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -OPENSSL_INIT_new, OPENSSL_INIT_set_config_appname, OPENSSL_INIT_free, OPENSSL_init_crypto, OPENSSL_cleanup, OPENSSL_atexit, OPENSSL_thread_stop \- OpenSSL initialisation and deinitialisation functions +OPENSSL_INIT_new, OPENSSL_INIT_set_config_filename, OPENSSL_INIT_set_config_appname, OPENSSL_INIT_set_config_file_flags, OPENSSL_INIT_free, OPENSSL_init_crypto, OPENSSL_cleanup, OPENSSL_atexit, OPENSSL_thread_stop \- OpenSSL initialisation and deinitialisation functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -147,6 +151,10 @@ OPENSSL_INIT_new, OPENSSL_INIT_set_config_appname, OPENSSL_INIT_free, OPENSSL_in \& void OPENSSL_thread_stop(void); \& \& OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void); +\& int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *init, +\& const char* filename); +\& int OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *init, +\& unsigned long flags); \& int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *init, \& const char* name); \& void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init); @@ -163,15 +171,15 @@ As of version 1.1.0 OpenSSL will automatically allocate all resources that it needs so no explicit initialisation is required. Similarly it will also automatically deinitialise as required. .PP -However, there way be situations when explicit initialisation is desirable or +However, there may be situations when explicit initialisation is desirable or needed, for example when some non-default initialisation is required. The -function \fIOPENSSL_init_crypto()\fR can be used for this purpose for -libcrypto (see also \fIOPENSSL_init_ssl\fR\|(3) for the libssl +function \fBOPENSSL_init_crypto()\fR can be used for this purpose for +libcrypto (see also \fBOPENSSL_init_ssl\fR\|(3) for the libssl equivalent). .PP -Numerous internal OpenSSL functions call \fIOPENSSL_init_crypto()\fR. +Numerous internal OpenSSL functions call \fBOPENSSL_init_crypto()\fR. Therefore, in order to perform non-default initialisation, -\&\fIOPENSSL_init_crypto()\fR \s-1MUST\s0 be called by application code prior to +\&\fBOPENSSL_init_crypto()\fR \s-1MUST\s0 be called by application code prior to any other OpenSSL function calls. .PP The \fBopts\fR parameter specifies which aspects of libcrypto should be @@ -180,55 +188,55 @@ initialised. Valid options are: .IX Item "OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS" Suppress automatic loading of the libcrypto error strings. This option is not a default option. Once selected subsequent calls to -\&\fIOPENSSL_init_crypto()\fR with the option +\&\fBOPENSSL_init_crypto()\fR with the option \&\fB\s-1OPENSSL_INIT_LOAD_CRYPTO_STRINGS\s0\fR will be ignored. .IP "\s-1OPENSSL_INIT_LOAD_CRYPTO_STRINGS\s0" 4 .IX Item "OPENSSL_INIT_LOAD_CRYPTO_STRINGS" Automatic loading of the libcrypto error strings. With this option the library will automatically load the libcrypto error strings. This option is a default option. Once selected subsequent calls to -\&\fIOPENSSL_init_crypto()\fR with the option +\&\fBOPENSSL_init_crypto()\fR with the option \&\fB\s-1OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS\s0\fR will be ignored. .IP "\s-1OPENSSL_INIT_ADD_ALL_CIPHERS\s0" 4 .IX Item "OPENSSL_INIT_ADD_ALL_CIPHERS" With this option the library will automatically load and make available all libcrypto ciphers. This option is a default option. Once selected subsequent -calls to \fIOPENSSL_init_crypto()\fR with the option +calls to \fBOPENSSL_init_crypto()\fR with the option \&\fB\s-1OPENSSL_INIT_NO_ADD_ALL_CIPHERS\s0\fR will be ignored. .IP "\s-1OPENSSL_INIT_ADD_ALL_DIGESTS\s0" 4 .IX Item "OPENSSL_INIT_ADD_ALL_DIGESTS" With this option the library will automatically load and make available all libcrypto digests. This option is a default option. Once selected subsequent -calls to \fIOPENSSL_init_crypto()\fR with the option +calls to \fBOPENSSL_init_crypto()\fR with the option \&\fB\s-1OPENSSL_INIT_NO_ADD_ALL_CIPHERS\s0\fR will be ignored. .IP "\s-1OPENSSL_INIT_NO_ADD_ALL_CIPHERS\s0" 4 .IX Item "OPENSSL_INIT_NO_ADD_ALL_CIPHERS" With this option the library will suppress automatic loading of libcrypto ciphers. This option is not a default option. Once selected subsequent -calls to \fIOPENSSL_init_crypto()\fR with the option +calls to \fBOPENSSL_init_crypto()\fR with the option \&\fB\s-1OPENSSL_INIT_ADD_ALL_CIPHERS\s0\fR will be ignored. .IP "\s-1OPENSSL_INIT_NO_ADD_ALL_DIGESTS\s0" 4 .IX Item "OPENSSL_INIT_NO_ADD_ALL_DIGESTS" With this option the library will suppress automatic loading of libcrypto digests. This option is not a default option. Once selected subsequent -calls to \fIOPENSSL_init_crypto()\fR with the option +calls to \fBOPENSSL_init_crypto()\fR with the option \&\fB\s-1OPENSSL_INIT_ADD_ALL_DIGESTS\s0\fR will be ignored. .IP "\s-1OPENSSL_INIT_LOAD_CONFIG\s0" 4 .IX Item "OPENSSL_INIT_LOAD_CONFIG" With this option an OpenSSL configuration file will be automatically loaded and -used by calling \fIOPENSSL_config()\fR. This is not a default option for libcrypto. -From OpenSSL 1.1.1 this is a default option for libssl (see -\&\fIOPENSSL_init_ssl\fR\|(3) for further details about libssl initialisation). See the -description of \fIOPENSSL_INIT_new()\fR, below. +used by calling \fBOPENSSL_config()\fR. This is not a default option for libcrypto. +As of OpenSSL 1.1.1 this is a default option for libssl (see +\&\fBOPENSSL_init_ssl\fR\|(3) for further details about libssl initialisation). See the +description of \fBOPENSSL_INIT_new()\fR, below. .IP "\s-1OPENSSL_INIT_NO_LOAD_CONFIG\s0" 4 .IX Item "OPENSSL_INIT_NO_LOAD_CONFIG" With this option the loading of OpenSSL configuration files will be suppressed. -It is the equivalent of calling \fIOPENSSL_no_config()\fR. This is not a default +It is the equivalent of calling \fBOPENSSL_no_config()\fR. This is not a default option. .IP "\s-1OPENSSL_INIT_ASYNC\s0" 4 .IX Item "OPENSSL_INIT_ASYNC" With this option the library with automatically initialise the libcrypto async -sub-library (see \fIASYNC_start_job\fR\|(3)). This is a default option. +sub-library (see \fBASYNC_start_job\fR\|(3)). This is a default option. .IP "\s-1OPENSSL_INIT_ENGINE_RDRAND\s0" 4 .IX Item "OPENSSL_INIT_ENGINE_RDRAND" With this option the library will automatically load and initialise the @@ -265,89 +273,105 @@ engines. This not a default option. .IP "\s-1OPENSSL_INIT_ATFORK\s0" 4 .IX Item "OPENSSL_INIT_ATFORK" With this option the library will register its fork handlers. -See \fIOPENSSL_fork_prepare\fR\|(3) for details. +See \fBOPENSSL_fork_prepare\fR\|(3) for details. +.IP "\s-1OPENSSL_INIT_NO_ATEXIT\s0" 4 +.IX Item "OPENSSL_INIT_NO_ATEXIT" +By default OpenSSL will attempt to clean itself up when the process exits via an +\&\*(L"atexit\*(R" handler. Using this option suppresses that behaviour. This means that +the application will have to clean up OpenSSL explicitly using +\&\fBOPENSSL_cleanup()\fR. .PP Multiple options may be combined together in a single call to -\&\fIOPENSSL_init_crypto()\fR. For example: +\&\fBOPENSSL_init_crypto()\fR. For example: .PP .Vb 2 \& OPENSSL_init_crypto(OPENSSL_INIT_NO_ADD_ALL_CIPHERS \& | OPENSSL_INIT_NO_ADD_ALL_DIGESTS, NULL); .Ve .PP -The \fIOPENSSL_cleanup()\fR function deinitialises OpenSSL (both libcrypto +The \fBOPENSSL_cleanup()\fR function deinitialises OpenSSL (both libcrypto and libssl). All resources allocated by OpenSSL are freed. Typically there should be no need to call this function directly as it is initiated automatically on application exit. This is done via the standard C library -\&\fIatexit()\fR function. In the event that the application will close in a manner -that will not call the registered \fIatexit()\fR handlers then the application should -call \fIOPENSSL_cleanup()\fR directly. Developers of libraries using OpenSSL +\&\fBatexit()\fR function. In the event that the application will close in a manner +that will not call the registered \fBatexit()\fR handlers then the application should +call \fBOPENSSL_cleanup()\fR directly. Developers of libraries using OpenSSL are discouraged from calling this function and should instead, typically, rely on auto-deinitialisation. This is to avoid error conditions where both an application and a library it depends on both use OpenSSL, and the library deinitialises it before the application has finished using it. .PP -Once \fIOPENSSL_cleanup()\fR has been called the library cannot be reinitialised. -Attempts to call \fIOPENSSL_init_crypto()\fR will fail and an \s-1ERR_R_INIT_FAIL\s0 error +Once \fBOPENSSL_cleanup()\fR has been called the library cannot be reinitialised. +Attempts to call \fBOPENSSL_init_crypto()\fR will fail and an \s-1ERR_R_INIT_FAIL\s0 error will be added to the error stack. Note that because initialisation has failed OpenSSL error strings will not be available, only an error code. This code can be put through the openssl errstr command line application to produce a human -readable error (see \fIerrstr\fR\|(1)). +readable error (see \fBerrstr\fR\|(1)). .PP -The \fIOPENSSL_atexit()\fR function enables the registration of a -function to be called during \fIOPENSSL_cleanup()\fR. Stop handlers are +The \fBOPENSSL_atexit()\fR function enables the registration of a +function to be called during \fBOPENSSL_cleanup()\fR. Stop handlers are called after deinitialisation of resources local to a thread, but before other process wide resources are freed. In the event that multiple stop handlers are registered, no guarantees are made about the order of execution. .PP -The \fIOPENSSL_thread_stop()\fR function deallocates resources associated +The \fBOPENSSL_thread_stop()\fR function deallocates resources associated with the current thread. Typically this function will be called automatically by the library when the thread exits. This should only be called directly if resources should be freed at an earlier time, or under the circumstances described in the \s-1NOTES\s0 section below. .PP -The \fB\s-1OPENSSL_INIT_LOAD_CONFIG\s0\fR flag will load a default configuration -file. For optional configuration file settings, an \fB\s-1OPENSSL_INIT_SETTINGS\s0\fR -must be created and used. -The routines \fIOPENSSL_init_new()\fR and \fIOPENSSL_INIT_set_config_appname()\fR can -be used to allocate the object and set the application name, and then the -object can be released with \fIOPENSSL_INIT_free()\fR when done. +The \fB\s-1OPENSSL_INIT_LOAD_CONFIG\s0\fR flag will load a configuration file, as with +\&\fBCONF_modules_load_file\fR\|(3) with \s-1NULL\s0 filename and application name and the +\&\fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR, \fB\s-1CONF_MFLAGS_IGNORE_RETURN_CODES\s0\fR and +\&\fB\s-1CONF_MFLAGS_DEFAULT_SECTION\s0\fR flags. +The filename, application name, and flags can be customized by providing a +non-null \fB\s-1OPENSSL_INIT_SETTINGS\s0\fR object. +The object can be allocated via \fB\fBOPENSSL_init_new()\fB\fR. +The \fB\fBOPENSSL_INIT_set_config_filename()\fB\fR function can be used to specify a +non-default filename, which is copied and need not refer to persistent storage. +Similarly, \fBOPENSSL_INIT_set_config_appname()\fR can be used to specify a +non-default application name. +Finally, OPENSSL_INIT_set_file_flags can be used to specify non-default flags. +If the \fB\s-1CONF_MFLAGS_IGNORE_RETURN_CODES\s0\fR flag is not included, any errors in +the configuration file will cause an error return from \fBOPENSSL_init_crypto\fR +or indirectly \fBOPENSSL_init_ssl\fR\|(3). +The object can be released with \fBOPENSSL_INIT_free()\fR when done. .SH "NOTES" .IX Header "NOTES" Resources local to a thread are deallocated automatically when the thread exits -(e.g. in a pthreads environment, when \fIpthread_exit()\fR is called). On Windows +(e.g. in a pthreads environment, when \fBpthread_exit()\fR is called). On Windows platforms this is done in response to a \s-1DLL_THREAD_DETACH\s0 message being sent to the libcrypto32.dll entry point. Some windows functions may cause threads to exit -without sending this message (for example \fIExitProcess()\fR). If the application +without sending this message (for example \fBExitProcess()\fR). If the application uses such functions, then the application must free up OpenSSL resources -directly via a call to \fIOPENSSL_thread_stop()\fR on each thread. Similarly this +directly via a call to \fBOPENSSL_thread_stop()\fR on each thread. Similarly this message will also not be sent if OpenSSL is linked statically, and therefore -applications using static linking should also call \fIOPENSSL_thread_stop()\fR on each -thread. Additionally if OpenSSL is loaded dynamically via \fILoadLibrary()\fR and the -threads are not destroyed until after \fIFreeLibrary()\fR is called then each thread -should call \fIOPENSSL_thread_stop()\fR prior to the \fIFreeLibrary()\fR call. +applications using static linking should also call \fBOPENSSL_thread_stop()\fR on each +thread. Additionally if OpenSSL is loaded dynamically via \fBLoadLibrary()\fR and the +threads are not destroyed until after \fBFreeLibrary()\fR is called then each thread +should call \fBOPENSSL_thread_stop()\fR prior to the \fBFreeLibrary()\fR call. .PP -On Linux/Unix where OpenSSL has been loaded via \fIdlopen()\fR and the application is -multi-threaded and if \fIdlclose()\fR is subsequently called prior to the threads +On Linux/Unix where OpenSSL has been loaded via \fBdlopen()\fR and the application is +multi-threaded and if \fBdlclose()\fR is subsequently called prior to the threads being destroyed then OpenSSL will not be able to deallocate resources associated -with those threads. The application should either call \fIOPENSSL_thread_stop()\fR on -each thread prior to the \fIdlclose()\fR call, or alternatively the original \fIdlopen()\fR +with those threads. The application should either call \fBOPENSSL_thread_stop()\fR on +each thread prior to the \fBdlclose()\fR call, or alternatively the original \fBdlopen()\fR call should use the \s-1RTLD_NODELETE\s0 flag (where available on the platform). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The functions OPENSSL_init_crypto, \fIOPENSSL_atexit()\fR and -\&\fIOPENSSL_INIT_set_config_appname()\fR return 1 on success or 0 on error. +The functions OPENSSL_init_crypto, \fBOPENSSL_atexit()\fR and +\&\fBOPENSSL_INIT_set_config_appname()\fR return 1 on success or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIOPENSSL_init_ssl\fR\|(3) +\&\fBOPENSSL_init_ssl\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -The \fIOPENSSL_init_crypto()\fR, \fIOPENSSL_cleanup()\fR, \fIOPENSSL_atexit()\fR, -\&\fIOPENSSL_thread_stop()\fR, \fIOPENSSL_INIT_new()\fR, \fIOPENSSL_INIT_set_config_appname()\fR -and \fIOPENSSL_INIT_free()\fR functions were added in OpenSSL 1.1.0. +The \fBOPENSSL_init_crypto()\fR, \fBOPENSSL_cleanup()\fR, \fBOPENSSL_atexit()\fR, +\&\fBOPENSSL_thread_stop()\fR, \fBOPENSSL_INIT_new()\fR, \fBOPENSSL_INIT_set_config_appname()\fR +and \fBOPENSSL_INIT_free()\fR functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/OPENSSL_init_ssl.3 b/secure/lib/libcrypto/man/OPENSSL_init_ssl.3 index 63e8ce8d0284..c7f5aa715c1b 100644 --- a/secure/lib/libcrypto/man/OPENSSL_init_ssl.3 +++ b/secure/lib/libcrypto/man/OPENSSL_init_ssl.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_INIT_SSL 3" -.TH OPENSSL_INIT_SSL 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH OPENSSL_INIT_SSL 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -157,44 +161,44 @@ automatically deinitialise as required. .PP However, there may be situations when explicit initialisation is desirable or needed, for example when some non-default initialisation is required. The -function \fIOPENSSL_init_ssl()\fR can be used for this purpose. Calling +function \fBOPENSSL_init_ssl()\fR can be used for this purpose. Calling this function will explicitly initialise \s-1BOTH\s0 libcrypto and libssl. To explicitly initialise \s-1ONLY\s0 libcrypto see the -\&\fIOPENSSL_init_crypto\fR\|(3) function. +\&\fBOPENSSL_init_crypto\fR\|(3) function. .PP -Numerous internal OpenSSL functions call \fIOPENSSL_init_ssl()\fR. +Numerous internal OpenSSL functions call \fBOPENSSL_init_ssl()\fR. Therefore, in order to perform non-default initialisation, -\&\fIOPENSSL_init_ssl()\fR \s-1MUST\s0 be called by application code prior to +\&\fBOPENSSL_init_ssl()\fR \s-1MUST\s0 be called by application code prior to any other OpenSSL function calls. .PP The \fBopts\fR parameter specifies which aspects of libssl and libcrypto should be initialised. Valid options for libcrypto are described on the -\&\fIOPENSSL_init_crypto\fR\|(3) page. In addition to any libcrypto +\&\fBOPENSSL_init_crypto\fR\|(3) page. In addition to any libcrypto specific option the following libssl options can also be used: .IP "\s-1OPENSSL_INIT_NO_LOAD_SSL_STRINGS\s0" 4 .IX Item "OPENSSL_INIT_NO_LOAD_SSL_STRINGS" Suppress automatic loading of the libssl error strings. This option is not a default option. Once selected subsequent calls to -\&\fIOPENSSL_init_ssl()\fR with the option +\&\fBOPENSSL_init_ssl()\fR with the option \&\fB\s-1OPENSSL_INIT_LOAD_SSL_STRINGS\s0\fR will be ignored. .IP "\s-1OPENSSL_INIT_LOAD_SSL_STRINGS\s0" 4 .IX Item "OPENSSL_INIT_LOAD_SSL_STRINGS" Automatic loading of the libssl error strings. This option is a default option. Once selected subsequent calls to -\&\fIOPENSSL_init_ssl()\fR with the option +\&\fBOPENSSL_init_ssl()\fR with the option \&\fB\s-1OPENSSL_INIT_LOAD_SSL_STRINGS\s0\fR will be ignored. .PP -\&\fIOPENSSL_init_ssl()\fR takes a \fBsettings\fR parameter which can be used to -set parameter values. See \fIOPENSSL_init_crypto\fR\|(3) for details. +\&\fBOPENSSL_init_ssl()\fR takes a \fBsettings\fR parameter which can be used to +set parameter values. See \fBOPENSSL_init_crypto\fR\|(3) for details. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The function \fIOPENSSL_init_ssl()\fR returns 1 on success or 0 on error. +The function \fBOPENSSL_init_ssl()\fR returns 1 on success or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIOPENSSL_init_crypto\fR\|(3) +\&\fBOPENSSL_init_crypto\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -The \fIOPENSSL_init_ssl()\fR function was added in OpenSSL 1.1.0. +The \fBOPENSSL_init_ssl()\fR function was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3 b/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3 index d52c46d84496..04f591c26871 100644 --- a/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3 +++ b/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_INSTRUMENT_BUS 3" -.TH OPENSSL_INSTRUMENT_BUS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH OPENSSL_INSTRUMENT_BUS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,10 +160,10 @@ interlocked manner, which should contribute additional noise on multi-processor systems. This also means that \fBvector[num]\fR should be zeroed upon invocation (if you want to retrieve actual probe values). .PP -\&\fIOPENSSL_instrument_bus()\fR performs \fBnum\fR probes and records the number of +\&\fBOPENSSL_instrument_bus()\fR performs \fBnum\fR probes and records the number of oscillator cycles every probe took. .PP -\&\fIOPENSSL_instrument_bus2()\fR on the other hand \fBaccumulates\fR consecutive +\&\fBOPENSSL_instrument_bus2()\fR on the other hand \fBaccumulates\fR consecutive probes with the same value, i.e. in a way it records duration of periods when probe values appeared deterministic. The subroutine performs at most \fBmax\fR probes in attempt to fill the \fBvector[num]\fR, diff --git a/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 b/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 index 90bb0d59443b..7940527b2291 100644 --- a/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 +++ b/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_LOAD_BUILTIN_MODULES 3" -.TH OPENSSL_LOAD_BUILTIN_MODULES 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH OPENSSL_LOAD_BUILTIN_MODULES 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,23 +151,23 @@ OPENSSL_load_builtin_modules, ASN1_add_oid_module, ENGINE_add_conf_module \- add .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The function \fIOPENSSL_load_builtin_modules()\fR adds all the standard OpenSSL +The function \fBOPENSSL_load_builtin_modules()\fR adds all the standard OpenSSL configuration modules to the internal list. They can then be used by the OpenSSL configuration code. .PP -\&\fIASN1_add_oid_module()\fR adds just the \s-1ASN1 OBJECT\s0 module. +\&\fBASN1_add_oid_module()\fR adds just the \s-1ASN1 OBJECT\s0 module. .PP -\&\fIENGINE_add_conf_module()\fR adds just the \s-1ENGINE\s0 configuration module. +\&\fBENGINE_add_conf_module()\fR adds just the \s-1ENGINE\s0 configuration module. .SH "NOTES" .IX Header "NOTES" -If the simple configuration function \fIOPENSSL_config()\fR is called then -\&\fIOPENSSL_load_builtin_modules()\fR is called automatically. +If the simple configuration function \fBOPENSSL_config()\fR is called then +\&\fBOPENSSL_load_builtin_modules()\fR is called automatically. .PP Applications which use the configuration functions directly will need to -call \fIOPENSSL_load_builtin_modules()\fR themselves \fIbefore\fR any other +call \fBOPENSSL_load_builtin_modules()\fR themselves \fIbefore\fR any other configuration code. .PP -Applications should call \fIOPENSSL_load_builtin_modules()\fR to load all +Applications should call \fBOPENSSL_load_builtin_modules()\fR to load all configuration modules instead of adding modules selectively: otherwise functionality may be missing from the application if an when new modules are added. @@ -172,7 +176,7 @@ modules are added. None of the functions return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIconfig\fR\|(5), \fIOPENSSL_config\fR\|(3) +\&\fBconfig\fR\|(5), \fBOPENSSL_config\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/OPENSSL_malloc.3 b/secure/lib/libcrypto/man/OPENSSL_malloc.3 index 9cbc74b03973..3d96bef8a902 100644 --- a/secure/lib/libcrypto/man/OPENSSL_malloc.3 +++ b/secure/lib/libcrypto/man/OPENSSL_malloc.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_MALLOC 3" -.TH OPENSSL_MALLOC 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH OPENSSL_MALLOC 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -206,56 +210,54 @@ generally macro's that add the standard C \fB_\|_FILE_\|_\fR and \fB_\|_LINE_\|_ parameters and call a lower-level \fBCRYPTO_xxx\fR \s-1API.\s0 Some functions do not add those parameters, but exist for consistency. .PP -\&\fIOPENSSL_malloc_init()\fR sets the lower-level memory allocation functions -to their default implementation. -It is generally not necessary to call this, except perhaps in certain -shared-library situations. +\&\fBOPENSSL_malloc_init()\fR does nothing and does not need to be called. It is +included for compatibility with older versions of OpenSSL. .PP -\&\fIOPENSSL_malloc()\fR, \fIOPENSSL_realloc()\fR, and \fIOPENSSL_free()\fR are like the -C \fImalloc()\fR, \fIrealloc()\fR, and \fIfree()\fR functions. -\&\fIOPENSSL_zalloc()\fR calls \fImemset()\fR to zero the memory before returning. +\&\fBOPENSSL_malloc()\fR, \fBOPENSSL_realloc()\fR, and \fBOPENSSL_free()\fR are like the +C \fBmalloc()\fR, \fBrealloc()\fR, and \fBfree()\fR functions. +\&\fBOPENSSL_zalloc()\fR calls \fBmemset()\fR to zero the memory before returning. .PP -\&\fIOPENSSL_clear_realloc()\fR and \fIOPENSSL_clear_free()\fR should be used +\&\fBOPENSSL_clear_realloc()\fR and \fBOPENSSL_clear_free()\fR should be used when the buffer at \fBaddr\fR holds sensitive information. -The old buffer is filled with zero's by calling \fIOPENSSL_cleanse()\fR -before ultimately calling \fIOPENSSL_free()\fR. +The old buffer is filled with zero's by calling \fBOPENSSL_cleanse()\fR +before ultimately calling \fBOPENSSL_free()\fR. .PP -\&\fIOPENSSL_cleanse()\fR fills \fBptr\fR of size \fBlen\fR with a string of 0's. -Use \fIOPENSSL_cleanse()\fR with care if the memory is a mapping of a file. +\&\fBOPENSSL_cleanse()\fR fills \fBptr\fR of size \fBlen\fR with a string of 0's. +Use \fBOPENSSL_cleanse()\fR with care if the memory is a mapping of a file. If the storage controller uses write compression, then its possible that sensitive tail bytes will survive zeroization because the block of zeros will be compressed. If the storage controller uses wear leveling, then the old sensitive data will not be overwritten; rather, a block of 0's will be written at a new physical location. .PP -\&\fIOPENSSL_strdup()\fR, \fIOPENSSL_strndup()\fR and \fIOPENSSL_memdup()\fR are like the +\&\fBOPENSSL_strdup()\fR, \fBOPENSSL_strndup()\fR and \fBOPENSSL_memdup()\fR are like the equivalent C functions, except that memory is allocated by calling the -\&\fIOPENSSL_malloc()\fR and should be released by calling \fIOPENSSL_free()\fR. +\&\fBOPENSSL_malloc()\fR and should be released by calling \fBOPENSSL_free()\fR. .PP -\&\fIOPENSSL_strlcpy()\fR, -\&\fIOPENSSL_strlcat()\fR and \fIOPENSSL_strnlen()\fR are equivalents of the common C +\&\fBOPENSSL_strlcpy()\fR, +\&\fBOPENSSL_strlcat()\fR and \fBOPENSSL_strnlen()\fR are equivalents of the common C library functions and are provided for portability. .PP -\&\fIOPENSSL_hexstr2buf()\fR parses \fBstr\fR as a hex string and returns a +\&\fBOPENSSL_hexstr2buf()\fR parses \fBstr\fR as a hex string and returns a pointer to the parsed value. The memory is allocated by calling -\&\fIOPENSSL_malloc()\fR and should be released by calling \fIOPENSSL_free()\fR. +\&\fBOPENSSL_malloc()\fR and should be released by calling \fBOPENSSL_free()\fR. If \fBlen\fR is not \s-1NULL,\s0 it is filled in with the output length. Colons between two-character hex \*(L"bytes\*(R" are ignored. An odd number of hex digits is an error. .PP -\&\fIOPENSSL_buf2hexstr()\fR takes the specified buffer and length, and returns +\&\fBOPENSSL_buf2hexstr()\fR takes the specified buffer and length, and returns a hex string for value, or \s-1NULL\s0 on error. \&\fBBuffer\fR cannot be \s-1NULL\s0; if \fBlen\fR is 0 an empty string is returned. .PP -\&\fIOPENSSL_hexchar2int()\fR converts a character to the hexadecimal equivalent, +\&\fBOPENSSL_hexchar2int()\fR converts a character to the hexadecimal equivalent, or returns \-1 on error. .PP If no allocations have been done, it is possible to \*(L"swap out\*(R" the default -implementations for \fIOPENSSL_malloc()\fR, OPENSSL_realloc and \fIOPENSSL_free()\fR +implementations for \fBOPENSSL_malloc()\fR, OPENSSL_realloc and \fBOPENSSL_free()\fR and replace them with alternate versions (hooks). -\&\fICRYPTO_get_mem_functions()\fR function fills in the given arguments with the +\&\fBCRYPTO_get_mem_functions()\fR function fills in the given arguments with the function pointers for the current implementations. -With \fICRYPTO_set_mem_functions()\fR, you can specify a different set of functions. +With \fBCRYPTO_set_mem_functions()\fR, you can specify a different set of functions. If any of \fBm\fR, \fBr\fR, or \fBf\fR are \s-1NULL,\s0 then the function is not changed. .PP The default implementation can include some debugging capability (if enabled @@ -263,42 +265,42 @@ at build-time). This adds some overhead by keeping a list of all memory allocations, and removes items from the list when they are free'd. This is most useful for identifying memory leaks. -\&\fICRYPTO_set_mem_debug()\fR turns this tracking on and off. In order to have +\&\fBCRYPTO_set_mem_debug()\fR turns this tracking on and off. In order to have any effect, is must be called before any of the allocation functions -(e.g., \fICRYPTO_malloc()\fR) are called, and is therefore normally one of the -first lines of \fImain()\fR in an application. -\&\fICRYPTO_mem_ctrl()\fR provides fine-grained control of memory leak tracking. -To enable tracking call \fICRYPTO_mem_ctrl()\fR with a \fBmode\fR argument of +(e.g., \fBCRYPTO_malloc()\fR) are called, and is therefore normally one of the +first lines of \fBmain()\fR in an application. +\&\fBCRYPTO_mem_ctrl()\fR provides fine-grained control of memory leak tracking. +To enable tracking call \fBCRYPTO_mem_ctrl()\fR with a \fBmode\fR argument of the \fB\s-1CRYPTO_MEM_CHECK_ON\s0\fR. -To disable tracking call \fICRYPTO_mem_ctrl()\fR with a \fBmode\fR argument of +To disable tracking call \fBCRYPTO_mem_ctrl()\fR with a \fBmode\fR argument of the \fB\s-1CRYPTO_MEM_CHECK_OFF\s0\fR. .PP While checking memory, it can be useful to store additional context about what is being done. For example, identifying the field names when parsing a complicated data structure. -\&\fIOPENSSL_mem_debug_push()\fR (which calls \fICRYPTO_mem_debug_push()\fR) +\&\fBOPENSSL_mem_debug_push()\fR (which calls \fBCRYPTO_mem_debug_push()\fR) attachs an identifying string to the allocation stack. This must be a global or other static string; it is not copied. -\&\fIOPENSSL_mem_debug_pop()\fR removes identifying state from the stack. +\&\fBOPENSSL_mem_debug_pop()\fR removes identifying state from the stack. .PP -At the end of the program, calling \fICRYPTO_mem_leaks()\fR or -\&\fICRYPTO_mem_leaks_fp()\fR will report all \*(L"leaked\*(R" memory, writing it +At the end of the program, calling \fBCRYPTO_mem_leaks()\fR or +\&\fBCRYPTO_mem_leaks_fp()\fR will report all \*(L"leaked\*(R" memory, writing it to the specified \s-1BIO\s0 \fBb\fR or \s-1FILE\s0 \fBfp\fR. These functions return 1 if there are no leaks, 0 if there are leaks and \-1 if an error occurred. .PP -\&\fICRYPTO_mem_leaks_cb()\fR does the same as \fICRYPTO_mem_leaks()\fR, but instead +\&\fBCRYPTO_mem_leaks_cb()\fR does the same as \fBCRYPTO_mem_leaks()\fR, but instead of writing to a given \s-1BIO,\s0 the callback function is called for each output string with the string, length, and userdata \fBu\fR as the callback parameters. .PP If the library is built with the \f(CW\*(C`crypto\-mdebug\*(C'\fR option, then one -function, \fICRYPTO_get_alloc_counts()\fR, and two additional environment +function, \fBCRYPTO_get_alloc_counts()\fR, and two additional environment variables, \fB\s-1OPENSSL_MALLOC_FAILURES\s0\fR and \fB\s-1OPENSSL_MALLOC_FD\s0\fR, are available. .PP -The function \fICRYPTO_get_alloc_counts()\fR fills in the number of times -each of \fICRYPTO_malloc()\fR, \fICRYPTO_realloc()\fR, and \fICRYPTO_free()\fR have been +The function \fBCRYPTO_get_alloc_counts()\fR fills in the number of times +each of \fBCRYPTO_malloc()\fR, \fBCRYPTO_realloc()\fR, and \fBCRYPTO_free()\fR have been called, into the values pointed to by \fBmcount\fR, \fBrcount\fR, and \fBfcount\fR, respectively. If a pointer is \s-1NULL,\s0 then the corresponding count is not stored. .PP @@ -328,40 +330,40 @@ to use this (will not work on all platforms): .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIOPENSSL_malloc_init()\fR, \fIOPENSSL_free()\fR, \fIOPENSSL_clear_free()\fR -\&\fICRYPTO_free()\fR, \fICRYPTO_clear_free()\fR and \fICRYPTO_get_mem_functions()\fR +\&\fBOPENSSL_malloc_init()\fR, \fBOPENSSL_free()\fR, \fBOPENSSL_clear_free()\fR +\&\fBCRYPTO_free()\fR, \fBCRYPTO_clear_free()\fR and \fBCRYPTO_get_mem_functions()\fR return no value. .PP -\&\fICRYPTO_mem_leaks()\fR, \fICRYPTO_mem_leaks_fp()\fR and \fICRYPTO_mem_leaks_cb()\fR return 1 if +\&\fBCRYPTO_mem_leaks()\fR, \fBCRYPTO_mem_leaks_fp()\fR and \fBCRYPTO_mem_leaks_cb()\fR return 1 if there are no leaks, 0 if there are leaks and \-1 if an error occurred. .PP -\&\fIOPENSSL_malloc()\fR, \fIOPENSSL_zalloc()\fR, \fIOPENSSL_realloc()\fR, -\&\fIOPENSSL_clear_realloc()\fR, -\&\fICRYPTO_malloc()\fR, \fICRYPTO_zalloc()\fR, \fICRYPTO_realloc()\fR, -\&\fICRYPTO_clear_realloc()\fR, -\&\fIOPENSSL_buf2hexstr()\fR, \fIOPENSSL_hexstr2buf()\fR, -\&\fIOPENSSL_strdup()\fR, and \fIOPENSSL_strndup()\fR +\&\fBOPENSSL_malloc()\fR, \fBOPENSSL_zalloc()\fR, \fBOPENSSL_realloc()\fR, +\&\fBOPENSSL_clear_realloc()\fR, +\&\fBCRYPTO_malloc()\fR, \fBCRYPTO_zalloc()\fR, \fBCRYPTO_realloc()\fR, +\&\fBCRYPTO_clear_realloc()\fR, +\&\fBOPENSSL_buf2hexstr()\fR, \fBOPENSSL_hexstr2buf()\fR, +\&\fBOPENSSL_strdup()\fR, and \fBOPENSSL_strndup()\fR return a pointer to allocated memory or \s-1NULL\s0 on error. .PP -\&\fICRYPTO_set_mem_functions()\fR and \fICRYPTO_set_mem_debug()\fR +\&\fBCRYPTO_set_mem_functions()\fR and \fBCRYPTO_set_mem_debug()\fR return 1 on success or 0 on failure (almost always because allocations have already happened). .PP -\&\fICRYPTO_mem_ctrl()\fR returns \-1 if an error occurred, otherwise the +\&\fBCRYPTO_mem_ctrl()\fR returns \-1 if an error occurred, otherwise the previous value of the mode. .PP -\&\fIOPENSSL_mem_debug_push()\fR and \fIOPENSSL_mem_debug_pop()\fR +\&\fBOPENSSL_mem_debug_push()\fR and \fBOPENSSL_mem_debug_pop()\fR return 1 on success or 0 on failure. .SH "NOTES" .IX Header "NOTES" While it's permitted to swap out only a few and not all the functions -with \fICRYPTO_set_mem_functions()\fR, it's recommended to swap them all out +with \fBCRYPTO_set_mem_functions()\fR, it's recommended to swap them all out at once. \fIThis applies specially if OpenSSL was built with the configuration option\fR \f(CW\*(C`crypto\-mdebug\*(C'\fR \fIenabled. In case, swapping out -only, say, the \fImalloc()\fI implementation is outright dangerous.\fR +only, say, the \f(BImalloc()\fI implementation is outright dangerous.\fR .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/OPENSSL_secure_malloc.3 b/secure/lib/libcrypto/man/OPENSSL_secure_malloc.3 index 90dbb3eaa0ef..af853394f7ad 100644 --- a/secure/lib/libcrypto/man/OPENSSL_secure_malloc.3 +++ b/secure/lib/libcrypto/man/OPENSSL_secure_malloc.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_SECURE_MALLOC 3" -.TH OPENSSL_SECURE_MALLOC 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH OPENSSL_SECURE_MALLOC 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -177,75 +181,75 @@ If a secure heap is used, then private key \fB\s-1BIGNUM\s0\fR values are stored This protects long-term storage of private keys, but will not necessarily put all intermediate values and computations there. .PP -\&\fICRYPTO_secure_malloc_init()\fR creates the secure heap, with the specified +\&\fBCRYPTO_secure_malloc_init()\fR creates the secure heap, with the specified \&\f(CW\*(C`size\*(C'\fR in bytes. The \f(CW\*(C`minsize\*(C'\fR parameter is the minimum size to allocate from the heap. Both \f(CW\*(C`size\*(C'\fR and \f(CW\*(C`minsize\*(C'\fR must be a power of two. .PP -\&\fICRYPTO_secure_malloc_initialized()\fR indicates whether or not the secure +\&\fBCRYPTO_secure_malloc_initialized()\fR indicates whether or not the secure heap as been initialized and is available. .PP -\&\fICRYPTO_secure_malloc_done()\fR releases the heap and makes the memory unavailable +\&\fBCRYPTO_secure_malloc_done()\fR releases the heap and makes the memory unavailable to the process if all secure memory has been freed. It can take noticeably long to complete. .PP -\&\fIOPENSSL_secure_malloc()\fR allocates \f(CW\*(C`num\*(C'\fR bytes from the heap. -If \fICRYPTO_secure_malloc_init()\fR is not called, this is equivalent to -calling \fIOPENSSL_malloc()\fR. +\&\fBOPENSSL_secure_malloc()\fR allocates \f(CW\*(C`num\*(C'\fR bytes from the heap. +If \fBCRYPTO_secure_malloc_init()\fR is not called, this is equivalent to +calling \fBOPENSSL_malloc()\fR. It is a macro that expands to -\&\fICRYPTO_secure_malloc()\fR and adds the \f(CW\*(C`_\|_FILE_\|_\*(C'\fR and \f(CW\*(C`_\|_LINE_\|_\*(C'\fR parameters. +\&\fBCRYPTO_secure_malloc()\fR and adds the \f(CW\*(C`_\|_FILE_\|_\*(C'\fR and \f(CW\*(C`_\|_LINE_\|_\*(C'\fR parameters. .PP -\&\fIOPENSSL_secure_zalloc()\fR and \fICRYPTO_secure_zalloc()\fR are like -\&\fIOPENSSL_secure_malloc()\fR and \fICRYPTO_secure_malloc()\fR, respectively, -except that they call \fImemset()\fR to zero the memory before returning. +\&\fBOPENSSL_secure_zalloc()\fR and \fBCRYPTO_secure_zalloc()\fR are like +\&\fBOPENSSL_secure_malloc()\fR and \fBCRYPTO_secure_malloc()\fR, respectively, +except that they call \fBmemset()\fR to zero the memory before returning. .PP -\&\fIOPENSSL_secure_free()\fR releases the memory at \f(CW\*(C`ptr\*(C'\fR back to the heap. +\&\fBOPENSSL_secure_free()\fR releases the memory at \f(CW\*(C`ptr\*(C'\fR back to the heap. It must be called with a value previously obtained from -\&\fIOPENSSL_secure_malloc()\fR. -If \fICRYPTO_secure_malloc_init()\fR is not called, this is equivalent to -calling \fIOPENSSL_free()\fR. -It exists for consistency with \fIOPENSSL_secure_malloc()\fR , and -is a macro that expands to \fICRYPTO_secure_free()\fR and adds the \f(CW\*(C`_\|_FILE_\|_\*(C'\fR +\&\fBOPENSSL_secure_malloc()\fR. +If \fBCRYPTO_secure_malloc_init()\fR is not called, this is equivalent to +calling \fBOPENSSL_free()\fR. +It exists for consistency with \fBOPENSSL_secure_malloc()\fR , and +is a macro that expands to \fBCRYPTO_secure_free()\fR and adds the \f(CW\*(C`_\|_FILE_\|_\*(C'\fR and \f(CW\*(C`_\|_LINE_\|_\*(C'\fR parameters.. .PP -\&\fIOPENSSL_secure_clear_free()\fR is similar to \fIOPENSSL_secure_free()\fR except +\&\fBOPENSSL_secure_clear_free()\fR is similar to \fBOPENSSL_secure_free()\fR except that it has an additional \f(CW\*(C`num\*(C'\fR parameter which is used to clear the memory if it was not allocated from the secure heap. -If \fICRYPTO_secure_malloc_init()\fR is not called, this is equivalent to -calling \fIOPENSSL_clear_free()\fR. +If \fBCRYPTO_secure_malloc_init()\fR is not called, this is equivalent to +calling \fBOPENSSL_clear_free()\fR. .PP -\&\fIOPENSSL_secure_actual_size()\fR tells the actual size allocated to the +\&\fBOPENSSL_secure_actual_size()\fR tells the actual size allocated to the pointer; implementations may allocate more space than initially requested, in order to \*(L"round up\*(R" and reduce secure heap fragmentation. .PP -\&\fICRYPTO_secure_used()\fR returns the number of bytes allocated in the +\&\fBCRYPTO_secure_used()\fR returns the number of bytes allocated in the secure heap. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICRYPTO_secure_malloc_init()\fR returns 0 on failure, 1 if successful, +\&\fBCRYPTO_secure_malloc_init()\fR returns 0 on failure, 1 if successful, and 2 if successful but the heap could not be protected by memory mapping. .PP -\&\fICRYPTO_secure_malloc_initialized()\fR returns 1 if the secure heap is -available (that is, if \fICRYPTO_secure_malloc_init()\fR has been called, -but \fICRYPTO_secure_malloc_done()\fR has not been called or failed) or 0 if not. +\&\fBCRYPTO_secure_malloc_initialized()\fR returns 1 if the secure heap is +available (that is, if \fBCRYPTO_secure_malloc_init()\fR has been called, +but \fBCRYPTO_secure_malloc_done()\fR has not been called or failed) or 0 if not. .PP -\&\fIOPENSSL_secure_malloc()\fR and \fIOPENSSL_secure_zalloc()\fR return a pointer into +\&\fBOPENSSL_secure_malloc()\fR and \fBOPENSSL_secure_zalloc()\fR return a pointer into the secure heap of the requested size, or \f(CW\*(C`NULL\*(C'\fR if memory could not be allocated. .PP -\&\fICRYPTO_secure_allocated()\fR returns 1 if the pointer is in the secure heap, or 0 if not. +\&\fBCRYPTO_secure_allocated()\fR returns 1 if the pointer is in the secure heap, or 0 if not. .PP -\&\fICRYPTO_secure_malloc_done()\fR returns 1 if the secure memory area is released, or 0 if not. +\&\fBCRYPTO_secure_malloc_done()\fR returns 1 if the secure memory area is released, or 0 if not. .PP -\&\fIOPENSSL_secure_free()\fR and \fIOPENSSL_secure_clear_free()\fR return no values. +\&\fBOPENSSL_secure_free()\fR and \fBOPENSSL_secure_clear_free()\fR return no values. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIOPENSSL_malloc\fR\|(3), -\&\fIBN_new\fR\|(3) +\&\fBOPENSSL_malloc\fR\|(3), +\&\fBBN_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIOPENSSL_secure_clear_free()\fR was added in OpenSSL 1.1.0g. +The \fBOPENSSL_secure_clear_free()\fR function was added in OpenSSL 1.1.0g. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/OSSL_STORE_INFO.3 b/secure/lib/libcrypto/man/OSSL_STORE_INFO.3 index c27173cc8445..d2da5d7633e1 100644 --- a/secure/lib/libcrypto/man/OSSL_STORE_INFO.3 +++ b/secure/lib/libcrypto/man/OSSL_STORE_INFO.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OSSL_STORE_INFO 3" -.TH OSSL_STORE_INFO 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH OSSL_STORE_INFO 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -177,47 +181,47 @@ loaders to create \fB\s-1OSSL_STORE_INFO\s0\fR holders. .SS "Types" .IX Subsection "Types" \&\fB\s-1OSSL_STORE_INFO\s0\fR is an opaque type that's just an intermediary holder for -the objects that have been retrieved by \fIOSSL_STORE_load()\fR and similar +the objects that have been retrieved by \fBOSSL_STORE_load()\fR and similar functions. Supported OpenSSL type object can be extracted using one of -\&\fISTORE_INFO_get0_TYPE()\fR. +\&\fBSTORE_INFO_get0_TYPE()\fR. The life time of this extracted object is as long as the life time of the \fB\s-1OSSL_STORE_INFO\s0\fR it was extracted from, so care should be taken not to free the latter too early. -As an alternative, \fISTORE_INFO_get1_TYPE()\fR extracts a duplicate (or the +As an alternative, \fBSTORE_INFO_get1_TYPE()\fR extracts a duplicate (or the same object with its reference count increased), which can be used after the containing \fB\s-1OSSL_STORE_INFO\s0\fR has been freed. -The object returned by \fISTORE_INFO_get1_TYPE()\fR must be freed separately +The object returned by \fBSTORE_INFO_get1_TYPE()\fR must be freed separately by the caller. See \*(L"\s-1SUPPORTED OBJECTS\*(R"\s0 for more information on the types that are supported. .SS "Functions" .IX Subsection "Functions" -\&\fIOSSL_STORE_INFO_get_type()\fR takes a \fB\s-1OSSL_STORE_INFO\s0\fR and returns the \s-1STORE\s0 +\&\fBOSSL_STORE_INFO_get_type()\fR takes a \fB\s-1OSSL_STORE_INFO\s0\fR and returns the \s-1STORE\s0 type number for the object inside. -\&\fISTORE_INFO_get_type_string()\fR takes a \s-1STORE\s0 type number and returns a +\&\fBSTORE_INFO_get_type_string()\fR takes a \s-1STORE\s0 type number and returns a short string describing it. .PP -\&\fIOSSL_STORE_INFO_get0_NAME()\fR, \fIOSSL_STORE_INFO_get0_NAME_description()\fR, -\&\fIOSSL_STORE_INFO_get0_PARAMS()\fR, \fIOSSL_STORE_INFO_get0_PKEY()\fR, -\&\fIOSSL_STORE_INFO_get0_CERT()\fR and \fIOSSL_STORE_INFO_get0_CRL()\fR all take a +\&\fBOSSL_STORE_INFO_get0_NAME()\fR, \fBOSSL_STORE_INFO_get0_NAME_description()\fR, +\&\fBOSSL_STORE_INFO_get0_PARAMS()\fR, \fBOSSL_STORE_INFO_get0_PKEY()\fR, +\&\fBOSSL_STORE_INFO_get0_CERT()\fR and \fBOSSL_STORE_INFO_get0_CRL()\fR all take a \&\fB\s-1OSSL_STORE_INFO\s0\fR and return the held object of the appropriate OpenSSL type provided that's what's held. .PP -\&\fIOSSL_STORE_INFO_get1_NAME()\fR, \fIOSSL_STORE_INFO_get1_NAME_description()\fR, -\&\fIOSSL_STORE_INFO_get1_PARAMS()\fR, \fIOSSL_STORE_INFO_get1_PKEY()\fR, -\&\fIOSSL_STORE_INFO_get1_CERT()\fR and \fIOSSL_STORE_INFO_get1_CRL()\fR all take a +\&\fBOSSL_STORE_INFO_get1_NAME()\fR, \fBOSSL_STORE_INFO_get1_NAME_description()\fR, +\&\fBOSSL_STORE_INFO_get1_PARAMS()\fR, \fBOSSL_STORE_INFO_get1_PKEY()\fR, +\&\fBOSSL_STORE_INFO_get1_CERT()\fR and \fBOSSL_STORE_INFO_get1_CRL()\fR all take a \&\fB\s-1OSSL_STORE_INFO\s0\fR and return a duplicate of the held object of the appropriate OpenSSL type provided that's what's held. .PP -\&\fIOSSL_STORE_INFO_free()\fR frees a \fB\s-1OSSL_STORE_INFO\s0\fR and its contained type. +\&\fBOSSL_STORE_INFO_free()\fR frees a \fB\s-1OSSL_STORE_INFO\s0\fR and its contained type. .PP -\&\fIOSSL_STORE_INFO_new_NAME()\fR , \fIOSSL_STORE_INFO_new_PARAMS()\fR, -\&\fIOSSL_STORE_INFO_new_PKEY()\fR, \fIOSSL_STORE_INFO_new_CERT()\fR and -\&\fIOSSL_STORE_INFO_new_CRL()\fR create a \fB\s-1OSSL_STORE_INFO\s0\fR +\&\fBOSSL_STORE_INFO_new_NAME()\fR , \fBOSSL_STORE_INFO_new_PARAMS()\fR, +\&\fBOSSL_STORE_INFO_new_PKEY()\fR, \fBOSSL_STORE_INFO_new_CERT()\fR and +\&\fBOSSL_STORE_INFO_new_CRL()\fR create a \fB\s-1OSSL_STORE_INFO\s0\fR object to hold the given input object. Additionally, for \fB\s-1OSSL_STORE_INFO_NAME\s0\fR` objects, -\&\fIOSSL_STORE_INFO_set0_NAME_description()\fR can be used to add an extra +\&\fBOSSL_STORE_INFO_set0_NAME_description()\fR can be used to add an extra description. This description is meant to be human readable and should be used for information printout. @@ -264,42 +268,42 @@ An X.509 certificate. A X.509 certificate revocation list. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIOSSL_STORE_INFO_get_type()\fR returns the \s-1STORE\s0 type number of the given +\&\fBOSSL_STORE_INFO_get_type()\fR returns the \s-1STORE\s0 type number of the given \&\fB\s-1OSSL_STORE_INFO\s0\fR. There is no error value. .PP -\&\fIOSSL_STORE_INFO_get0_NAME()\fR, \fIOSSL_STORE_INFO_get0_NAME_description()\fR, -\&\fIOSSL_STORE_INFO_get0_PARAMS()\fR, \fIOSSL_STORE_INFO_get0_PKEY()\fR, -\&\fIOSSL_STORE_INFO_get0_CERT()\fR and \fIOSSL_STORE_INFO_get0_CRL()\fR all return +\&\fBOSSL_STORE_INFO_get0_NAME()\fR, \fBOSSL_STORE_INFO_get0_NAME_description()\fR, +\&\fBOSSL_STORE_INFO_get0_PARAMS()\fR, \fBOSSL_STORE_INFO_get0_PKEY()\fR, +\&\fBOSSL_STORE_INFO_get0_CERT()\fR and \fBOSSL_STORE_INFO_get0_CRL()\fR all return a pointer to the OpenSSL object on success, \s-1NULL\s0 otherwise. .PP -\&\fIOSSL_STORE_INFO_get0_NAME()\fR, \fIOSSL_STORE_INFO_get0_NAME_description()\fR, -\&\fIOSSL_STORE_INFO_get0_PARAMS()\fR, \fIOSSL_STORE_INFO_get0_PKEY()\fR, -\&\fIOSSL_STORE_INFO_get0_CERT()\fR and \fIOSSL_STORE_INFO_get0_CRL()\fR all return +\&\fBOSSL_STORE_INFO_get0_NAME()\fR, \fBOSSL_STORE_INFO_get0_NAME_description()\fR, +\&\fBOSSL_STORE_INFO_get0_PARAMS()\fR, \fBOSSL_STORE_INFO_get0_PKEY()\fR, +\&\fBOSSL_STORE_INFO_get0_CERT()\fR and \fBOSSL_STORE_INFO_get0_CRL()\fR all return a pointer to a duplicate of the OpenSSL object on success, \s-1NULL\s0 otherwise. .PP -\&\fIOSSL_STORE_INFO_type_string()\fR returns a string on success, or \fB\s-1NULL\s0\fR on +\&\fBOSSL_STORE_INFO_type_string()\fR returns a string on success, or \fB\s-1NULL\s0\fR on failure. .PP -\&\fIOSSL_STORE_INFO_new_NAME()\fR, \fIOSSL_STORE_INFO_new_PARAMS()\fR, -\&\fIOSSL_STORE_INFO_new_PKEY()\fR, \fIOSSL_STORE_INFO_new_CERT()\fR and -\&\fIOSSL_STORE_INFO_new_CRL()\fR return a \fB\s-1OSSL_STORE_INFO\s0\fR +\&\fBOSSL_STORE_INFO_new_NAME()\fR, \fBOSSL_STORE_INFO_new_PARAMS()\fR, +\&\fBOSSL_STORE_INFO_new_PKEY()\fR, \fBOSSL_STORE_INFO_new_CERT()\fR and +\&\fBOSSL_STORE_INFO_new_CRL()\fR return a \fB\s-1OSSL_STORE_INFO\s0\fR pointer on success, or \fB\s-1NULL\s0\fR on failure. .PP -\&\fIOSSL_STORE_INFO_set0_NAME_description()\fR returns 1 on success, or 0 on +\&\fBOSSL_STORE_INFO_set0_NAME_description()\fR returns 1 on success, or 0 on failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIossl_store\fR\|(7), \fIOSSL_STORE_open\fR\|(3), \fIOSSL_STORE_register_loader\fR\|(3) +\&\fBossl_store\fR\|(7), \fBOSSL_STORE_open\fR\|(3), \fBOSSL_STORE_register_loader\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\s-1\fIOSSL_STORE_INFO\s0()\fR, \fIOSSL_STORE_INFO_get_type()\fR, \fIOSSL_STORE_INFO_get0_NAME()\fR, -\&\fIOSSL_STORE_INFO_get0_PARAMS()\fR, \fIOSSL_STORE_INFO_get0_PKEY()\fR, -\&\fIOSSL_STORE_INFO_get0_CERT()\fR, \fIOSSL_STORE_INFO_get0_CRL()\fR, -\&\fIOSSL_STORE_INFO_type_string()\fR, \fIOSSL_STORE_INFO_free()\fR, \fIOSSL_STORE_INFO_new_NAME()\fR, -\&\fIOSSL_STORE_INFO_new_PARAMS()\fR, \fIOSSL_STORE_INFO_new_PKEY()\fR, -\&\fIOSSL_STORE_INFO_new_CERT()\fR and \fIOSSL_STORE_INFO_new_CRL()\fR -were added to OpenSSL 1.1.1. +\&\s-1\fBOSSL_STORE_INFO\s0()\fR, \fBOSSL_STORE_INFO_get_type()\fR, \fBOSSL_STORE_INFO_get0_NAME()\fR, +\&\fBOSSL_STORE_INFO_get0_PARAMS()\fR, \fBOSSL_STORE_INFO_get0_PKEY()\fR, +\&\fBOSSL_STORE_INFO_get0_CERT()\fR, \fBOSSL_STORE_INFO_get0_CRL()\fR, +\&\fBOSSL_STORE_INFO_type_string()\fR, \fBOSSL_STORE_INFO_free()\fR, \fBOSSL_STORE_INFO_new_NAME()\fR, +\&\fBOSSL_STORE_INFO_new_PARAMS()\fR, \fBOSSL_STORE_INFO_new_PKEY()\fR, +\&\fBOSSL_STORE_INFO_new_CERT()\fR and \fBOSSL_STORE_INFO_new_CRL()\fR +were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/OSSL_STORE_LOADER.3 b/secure/lib/libcrypto/man/OSSL_STORE_LOADER.3 index 364a26e7fd0f..0e903ff86f6e 100644 --- a/secure/lib/libcrypto/man/OSSL_STORE_LOADER.3 +++ b/secure/lib/libcrypto/man/OSSL_STORE_LOADER.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OSSL_STORE_LOADER 3" -.TH OSSL_STORE_LOADER 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH OSSL_STORE_LOADER 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -195,8 +199,8 @@ schemes they support. .IX Subsection "Types" \&\fB\s-1OSSL_STORE_LOADER\s0\fR is the type to hold a loader. It contains a scheme and the functions needed to implement -\&\fIOSSL_STORE_open()\fR, \fIOSSL_STORE_load()\fR, \fIOSSL_STORE_eof()\fR, \fIOSSL_STORE_error()\fR and -\&\fIOSSL_STORE_close()\fR for this scheme. +\&\fBOSSL_STORE_open()\fR, \fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR, \fBOSSL_STORE_error()\fR and +\&\fBOSSL_STORE_close()\fR for this scheme. .PP \&\fB\s-1OSSL_STORE_LOADER_CTX\s0\fR is a type template, to be defined by each loader using \fBstruct ossl_store_loader_ctx_st { ... }\fR. @@ -252,7 +256,7 @@ This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and a \fB\s-1UI with associated data. It's expected to load the next available data, mold it into a data structure that can be wrapped in a \fB\s-1OSSL_STORE_INFO\s0\fR using one of the -\&\s-1\fIOSSL_STORE_INFO\s0\fR\|(3) functions. +\&\s-1\fBOSSL_STORE_INFO\s0\fR\|(3) functions. If no more data is available or an error occurs, this function is expected to return \s-1NULL.\s0 The \fBOSSL_STORE_eof_fn\fR and \fBOSSL_STORE_error_fn\fR functions must indicate if @@ -278,40 +282,40 @@ contents of the \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer. It returns 1 on success and 0 on error. .SS "Functions" .IX Subsection "Functions" -\&\fIOSSL_STORE_LOADER_new()\fR creates a new \fB\s-1OSSL_STORE_LOADER\s0\fR. +\&\fBOSSL_STORE_LOADER_new()\fR creates a new \fB\s-1OSSL_STORE_LOADER\s0\fR. It takes an \fB\s-1ENGINE\s0\fR \fBe\fR and a string \fBscheme\fR. \&\fBscheme\fR must \fIalways\fR be set. Both \fBe\fR and \fBscheme\fR are used as is and must therefore be alive as long as the created loader is. .PP -\&\fIOSSL_STORE_LOADER_get0_engine()\fR returns the engine of the \fBstore_loader\fR. -\&\fIOSSL_STORE_LOADER_get0_scheme()\fR returns the scheme of the \fBstore_loader\fR. +\&\fBOSSL_STORE_LOADER_get0_engine()\fR returns the engine of the \fBstore_loader\fR. +\&\fBOSSL_STORE_LOADER_get0_scheme()\fR returns the scheme of the \fBstore_loader\fR. .PP -\&\fIOSSL_STORE_LOADER_set_open()\fR sets the opener function for the +\&\fBOSSL_STORE_LOADER_set_open()\fR sets the opener function for the \&\fBstore_loader\fR. .PP -\&\fIOSSL_STORE_LOADER_set_ctrl()\fR sets the control function for the +\&\fBOSSL_STORE_LOADER_set_ctrl()\fR sets the control function for the \&\fBstore_loader\fR. .PP -\&\fIOSSL_STORE_LOADER_set_expect()\fR sets the expect function for the +\&\fBOSSL_STORE_LOADER_set_expect()\fR sets the expect function for the \&\fBstore_loader\fR. .PP -\&\fIOSSL_STORE_LOADER_set_load()\fR sets the loader function for the +\&\fBOSSL_STORE_LOADER_set_load()\fR sets the loader function for the \&\fBstore_loader\fR. .PP -\&\fIOSSL_STORE_LOADER_set_eof()\fR sets the end of file checker function for the +\&\fBOSSL_STORE_LOADER_set_eof()\fR sets the end of file checker function for the \&\fBstore_loader\fR. .PP -\&\fIOSSL_STORE_LOADER_set_close()\fR sets the closing function for the +\&\fBOSSL_STORE_LOADER_set_close()\fR sets the closing function for the \&\fBstore_loader\fR. .PP -\&\fIOSSL_STORE_LOADER_free()\fR frees the given \fBstore_loader\fR. +\&\fBOSSL_STORE_LOADER_free()\fR frees the given \fBstore_loader\fR. .PP -\&\fIOSSL_STORE_register_loader()\fR register the given \fBstore_loader\fR and thereby -makes it available for use with \fIOSSL_STORE_open()\fR, \fIOSSL_STORE_load()\fR, -\&\fIOSSL_STORE_eof()\fR and \fIOSSL_STORE_close()\fR. +\&\fBOSSL_STORE_register_loader()\fR register the given \fBstore_loader\fR and thereby +makes it available for use with \fBOSSL_STORE_open()\fR, \fBOSSL_STORE_load()\fR, +\&\fBOSSL_STORE_eof()\fR and \fBOSSL_STORE_close()\fR. .PP -\&\fIOSSL_STORE_unregister_loader()\fR unregister the store loader for the given +\&\fBOSSL_STORE_unregister_loader()\fR unregister the store loader for the given \&\fBscheme\fR. .SH "NOTES" .IX Header "NOTES" @@ -321,33 +325,33 @@ The \fBfile:\fR scheme has built in support. The functions with the types \fBOSSL_STORE_open_fn\fR, \fBOSSL_STORE_ctrl_fn\fR, \&\fBOSSL_STORE_expect_fn\fR, \&\fBOSSL_STORE_load_fn\fR, \fBOSSL_STORE_eof_fn\fR and \fBOSSL_STORE_close_fn\fR have the -same return values as \fIOSSL_STORE_open()\fR, \fIOSSL_STORE_ctrl()\fR, \fIOSSL_STORE_expect()\fR, -\&\fIOSSL_STORE_load()\fR, \fIOSSL_STORE_eof()\fR and \fIOSSL_STORE_close()\fR, respectively. +same return values as \fBOSSL_STORE_open()\fR, \fBOSSL_STORE_ctrl()\fR, \fBOSSL_STORE_expect()\fR, +\&\fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR and \fBOSSL_STORE_close()\fR, respectively. .PP -\&\fIOSSL_STORE_LOADER_new()\fR returns a pointer to a \fB\s-1OSSL_STORE_LOADER\s0\fR on success, +\&\fBOSSL_STORE_LOADER_new()\fR returns a pointer to a \fB\s-1OSSL_STORE_LOADER\s0\fR on success, or \fB\s-1NULL\s0\fR on failure. .PP -\&\fIOSSL_STORE_LOADER_set_open()\fR, \fIOSSL_STORE_LOADER_set_ctrl()\fR, -\&\fIOSSL_STORE_LOADER_set_load()\fR, \fIOSSL_STORE_LOADER_set_eof()\fR and -\&\fIOSSL_STORE_LOADER_set_close()\fR return 1 on success, or 0 on failure. +\&\fBOSSL_STORE_LOADER_set_open()\fR, \fBOSSL_STORE_LOADER_set_ctrl()\fR, +\&\fBOSSL_STORE_LOADER_set_load()\fR, \fBOSSL_STORE_LOADER_set_eof()\fR and +\&\fBOSSL_STORE_LOADER_set_close()\fR return 1 on success, or 0 on failure. .PP -\&\fIOSSL_STORE_register_loader()\fR returns 1 on success, or 0 on failure. +\&\fBOSSL_STORE_register_loader()\fR returns 1 on success, or 0 on failure. .PP -\&\fIOSSL_STORE_unregister_loader()\fR returns the unregistered loader on success, +\&\fBOSSL_STORE_unregister_loader()\fR returns the unregistered loader on success, or \fB\s-1NULL\s0\fR on failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIossl_store\fR\|(7), \fIOSSL_STORE_open\fR\|(3) +\&\fBossl_store\fR\|(7), \fBOSSL_STORE_open\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\s-1\fIOSSL_STORE_LOADER\s0()\fR, \s-1\fIOSSL_STORE_LOADER_CTX\s0()\fR, \fIOSSL_STORE_LOADER_new()\fR, -\&\fIOSSL_STORE_LOADER_set0_scheme()\fR, \fIOSSL_STORE_LOADER_set_open()\fR, -\&\fIOSSL_STORE_LOADER_set_ctrl()\fR, \fIOSSL_STORE_LOADER_set_load()\fR, -\&\fIOSSL_STORE_LOADER_set_eof()\fR, \fIOSSL_STORE_LOADER_set_close()\fR, -\&\fIOSSL_STORE_LOADER_free()\fR, \fIOSSL_STORE_register_loader()\fR, -\&\fIOSSL_STORE_unregister_loader()\fR, \fIOSSL_STORE_open_fn()\fR, \fIOSSL_STORE_ctrl_fn()\fR, -\&\fIOSSL_STORE_load_fn()\fR, \fIOSSL_STORE_eof_fn()\fR and \fIOSSL_STORE_close_fn()\fR -were added to OpenSSL 1.1.1. +\&\s-1\fBOSSL_STORE_LOADER\s0()\fR, \s-1\fBOSSL_STORE_LOADER_CTX\s0()\fR, \fBOSSL_STORE_LOADER_new()\fR, +\&\fBOSSL_STORE_LOADER_set0_scheme()\fR, \fBOSSL_STORE_LOADER_set_open()\fR, +\&\fBOSSL_STORE_LOADER_set_ctrl()\fR, \fBOSSL_STORE_LOADER_set_load()\fR, +\&\fBOSSL_STORE_LOADER_set_eof()\fR, \fBOSSL_STORE_LOADER_set_close()\fR, +\&\fBOSSL_STORE_LOADER_free()\fR, \fBOSSL_STORE_register_loader()\fR, +\&\fBOSSL_STORE_unregister_loader()\fR, \fBOSSL_STORE_open_fn()\fR, \fBOSSL_STORE_ctrl_fn()\fR, +\&\fBOSSL_STORE_load_fn()\fR, \fBOSSL_STORE_eof_fn()\fR and \fBOSSL_STORE_close_fn()\fR +were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/OSSL_STORE_SEARCH.3 b/secure/lib/libcrypto/man/OSSL_STORE_SEARCH.3 index de76cb4da4ca..51d104d5d340 100644 --- a/secure/lib/libcrypto/man/OSSL_STORE_SEARCH.3 +++ b/secure/lib/libcrypto/man/OSSL_STORE_SEARCH.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OSSL_STORE_SEARCH 3" -.TH OSSL_STORE_SEARCH 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH OSSL_STORE_SEARCH 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -167,25 +171,25 @@ OSSL_STORE_SEARCH, OSSL_STORE_SEARCH_by_name, OSSL_STORE_SEARCH_by_issuer_serial .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions are used to specify search criteria to help search for specific -objects through other names than just the \s-1URI\s0 that's given to \fIOSSL_STORE_open()\fR. +objects through other names than just the \s-1URI\s0 that's given to \fBOSSL_STORE_open()\fR. For example, this can be useful for an application that has received a \s-1URI\s0 and then wants to add on search criteria in a uniform and supported manner. .SS "Types" .IX Subsection "Types" \&\fB\s-1OSSL_STORE_SEARCH\s0\fR is an opaque type that holds the constructed search criterion, and that can be given to an \s-1OSSL_STORE\s0 context with -\&\fIOSSL_STORE_find()\fR. +\&\fBOSSL_STORE_find()\fR. .PP The calling application owns the allocation of an \fB\s-1OSSL_STORE_SEARCH\s0\fR at all times, and should therefore be careful not to deallocate it before -\&\fIOSSL_STORE_close()\fR has been called for the \s-1OSSL_STORE\s0 context it was given +\&\fBOSSL_STORE_close()\fR has been called for the \s-1OSSL_STORE\s0 context it was given to. .SS "Application Functions" .IX Subsection "Application Functions" -\&\fIOSSL_STORE_SEARCH_by_name()\fR, -\&\fIOSSL_STORE_SEARCH_by_issuer_serial()\fR, -\&\fIOSSL_STORE_SEARCH_by_key_fingerprint()\fR, -and \fIOSSL_STORE_SEARCH_by_alias()\fR +\&\fBOSSL_STORE_SEARCH_by_name()\fR, +\&\fBOSSL_STORE_SEARCH_by_issuer_serial()\fR, +\&\fBOSSL_STORE_SEARCH_by_key_fingerprint()\fR, +and \fBOSSL_STORE_SEARCH_by_alias()\fR are used to create an \fB\s-1OSSL_STORE_SEARCH\s0\fR from a subject name, an issuer name and serial number pair, a key fingerprint, and an alias (for example a friendly name). @@ -193,15 +197,15 @@ The parameters that are provided are not copied, only referred to in a criterion, so they must have at least the same life time as the created \&\fB\s-1OSSL_STORE_SEARCH\s0\fR. .PP -\&\fIOSSL_STORE_SEARCH_free()\fR is used to free the \fB\s-1OSSL_STORE_SEARCH\s0\fR. +\&\fBOSSL_STORE_SEARCH_free()\fR is used to free the \fB\s-1OSSL_STORE_SEARCH\s0\fR. .SS "Loader Functions" .IX Subsection "Loader Functions" -\&\fIOSSL_STORE_SEARCH_get_type()\fR returns the criterion type for the given +\&\fBOSSL_STORE_SEARCH_get_type()\fR returns the criterion type for the given \&\fB\s-1OSSL_STORE_SEARCH\s0\fR. .PP -\&\fIOSSL_STORE_SEARCH_get0_name()\fR, \fIOSSL_STORE_SEARCH_get0_serial()\fR, -\&\fIOSSL_STORE_SEARCH_get0_bytes()\fR, \fIOSSL_STORE_SEARCH_get0_string()\fR, -and \fIOSSL_STORE_SEARCH_get0_digest()\fR +\&\fBOSSL_STORE_SEARCH_get0_name()\fR, \fBOSSL_STORE_SEARCH_get0_serial()\fR, +\&\fBOSSL_STORE_SEARCH_get0_bytes()\fR, \fBOSSL_STORE_SEARCH_get0_string()\fR, +and \fBOSSL_STORE_SEARCH_get0_digest()\fR are used to retrieve different data from a \fB\s-1OSSL_STORE_SEARCH\s0\fR, as available for each type. For more information, see \*(L"\s-1SUPPORTED CRITERION TYPES\*(R"\s0 below. @@ -212,17 +216,17 @@ Currently supported criterion types are: .IX Item "OSSL_STORE_SEARCH_BY_NAME" This criterion supports a search by exact match of subject name. The subject name itself is a \fBX509_NAME\fR pointer. -A criterion of this type is created with \fIOSSL_STORE_SEARCH_by_name()\fR, -and the actual subject name is retrieved with \fIOSSL_STORE_SEARCH_get0_name()\fR. +A criterion of this type is created with \fBOSSL_STORE_SEARCH_by_name()\fR, +and the actual subject name is retrieved with \fBOSSL_STORE_SEARCH_get0_name()\fR. .IP "\s-1OSSL_STORE_SEARCH_BY_ISSUER_SERIAL\s0" 4 .IX Item "OSSL_STORE_SEARCH_BY_ISSUER_SERIAL" This criterion supports a search by exact match of both issuer name and serial number. The issuer name itself is a \fBX509_NAME\fR pointer, and the serial number is a \fB\s-1ASN1_INTEGER\s0\fR pointer. -A criterion of this type is created with \fIOSSL_STORE_SEARCH_by_issuer_serial()\fR +A criterion of this type is created with \fBOSSL_STORE_SEARCH_by_issuer_serial()\fR and the actual issuer name and serial number are retrieved with -\&\fIOSSL_STORE_SEARCH_get0_name()\fR and \fIOSSL_STORE_SEARCH_get0_serial()\fR. +\&\fBOSSL_STORE_SEARCH_get0_name()\fR and \fBOSSL_STORE_SEARCH_get0_serial()\fR. .IP "\s-1OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT\s0" 4 .IX Item "OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT" This criterion supports a search by exact match of key fingerprint. @@ -231,61 +235,61 @@ well as the algorithm that was used to compute the fingerprint. The digest may be left unspecified (\s-1NULL\s0), and in that case, the loader has to decide on a default digest and compare fingerprints accordingly. -A criterion of this type is created with \fIOSSL_STORE_SEARCH_by_key_fingerprint()\fR +A criterion of this type is created with \fBOSSL_STORE_SEARCH_by_key_fingerprint()\fR and the actual fingerprint and its length can be retrieved with -\&\fIOSSL_STORE_SEARCH_get0_bytes()\fR. -The digest can be retrieved with \fIOSSL_STORE_SEARCH_get0_digest()\fR. +\&\fBOSSL_STORE_SEARCH_get0_bytes()\fR. +The digest can be retrieved with \fBOSSL_STORE_SEARCH_get0_digest()\fR. .IP "\s-1OSSL_STORE_SEARCH_BY_ALIAS\s0" 4 .IX Item "OSSL_STORE_SEARCH_BY_ALIAS" This criterion supports a search by match of an alias of some kind. The alias in itself is a simple C string. -A criterion of this type is created with \fIOSSL_STORE_SEARCH_by_alias()\fR -and the actual alias is retrieved with \fIOSSL_STORE_SEARCH_get0_string()\fR. +A criterion of this type is created with \fBOSSL_STORE_SEARCH_by_alias()\fR +and the actual alias is retrieved with \fBOSSL_STORE_SEARCH_get0_string()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIOSSL_STORE_SEARCH_by_name()\fR, -\&\fIOSSL_STORE_SEARCH_by_issuer_serial()\fR, -\&\fIOSSL_STORE_SEARCH_by_key_fingerprint()\fR, -and \fIOSSL_STORE_SEARCH_by_alias()\fR +\&\fBOSSL_STORE_SEARCH_by_name()\fR, +\&\fBOSSL_STORE_SEARCH_by_issuer_serial()\fR, +\&\fBOSSL_STORE_SEARCH_by_key_fingerprint()\fR, +and \fBOSSL_STORE_SEARCH_by_alias()\fR return a \fB\s-1OSSL_STORE_SEARCH\s0\fR pointer on success, or \fB\s-1NULL\s0\fR on failure. .PP -\&\fIOSSL_STORE_SEARCH_get_type()\fR returns the criterion type of the given +\&\fBOSSL_STORE_SEARCH_get_type()\fR returns the criterion type of the given \&\fB\s-1OSSL_STORE_SEARCH\s0\fR. There is no error value. .PP -\&\fIOSSL_STORE_SEARCH_get0_name()\fR returns a \fBX509_NAME\fR pointer on success, +\&\fBOSSL_STORE_SEARCH_get0_name()\fR returns a \fBX509_NAME\fR pointer on success, or \fB\s-1NULL\s0\fR when the given \fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. .PP -\&\fIOSSL_STORE_SEARCH_get0_serial()\fR returns a \fB\s-1ASN1_INTEGER\s0\fR pointer on success, +\&\fBOSSL_STORE_SEARCH_get0_serial()\fR returns a \fB\s-1ASN1_INTEGER\s0\fR pointer on success, or \fB\s-1NULL\s0\fR when the given \fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. .PP -\&\fIOSSL_STORE_SEARCH_get0_bytes()\fR returns a \fBconst unsigned char\fR pointer and +\&\fBOSSL_STORE_SEARCH_get0_bytes()\fR returns a \fBconst unsigned char\fR pointer and sets \fB*length\fR to the strings length on success, or \fB\s-1NULL\s0\fR when the given \&\fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. .PP -\&\fIOSSL_STORE_SEARCH_get0_string()\fR returns a \fBconst char\fR pointer on success, +\&\fBOSSL_STORE_SEARCH_get0_string()\fR returns a \fBconst char\fR pointer on success, or \fB\s-1NULL\s0\fR when the given \fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. .PP -\&\fIOSSL_STORE_SEARCH_get0_digest()\fR returns a \fBconst \s-1EVP_MD\s0\fR pointer. +\&\fBOSSL_STORE_SEARCH_get0_digest()\fR returns a \fBconst \s-1EVP_MD\s0\fR pointer. \&\fB\s-1NULL\s0\fR is a valid value and means that the store loader default will be used when applicable. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIossl_store\fR\|(7), \fIOSSL_STORE_supports_search\fR\|(3), \fIOSSL_STORE_find\fR\|(3) +\&\fBossl_store\fR\|(7), \fBOSSL_STORE_supports_search\fR\|(3), \fBOSSL_STORE_find\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fB\s-1OSSL_STORE_SEARCH\s0\fR, -\&\fIOSSL_STORE_SEARCH_by_name()\fR, -\&\fIOSSL_STORE_SEARCH_by_issuer_serial()\fR, -\&\fIOSSL_STORE_SEARCH_by_key_fingerprint()\fR, -\&\fIOSSL_STORE_SEARCH_by_alias()\fR, -\&\fIOSSL_STORE_SEARCH_free()\fR, -\&\fIOSSL_STORE_SEARCH_get_type()\fR, -\&\fIOSSL_STORE_SEARCH_get0_name()\fR, -\&\fIOSSL_STORE_SEARCH_get0_serial()\fR, -\&\fIOSSL_STORE_SEARCH_get0_bytes()\fR, -and \fIOSSL_STORE_SEARCH_get0_string()\fR -were added to OpenSSL 1.1.1. +\&\fBOSSL_STORE_SEARCH_by_name()\fR, +\&\fBOSSL_STORE_SEARCH_by_issuer_serial()\fR, +\&\fBOSSL_STORE_SEARCH_by_key_fingerprint()\fR, +\&\fBOSSL_STORE_SEARCH_by_alias()\fR, +\&\fBOSSL_STORE_SEARCH_free()\fR, +\&\fBOSSL_STORE_SEARCH_get_type()\fR, +\&\fBOSSL_STORE_SEARCH_get0_name()\fR, +\&\fBOSSL_STORE_SEARCH_get0_serial()\fR, +\&\fBOSSL_STORE_SEARCH_get0_bytes()\fR, +and \fBOSSL_STORE_SEARCH_get0_string()\fR +were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/OSSL_STORE_expect.3 b/secure/lib/libcrypto/man/OSSL_STORE_expect.3 index 862eec1a2d0c..8ab78a00441f 100644 --- a/secure/lib/libcrypto/man/OSSL_STORE_expect.3 +++ b/secure/lib/libcrypto/man/OSSL_STORE_expect.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OSSL_STORE_EXPECT 3" -.TH OSSL_STORE_EXPECT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH OSSL_STORE_EXPECT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,49 +153,49 @@ OSSL_STORE_expect, OSSL_STORE_supports_search, OSSL_STORE_find \&\- Specify what .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIOSSL_STORE_expect()\fR helps applications filter what \fIOSSL_STORE_load()\fR returns +\&\fBOSSL_STORE_expect()\fR helps applications filter what \fBOSSL_STORE_load()\fR returns by specifying a \fB\s-1OSSL_STORE_INFO\s0\fR type. For example, if \f(CW\*(C`file:/foo/bar/store.pem\*(C'\fR contains several different objects and only the certificates are interesting, the application can simply say that it expects the type \fB\s-1OSSL_STORE_INFO_CERT\s0\fR. -All known object types (see \*(L"\s-1SUPPORTED OBJECTS\*(R"\s0 in \s-1\fIOSSL_STORE_INFO\s0\fR\|(3)) +All known object types (see \*(L"\s-1SUPPORTED OBJECTS\*(R"\s0 in \s-1\fBOSSL_STORE_INFO\s0\fR\|(3)) except for \fB\s-1OSSL_STORE_INFO_NAME\s0\fR are supported. .PP -\&\fIOSSL_STORE_find()\fR helps applications specify a criterion for a more fine +\&\fBOSSL_STORE_find()\fR helps applications specify a criterion for a more fine grained search of objects. .PP -\&\fIOSSL_STORE_supports_search()\fR checks if the loader of the given \s-1OSSL_STORE\s0 +\&\fBOSSL_STORE_supports_search()\fR checks if the loader of the given \s-1OSSL_STORE\s0 context supports the given search type. See \*(L"\s-1SUPPORED CRITERION TYPES\*(R"\s0 in \s-1OSSL_STORE_SEARCH\s0 for information on the supported search criterion types. .PP -\&\fIOSSL_STORE_expect()\fR and OSSL_STORE_find \fImust\fR be called before the first -\&\fIOSSL_STORE_load()\fR of a given session, or they will fail. +\&\fBOSSL_STORE_expect()\fR and OSSL_STORE_find \fImust\fR be called before the first +\&\fBOSSL_STORE_load()\fR of a given session, or they will fail. .SH "NOTES" .IX Header "NOTES" If a more elaborate filter is required by the application, a better choice would be to use a post-processing function. -See \fIOSSL_STORE_open\fR\|(3) for more information. +See \fBOSSL_STORE_open\fR\|(3) for more information. .PP However, some loaders may take advantage of the knowledge of an expected type to make object retrieval more efficient, so if a single type is expected, this method is usually preferable. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIOSSL_STORE_expect()\fR returns 1 on success, or 0 on failure. +\&\fBOSSL_STORE_expect()\fR returns 1 on success, or 0 on failure. .PP -\&\fIOSSL_STORE_supports_search()\fR returns 1 if the criterion is supported, or 0 +\&\fBOSSL_STORE_supports_search()\fR returns 1 if the criterion is supported, or 0 otherwise. .PP -\&\fIOSSL_STORE_find()\fR returns 1 on success, or 0 on failure. +\&\fBOSSL_STORE_find()\fR returns 1 on success, or 0 on failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIossl_store\fR\|(7), \s-1\fIOSSL_STORE_INFO\s0\fR\|(3), \s-1\fIOSSL_STORE_SEARCH\s0\fR\|(3), -\&\fIOSSL_STORE_load\fR\|(3) +\&\fBossl_store\fR\|(7), \s-1\fBOSSL_STORE_INFO\s0\fR\|(3), \s-1\fBOSSL_STORE_SEARCH\s0\fR\|(3), +\&\fBOSSL_STORE_load\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIOSSL_STORE_expect()\fR, \fIOSSL_STORE_supports_search()\fR and \fIOSSL_STORE_find()\fR -were added to OpenSSL 1.1.1. +\&\fBOSSL_STORE_expect()\fR, \fBOSSL_STORE_supports_search()\fR and \fBOSSL_STORE_find()\fR +were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/OSSL_STORE_open.3 b/secure/lib/libcrypto/man/OSSL_STORE_open.3 index c4ff3d98033d..1201f34555cf 100644 --- a/secure/lib/libcrypto/man/OSSL_STORE_open.3 +++ b/secure/lib/libcrypto/man/OSSL_STORE_open.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OSSL_STORE_OPEN 3" -.TH OSSL_STORE_OPEN 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH OSSL_STORE_OPEN 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -159,23 +163,23 @@ OSSL_STORE_CTX, OSSL_STORE_post_process_info_fn, OSSL_STORE_open, OSSL_STORE_ctr .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions help the application to fetch supported objects (see -\&\*(L"\s-1SUPPORTED OBJECTS\*(R"\s0 in \s-1\fIOSSL_STORE_INFO\s0\fR\|(3) for information on which those are) +\&\*(L"\s-1SUPPORTED OBJECTS\*(R"\s0 in \s-1\fBOSSL_STORE_INFO\s0\fR\|(3) for information on which those are) from a given \s-1URI\s0 (see \*(L"\s-1SUPPORTED SCHEMES\*(R"\s0 for more information on the supported \s-1URI\s0 schemes). -The general method to do so is to \*(L"open\*(R" the \s-1URI\s0 using \fIOSSL_STORE_open()\fR, -read each available and supported object using \fIOSSL_STORE_load()\fR as long as -\&\fIOSSL_STORE_eof()\fR hasn't been reached, and finish it off with \fIOSSL_STORE_close()\fR. +The general method to do so is to \*(L"open\*(R" the \s-1URI\s0 using \fBOSSL_STORE_open()\fR, +read each available and supported object using \fBOSSL_STORE_load()\fR as long as +\&\fBOSSL_STORE_eof()\fR hasn't been reached, and finish it off with \fBOSSL_STORE_close()\fR. .PP The retrieved information is stored in a \fB\s-1OSSL_STORE_INFO\s0\fR, which is further -described in \s-1\fIOSSL_STORE_INFO\s0\fR\|(3). +described in \s-1\fBOSSL_STORE_INFO\s0\fR\|(3). .SS "Types" .IX Subsection "Types" \&\fB\s-1OSSL_STORE_CTX\s0\fR is a context variable that holds all the internal -information for \fIOSSL_STORE_open()\fR, \fIOSSL_STORE_load()\fR, \fIOSSL_STORE_eof()\fR and -\&\fIOSSL_STORE_close()\fR to work together. +information for \fBOSSL_STORE_open()\fR, \fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR and +\&\fBOSSL_STORE_close()\fR to work together. .SS "Functions" .IX Subsection "Functions" -\&\fIOSSL_STORE_open()\fR takes a uri or path \fBuri\fR, password \s-1UI\s0 method +\&\fBOSSL_STORE_open()\fR takes a uri or path \fBuri\fR, password \s-1UI\s0 method \&\fBui_method\fR with associated data \fBui_data\fR, and post processing callback \fBpost_process\fR with associated data \fBpost_process_data\fR, opens a channel to the data located at that \s-1URI\s0 and returns a @@ -183,13 +187,13 @@ opens a channel to the data located at that \s-1URI\s0 and returns a The given \fBui_method\fR and \fBui_data_data\fR will be reused by all functions that use \fB\s-1OSSL_STORE_CTX\s0\fR when interaction is needed. The given \fBpost_process\fR and \fBpost_process_data\fR will be reused by -\&\fIOSSL_STORE_load()\fR to manipulate or drop the value to be returned. +\&\fBOSSL_STORE_load()\fR to manipulate or drop the value to be returned. The \fBpost_process\fR function drops values by returning \fB\s-1NULL\s0\fR, which -will cause \fIOSSL_STORE_load()\fR to start its process over with loading +will cause \fBOSSL_STORE_load()\fR to start its process over with loading the next object, until \fBpost_process\fR returns something other than -\&\fB\s-1NULL\s0\fR, or the end of data is reached as indicated by \fIOSSL_STORE_eof()\fR. +\&\fB\s-1NULL\s0\fR, or the end of data is reached as indicated by \fBOSSL_STORE_eof()\fR. .PP -\&\fIOSSL_STORE_ctrl()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, and command number \fBcmd\fR and +\&\fBOSSL_STORE_ctrl()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, and command number \fBcmd\fR and more arguments not specified here. The available loader specific command numbers and arguments they each take depends on the loader that's used and is documented together with @@ -204,32 +208,32 @@ This control expects one argument, a pointer to an \fBint\fR that is expected to have the value 1 (yes) or 0 (no). Any other value is an error. .PP -\&\fIOSSL_STORE_load()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, tries to load the next available +\&\fBOSSL_STORE_load()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, tries to load the next available object and return it wrapped with \fB\s-1OSSL_STORE_INFO\s0\fR. .PP -\&\fIOSSL_STORE_eof()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR and checks if we've reached the end +\&\fBOSSL_STORE_eof()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR and checks if we've reached the end of data. .PP -\&\fIOSSL_STORE_error()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR and checks if an error occurred in -the last \fIOSSL_STORE_load()\fR call. +\&\fBOSSL_STORE_error()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR and checks if an error occurred in +the last \fBOSSL_STORE_load()\fR call. Note that it may still be meaningful to try and load more objects, unless -\&\fIOSSL_STORE_eof()\fR shows that the end of data has been reached. +\&\fBOSSL_STORE_eof()\fR shows that the end of data has been reached. .PP -\&\fIOSSL_STORE_close()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, closes the channel that was opened -by \fIOSSL_STORE_open()\fR and frees all other information that was stored in the +\&\fBOSSL_STORE_close()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, closes the channel that was opened +by \fBOSSL_STORE_open()\fR and frees all other information that was stored in the \&\fB\s-1OSSL_STORE_CTX\s0\fR, as well as the \fB\s-1OSSL_STORE_CTX\s0\fR itself. .SH "SUPPORTED SCHEMES" .IX Header "SUPPORTED SCHEMES" The basic supported scheme is \fBfile:\fR. Any other scheme can be added dynamically, using -\&\fIOSSL_STORE_register_loader()\fR. +\&\fBOSSL_STORE_register_loader()\fR. .SH "NOTES" .IX Header "NOTES" A string without a scheme prefix (that is, a non-URI string) is implicitly interpreted as using the \fIfile:\fR scheme. .PP There are some tools that can be used together with -\&\fIOSSL_STORE_open()\fR to determine if any failure is caused by an unparsable +\&\fBOSSL_STORE_open()\fR to determine if any failure is caused by an unparsable \&\s-1URI,\s0 or if it's a different error (such as memory allocation failures); if the \s-1URI\s0 was parsable but the scheme unregistered, the top error will have the reason \f(CW\*(C`OSSL_STORE_R_UNREGISTERED_SCHEME\*(C'\fR. @@ -240,33 +244,33 @@ The loaders may make assumptions, however. For example, the \fBfile:\fR scheme loader inherits the assumptions made by OpenSSL functionality that handles the different file types; this is mostly relevant for PKCS#12 objects. -See \fIpassphrase\-encoding\fR\|(7) for further information. +See \fBpassphrase\-encoding\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIOSSL_STORE_open()\fR returns a pointer to a \fB\s-1OSSL_STORE_CTX\s0\fR on success, or +\&\fBOSSL_STORE_open()\fR returns a pointer to a \fB\s-1OSSL_STORE_CTX\s0\fR on success, or \&\fB\s-1NULL\s0\fR on failure. .PP -\&\fIOSSL_STORE_load()\fR returns a pointer to a \fB\s-1OSSL_STORE_INFO\s0\fR on success, or +\&\fBOSSL_STORE_load()\fR returns a pointer to a \fB\s-1OSSL_STORE_INFO\s0\fR on success, or \&\fB\s-1NULL\s0\fR on error or when end of data is reached. -Use \fIOSSL_STORE_error()\fR and \fIOSSL_STORE_eof()\fR to determine the meaning of a +Use \fBOSSL_STORE_error()\fR and \fBOSSL_STORE_eof()\fR to determine the meaning of a returned \fB\s-1NULL\s0\fR. .PP -\&\fIOSSL_STORE_eof()\fR returns 1 if the end of data has been reached, otherwise +\&\fBOSSL_STORE_eof()\fR returns 1 if the end of data has been reached, otherwise 0. .PP -\&\fIOSSL_STORE_error()\fR returns 1 if an error occurred in an \fIOSSL_STORE_load()\fR call, +\&\fBOSSL_STORE_error()\fR returns 1 if an error occurred in an \fBOSSL_STORE_load()\fR call, otherwise 0. .PP -\&\fIOSSL_STORE_ctrl()\fR and \fIOSSL_STORE_close()\fR returns 1 on success, or 0 on failure. +\&\fBOSSL_STORE_ctrl()\fR and \fBOSSL_STORE_close()\fR returns 1 on success, or 0 on failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIossl_store\fR\|(7), \s-1\fIOSSL_STORE_INFO\s0\fR\|(3), \fIOSSL_STORE_register_loader\fR\|(3), -\&\fIpassphrase\-encoding\fR\|(7) +\&\fBossl_store\fR\|(7), \s-1\fBOSSL_STORE_INFO\s0\fR\|(3), \fBOSSL_STORE_register_loader\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" -\&\s-1\fIOSSL_STORE_CTX\s0()\fR, \fIOSSL_STORE_post_process_info_fn()\fR, \fIOSSL_STORE_open()\fR, -\&\fIOSSL_STORE_ctrl()\fR, \fIOSSL_STORE_load()\fR, \fIOSSL_STORE_eof()\fR and \fIOSSL_STORE_close()\fR -were added to OpenSSL 1.1.1. +\&\s-1\fBOSSL_STORE_CTX\s0()\fR, \fBOSSL_STORE_post_process_info_fn()\fR, \fBOSSL_STORE_open()\fR, +\&\fBOSSL_STORE_ctrl()\fR, \fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR and \fBOSSL_STORE_close()\fR +were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 index f6a995dd0d28..5ea507381978 100644 --- a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 +++ b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_ADD_ALL_ALGORITHMS 3" -.TH OPENSSL_ADD_ALL_ALGORITHMS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH OPENSSL_ADD_ALL_ALGORITHMS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,30 +160,30 @@ Deprecated: .SH "DESCRIPTION" .IX Header "DESCRIPTION" OpenSSL keeps an internal table of digest algorithms and ciphers. It uses -this table to lookup ciphers via functions such as \fIEVP_get_cipher_byname()\fR. +this table to lookup ciphers via functions such as \fBEVP_get_cipher_byname()\fR. .PP -\&\fIOpenSSL_add_all_digests()\fR adds all digest algorithms to the table. +\&\fBOpenSSL_add_all_digests()\fR adds all digest algorithms to the table. .PP -\&\fIOpenSSL_add_all_algorithms()\fR adds all algorithms to the table (digests and +\&\fBOpenSSL_add_all_algorithms()\fR adds all algorithms to the table (digests and ciphers). .PP -\&\fIOpenSSL_add_all_ciphers()\fR adds all encryption algorithms to the table including +\&\fBOpenSSL_add_all_ciphers()\fR adds all encryption algorithms to the table including password based encryption algorithms. .PP -In versions prior to 1.1.0 \fIEVP_cleanup()\fR removed all ciphers and digests from +In versions prior to 1.1.0 \fBEVP_cleanup()\fR removed all ciphers and digests from the table. It no longer has any effect in OpenSSL 1.1.0. .SH "RETURN VALUES" .IX Header "RETURN VALUES" None of the functions return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(7), \fIEVP_DigestInit\fR\|(3), -\&\fIEVP_EncryptInit\fR\|(3) +\&\fBevp\fR\|(7), \fBEVP_DigestInit\fR\|(3), +\&\fBEVP_EncryptInit\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -The \fIOpenSSL_add_all_algorithms()\fR, \fIOpenSSL_add_all_ciphers()\fR, -\&\fIOpenSSL_add_all_digests()\fR, and \fIEVP_cleanup()\fR, functions -were deprecated in OpenSSL 1.1.0 by \fIOPENSSL_init_crypto()\fR and should +The \fBOpenSSL_add_all_algorithms()\fR, \fBOpenSSL_add_all_ciphers()\fR, +\&\fBOpenSSL_add_all_digests()\fR, and \fBEVP_cleanup()\fR, functions +were deprecated in OpenSSL 1.1.0 by \fBOPENSSL_init_crypto()\fR and should not be used. .SH "COPYRIGHT" .IX Header "COPYRIGHT" diff --git a/secure/lib/libcrypto/man/PEM_bytes_read_bio.3 b/secure/lib/libcrypto/man/PEM_bytes_read_bio.3 index 4fe265e43628..15c060b906da 100644 --- a/secure/lib/libcrypto/man/PEM_bytes_read_bio.3 +++ b/secure/lib/libcrypto/man/PEM_bytes_read_bio.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PEM_BYTES_READ_BIO 3" -.TH PEM_BYTES_READ_BIO 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH PEM_BYTES_READ_BIO 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,10 +154,10 @@ PEM_bytes_read_bio, PEM_bytes_read_bio_secmem \- read a PEM\-encoded data struct .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIPEM_bytes_read_bio()\fR reads PEM-formatted (\s-1RFC 1421\s0) data from the \s-1BIO\s0 +\&\fBPEM_bytes_read_bio()\fR reads PEM-formatted (\s-1RFC 1421\s0) data from the \s-1BIO\s0 \&\fIbp\fR for the data type given in \fIname\fR (\s-1RSA PRIVATE KEY, CERTIFICATE,\s0 etc.). If multiple PEM-encoded data structures are present in the same -stream, \fIPEM_bytes_read_bio()\fR will skip non-matching data types and +stream, \fBPEM_bytes_read_bio()\fR will skip non-matching data types and continue reading. Non-PEM data present in the stream may cause an error. .PP @@ -171,20 +175,20 @@ The returned data is the DER-encoded form of the requested type, in \&\fI*pdata\fR with length \fI*plen\fR. The caller must free the storage pointed to by \fI*pdata\fR. .PP -\&\fIPEM_bytes_read_bio_secmem()\fR is similar to \fIPEM_bytes_read_bio()\fR, but uses +\&\fBPEM_bytes_read_bio_secmem()\fR is similar to \fBPEM_bytes_read_bio()\fR, but uses memory from the secure heap for its temporary buffers and the storage returned in \fI*pdata\fR and \fI*pnm\fR. Accordingly, the caller must use -\&\fIOPENSSL_secure_free()\fR to free that storage. +\&\fBOPENSSL_secure_free()\fR to free that storage. .SH "NOTES" .IX Header "NOTES" -\&\fIPEM_bytes_read_bio_secmem()\fR only enforces that the secure heap is used for +\&\fBPEM_bytes_read_bio_secmem()\fR only enforces that the secure heap is used for storage allocated within the \s-1PEM\s0 processing stack. The \s-1BIO\s0 stack from which input is read may also use temporary buffers, which are not necessarily allocated from the secure heap. In cases where it is desirable to ensure that the contents of the \s-1PEM\s0 file only appears in memory from the secure heap, care is needed in generating the \s-1BIO\s0 passed as \fIbp\fR. In particular, the -use of \fIBIO_s_file()\fR indicates the use of the operating system stdio -functionality, which includes buffering as a feature; \fIBIO_s_fd()\fR is likely +use of \fBBIO_s_file()\fR indicates the use of the operating system stdio +functionality, which includes buffering as a feature; \fBBIO_s_fd()\fR is likely to be more appropriate in such cases. .PP These functions make no assumption regarding the pass phrase received from the @@ -192,16 +196,16 @@ password callback. It will simply be treated as a byte sequence. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIPEM_bytes_read_bio()\fR and \fIPEM_bytes_read_bio_secmem()\fR return 1 for success or +\&\fBPEM_bytes_read_bio()\fR and \fBPEM_bytes_read_bio_secmem()\fR return 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fIPEM\s0\fR\|(3), -\&\fIPEM_read_bio_ex\fR\|(3), -\&\fIpassphrase\-encoding\fR\|(7) +\&\s-1\fBPEM\s0\fR\|(3), +\&\fBPEM_read_bio_ex\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" -\&\fIPEM_bytes_read_bio_secmem()\fR was introduced in OpenSSL 1.1.1 +\&\fBPEM_bytes_read_bio_secmem()\fR was introduced in OpenSSL 1.1.1 .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/PEM_read.3 b/secure/lib/libcrypto/man/PEM_read.3 index 3b2e4ca7999d..6f50bee8e44c 100644 --- a/secure/lib/libcrypto/man/PEM_read.3 +++ b/secure/lib/libcrypto/man/PEM_read.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PEM_READ 3" -.TH PEM_READ 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH PEM_READ 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -175,80 +179,80 @@ by begin/end markers each on their own line. For example: Optional header line(s) may appear after the begin line, and their existence depends on the type of object being written or read. .PP -\&\fIPEM_write()\fR writes to the file \fBfp\fR, while \fIPEM_write_bio()\fR writes to +\&\fBPEM_write()\fR writes to the file \fBfp\fR, while \fBPEM_write_bio()\fR writes to the \s-1BIO\s0 \fBbp\fR. The \fBname\fR is the name to use in the marker, the \&\fBheader\fR is the header value or \s-1NULL,\s0 and \fBdata\fR and \fBlen\fR specify the data and its length. .PP The final \fBdata\fR buffer is typically an \s-1ASN.1\s0 object which can be decoded with -the \fBd2i\fR function appropriate to the type \fBname\fR; see \fId2i_X509\fR\|(3) +the \fBd2i\fR function appropriate to the type \fBname\fR; see \fBd2i_X509\fR\|(3) for examples. .PP -\&\fIPEM_read()\fR reads from the file \fBfp\fR, while \fIPEM_read_bio()\fR reads +\&\fBPEM_read()\fR reads from the file \fBfp\fR, while \fBPEM_read_bio()\fR reads from the \s-1BIO\s0 \fBbp\fR. Both skip any non-PEM data that precedes the start of the next \s-1PEM\s0 object. When an object is successfully retrieved, the type name from the \*(L"\-\-\-\-BEGIN <type>\-\-\-\-\-\*(R" is returned via the \fBname\fR argument, any encapsulation headers are returned in \fBheader\fR and the base64\-decoded content and its length are returned via \fBdata\fR and \fBlen\fR respectively. -The \fBname\fR, \fBheader\fR and \fBdata\fR pointers are allocated via \fIOPENSSL_malloc()\fR -and should be freed by the caller via \fIOPENSSL_free()\fR when no longer needed. +The \fBname\fR, \fBheader\fR and \fBdata\fR pointers are allocated via \fBOPENSSL_malloc()\fR +and should be freed by the caller via \fBOPENSSL_free()\fR when no longer needed. .PP -\&\fIPEM_get_EVP_CIPHER_INFO()\fR can be used to determine the \fBdata\fR returned by -\&\fIPEM_read()\fR or \fIPEM_read_bio()\fR is encrypted and to retrieve the associated cipher +\&\fBPEM_get_EVP_CIPHER_INFO()\fR can be used to determine the \fBdata\fR returned by +\&\fBPEM_read()\fR or \fBPEM_read_bio()\fR is encrypted and to retrieve the associated cipher and \s-1IV.\s0 The caller passes a pointer to structure of type \fB\s-1EVP_CIPHER_INFO\s0\fR via the -\&\fBcinfo\fR argument and the \fBheader\fR returned via \fIPEM_read()\fR or \fIPEM_read_bio()\fR. +\&\fBcinfo\fR argument and the \fBheader\fR returned via \fBPEM_read()\fR or \fBPEM_read_bio()\fR. If the call is successful 1 is returned and the cipher and \s-1IV\s0 are stored at the address pointed to by \fBcinfo\fR. When the header is malformed, or not supported or when the cipher is unknown or some internal error happens 0 is returned. This function is deprecated, see \fB\s-1NOTES\s0\fR below. .PP -\&\fIPEM_do_header()\fR can then be used to decrypt the data if the header +\&\fBPEM_do_header()\fR can then be used to decrypt the data if the header indicates encryption. The \fBcinfo\fR argument is a pointer to the structure initialized by the previous -call to \fIPEM_get_EVP_CIPHER_INFO()\fR. +call to \fBPEM_get_EVP_CIPHER_INFO()\fR. The \fBdata\fR and \fBlen\fR arguments are those returned by the previous call to -\&\fIPEM_read()\fR or \fIPEM_read_bio()\fR. +\&\fBPEM_read()\fR or \fBPEM_read_bio()\fR. The \fBcb\fR and \fBu\fR arguments make it possible to override the default password -prompt function as described in \fIPEM_read_PrivateKey\fR\|(3). +prompt function as described in \fBPEM_read_PrivateKey\fR\|(3). On successful completion the \fBdata\fR is decrypted in place, and \fBlen\fR is updated to indicate the plaintext length. This function is deprecated, see \fB\s-1NOTES\s0\fR below. .PP -If the data is a priori known to not be encrypted, then neither \fIPEM_do_header()\fR -nor \fIPEM_get_EVP_CIPHER_INFO()\fR need be called. +If the data is a priori known to not be encrypted, then neither \fBPEM_do_header()\fR +nor \fBPEM_get_EVP_CIPHER_INFO()\fR need be called. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIPEM_read()\fR and \fIPEM_read_bio()\fR return 1 on success and 0 on failure, the latter +\&\fBPEM_read()\fR and \fBPEM_read_bio()\fR return 1 on success and 0 on failure, the latter includes the case when no more \s-1PEM\s0 objects remain in the input file. To distinguish end of file from more serious errors the caller must peek at the error stack and check for \fB\s-1PEM_R_NO_START_LINE\s0\fR, which indicates that no more -\&\s-1PEM\s0 objects were found. See \fIERR_peek_last_error\fR\|(3), \s-1\fIERR_GET_REASON\s0\fR\|(3). +\&\s-1PEM\s0 objects were found. See \fBERR_peek_last_error\fR\|(3), \s-1\fBERR_GET_REASON\s0\fR\|(3). .PP -\&\fIPEM_get_EVP_CIPHER_INFO()\fR and \fIPEM_do_header()\fR return 1 on success, and 0 on +\&\fBPEM_get_EVP_CIPHER_INFO()\fR and \fBPEM_do_header()\fR return 1 on success, and 0 on failure. The \fBdata\fR is likely meaningless if these functions fail. .SH "NOTES" .IX Header "NOTES" -The \fIPEM_get_EVP_CIPHER_INFO()\fR and \fIPEM_do_header()\fR functions are deprecated. +The \fBPEM_get_EVP_CIPHER_INFO()\fR and \fBPEM_do_header()\fR functions are deprecated. This is because the underlying \s-1PEM\s0 encryption format is obsolete, and should be avoided. It uses an encryption format with an OpenSSL-specific key-derivation function, which employs \s-1MD5\s0 with an iteration count of 1! Instead, private keys should be stored in PKCS#8 form, with a strong PKCS#5 v2.0 \s-1PBE.\s0 -See \fIPEM_write_PrivateKey\fR\|(3) and \fId2i_PKCS8PrivateKey_bio\fR\|(3). +See \fBPEM_write_PrivateKey\fR\|(3) and \fBd2i_PKCS8PrivateKey_bio\fR\|(3). .PP -\&\fIPEM_do_header()\fR makes no assumption regarding the pass phrase received from the +\&\fBPEM_do_header()\fR makes no assumption regarding the pass phrase received from the password callback. It will simply be treated as a byte sequence. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_peek_last_error\fR\|(3), \s-1\fIERR_GET_LIB\s0\fR\|(3), -\&\fId2i_PKCS8PrivateKey_bio\fR\|(3), -\&\fIpassphrase\-encoding\fR\|(7) +\&\fBERR_peek_last_error\fR\|(3), \s-1\fBERR_GET_LIB\s0\fR\|(3), +\&\fBd2i_PKCS8PrivateKey_bio\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 1998\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/PEM_read_CMS.3 b/secure/lib/libcrypto/man/PEM_read_CMS.3 index 0b7025462710..3c793c898b98 100644 --- a/secure/lib/libcrypto/man/PEM_read_CMS.3 +++ b/secure/lib/libcrypto/man/PEM_read_CMS.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PEM_READ_CMS 3" -.TH PEM_READ_CMS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH PEM_READ_CMS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -157,18 +161,18 @@ the next four lines of the synopsis. .PP These routines convert between local instances of \s-1ASN1\s0 datatypes and the \s-1PEM\s0 encoding. For more information on the templates, see -\&\s-1\fIASN1_ITEM\s0\fR\|(3). For more information on the lower-level routines used -by the functions here, see \fIPEM_read\fR\|(3). +\&\s-1\fBASN1_ITEM\s0\fR\|(3). For more information on the lower-level routines used +by the functions here, see \fBPEM_read\fR\|(3). .PP -\&\fIPEM_read_TYPE()\fR reads a PEM-encoded object of \fI\s-1TYPE\s0\fR from the file \fBfp\fR +\&\fBPEM_read_TYPE()\fR reads a PEM-encoded object of \fI\s-1TYPE\s0\fR from the file \fBfp\fR and returns it. The \fBcb\fR and \fBu\fR parameters are as described in -\&\fIpem_password_cb\fR\|(3). +\&\fBpem_password_cb\fR\|(3). .PP -\&\fIPEM_read_bio_TYPE()\fR is similar to \fIPEM_read_TYPE()\fR but reads from the \s-1BIO\s0 \fBbp\fR. +\&\fBPEM_read_bio_TYPE()\fR is similar to \fBPEM_read_TYPE()\fR but reads from the \s-1BIO\s0 \fBbp\fR. .PP -\&\fIPEM_write_TYPE()\fR writes the \s-1PEM\s0 encoding of the object \fBa\fR to the file \fBfp\fR. +\&\fBPEM_write_TYPE()\fR writes the \s-1PEM\s0 encoding of the object \fBa\fR to the file \fBfp\fR. .PP -\&\fIPEM_write_bio_TYPE()\fR similarly writes to the \s-1BIO\s0 \fBbp\fR. +\&\fBPEM_write_bio_TYPE()\fR similarly writes to the \s-1BIO\s0 \fBbp\fR. .SH "NOTES" .IX Header "NOTES" These functions make no assumption regarding the pass phrase received from the @@ -176,15 +180,15 @@ password callback. It will simply be treated as a byte sequence. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIPEM_read_TYPE()\fR and \fIPEM_read_bio_TYPE()\fR return a pointer to an allocated -object, which should be released by calling \fITYPE_free()\fR, or \s-1NULL\s0 on error. +\&\fBPEM_read_TYPE()\fR and \fBPEM_read_bio_TYPE()\fR return a pointer to an allocated +object, which should be released by calling \fBTYPE_free()\fR, or \s-1NULL\s0 on error. .PP -\&\fIPEM_write_TYPE()\fR and \fIPEM_write_bio_TYPE()\fR return the number of bytes written +\&\fBPEM_write_TYPE()\fR and \fBPEM_write_bio_TYPE()\fR return the number of bytes written or zero on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIPEM_read\fR\|(3), -\&\fIpassphrase\-encoding\fR\|(7) +\&\fBPEM_read\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 1998\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 b/secure/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 index 64fe76216b07..63cdf3639813 100644 --- a/secure/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 +++ b/secure/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PEM_READ_BIO_PRIVATEKEY 3" -.TH PEM_READ_BIO_PRIVATEKEY 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH PEM_READ_BIO_PRIVATEKEY 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -273,19 +277,19 @@ For more details about the meaning of arguments see the .PP Each operation has four functions associated with it. For brevity the term "\fB\s-1TYPE\s0\fR functions" will be used below to collectively -refer to the \fIPEM_read_bio_TYPE()\fR, \fIPEM_read_TYPE()\fR, -\&\fIPEM_write_bio_TYPE()\fR, and \fIPEM_write_TYPE()\fR functions. +refer to the \fBPEM_read_bio_TYPE()\fR, \fBPEM_read_TYPE()\fR, +\&\fBPEM_write_bio_TYPE()\fR, and \fBPEM_write_TYPE()\fR functions. .PP The \fBPrivateKey\fR functions read or write a private key in \s-1PEM\s0 format using an \&\s-1EVP_PKEY\s0 structure. The write routines use PKCS#8 private key format and are -equivalent to \fIPEM_write_bio_PKCS8PrivateKey()\fR.The read functions transparently +equivalent to \fBPEM_write_bio_PKCS8PrivateKey()\fR.The read functions transparently handle traditional and PKCS#8 format encrypted and unencrypted keys. .PP -\&\fIPEM_write_bio_PrivateKey_traditional()\fR writes out a private key in the +\&\fBPEM_write_bio_PrivateKey_traditional()\fR writes out a private key in the \&\*(L"traditional\*(R" format with a simple private key marker and should only be used for compatibility with legacy programs. .PP -\&\fIPEM_write_bio_PKCS8PrivateKey()\fR and \fIPEM_write_PKCS8PrivateKey()\fR write a private +\&\fBPEM_write_bio_PKCS8PrivateKey()\fR and \fBPEM_write_PKCS8PrivateKey()\fR write a private key in an \s-1EVP_PKEY\s0 structure in PKCS#8 EncryptedPrivateKeyInfo format using PKCS#5 v2.0 password based encryption algorithms. The \fBcipher\fR argument specifies the encryption algorithm to use: unlike some other \s-1PEM\s0 routines the @@ -293,7 +297,7 @@ encryption is applied at the PKCS#8 level and not in the \s-1PEM\s0 headers. If \&\fBcipher\fR is \s-1NULL\s0 then no encryption is used and a PKCS#8 PrivateKeyInfo structure is used instead. .PP -\&\fIPEM_write_bio_PKCS8PrivateKey_nid()\fR and \fIPEM_write_PKCS8PrivateKey_nid()\fR +\&\fBPEM_write_bio_PKCS8PrivateKey_nid()\fR and \fBPEM_write_PKCS8PrivateKey_nid()\fR also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm to use is specified in the \fBnid\fR parameter and should be the \s-1NID\s0 of the @@ -491,7 +495,7 @@ Skeleton pass phrase callback: .IX Header "NOTES" The old \fBPrivateKey\fR write routines are retained for compatibility. New applications should write private keys using the -\&\fIPEM_write_bio_PKCS8PrivateKey()\fR or \fIPEM_write_PKCS8PrivateKey()\fR routines +\&\fBPEM_write_bio_PKCS8PrivateKey()\fR or \fBPEM_write_PKCS8PrivateKey()\fR routines because they are more secure (they use an iteration count of 2048 whereas the traditional routines use a count of 1) unless compatibility with older versions of OpenSSL is important. @@ -532,21 +536,21 @@ The private key (or other data) takes the following form: The line beginning with \fIProc-Type\fR contains the version and the protection on the encapsulated data. The line beginning \fIDEK-Info\fR contains two comma separated values: the encryption algorithm name as -used by \fIEVP_get_cipherbyname()\fR and an initialization vector used by the +used by \fBEVP_get_cipherbyname()\fR and an initialization vector used by the cipher encoded as a set of hexadecimal digits. After those two lines is the base64\-encoded encrypted data. .PP -The encryption key is derived using \fIEVP_BytesToKey()\fR. The cipher's -initialization vector is passed to \fIEVP_BytesToKey()\fR as the \fBsalt\fR +The encryption key is derived using \fBEVP_BytesToKey()\fR. The cipher's +initialization vector is passed to \fBEVP_BytesToKey()\fR as the \fBsalt\fR parameter. Internally, \fB\s-1PKCS5_SALT_LEN\s0\fR bytes of the salt are used (regardless of the size of the initialization vector). The user's -password is passed to \fIEVP_BytesToKey()\fR using the \fBdata\fR and \fBdatal\fR +password is passed to \fBEVP_BytesToKey()\fR using the \fBdata\fR and \fBdatal\fR parameters. Finally, the library uses an iteration count of 1 for -\&\fIEVP_BytesToKey()\fR. +\&\fBEVP_BytesToKey()\fR. .PP -The \fBkey\fR derived by \fIEVP_BytesToKey()\fR along with the original initialization +The \fBkey\fR derived by \fBEVP_BytesToKey()\fR along with the original initialization vector is then used to decrypt the encrypted data. The \fBiv\fR produced by -\&\fIEVP_BytesToKey()\fR is not utilized or needed, and \s-1NULL\s0 should be passed to +\&\fBEVP_BytesToKey()\fR is not utilized or needed, and \s-1NULL\s0 should be passed to the function. .PP The pseudo code to derive the key would look similar to: @@ -597,8 +601,8 @@ in OpenSSL 1.1.0; applications should use the \s-1PKCS7\s0 standard instead as they will be formally deprecated in a future releases. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_EncryptInit\fR\|(3), \fIEVP_BytesToKey\fR\|(3), -\&\fIpassphrase\-encoding\fR\|(7) +\&\fBEVP_EncryptInit\fR\|(3), \fBEVP_BytesToKey\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/PEM_read_bio_ex.3 b/secure/lib/libcrypto/man/PEM_read_bio_ex.3 index 6f46e1ce8739..d0698194dee2 100644 --- a/secure/lib/libcrypto/man/PEM_read_bio_ex.3 +++ b/secure/lib/libcrypto/man/PEM_read_bio_ex.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PEM_READ_BIO_EX 3" -.TH PEM_READ_BIO_EX 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH PEM_READ_BIO_EX 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,7 +153,7 @@ PEM_read_bio_ex, PEM_FLAG_SECURE, PEM_FLAG_EAY_COMPATIBLE, PEM_FLAG_ONLY_B64 \- .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIPEM_read_bio_ex()\fR reads in \s-1PEM\s0 formatted data from an input \s-1BIO,\s0 outputting +\&\fBPEM_read_bio_ex()\fR reads in \s-1PEM\s0 formatted data from an input \s-1BIO,\s0 outputting the name of the type of contained data, the header information regarding the possibly encrypted data, and the binary data payload (after base64 decoding). It should generally only be used to implement PEM_read_bio_\-family functions @@ -161,7 +165,7 @@ input are allocated from the secure heap. .PP If \s-1PEM_FLAG_EAY_COMPATIBLE\s0 is set, a simple algorithm is used to remove whitespace and control characters from the end of each line, so as to be compatible with -the historical behavior of \fIPEM_read_bio()\fR. +the historical behavior of \fBPEM_read_bio()\fR. .PP If \s-1PEM_FLAG_ONLY_B64\s0 is set, all characters are required to be valid base64 characters (or newlines); non\-base64 characters are treated as end of input. @@ -174,17 +178,17 @@ these options are not compatible with each other. .SH "NOTES" .IX Header "NOTES" The caller must release the storage allocated for *name, *header, and *data. -If \s-1PEM_FLAG_SECURE\s0 was set, use \fIOPENSSL_secure_free()\fR; otherwise, -\&\fIOPENSSL_free()\fR is used. +If \s-1PEM_FLAG_SECURE\s0 was set, use \fBOPENSSL_secure_free()\fR; otherwise, +\&\fBOPENSSL_free()\fR is used. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIPEM_read_bio_ex()\fR returns 1 for success or 0 for failure. +\&\fBPEM_read_bio_ex()\fR returns 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fIPEM\s0\fR\|(3) +\&\s-1\fBPEM\s0\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIPEM_read_bio_ex()\fR was added in OpenSSL 1.1.1. +The \fBPEM_read_bio_ex()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 b/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 index 775c06d9e809..c543ca8c1305 100644 --- a/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 +++ b/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PEM_WRITE_BIO_CMS_STREAM 3" -.TH PEM_WRITE_BIO_CMS_STREAM 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH PEM_WRITE_BIO_CMS_STREAM 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,27 +149,27 @@ PEM_write_bio_CMS_stream \- output CMS_ContentInfo structure in PEM format .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIPEM_write_bio_CMS_stream()\fR outputs a CMS_ContentInfo structure in \s-1PEM\s0 format. +\&\fBPEM_write_bio_CMS_stream()\fR outputs a CMS_ContentInfo structure in \s-1PEM\s0 format. .PP -It is otherwise identical to the function \fISMIME_write_CMS()\fR. +It is otherwise identical to the function \fBSMIME_write_CMS()\fR. .SH "NOTES" .IX Header "NOTES" -This function is effectively a version of the \fIPEM_write_bio_CMS()\fR supporting +This function is effectively a version of the \fBPEM_write_bio_CMS()\fR supporting streaming. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIPEM_write_bio_CMS_stream()\fR returns 1 for success or 0 for failure. +\&\fBPEM_write_bio_CMS_stream()\fR returns 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), -\&\fICMS_verify\fR\|(3), \fICMS_encrypt\fR\|(3) -\&\fICMS_decrypt\fR\|(3), -\&\fIPEM_write\fR\|(3), -\&\fISMIME_write_CMS\fR\|(3), -\&\fIi2d_CMS_bio_stream\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_verify\fR\|(3), \fBCMS_encrypt\fR\|(3) +\&\fBCMS_decrypt\fR\|(3), +\&\fBPEM_write\fR\|(3), +\&\fBSMIME_write_CMS\fR\|(3), +\&\fBi2d_CMS_bio_stream\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIPEM_write_bio_CMS_stream()\fR was added to OpenSSL 1.0.0 +The \fBPEM_write_bio_CMS_stream()\fR function was added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 b/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 index 96f4da397d53..81fba7301a46 100644 --- a/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 +++ b/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PEM_WRITE_BIO_PKCS7_STREAM 3" -.TH PEM_WRITE_BIO_PKCS7_STREAM 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH PEM_WRITE_BIO_PKCS7_STREAM 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,26 +149,26 @@ PEM_write_bio_PKCS7_stream \- output PKCS7 structure in PEM format .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIPEM_write_bio_PKCS7_stream()\fR outputs a \s-1PKCS7\s0 structure in \s-1PEM\s0 format. +\&\fBPEM_write_bio_PKCS7_stream()\fR outputs a \s-1PKCS7\s0 structure in \s-1PEM\s0 format. .PP -It is otherwise identical to the function \fISMIME_write_PKCS7()\fR. +It is otherwise identical to the function \fBSMIME_write_PKCS7()\fR. .SH "NOTES" .IX Header "NOTES" -This function is effectively a version of the \fIPEM_write_bio_PKCS7()\fR supporting +This function is effectively a version of the \fBPEM_write_bio_PKCS7()\fR supporting streaming. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIPEM_write_bio_PKCS7_stream()\fR returns 1 for success or 0 for failure. +\&\fBPEM_write_bio_PKCS7_stream()\fR returns 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3), -\&\fIPKCS7_verify\fR\|(3), \fIPKCS7_encrypt\fR\|(3) -\&\fIPKCS7_decrypt\fR\|(3), -\&\fISMIME_write_PKCS7\fR\|(3), -\&\fIi2d_PKCS7_bio_stream\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3), +\&\fBPKCS7_verify\fR\|(3), \fBPKCS7_encrypt\fR\|(3) +\&\fBPKCS7_decrypt\fR\|(3), +\&\fBSMIME_write_PKCS7\fR\|(3), +\&\fBi2d_PKCS7_bio_stream\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIPEM_write_bio_PKCS7_stream()\fR was added to OpenSSL 1.0.0 +The \fBPEM_write_bio_PKCS7_stream()\fR function was added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2007\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/PKCS12_create.3 b/secure/lib/libcrypto/man/PKCS12_create.3 index d5208f248e16..d3da3c08d387 100644 --- a/secure/lib/libcrypto/man/PKCS12_create.3 +++ b/secure/lib/libcrypto/man/PKCS12_create.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12_CREATE 3" -.TH PKCS12_CREATE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH PKCS12_CREATE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,7 +151,7 @@ PKCS12_create \- create a PKCS#12 structure .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIPKCS12_create()\fR creates a PKCS#12 structure. +\&\fBPKCS12_create()\fR creates a PKCS#12 structure. .PP \&\fBpass\fR is the passphrase to use. \fBname\fR is the \fBfriendlyName\fR to use for the supplied certificate and key. \fBpkey\fR is the private key to include in @@ -193,16 +197,16 @@ should be used. .PP \&\fBmac_iter\fR can be set to \-1 and the \s-1MAC\s0 will then be omitted entirely. .PP -\&\fIPKCS12_create()\fR makes assumptions regarding the encoding of the given pass +\&\fBPKCS12_create()\fR makes assumptions regarding the encoding of the given pass phrase. -See \fIpassphrase\-encoding\fR\|(7) for more information. +See \fBpassphrase\-encoding\fR\|(7) for more information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIPKCS12_create()\fR returns a valid \fB\s-1PKCS12\s0\fR structure or \s-1NULL\s0 if an error occurred. +\&\fBPKCS12_create()\fR returns a valid \fB\s-1PKCS12\s0\fR structure or \s-1NULL\s0 if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fId2i_PKCS12\fR\|(3), -\&\fIpassphrase\-encoding\fR\|(7) +\&\fBd2i_PKCS12\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/PKCS12_newpass.3 b/secure/lib/libcrypto/man/PKCS12_newpass.3 index 23df18be57ef..ec71294b1d46 100644 --- a/secure/lib/libcrypto/man/PKCS12_newpass.3 +++ b/secure/lib/libcrypto/man/PKCS12_newpass.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12_NEWPASS 3" -.TH PKCS12_NEWPASS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH PKCS12_NEWPASS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,7 +149,7 @@ PKCS12_newpass \- change the password of a PKCS12 structure .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIPKCS12_newpass()\fR changes the password of a \s-1PKCS12\s0 structure. +\&\fBPKCS12_newpass()\fR changes the password of a \s-1PKCS12\s0 structure. .PP \&\fBp12\fR is a pointer to a \s-1PKCS12\s0 structure. \fBoldpass\fR is the existing password and \fBnewpass\fR is the new password. @@ -159,11 +163,11 @@ In particular, this means that passwords in the locale character set (or code page on Windows) must potentially be converted to \s-1UTF\-8\s0 before use. This may include passwords from local text files, or input from the terminal or command line. Refer to the documentation of -\&\fIUI_OpenSSL\fR\|(3), for example. +\&\fBUI_OpenSSL\fR\|(3), for example. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIPKCS12_newpass()\fR returns 1 on success or 0 on failure. Applications can -retrieve the most recent error from \fIPKCS12_newpass()\fR with \fIERR_get_error()\fR. +\&\fBPKCS12_newpass()\fR returns 1 on success or 0 on failure. Applications can +retrieve the most recent error from \fBPKCS12_newpass()\fR with \fBERR_get_error()\fR. .SH "EXAMPLE" .IX Header "EXAMPLE" This example loads a PKCS#12 file, changes its password and writes out @@ -217,7 +221,7 @@ the result to a new file. .IX Header "NOTES" If the PKCS#12 structure does not have a password, then you must use the empty string "" for \fBoldpass\fR. Using \s-1NULL\s0 for \fBoldpass\fR will result in a -\&\fIPKCS12_newpass()\fR failure. +\&\fBPKCS12_newpass()\fR failure. .PP If the wrong password is used for \fBoldpass\fR then the function will fail, with a \s-1MAC\s0 verification error. In rare cases the \s-1PKCS12\s0 structure does not @@ -230,8 +234,8 @@ Unicode form internally. As a result some passwords cannot be supplied to this function. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIPKCS12_create\fR\|(3), \fIERR_get_error\fR\|(3), -\&\fIpassphrase\-encoding\fR\|(7) +\&\fBPKCS12_create\fR\|(3), \fBERR_get_error\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/PKCS12_parse.3 b/secure/lib/libcrypto/man/PKCS12_parse.3 index 7af5dcad7b88..1c5a9423cff5 100644 --- a/secure/lib/libcrypto/man/PKCS12_parse.3 +++ b/secure/lib/libcrypto/man/PKCS12_parse.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12_PARSE 3" -.TH PKCS12_PARSE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH PKCS12_PARSE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -140,12 +144,13 @@ PKCS12_parse \- parse a PKCS#12 structure .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/pkcs12.h> +\& +\& int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, +\& STACK_OF(X509) **ca); .Ve -.PP -int PKCS12_parse(\s-1PKCS12\s0 *p12, const char *pass, \s-1EVP_PKEY\s0 **pkey, X509 **cert, \s-1STACK_OF\s0(X509) **ca); .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIPKCS12_parse()\fR parses a \s-1PKCS12\s0 structure. +\&\fBPKCS12_parse()\fR parses a \s-1PKCS12\s0 structure. .PP \&\fBp12\fR is the \fB\s-1PKCS12\s0\fR structure to parse. \fBpass\fR is the passphrase to use. If successful the private key will be written to \fB*pkey\fR, the corresponding @@ -168,12 +173,12 @@ In particular, this means that passwords in the locale character set (or code page on Windows) must potentially be converted to \s-1UTF\-8\s0 before use. This may include passwords from local text files, or input from the terminal or command line. Refer to the documentation of -\&\fIUI_OpenSSL\fR\|(3), for example. +\&\fBUI_OpenSSL\fR\|(3), for example. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIPKCS12_parse()\fR returns 1 for success and zero if an error occurred. +\&\fBPKCS12_parse()\fR returns 1 for success and zero if an error occurred. .PP -The error can be obtained from \fIERR_get_error\fR\|(3) +The error can be obtained from \fBERR_get_error\fR\|(3) .SH "BUGS" .IX Header "BUGS" Only a single private key and corresponding certificate is returned by this @@ -186,8 +191,8 @@ certificates. Other attributes are discarded. Attributes currently cannot be stored in the private key \fB\s-1EVP_PKEY\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fId2i_PKCS12\fR\|(3), -\&\fIpassphrase\-encoding\fR\|(7) +\&\fBd2i_PKCS12\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3 b/secure/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3 index af7c4bfad045..7221f55c3844 100644 --- a/secure/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3 +++ b/secure/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS5_PBKDF2_HMAC 3" -.TH PKCS5_PBKDF2_HMAC 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH PKCS5_PBKDF2_HMAC 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -152,12 +156,12 @@ PKCS5_PBKDF2_HMAC, PKCS5_PBKDF2_HMAC_SHA1 \- password based derivation routines .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\s-1\fIPKCS5_PBKDF2_HMAC\s0()\fR derives a key from a password using a salt and iteration count +\&\s-1\fBPKCS5_PBKDF2_HMAC\s0()\fR derives a key from a password using a salt and iteration count as specified in \s-1RFC 2898.\s0 .PP \&\fBpass\fR is the password used in the derivation of length \fBpasslen\fR. \fBpass\fR is an optional parameter and can be \s-1NULL.\s0 If \fBpasslen\fR is \-1, then the -function will calculate the length of \fBpass\fR using \fIstrlen()\fR. +function will calculate the length of \fBpass\fR using \fBstrlen()\fR. .PP \&\fBsalt\fR is the salt used in the derivation of length \fBsaltlen\fR. If the \&\fBsalt\fR is \s-1NULL,\s0 then \fBsaltlen\fR must be 0. The function will not @@ -169,8 +173,8 @@ equal to 1. \s-1RFC 2898\s0 suggests an iteration count of at least 1000. Any \&\fBiter\fR less than 1 is treated as a single iteration. .PP \&\fBdigest\fR is the message digest function used in the derivation. Values include -any of the EVP_* message digests. \s-1\fIPKCS5_PBKDF2_HMAC_SHA1\s0()\fR calls -\&\s-1\fIPKCS5_PBKDF2_HMAC\s0()\fR with \fIEVP_sha1()\fR. +any of the EVP_* message digests. \s-1\fBPKCS5_PBKDF2_HMAC_SHA1\s0()\fR calls +\&\s-1\fBPKCS5_PBKDF2_HMAC\s0()\fR with \fBEVP_sha1()\fR. .PP The derived key will be written to \fBout\fR. The size of the \fBout\fR buffer is specified via \fBkeylen\fR. @@ -188,12 +192,12 @@ These functions make no assumption regarding the given password. It will simply be treated as a byte sequence. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\s-1\fIPKCS5_PBKDF2_HMAC\s0()\fR and \s-1\fIPBKCS5_PBKDF2_HMAC_SHA1\s0()\fR return 1 on success or 0 on error. +\&\s-1\fBPKCS5_PBKDF2_HMAC\s0()\fR and \s-1\fBPBKCS5_PBKDF2_HMAC_SHA1\s0()\fR return 1 on success or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(7), \fIRAND_bytes\fR\|(3), -\&\fIEVP_BytesToKey\fR\|(3), -\&\fIpassphrase\-encoding\fR\|(7) +\&\fBevp\fR\|(7), \fBRAND_bytes\fR\|(3), +\&\fBEVP_BytesToKey\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2014\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/PKCS7_decrypt.3 b/secure/lib/libcrypto/man/PKCS7_decrypt.3 index a9b155bedb6f..4dbaba6ce643 100644 --- a/secure/lib/libcrypto/man/PKCS7_decrypt.3 +++ b/secure/lib/libcrypto/man/PKCS7_decrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_DECRYPT 3" -.TH PKCS7_DECRYPT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH PKCS7_DECRYPT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,7 +149,7 @@ PKCS7_decrypt \- decrypt content from a PKCS#7 envelopedData structure .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIPKCS7_decrypt()\fR extracts and decrypts the content from a PKCS#7 envelopedData +\&\fBPKCS7_decrypt()\fR extracts and decrypts the content from a PKCS#7 envelopedData structure. \fBpkey\fR is the private key of the recipient, \fBcert\fR is the recipients certificate, \fBdata\fR is a \s-1BIO\s0 to write the content to and \&\fBflags\fR is an optional set of flags. @@ -161,18 +165,18 @@ from the content. If the content is not of type \fBtext/plain\fR then an error i returned. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIPKCS7_decrypt()\fR returns either 1 for success or 0 for failure. -The error can be obtained from \fIERR_get_error\fR\|(3) +\&\fBPKCS7_decrypt()\fR returns either 1 for success or 0 for failure. +The error can be obtained from \fBERR_get_error\fR\|(3) .SH "BUGS" .IX Header "BUGS" -\&\fIPKCS7_decrypt()\fR must be passed the correct recipient key and certificate. It would +\&\fBPKCS7_decrypt()\fR must be passed the correct recipient key and certificate. It would be better if it could look up the correct key and certificate from a database. .PP The lack of single pass processing and need to hold all data in memory as -mentioned in \fIPKCS7_sign()\fR also applies to \fIPKCS7_verify()\fR. +mentioned in \fBPKCS7_sign()\fR also applies to \fBPKCS7_verify()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIPKCS7_encrypt\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBPKCS7_encrypt\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/PKCS7_encrypt.3 b/secure/lib/libcrypto/man/PKCS7_encrypt.3 index f5c17ca0f8fd..4f2b35fcd0eb 100644 --- a/secure/lib/libcrypto/man/PKCS7_encrypt.3 +++ b/secure/lib/libcrypto/man/PKCS7_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_ENCRYPT 3" -.TH PKCS7_ENCRYPT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH PKCS7_ENCRYPT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,7 +150,7 @@ PKCS7_encrypt \- create a PKCS#7 envelopedData structure .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIPKCS7_encrypt()\fR creates and returns a PKCS#7 envelopedData structure. \fBcerts\fR +\&\fBPKCS7_encrypt()\fR creates and returns a PKCS#7 envelopedData structure. \fBcerts\fR is a list of recipient certificates. \fBin\fR is the content to be encrypted. \&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags. .SH "NOTES" @@ -155,11 +159,11 @@ Only \s-1RSA\s0 keys are supported in PKCS#7 and envelopedData so the recipient certificates supplied to this function must all contain \s-1RSA\s0 public keys, though they do not have to be signed using the \s-1RSA\s0 algorithm. .PP -\&\fIEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use +\&\fBEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use because most clients will support it. .PP Some old \*(L"export grade\*(R" clients may only support weak encryption using 40 or 64 -bit \s-1RC2.\s0 These can be used by passing \fIEVP_rc2_40_cbc()\fR and \fIEVP_rc2_64_cbc()\fR +bit \s-1RC2.\s0 These can be used by passing \fBEVP_rc2_40_cbc()\fR and \fBEVP_rc2_64_cbc()\fR respectively. .PP The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of @@ -168,7 +172,7 @@ its parameters. Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME envelopedData containing an S/MIME signed message. This can be readily produced by storing the S/MIME signed message in a memory \s-1BIO\s0 and passing it to -\&\fIPKCS7_encrypt()\fR. +\&\fBPKCS7_encrypt()\fR. .PP The following flags can be passed in the \fBflags\fR parameter. .PP @@ -190,17 +194,17 @@ complete and outputting its contents via a function that does not properly finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable results. .PP -Several functions including \fISMIME_write_PKCS7()\fR, \fIi2d_PKCS7_bio_stream()\fR, -\&\fIPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization +Several functions including \fBSMIME_write_PKCS7()\fR, \fBi2d_PKCS7_bio_stream()\fR, +\&\fBPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using -\&\fIBIO_new_PKCS7()\fR. +\&\fBBIO_new_PKCS7()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIPKCS7_encrypt()\fR returns either a \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred. -The error can be obtained from \fIERR_get_error\fR\|(3). +\&\fBPKCS7_encrypt()\fR returns either a \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred. +The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIPKCS7_decrypt\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBPKCS7_decrypt\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fB\s-1PKCS7_STREAM\s0\fR flag was added in OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/PKCS7_sign.3 b/secure/lib/libcrypto/man/PKCS7_sign.3 index afda2274adf1..9debab872524 100644 --- a/secure/lib/libcrypto/man/PKCS7_sign.3 +++ b/secure/lib/libcrypto/man/PKCS7_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_SIGN 3" -.TH PKCS7_SIGN 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH PKCS7_SIGN 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,7 +150,7 @@ PKCS7_sign \- create a PKCS#7 signedData structure .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIPKCS7_sign()\fR creates and returns a PKCS#7 signedData structure. \fBsigncert\fR is +\&\fBPKCS7_sign()\fR creates and returns a PKCS#7 signedData structure. \fBsigncert\fR is the certificate to sign with, \fBpkey\fR is the corresponding private key. \&\fBcerts\fR is an optional additional set of certificates to include in the PKCS#7 structure (for example any intermediate CAs in the chain). @@ -203,17 +207,17 @@ If the flag \fB\s-1PKCS7_STREAM\s0\fR is set the returned \fB\s-1PKCS7\s0\fR str complete and outputting its contents via a function that does not properly finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable results. .PP -Several functions including \fISMIME_write_PKCS7()\fR, \fIi2d_PKCS7_bio_stream()\fR, -\&\fIPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization +Several functions including \fBSMIME_write_PKCS7()\fR, \fBi2d_PKCS7_bio_stream()\fR, +\&\fBPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using -\&\fIBIO_new_PKCS7()\fR. +\&\fBBIO_new_PKCS7()\fR. .PP If a signer is specified it will use the default digest for the signing algorithm. This is \fB\s-1SHA1\s0\fR for both \s-1RSA\s0 and \s-1DSA\s0 keys. .PP The \fBcerts\fR, \fBsigncert\fR and \fBpkey\fR parameters can all be \&\fB\s-1NULL\s0\fR if the \fB\s-1PKCS7_PARTIAL\s0\fR flag is set. One or more signers can be added -using the function \fIPKCS7_sign_add_signer()\fR. \fIPKCS7_final()\fR must also be +using the function \fBPKCS7_sign_add_signer()\fR. \fBPKCS7_final()\fR must also be called to finalize the structure if streaming is not enabled. Alternative signing digests can also be specified using this method. .PP @@ -227,17 +231,17 @@ In versions of OpenSSL before 1.0.0 the \fBsigncert\fR and \fBpkey\fR parameters Some advanced attributes such as counter signatures are not supported. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIPKCS7_sign()\fR returns either a valid \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error -occurred. The error can be obtained from \fIERR_get_error\fR\|(3). +\&\fBPKCS7_sign()\fR returns either a valid \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIPKCS7_verify\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBPKCS7_verify\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fB\s-1PKCS7_PARTIAL\s0\fR flag, and the ability for \fBcerts\fR, \fBsigncert\fR, -and \fBpkey\fR parameters to be \fB\s-1NULL\s0\fR to be was added in OpenSSL 1.0.0 +and \fBpkey\fR parameters to be \fB\s-1NULL\s0\fR were added in OpenSSL 1.0.0. .PP -The \fB\s-1PKCS7_STREAM\s0\fR flag was added in OpenSSL 1.0.0 +The \fB\s-1PKCS7_STREAM\s0\fR flag was added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 b/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 index 0d40e8d2ecd7..92a95b26af92 100644 --- a/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 +++ b/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_SIGN_ADD_SIGNER 3" -.TH PKCS7_SIGN_ADD_SIGNER 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH PKCS7_SIGN_ADD_SIGNER 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,11 +150,11 @@ PKCS7_sign_add_signer \- add a signer PKCS7 signed data structure .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIPKCS7_sign_add_signer()\fR adds a signer with certificate \fBsigncert\fR and private +\&\fBPKCS7_sign_add_signer()\fR adds a signer with certificate \fBsigncert\fR and private key \fBpkey\fR using message digest \fBmd\fR to a \s-1PKCS7\s0 signed data structure \&\fBp7\fR. .PP -The \s-1PKCS7\s0 structure should be obtained from an initial call to \fIPKCS7_sign()\fR +The \s-1PKCS7\s0 structure should be obtained from an initial call to \fBPKCS7_sign()\fR with the flag \fB\s-1PKCS7_PARTIAL\s0\fR set or in the case or re-signing a valid \s-1PKCS7\s0 signed data structure. .PP @@ -159,11 +163,11 @@ key algorithm will be used. .PP Unless the \fB\s-1PKCS7_REUSE_DIGEST\s0\fR flag is set the returned \s-1PKCS7\s0 structure is not complete and must be finalized either by streaming (if applicable) or -a call to \fIPKCS7_final()\fR. +a call to \fBPKCS7_final()\fR. .SH "NOTES" .IX Header "NOTES" The main purpose of this function is to provide finer control over a PKCS#7 -signed data structure where the simpler \fIPKCS7_sign()\fR function defaults are +signed data structure where the simpler \fBPKCS7_sign()\fR function defaults are not appropriate. For example if multiple signers or non default digest algorithms are needed. .PP @@ -177,7 +181,7 @@ returned \s-1PKCS7\s0 structure will be valid and finalized when this flag is se .PP If \fB\s-1PKCS7_PARTIAL\s0\fR is set in addition to \fB\s-1PKCS7_REUSE_DIGEST\s0\fR then the \&\fB\s-1PKCS7_SIGNER_INO\s0\fR structure will not be finalized so additional attributes -can be added. In this case an explicit call to \fIPKCS7_SIGNER_INFO_sign()\fR is +can be added. In this case an explicit call to \fBPKCS7_SIGNER_INFO_sign()\fR is needed to finalize it. .PP If \fB\s-1PKCS7_NOCERTS\s0\fR is set the signer's certificate will not be included in the @@ -196,20 +200,20 @@ If present the SMIMECapabilities attribute indicates support for the following algorithms: triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0 If any of these algorithms is disabled then it will not be included. .PP -\&\fIPKCS7_sign_add_signers()\fR returns an internal pointer to the \s-1PKCS7_SIGNER_INFO\s0 +\&\fBPKCS7_sign_add_signers()\fR returns an internal pointer to the \s-1PKCS7_SIGNER_INFO\s0 structure just added, this can be used to set additional attributes before it is finalized. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIPKCS7_sign_add_signers()\fR returns an internal pointer to the \s-1PKCS7_SIGNER_INFO\s0 +\&\fBPKCS7_sign_add_signers()\fR returns an internal pointer to the \s-1PKCS7_SIGNER_INFO\s0 structure just added or \s-1NULL\s0 if an error occurs. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3), -\&\fIPKCS7_final\fR\|(3), +\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3), +\&\fBPKCS7_final\fR\|(3), .SH "HISTORY" .IX Header "HISTORY" -\&\fIPPKCS7_sign_add_signer()\fR was added to OpenSSL 1.0.0 +The \fBPPKCS7_sign_add_signer()\fR function was added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2007\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/PKCS7_verify.3 b/secure/lib/libcrypto/man/PKCS7_verify.3 index 868d79ae0f44..22bf498ff5c3 100644 --- a/secure/lib/libcrypto/man/PKCS7_verify.3 +++ b/secure/lib/libcrypto/man/PKCS7_verify.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_VERIFY 3" -.TH PKCS7_VERIFY 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH PKCS7_VERIFY 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,7 +152,7 @@ PKCS7_verify, PKCS7_get0_signers \- verify a PKCS#7 signedData structure .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIPKCS7_verify()\fR verifies a PKCS#7 signedData structure. \fBp7\fR is the \s-1PKCS7\s0 +\&\fBPKCS7_verify()\fR verifies a PKCS#7 signedData structure. \fBp7\fR is the \s-1PKCS7\s0 structure to verify. \fBcerts\fR is a set of certificates in which to search for the signer's certificate. \fBstore\fR is a trusted certificate store (used for chain verification). \fBindata\fR is the signed data if the content is not @@ -158,9 +162,9 @@ if it is not \s-1NULL.\s0 \&\fBflags\fR is an optional set of flags, which can be used to modify the verify operation. .PP -\&\fIPKCS7_get0_signers()\fR retrieves the signer's certificates from \fBp7\fR, it does +\&\fBPKCS7_get0_signers()\fR retrieves the signer's certificates from \fBp7\fR, it does \&\fBnot\fR check their validity or whether any signatures are valid. The \fBcerts\fR -and \fBflags\fR parameters have the same meanings as in \fIPKCS7_verify()\fR. +and \fBflags\fR parameters have the same meanings as in \fBPKCS7_verify()\fR. .SH "VERIFY PROCESS" .IX Header "VERIFY PROCESS" Normally the verify process proceeds as follows. @@ -190,7 +194,7 @@ If all signature's verify correctly then the function is successful. .PP Any of the following flags (ored together) can be passed in the \fBflags\fR parameter to change the default verify behaviour. Only the flag \fB\s-1PKCS7_NOINTERN\s0\fR is -meaningful to \fIPKCS7_get0_signers()\fR. +meaningful to \fBPKCS7_get0_signers()\fR. .PP If \fB\s-1PKCS7_NOINTERN\s0\fR is set the certificates in the message itself are not searched when locating the signer's certificate. This means that all the signers @@ -227,12 +231,12 @@ signer it cannot be trusted without additional evidence (such as a trusted timestamp). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIPKCS7_verify()\fR returns one for a successful verification and zero +\&\fBPKCS7_verify()\fR returns one for a successful verification and zero if an error occurs. .PP -\&\fIPKCS7_get0_signers()\fR returns all signers or \fB\s-1NULL\s0\fR if an error occurred. +\&\fBPKCS7_get0_signers()\fR returns all signers or \fB\s-1NULL\s0\fR if an error occurred. .PP -The error can be obtained from \fIERR_get_error\fR\|(3) +The error can be obtained from \fBERR_get_error\fR\|(3) .SH "BUGS" .IX Header "BUGS" The trusted certificate store is not searched for the signers certificate, @@ -240,10 +244,10 @@ this is primarily due to the inadequacies of the current \fBX509_STORE\fR functionality. .PP The lack of single pass processing and need to hold all data in memory as -mentioned in \fIPKCS7_sign()\fR also applies to \fIPKCS7_verify()\fR. +mentioned in \fBPKCS7_sign()\fR also applies to \fBPKCS7_verify()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/RAND_DRBG_generate.3 b/secure/lib/libcrypto/man/RAND_DRBG_generate.3 index a1101afbc192..c18fd959eed0 100644 --- a/secure/lib/libcrypto/man/RAND_DRBG_generate.3 +++ b/secure/lib/libcrypto/man/RAND_DRBG_generate.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_DRBG_GENERATE 3" -.TH RAND_DRBG_GENERATE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH RAND_DRBG_GENERATE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,7 +155,7 @@ RAND_DRBG_generate, RAND_DRBG_bytes \&\- generate random bytes using the given d .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIRAND_DRBG_generate()\fR generates \fBoutlen\fR random bytes using the given +\&\fBRAND_DRBG_generate()\fR generates \fBoutlen\fR random bytes using the given \&\s-1DRBG\s0 instance \fBdrbg\fR and stores them in the buffer at \fBout\fR. .PP Before generating the output, the \s-1DRBG\s0 instance checks whether the maximum @@ -168,22 +172,22 @@ generator but does not contribute to the entropy count. The additional data can be omitted by setting \fBadin\fR to \s-1NULL\s0 and \&\fBadinlen\fR to 0; .PP -\&\fIRAND_DRBG_bytes()\fR generates \fBoutlen\fR random bytes using the given +\&\fBRAND_DRBG_bytes()\fR generates \fBoutlen\fR random bytes using the given \&\s-1DRBG\s0 instance \fBdrbg\fR and stores them in the buffer at \fBout\fR. -This function is a wrapper around the \fIRAND_DRBG_generate()\fR call, +This function is a wrapper around the \fBRAND_DRBG_generate()\fR call, which collects some additional data from low entropy sources (e.g., a high resolution timer) and calls RAND_DRBG_generate(drbg, out, outlen, 0, adin, adinlen). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRAND_DRBG_generate()\fR and \fIRAND_DRBG_bytes()\fR return 1 on success, +\&\fBRAND_DRBG_generate()\fR and \fBRAND_DRBG_bytes()\fR return 1 on success, and 0 on failure. .SH "NOTES" .IX Header "NOTES" The \fIreseed interval\fR and \fIreseed time interval\fR of the \fBdrbg\fR are set to reasonable default values, which in general do not have to be adjusted. -If necessary, they can be changed using \fIRAND_DRBG_set_reseed_interval\fR\|(3) -and \fIRAND_DRBG_set_reseed_time_interval\fR\|(3), respectively. +If necessary, they can be changed using \fBRAND_DRBG_set_reseed_interval\fR\|(3) +and \fBRAND_DRBG_set_reseed_time_interval\fR\|(3), respectively. .PP A request for prediction resistance can only be satisfied by pulling fresh entropy from one of the approved entropy sources listed in section 5.5.2 of @@ -196,10 +200,10 @@ In other words, prediction resistance is currently not supported yet by the \s-1 The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIRAND_bytes\fR\|(3), -\&\fIRAND_DRBG_set_reseed_interval\fR\|(3), -\&\fIRAND_DRBG_set_reseed_time_interval\fR\|(3), -\&\s-1\fIRAND_DRBG\s0\fR\|(7) +\&\fBRAND_bytes\fR\|(3), +\&\fBRAND_DRBG_set_reseed_interval\fR\|(3), +\&\fBRAND_DRBG_set_reseed_time_interval\fR\|(3), +\&\s-1\fBRAND_DRBG\s0\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/RAND_DRBG_get0_master.3 b/secure/lib/libcrypto/man/RAND_DRBG_get0_master.3 index 6fcaaa0f5cc2..961646352be6 100644 --- a/secure/lib/libcrypto/man/RAND_DRBG_get0_master.3 +++ b/secure/lib/libcrypto/man/RAND_DRBG_get0_master.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_DRBG_GET0_MASTER 3" -.TH RAND_DRBG_GET0_MASTER 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH RAND_DRBG_GET0_MASTER 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,22 +151,22 @@ RAND_DRBG_get0_master, RAND_DRBG_get0_public, RAND_DRBG_get0_private \&\- get ac .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The default \s-1RAND API\s0 implementation (\fIRAND_OpenSSL()\fR) utilizes three +The default \s-1RAND API\s0 implementation (\fBRAND_OpenSSL()\fR) utilizes three shared \s-1DRBG\s0 instances which are accessed via the \s-1RAND API:\s0 .PP The <public> and <private> \s-1DRBG\s0 are thread-local instances, which are used -by \fIRAND_bytes()\fR and \fIRAND_priv_bytes()\fR, respectively. +by \fBRAND_bytes()\fR and \fBRAND_priv_bytes()\fR, respectively. The <master> \s-1DRBG\s0 is a global instance, which is not intended to be used directly, but is used internally to reseed the other two instances. .PP These functions here provide access to the shared \s-1DRBG\s0 instances. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRAND_DRBG_get0_master()\fR returns a pointer to the <master> \s-1DRBG\s0 instance. +\&\fBRAND_DRBG_get0_master()\fR returns a pointer to the <master> \s-1DRBG\s0 instance. .PP -\&\fIRAND_DRBG_get0_public()\fR returns a pointer to the <public> \s-1DRBG\s0 instance. +\&\fBRAND_DRBG_get0_public()\fR returns a pointer to the <public> \s-1DRBG\s0 instance. .PP -\&\fIRAND_DRBG_get0_private()\fR returns a pointer to the <private> \s-1DRBG\s0 instance. +\&\fBRAND_DRBG_get0_private()\fR returns a pointer to the <private> \s-1DRBG\s0 instance. .SH "NOTES" .IX Header "NOTES" It is not thread-safe to access the <master> \s-1DRBG\s0 instance. @@ -183,13 +187,13 @@ It is also possible to exchange the reseeding callbacks entirely. The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIRAND_DRBG_set_callbacks\fR\|(3), -\&\fIRAND_DRBG_set_reseed_defaults\fR\|(3), -\&\fIRAND_DRBG_set_reseed_interval\fR\|(3), -\&\fIRAND_DRBG_set_reseed_time_interval\fR\|(3), -\&\fIRAND_DRBG_set_callbacks\fR\|(3), -\&\fIRAND_DRBG_generate\fR\|(3), -\&\s-1\fIRAND_DRBG\s0\fR\|(7) +\&\fBRAND_DRBG_set_callbacks\fR\|(3), +\&\fBRAND_DRBG_set_reseed_defaults\fR\|(3), +\&\fBRAND_DRBG_set_reseed_interval\fR\|(3), +\&\fBRAND_DRBG_set_reseed_time_interval\fR\|(3), +\&\fBRAND_DRBG_set_callbacks\fR\|(3), +\&\fBRAND_DRBG_generate\fR\|(3), +\&\s-1\fBRAND_DRBG\s0\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/RAND_DRBG_new.3 b/secure/lib/libcrypto/man/RAND_DRBG_new.3 index 93ca440b6e30..226c2b5ac9b9 100644 --- a/secure/lib/libcrypto/man/RAND_DRBG_new.3 +++ b/secure/lib/libcrypto/man/RAND_DRBG_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_DRBG_NEW 3" -.TH RAND_DRBG_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH RAND_DRBG_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -164,14 +168,14 @@ RAND_DRBG_new, RAND_DRBG_secure_new, RAND_DRBG_set, RAND_DRBG_set_defaults, RAND .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIRAND_DRBG_new()\fR and \fIRAND_DRBG_secure_new()\fR +\&\fBRAND_DRBG_new()\fR and \fBRAND_DRBG_secure_new()\fR create a new \s-1DRBG\s0 instance of the given \fBtype\fR, allocated from the heap resp. the secure heap -(using \fIOPENSSL_zalloc()\fR resp. \fIOPENSSL_secure_zalloc()\fR). +(using \fBOPENSSL_zalloc()\fR resp. \fBOPENSSL_secure_zalloc()\fR). .PP -\&\fIRAND_DRBG_set()\fR initializes the \fBdrbg\fR with the given \fBtype\fR and \fBflags\fR. +\&\fBRAND_DRBG_set()\fR initializes the \fBdrbg\fR with the given \fBtype\fR and \fBflags\fR. .PP -\&\fIRAND_DRBG_set_defaults()\fR sets the default \fBtype\fR and \fBflags\fR for new \s-1DRBG\s0 +\&\fBRAND_DRBG_set_defaults()\fR sets the default \fBtype\fR and \fBflags\fR for new \s-1DRBG\s0 instances. .PP Currently, all \s-1DRBG\s0 types are based on AES-CTR, so \fBtype\fR can be one of the @@ -189,26 +193,26 @@ the default entropy source for reseeding the \fBdrbg\fR. It is said that the \&\fBdrbg\fR is \fIchained\fR to its \fBparent\fR. For more information, see the \s-1NOTES\s0 section. .PP -\&\fIRAND_DRBG_instantiate()\fR +\&\fBRAND_DRBG_instantiate()\fR seeds the \fBdrbg\fR instance using random input from trusted entropy sources. Optionally, a personalization string \fBpers\fR of length \fBperslen\fR can be specified. To omit the personalization string, set \fBpers\fR=NULL and \fBperslen\fR=0; .PP -\&\fIRAND_DRBG_uninstantiate()\fR +\&\fBRAND_DRBG_uninstantiate()\fR clears the internal state of the \fBdrbg\fR and puts it back in the uninstantiated state. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRAND_DRBG_new()\fR and \fIRAND_DRBG_secure_new()\fR return a pointer to a \s-1DRBG\s0 +\&\fBRAND_DRBG_new()\fR and \fBRAND_DRBG_secure_new()\fR return a pointer to a \s-1DRBG\s0 instance allocated on the heap, resp. secure heap. .PP -\&\fIRAND_DRBG_set()\fR, -\&\fIRAND_DRBG_instantiate()\fR, and -\&\fIRAND_DRBG_uninstantiate()\fR +\&\fBRAND_DRBG_set()\fR, +\&\fBRAND_DRBG_instantiate()\fR, and +\&\fBRAND_DRBG_uninstantiate()\fR return 1 on success, and 0 on failure. .PP -\&\fIRAND_DRBG_free()\fR does not return a value. +\&\fBRAND_DRBG_free()\fR does not return a value. .SH "NOTES" .IX Header "NOTES" The \s-1DRBG\s0 design supports \fIchaining\fR, which means that a \s-1DRBG\s0 instance can @@ -216,23 +220,23 @@ use another \fBparent\fR \s-1DRBG\s0 instance instead of the default entropy sou to obtain fresh random input for reseeding, provided that \fBparent\fR \s-1DRBG\s0 instance was properly instantiated, either from a trusted entropy source, or from yet another parent \s-1DRBG\s0 instance. -For a detailed description of the reseeding process, see \s-1\fIRAND_DRBG\s0\fR\|(7). +For a detailed description of the reseeding process, see \s-1\fBRAND_DRBG\s0\fR\|(7). .PP The default \s-1DRBG\s0 type and flags are applied only during creation of a \s-1DRBG\s0 instance. To ensure that they are applied to the global and thread-local \s-1DRBG\s0 instances (<master>, resp. <public> and <private>), it is necessary to call -\&\fIRAND_DRBG_set_defaults()\fR before creating any thread and before calling any +\&\fBRAND_DRBG_set_defaults()\fR before creating any thread and before calling any cryptographic routines that obtain random data directly or indirectly. .SH "HISTORY" .IX Header "HISTORY" The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIOPENSSL_zalloc\fR\|(3), -\&\fIOPENSSL_secure_zalloc\fR\|(3), -\&\fIRAND_DRBG_generate\fR\|(3), -\&\s-1\fIRAND_DRBG\s0\fR\|(7) +\&\fBOPENSSL_zalloc\fR\|(3), +\&\fBOPENSSL_secure_zalloc\fR\|(3), +\&\fBRAND_DRBG_generate\fR\|(3), +\&\s-1\fBRAND_DRBG\s0\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/RAND_DRBG_reseed.3 b/secure/lib/libcrypto/man/RAND_DRBG_reseed.3 index 1c8f749a53ff..ef07f82f474b 100644 --- a/secure/lib/libcrypto/man/RAND_DRBG_reseed.3 +++ b/secure/lib/libcrypto/man/RAND_DRBG_reseed.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_DRBG_RESEED 3" -.TH RAND_DRBG_RESEED 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH RAND_DRBG_RESEED 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -159,14 +163,14 @@ RAND_DRBG_reseed, RAND_DRBG_set_reseed_interval, RAND_DRBG_set_reseed_time_inter .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIRAND_DRBG_reseed()\fR +\&\fBRAND_DRBG_reseed()\fR reseeds the given \fBdrbg\fR, obtaining entropy input from its entropy source and mixing in the specified additional data provided in the buffer \fBadin\fR of length \fBadinlen\fR. The additional data can be omitted by setting \fBadin\fR to \s-1NULL\s0 and \fBadinlen\fR to 0. .PP -\&\fIRAND_DRBG_set_reseed_interval()\fR +\&\fBRAND_DRBG_set_reseed_interval()\fR sets the reseed interval of the \fBdrbg\fR, which is the maximum allowed number of generate requests between consecutive reseedings. If \fBinterval\fR > 0, then the \fBdrbg\fR will reseed automatically whenever the @@ -174,14 +178,14 @@ number of generate requests since its last seeding exceeds the given reseed interval. If \fBinterval\fR == 0, then this feature is disabled. .PP -\&\fIRAND_DRBG_set_reseed_time_interval()\fR +\&\fBRAND_DRBG_set_reseed_time_interval()\fR sets the reseed time interval of the \fBdrbg\fR, which is the maximum allowed number of seconds between consecutive reseedings. If \fBinterval\fR > 0, then the \fBdrbg\fR will reseed automatically whenever the elapsed time since its last reseeding exceeds the given reseed time interval. If \fBinterval\fR == 0, then this feature is disabled. .PP -\&\fIRAND_DRBG_set_reseed_defaults()\fR sets the default values for the reseed interval +\&\fBRAND_DRBG_set_reseed_defaults()\fR sets the default values for the reseed interval (\fBmaster_reseed_interval\fR and \fBslave_reseed_interval\fR) and the reseed time interval (\fBmaster_reseed_time_interval\fR and \fBslave_reseed_tme_interval\fR) @@ -190,9 +194,9 @@ The default values are set independently for master \s-1DRBG\s0 instances (which have a parent) and slave \s-1DRBG\s0 instances (which are chained to a parent \s-1DRBG\s0). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRAND_DRBG_reseed()\fR, -\&\fIRAND_DRBG_set_reseed_interval()\fR, and -\&\fIRAND_DRBG_set_reseed_time_interval()\fR, +\&\fBRAND_DRBG_reseed()\fR, +\&\fBRAND_DRBG_set_reseed_interval()\fR, and +\&\fBRAND_DRBG_set_reseed_time_interval()\fR, return 1 on success, 0 on failure. .SH "NOTES" .IX Header "NOTES" @@ -204,22 +208,22 @@ Normally, the entropy input for seeding a \s-1DRBG\s0 is either obtained from a trusted os entropy source or from a parent \s-1DRBG\s0 instance, which was seeded (directly or indirectly) from a trusted os entropy source. In exceptional cases it is possible to replace the reseeding mechanism entirely -by providing application defined callbacks using \fIRAND_DRBG_set_callbacks()\fR. +by providing application defined callbacks using \fBRAND_DRBG_set_callbacks()\fR. .PP The reseeding default values are applied only during creation of a \s-1DRBG\s0 instance. To ensure that they are applied to the global and thread-local \s-1DRBG\s0 instances (<master>, resp. <public> and <private>), it is necessary to call -\&\fIRAND_DRBG_set_reseed_defaults()\fR before creating any thread and before calling any +\&\fBRAND_DRBG_set_reseed_defaults()\fR before creating any thread and before calling any cryptographic routines that obtain random data directly or indirectly. .SH "HISTORY" .IX Header "HISTORY" The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIRAND_DRBG_generate\fR\|(3), -\&\fIRAND_DRBG_bytes\fR\|(3), -\&\fIRAND_DRBG_set_callbacks\fR\|(3). -\&\s-1\fIRAND_DRBG\s0\fR\|(7) +\&\fBRAND_DRBG_generate\fR\|(3), +\&\fBRAND_DRBG_bytes\fR\|(3), +\&\fBRAND_DRBG_set_callbacks\fR\|(3). +\&\s-1\fBRAND_DRBG\s0\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/RAND_DRBG_set_callbacks.3 b/secure/lib/libcrypto/man/RAND_DRBG_set_callbacks.3 index b5d719474c21..be5fc67dbfa4 100644 --- a/secure/lib/libcrypto/man/RAND_DRBG_set_callbacks.3 +++ b/secure/lib/libcrypto/man/RAND_DRBG_set_callbacks.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_DRBG_SET_CALLBACKS 3" -.TH RAND_DRBG_SET_CALLBACKS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH RAND_DRBG_SET_CALLBACKS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -174,7 +178,7 @@ RAND_DRBG_set_callbacks, RAND_DRBG_get_entropy_fn, RAND_DRBG_cleanup_entropy_fn, .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIRAND_DRBG_set_callbacks()\fR sets the callbacks for obtaining fresh entropy and +\&\fBRAND_DRBG_set_callbacks()\fR sets the callbacks for obtaining fresh entropy and the nonce when reseeding the given \fBdrbg\fR. The callback functions are implemented and provided by the caller. Their parameter lists need to match the function prototypes above. @@ -182,7 +186,7 @@ Their parameter lists need to match the function prototypes above. Setting the callbacks is allowed only if the \s-1DRBG\s0 has not been initialized yet. Otherwise, the operation will fail. To change the settings for one of the three shared DRBGs it is necessary to call -\&\fIRAND_DRBG_uninstantiate()\fR first. +\&\fBRAND_DRBG_uninstantiate()\fR first. .PP The \fBget_entropy\fR() callback is called by the \fBdrbg\fR when it requests fresh random input. @@ -204,14 +208,14 @@ it must also indicate an error by returning a buffer length of 0. See \s-1NOTES\s0 section for more details. .PP The \fBcleanup_entropy\fR() callback is called from the \fBdrbg\fR to to clear and -free the buffer allocated previously by \fIget_entropy()\fR. +free the buffer allocated previously by \fBget_entropy()\fR. The values \fBout\fR and \fBoutlen\fR are the random buffer's address and length, -as returned by the \fIget_entropy()\fR callback. +as returned by the \fBget_entropy()\fR callback. .PP The \fBget_nonce\fR() and \fBcleanup_nonce\fR() callbacks are used to obtain a nonce and free it again. A nonce is only required for instantiation (not for reseeding) and only in the case where the \s-1DRBG\s0 uses a derivation function. -The callbacks are analogous to \fIget_entropy()\fR and \fIcleanup_entropy()\fR, +The callbacks are analogous to \fBget_entropy()\fR and \fBcleanup_entropy()\fR, except for the missing prediction_resistance flag. .PP If the derivation function is disabled, then no nonce is used for instantiation, @@ -219,7 +223,7 @@ and the \fBget_nonce\fR() and \fBcleanup_nonce\fR() callbacks can be omitted by setting them to \s-1NULL.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRAND_DRBG_set_callbacks()\fR return 1 on success, and 0 on failure +\&\fBRAND_DRBG_set_callbacks()\fR return 1 on success, and 0 on failure .SH "NOTES" .IX Header "NOTES" It is important that \fBcleanup_entropy\fR() and \fBcleanup_nonce\fR() clear the buffer @@ -235,7 +239,7 @@ always fail. In other words, prediction resistance is currently not supported yet by the \s-1DRBG.\s0 .PP The derivation function is disabled during initialization by calling the -\&\fIRAND_DRBG_set()\fR function with the \s-1RAND_DRBG_FLAG_CTR_NO_DF\s0 flag. +\&\fBRAND_DRBG_set()\fR function with the \s-1RAND_DRBG_FLAG_CTR_NO_DF\s0 flag. For more information on the derivation function and when it can be omitted, see [\s-1NIST SP 800\-90A\s0 Rev. 1]. Roughly speeking it can be omitted if the random source has \*(L"full entropy\*(R", i.e., contains 8 bits of entropy per byte. @@ -251,9 +255,9 @@ section 8.6.7. The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIRAND_DRBG_new\fR\|(3), -\&\fIRAND_DRBG_reseed\fR\|(3), -\&\s-1\fIRAND_DRBG\s0\fR\|(7) +\&\fBRAND_DRBG_new\fR\|(3), +\&\fBRAND_DRBG_reseed\fR\|(3), +\&\s-1\fBRAND_DRBG\s0\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/RAND_DRBG_set_ex_data.3 b/secure/lib/libcrypto/man/RAND_DRBG_set_ex_data.3 index 9d84913116cf..5d09654a17d3 100644 --- a/secure/lib/libcrypto/man/RAND_DRBG_set_ex_data.3 +++ b/secure/lib/libcrypto/man/RAND_DRBG_set_ex_data.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_DRBG_SET_EX_DATA 3" -.TH RAND_DRBG_SET_EX_DATA 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH RAND_DRBG_SET_EX_DATA 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -152,22 +156,22 @@ RAND_DRBG_set_ex_data, RAND_DRBG_get_ex_data, RAND_DRBG_get_ex_new_index \&\- st .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIRAND_DRBG_set_ex_data()\fR enables an application to store arbitrary application +\&\fBRAND_DRBG_set_ex_data()\fR enables an application to store arbitrary application specific data \fBdata\fR in a \s-1RAND_DRBG\s0 instance \fBdrbg\fR. The index \fBidx\fR should -be a value previously returned from a call to \fIRAND_DRBG_get_ex_new_index()\fR. +be a value previously returned from a call to \fBRAND_DRBG_get_ex_new_index()\fR. .PP -\&\fIRAND_DRBG_get_ex_data()\fR retrieves application specific data previously stored +\&\fBRAND_DRBG_get_ex_data()\fR retrieves application specific data previously stored in an \s-1RAND_DRBG\s0 instance \fBdrbg\fR. The \fBidx\fR value should be the same as that used when originally storing the data. .PP -For more detailed information see \fICRYPTO_get_ex_data\fR\|(3) and -\&\fICRYPTO_set_ex_data\fR\|(3) which implement these functions and -\&\fICRYPTO_get_ex_new_index\fR\|(3) for generating a unique index. +For more detailed information see \fBCRYPTO_get_ex_data\fR\|(3) and +\&\fBCRYPTO_set_ex_data\fR\|(3) which implement these functions and +\&\fBCRYPTO_get_ex_new_index\fR\|(3) for generating a unique index. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRAND_DRBG_set_ex_data()\fR returns 1 for success or 0 for failure. +\&\fBRAND_DRBG_set_ex_data()\fR returns 1 for success or 0 for failure. .PP -\&\fIRAND_DRBG_get_ex_data()\fR returns the previously stored value or \s-1NULL\s0 on +\&\fBRAND_DRBG_get_ex_data()\fR returns the previously stored value or \s-1NULL\s0 on failure. \s-1NULL\s0 may also be a valid value. .SH "NOTES" .IX Header "NOTES" @@ -175,10 +179,10 @@ RAND_DRBG_get_ex_new_index(...) is implemented as a macro and equivalent to CRYPTO_get_ex_new_index(\s-1CRYPTO_EX_INDEX_DRBG,...\s0). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fICRYPTO_get_ex_data\fR\|(3), -\&\fICRYPTO_set_ex_data\fR\|(3), -\&\fICRYPTO_get_ex_new_index\fR\|(3), -\&\s-1\fIRAND_DRBG\s0\fR\|(7) +\&\fBCRYPTO_get_ex_data\fR\|(3), +\&\fBCRYPTO_set_ex_data\fR\|(3), +\&\fBCRYPTO_get_ex_new_index\fR\|(3), +\&\s-1\fBRAND_DRBG\s0\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/RAND_add.3 b/secure/lib/libcrypto/man/RAND_add.3 index f4cf81708951..1dcc9382eec1 100644 --- a/secure/lib/libcrypto/man/RAND_add.3 +++ b/secure/lib/libcrypto/man/RAND_add.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_ADD 3" -.TH RAND_ADD 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH RAND_ADD 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -163,20 +167,20 @@ Deprecated: These functions can be used to seed the random generator and to check its seeded state. In general, manual (re\-)seeding of the default OpenSSL random generator -(\fIRAND_OpenSSL\fR\|(3)) is not necessary (but allowed), since it does (re\-)seed +(\fBRAND_OpenSSL\fR\|(3)) is not necessary (but allowed), since it does (re\-)seed itself automatically using trusted system entropy sources. This holds unless the default \s-1RAND_METHOD\s0 has been replaced or OpenSSL was -built with automatic reseeding disabled, see \s-1\fIRAND\s0\fR\|(7) for more details. +built with automatic reseeding disabled, see \s-1\fBRAND\s0\fR\|(7) for more details. .PP -\&\fIRAND_status()\fR indicates whether or not the random generator has been sufficiently -seeded. If not, functions such as \fIRAND_bytes\fR\|(3) will fail. +\&\fBRAND_status()\fR indicates whether or not the random generator has been sufficiently +seeded. If not, functions such as \fBRAND_bytes\fR\|(3) will fail. .PP -\&\fIRAND_poll()\fR uses the system's capabilities to seed the random generator using +\&\fBRAND_poll()\fR uses the system's capabilities to seed the random generator using random input obtained from polling various trusted entropy sources. The default choice of the entropy source can be modified at build time, -see \s-1\fIRAND\s0\fR\|(7) for more details. +see \s-1\fBRAND\s0\fR\|(7) for more details. .PP -\&\fIRAND_add()\fR mixes the \fBnum\fR bytes at \fBbuf\fR into the internal state +\&\fBRAND_add()\fR mixes the \fBnum\fR bytes at \fBbuf\fR into the internal state of the random generator. This function will not normally be needed, as mentioned above. The \fBrandomness\fR argument is an estimate of how much randomness is @@ -186,41 +190,41 @@ Details about sources of randomness and how to estimate their randomness can be found in the literature; for example [\s-1NIST SP 800\-90B\s0]. The content of \fBbuf\fR cannot be recovered from subsequent random generator output. Applications that intend to save and restore random state in an external file -should consider using \fIRAND_load_file\fR\|(3) instead. +should consider using \fBRAND_load_file\fR\|(3) instead. .PP -\&\fIRAND_seed()\fR is equivalent to \fIRAND_add()\fR with \fBrandomness\fR set to \fBnum\fR. +\&\fBRAND_seed()\fR is equivalent to \fBRAND_add()\fR with \fBrandomness\fR set to \fBnum\fR. .PP -\&\fIRAND_keep_random_devices_open()\fR is used to control file descriptor +\&\fBRAND_keep_random_devices_open()\fR is used to control file descriptor usage by the random seed sources. Some seed sources maintain open file descriptors by default, which allows such sources to operate in a -\&\fIchroot\fR\|(2) jail without the associated device nodes being available. When +\&\fBchroot\fR\|(2) jail without the associated device nodes being available. When the \fBkeep\fR argument is zero, this call disables the retention of file descriptors. Conversely, a non-zero argument enables the retention of file descriptors. This function is usually called during initialization and it takes effect immediately. .PP -\&\fIRAND_event()\fR and \fIRAND_screen()\fR are equivalent to \fIRAND_poll()\fR and exist +\&\fBRAND_event()\fR and \fBRAND_screen()\fR are equivalent to \fBRAND_poll()\fR and exist for compatibility reasons only. See \s-1HISTORY\s0 section below. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRAND_status()\fR returns 1 if the random generator has been seeded +\&\fBRAND_status()\fR returns 1 if the random generator has been seeded with enough data, 0 otherwise. .PP -\&\fIRAND_poll()\fR returns 1 if it generated seed data, 0 otherwise. +\&\fBRAND_poll()\fR returns 1 if it generated seed data, 0 otherwise. .PP -\&\fIRAND_event()\fR returns \fIRAND_status()\fR. +\&\fBRAND_event()\fR returns \fBRAND_status()\fR. .PP The other functions do not return values. .SH "HISTORY" .IX Header "HISTORY" -\&\fIRAND_event()\fR and \fIRAND_screen()\fR were deprecated in OpenSSL 1.1.0 and should +\&\fBRAND_event()\fR and \fBRAND_screen()\fR were deprecated in OpenSSL 1.1.0 and should not be used. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIRAND_bytes\fR\|(3), -\&\fIRAND_egd\fR\|(3), -\&\fIRAND_load_file\fR\|(3), -\&\s-1\fIRAND\s0\fR\|(7) +\&\fBRAND_bytes\fR\|(3), +\&\fBRAND_egd\fR\|(3), +\&\fBRAND_load_file\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/RAND_bytes.3 b/secure/lib/libcrypto/man/RAND_bytes.3 index fb76e6e4197c..8d43a2e78353 100644 --- a/secure/lib/libcrypto/man/RAND_bytes.3 +++ b/secure/lib/libcrypto/man/RAND_bytes.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_BYTES 3" -.TH RAND_BYTES 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH RAND_BYTES 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -154,41 +158,41 @@ Deprecated: .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIRAND_bytes()\fR puts \fBnum\fR cryptographically strong pseudo-random bytes +\&\fBRAND_bytes()\fR puts \fBnum\fR cryptographically strong pseudo-random bytes into \fBbuf\fR. .PP -\&\fIRAND_priv_bytes()\fR has the same semantics as \fIRAND_bytes()\fR. It is intended to +\&\fBRAND_priv_bytes()\fR has the same semantics as \fBRAND_bytes()\fR. It is intended to be used for generating values that should remain private. If using the default \s-1RAND_METHOD,\s0 this function uses a separate \*(L"private\*(R" \s-1PRNG\s0 instance so that a compromise of the \*(L"public\*(R" \s-1PRNG\s0 instance will not -affect the secrecy of these private values, as described in \s-1\fIRAND\s0\fR\|(7) -and \s-1\fIRAND_DRBG\s0\fR\|(7). +affect the secrecy of these private values, as described in \s-1\fBRAND\s0\fR\|(7) +and \s-1\fBRAND_DRBG\s0\fR\|(7). .SH "NOTES" .IX Header "NOTES" -Always check the error return value of \fIRAND_bytes()\fR and -\&\fIRAND_priv_bytes()\fR and do not take randomness for granted: an error occurs +Always check the error return value of \fBRAND_bytes()\fR and +\&\fBRAND_priv_bytes()\fR and do not take randomness for granted: an error occurs if the \s-1CSPRNG\s0 has not been seeded with enough randomness to ensure an unpredictable byte sequence. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRAND_bytes()\fR and \fIRAND_priv_bytes()\fR +\&\fBRAND_bytes()\fR and \fBRAND_priv_bytes()\fR return 1 on success, \-1 if not supported by the current \&\s-1RAND\s0 method, or 0 on other failure. The error code can be -obtained by \fIERR_get_error\fR\|(3). +obtained by \fBERR_get_error\fR\|(3). .SH "HISTORY" .IX Header "HISTORY" .IP "\(bu" 2 -\&\fIRAND_pseudo_bytes()\fR was deprecated in OpenSSL 1.1.0; use \fIRAND_bytes()\fR instead. +\&\fBRAND_pseudo_bytes()\fR was deprecated in OpenSSL 1.1.0; use \fBRAND_bytes()\fR instead. .IP "\(bu" 2 -\&\fIRAND_priv_bytes()\fR was added in OpenSSL 1.1.1. +The \fBRAND_priv_bytes()\fR function was added in OpenSSL 1.1.1. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIRAND_add\fR\|(3), -\&\fIRAND_bytes\fR\|(3), -\&\fIRAND_priv_bytes\fR\|(3), -\&\fIERR_get_error\fR\|(3), -\&\s-1\fIRAND\s0\fR\|(7), -\&\s-1\fIRAND_DRBG\s0\fR\|(7) +\&\fBRAND_add\fR\|(3), +\&\fBRAND_bytes\fR\|(3), +\&\fBRAND_priv_bytes\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7), +\&\s-1\fBRAND_DRBG\s0\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/RAND_cleanup.3 b/secure/lib/libcrypto/man/RAND_cleanup.3 index 23fa80491309..21b08fdcdbcc 100644 --- a/secure/lib/libcrypto/man/RAND_cleanup.3 +++ b/secure/lib/libcrypto/man/RAND_cleanup.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_CLEANUP 3" -.TH RAND_CLEANUP 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH RAND_CLEANUP 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,20 +151,20 @@ RAND_cleanup \- erase the PRNG state .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -Prior to OpenSSL 1.1.0, \fIRAND_cleanup()\fR released all resources used by +Prior to OpenSSL 1.1.0, \fBRAND_cleanup()\fR released all resources used by the \s-1PRNG.\s0 As of version 1.1.0, it does nothing and should not be called, since no explicit initialisation or de-initialisation is necessary. See -\&\fIOPENSSL_init_crypto\fR\|(3). +\&\fBOPENSSL_init_crypto\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRAND_cleanup()\fR returns no value. +\&\fBRAND_cleanup()\fR returns no value. .SH "HISTORY" .IX Header "HISTORY" -\&\fIRAND_cleanup()\fR was deprecated in OpenSSL 1.1.0; do not use it. -See \fIOPENSSL_init_crypto\fR\|(3) +\&\fBRAND_cleanup()\fR was deprecated in OpenSSL 1.1.0; do not use it. +See \fBOPENSSL_init_crypto\fR\|(3) .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fIRAND\s0\fR\|(7) +\&\s-1\fBRAND\s0\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/RAND_egd.3 b/secure/lib/libcrypto/man/RAND_egd.3 index 45a93c7e4fba..e5987b3ebab0 100644 --- a/secure/lib/libcrypto/man/RAND_egd.3 +++ b/secure/lib/libcrypto/man/RAND_egd.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_EGD 3" -.TH RAND_EGD 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH RAND_EGD 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -154,31 +158,31 @@ socket to obtain randomness and seed the OpenSSL \s-1RNG.\s0 The protocol used is defined by the EGDs available at <http://egd.sourceforge.net/> or <http://prngd.sourceforge.net>. .PP -\&\fIRAND_egd_bytes()\fR requests \fBnum\fR bytes of randomness from an \s-1EGD\s0 at the -specified socket \fBpath\fR, and passes the data it receives into \fIRAND_add()\fR. -\&\fIRAND_egd()\fR is equivalent to \fIRAND_egd_bytes()\fR with \fBnum\fR set to 255. +\&\fBRAND_egd_bytes()\fR requests \fBnum\fR bytes of randomness from an \s-1EGD\s0 at the +specified socket \fBpath\fR, and passes the data it receives into \fBRAND_add()\fR. +\&\fBRAND_egd()\fR is equivalent to \fBRAND_egd_bytes()\fR with \fBnum\fR set to 255. .PP -\&\fIRAND_query_egd_bytes()\fR requests \fBnum\fR bytes of randomness from an \s-1EGD\s0 at +\&\fBRAND_query_egd_bytes()\fR requests \fBnum\fR bytes of randomness from an \s-1EGD\s0 at the specified socket \fBpath\fR, where \fBnum\fR must be less than 256. -If \fBbuf\fR is \fB\s-1NULL\s0\fR, it is equivalent to \fIRAND_egd_bytes()\fR. +If \fBbuf\fR is \fB\s-1NULL\s0\fR, it is equivalent to \fBRAND_egd_bytes()\fR. If \fBbuf\fR is not \fB\s-1NULL\s0\fR, then the data is copied to the buffer and -\&\fIRAND_add()\fR is not called. +\&\fBRAND_add()\fR is not called. .PP OpenSSL can be configured at build time to try to use the \s-1EGD\s0 for seeding automatically. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRAND_egd()\fR and \fIRAND_egd_bytes()\fR return the number of bytes read from the +\&\fBRAND_egd()\fR and \fBRAND_egd_bytes()\fR return the number of bytes read from the daemon on success, or \-1 if the connection failed or the daemon did not return enough data to fully seed the \s-1PRNG.\s0 .PP -\&\fIRAND_query_egd_bytes()\fR returns the number of bytes read from the daemon on +\&\fBRAND_query_egd_bytes()\fR returns the number of bytes read from the daemon on success, or \-1 if the connection failed. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIRAND_add\fR\|(3), -\&\fIRAND_bytes\fR\|(3), -\&\s-1\fIRAND\s0\fR\|(7) +\&\fBRAND_add\fR\|(3), +\&\fBRAND_bytes\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/RAND_load_file.3 b/secure/lib/libcrypto/man/RAND_load_file.3 index a641b5139bac..17f048b91e50 100644 --- a/secure/lib/libcrypto/man/RAND_load_file.3 +++ b/secure/lib/libcrypto/man/RAND_load_file.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_LOAD_FILE 3" -.TH RAND_LOAD_FILE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH RAND_LOAD_FILE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,23 +153,23 @@ RAND_load_file, RAND_write_file, RAND_file_name \- PRNG seed file .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIRAND_load_file()\fR reads a number of bytes from file \fBfilename\fR and +\&\fBRAND_load_file()\fR reads a number of bytes from file \fBfilename\fR and adds them to the \s-1PRNG.\s0 If \fBmax_bytes\fR is non-negative, up to \fBmax_bytes\fR are read; if \fBmax_bytes\fR is \-1, the complete file is read. Do not load the same file multiple times unless its contents have -been updated by \fIRAND_write_file()\fR between reads. +been updated by \fBRAND_write_file()\fR between reads. Also, note that \fBfilename\fR should be adequately protected so that an attacker cannot replace or examine the contents. If \fBfilename\fR is not a regular file, then user is considered to be responsible for any side effects, e.g. non-anticipated blocking or capture of controlling terminal. .PP -\&\fIRAND_write_file()\fR writes a number of random bytes (currently 128) to +\&\fBRAND_write_file()\fR writes a number of random bytes (currently 128) to file \fBfilename\fR which can be used to initialize the \s-1PRNG\s0 by calling -\&\fIRAND_load_file()\fR in a later session. +\&\fBRAND_load_file()\fR in a later session. .PP -\&\fIRAND_file_name()\fR generates a default path for the random seed +\&\fBRAND_file_name()\fR generates a default path for the random seed file. \fBbuf\fR points to a buffer of size \fBnum\fR in which to store the filename. .PP @@ -192,18 +196,18 @@ If \f(CW$HOME\fR (on non-Windows and non-VMS system) is not set either, or \&\fBnum\fR is too small for the path name, an error occurs. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRAND_load_file()\fR returns the number of bytes read or \-1 on error. +\&\fBRAND_load_file()\fR returns the number of bytes read or \-1 on error. .PP -\&\fIRAND_write_file()\fR returns the number of bytes written, or \-1 if the +\&\fBRAND_write_file()\fR returns the number of bytes written, or \-1 if the bytes written were generated without appropriate seeding. .PP -\&\fIRAND_file_name()\fR returns a pointer to \fBbuf\fR on success, and \s-1NULL\s0 on +\&\fBRAND_file_name()\fR returns a pointer to \fBbuf\fR on success, and \s-1NULL\s0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIRAND_add\fR\|(3), -\&\fIRAND_bytes\fR\|(3), -\&\s-1\fIRAND\s0\fR\|(7) +\&\fBRAND_add\fR\|(3), +\&\fBRAND_bytes\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/RAND_set_rand_method.3 b/secure/lib/libcrypto/man/RAND_set_rand_method.3 index f6356d8cdd0b..259e1091b11f 100644 --- a/secure/lib/libcrypto/man/RAND_set_rand_method.3 +++ b/secure/lib/libcrypto/man/RAND_set_rand_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_SET_RAND_METHOD 3" -.TH RAND_SET_RAND_METHOD 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH RAND_SET_RAND_METHOD 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -152,16 +156,16 @@ RAND_set_rand_method, RAND_get_rand_method, RAND_OpenSSL \- select RAND method A \fB\s-1RAND_METHOD\s0\fR specifies the functions that OpenSSL uses for random number generation. .PP -\&\fIRAND_OpenSSL()\fR returns the default \fB\s-1RAND_METHOD\s0\fR implementation by OpenSSL. +\&\fBRAND_OpenSSL()\fR returns the default \fB\s-1RAND_METHOD\s0\fR implementation by OpenSSL. This implementation ensures that the \s-1PRNG\s0 state is unique for each thread. .PP If an \fB\s-1ENGINE\s0\fR is loaded that provides the \s-1RAND API,\s0 however, it will -be used instead of the method returned by \fIRAND_OpenSSL()\fR. +be used instead of the method returned by \fBRAND_OpenSSL()\fR. .PP -\&\fIRAND_set_rand_method()\fR makes \fBmeth\fR the method for \s-1PRNG\s0 use. If an +\&\fBRAND_set_rand_method()\fR makes \fBmeth\fR the method for \s-1PRNG\s0 use. If an \&\s-1ENGINE\s0 was providing the method, it will be released first. .PP -\&\fIRAND_get_rand_method()\fR returns a pointer to the current \fB\s-1RAND_METHOD\s0\fR. +\&\fBRAND_get_rand_method()\fR returns a pointer to the current \fB\s-1RAND_METHOD\s0\fR. .SH "THE RAND_METHOD STRUCTURE" .IX Header "THE RAND_METHOD STRUCTURE" .Vb 8 @@ -176,18 +180,18 @@ be used instead of the method returned by \fIRAND_OpenSSL()\fR. .Ve .PP The fields point to functions that are used by, in order, -\&\fIRAND_seed()\fR, \fIRAND_bytes()\fR, internal \s-1RAND\s0 cleanup, \fIRAND_add()\fR, \fIRAND_pseudo_rand()\fR -and \fIRAND_status()\fR. +\&\fBRAND_seed()\fR, \fBRAND_bytes()\fR, internal \s-1RAND\s0 cleanup, \fBRAND_add()\fR, \fBRAND_pseudo_rand()\fR +and \fBRAND_status()\fR. Each pointer may be \s-1NULL\s0 if the function is not implemented. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRAND_set_rand_method()\fR returns no value. \fIRAND_get_rand_method()\fR and -\&\fIRAND_OpenSSL()\fR return pointers to the respective methods. +\&\fBRAND_set_rand_method()\fR returns no value. \fBRAND_get_rand_method()\fR and +\&\fBRAND_OpenSSL()\fR return pointers to the respective methods. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIRAND_bytes\fR\|(3), -\&\fIENGINE_by_id\fR\|(3), -\&\s-1\fIRAND\s0\fR\|(7) +\&\fBRAND_bytes\fR\|(3), +\&\fBENGINE_by_id\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/RC4_set_key.3 b/secure/lib/libcrypto/man/RC4_set_key.3 index 52dd5304c746..294f8e58327b 100644 --- a/secure/lib/libcrypto/man/RC4_set_key.3 +++ b/secure/lib/libcrypto/man/RC4_set_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RC4_SET_KEY 3" -.TH RC4_SET_KEY 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH RC4_SET_KEY 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -159,11 +163,11 @@ key sizes have been widely used due to export restrictions. \&\s-1RC4\s0 consists of a key setup phase and the actual encryption or decryption phase. .PP -\&\fIRC4_set_key()\fR sets up the \fB\s-1RC4_KEY\s0\fR \fBkey\fR using the \fBlen\fR bytes long +\&\fBRC4_set_key()\fR sets up the \fB\s-1RC4_KEY\s0\fR \fBkey\fR using the \fBlen\fR bytes long key at \fBdata\fR. .PP -\&\s-1\fIRC4\s0()\fR encrypts or decrypts the \fBlen\fR bytes of data at \fBindata\fR using -\&\fBkey\fR and places the result at \fBoutdata\fR. Repeated \s-1\fIRC4\s0()\fR calls with +\&\s-1\fBRC4\s0()\fR encrypts or decrypts the \fBlen\fR bytes of data at \fBindata\fR using +\&\fBkey\fR and places the result at \fBoutdata\fR. Repeated \s-1\fBRC4\s0()\fR calls with the same \fBkey\fR yield a continuous key stream. .PP Since \s-1RC4\s0 is a stream cipher (the input is XORed with a pseudo-random @@ -171,18 +175,18 @@ key stream to produce the output), decryption uses the same function calls as encryption. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRC4_set_key()\fR and \s-1\fIRC4\s0()\fR do not return values. +\&\fBRC4_set_key()\fR and \s-1\fBRC4\s0()\fR do not return values. .SH "NOTE" .IX Header "NOTE" Applications should use the higher level functions -\&\fIEVP_EncryptInit\fR\|(3) etc. instead of calling these +\&\fBEVP_EncryptInit\fR\|(3) etc. instead of calling these functions directly. .PP It is difficult to securely use stream ciphers. For example, do not perform multiple encryptions using the same key stream. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_EncryptInit\fR\|(3) +\&\fBEVP_EncryptInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/RIPEMD160_Init.3 b/secure/lib/libcrypto/man/RIPEMD160_Init.3 index 1ef72f6feebe..181e2418ef54 100644 --- a/secure/lib/libcrypto/man/RIPEMD160_Init.3 +++ b/secure/lib/libcrypto/man/RIPEMD160_Init.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RIPEMD160_INIT 3" -.TH RIPEMD160_INIT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH RIPEMD160_INIT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,7 +149,7 @@ RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final \- RIPEMD\-160 hash \& unsigned char *md); \& \& int RIPEMD160_Init(RIPEMD160_CTX *c); -\& int RIPEMD160_Update(RIPEMD_CTX *c, const void *data, unsigned long len); +\& int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, unsigned long len); \& int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); .Ve .SH "DESCRIPTION" @@ -153,7 +157,7 @@ RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final \- RIPEMD\-160 hash \&\s-1RIPEMD\-160\s0 is a cryptographic hash function with a 160 bit output. .PP -\&\s-1\fIRIPEMD160\s0()\fR computes the \s-1RIPEMD\-160\s0 message digest of the \fBn\fR +\&\s-1\fBRIPEMD160\s0()\fR computes the \s-1RIPEMD\-160\s0 message digest of the \fBn\fR bytes at \fBd\fR and places it in \fBmd\fR (which must have space for \&\s-1RIPEMD160_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static array. @@ -161,34 +165,34 @@ is placed in a static array. The following functions may be used if the message is not completely stored in memory: .PP -\&\fIRIPEMD160_Init()\fR initializes a \fB\s-1RIPEMD160_CTX\s0\fR structure. +\&\fBRIPEMD160_Init()\fR initializes a \fB\s-1RIPEMD160_CTX\s0\fR structure. .PP -\&\fIRIPEMD160_Update()\fR can be called repeatedly with chunks of the message to +\&\fBRIPEMD160_Update()\fR can be called repeatedly with chunks of the message to be hashed (\fBlen\fR bytes at \fBdata\fR). .PP -\&\fIRIPEMD160_Final()\fR places the message digest in \fBmd\fR, which must have +\&\fBRIPEMD160_Final()\fR places the message digest in \fBmd\fR, which must have space for \s-1RIPEMD160_DIGEST_LENGTH\s0 == 20 bytes of output, and erases the \fB\s-1RIPEMD160_CTX\s0\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\s-1\fIRIPEMD160\s0()\fR returns a pointer to the hash value. +\&\s-1\fBRIPEMD160\s0()\fR returns a pointer to the hash value. .PP -\&\fIRIPEMD160_Init()\fR, \fIRIPEMD160_Update()\fR and \fIRIPEMD160_Final()\fR return 1 for +\&\fBRIPEMD160_Init()\fR, \fBRIPEMD160_Update()\fR and \fBRIPEMD160_Final()\fR return 1 for success, 0 otherwise. .SH "NOTE" .IX Header "NOTE" Applications should use the higher level functions -\&\fIEVP_DigestInit\fR\|(3) etc. instead of calling these +\&\fBEVP_DigestInit\fR\|(3) etc. instead of calling these functions directly. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1ISO/IEC 10118\-3:2016\s0 Dedicated Hash-Function 1 (\s-1RIPEMD\-160\s0). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_DigestInit\fR\|(3) +\&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/RSA_blinding_on.3 b/secure/lib/libcrypto/man/RSA_blinding_on.3 index 7fe189e9ecfb..f3331a82fe21 100644 --- a/secure/lib/libcrypto/man/RSA_blinding_on.3 +++ b/secure/lib/libcrypto/man/RSA_blinding_on.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_BLINDING_ON 3" -.TH RSA_BLINDING_ON 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH RSA_BLINDING_ON 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,18 +155,18 @@ RSA_blinding_on, RSA_blinding_off \- protect the RSA operation from timing attac measure the time of \s-1RSA\s0 decryption or signature operations, blinding must be used to protect the \s-1RSA\s0 operation from that attack. .PP -\&\fIRSA_blinding_on()\fR turns blinding on for key \fBrsa\fR and generates a +\&\fBRSA_blinding_on()\fR turns blinding on for key \fBrsa\fR and generates a random blinding factor. \fBctx\fR is \fB\s-1NULL\s0\fR or a pre-allocated and initialized \fB\s-1BN_CTX\s0\fR. The random number generator must be seeded -prior to calling \fIRSA_blinding_on()\fR. +prior to calling \fBRSA_blinding_on()\fR. .PP -\&\fIRSA_blinding_off()\fR turns blinding off and frees the memory used for +\&\fBRSA_blinding_off()\fR turns blinding off and frees the memory used for the blinding factor. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRSA_blinding_on()\fR returns 1 on success, and 0 if an error occurred. +\&\fBRSA_blinding_on()\fR returns 1 on success, and 0 if an error occurred. .PP -\&\fIRSA_blinding_off()\fR returns no value. +\&\fBRSA_blinding_off()\fR returns no value. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/RSA_check_key.3 b/secure/lib/libcrypto/man/RSA_check_key.3 index ab5d5996727a..8f3f7a74a242 100644 --- a/secure/lib/libcrypto/man/RSA_check_key.3 +++ b/secure/lib/libcrypto/man/RSA_check_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_CHECK_KEY 3" -.TH RSA_CHECK_KEY 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH RSA_CHECK_KEY 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,7 +151,7 @@ RSA_check_key_ex, RSA_check_key \- validate private RSA keys .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIRSA_check_key_ex()\fR function validates \s-1RSA\s0 keys. +\&\fBRSA_check_key_ex()\fR function validates \s-1RSA\s0 keys. It checks that \fBp\fR and \fBq\fR are in fact prime, and that \fBn = p*q\fR. .PP @@ -162,17 +166,17 @@ Therefore, it cannot be used with any arbitrary \s-1RSA\s0 key object, even if it is otherwise fit for regular \s-1RSA\s0 operation. .PP The \fBcb\fR parameter is a callback that will be invoked in the same -manner as \fIBN_is_prime_ex\fR\|(3). +manner as \fBBN_is_prime_ex\fR\|(3). .PP -\&\fIRSA_check_key()\fR is equivalent to \fIRSA_check_key_ex()\fR with a \s-1NULL\s0 \fBcb\fR. +\&\fBRSA_check_key()\fR is equivalent to \fBRSA_check_key_ex()\fR with a \s-1NULL\s0 \fBcb\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRSA_check_key_ex()\fR and \fIRSA_check_key()\fR +\&\fBRSA_check_key_ex()\fR and \fBRSA_check_key()\fR return 1 if \fBrsa\fR is a valid \s-1RSA\s0 key, and 0 otherwise. They return \-1 if an error occurs while checking the key. .PP If the key is invalid or an error occurred, the reason code can be -obtained using \fIERR_get_error\fR\|(3). +obtained using \fBERR_get_error\fR\|(3). .SH "NOTES" .IX Header "NOTES" Unlike most other \s-1RSA\s0 functions, this function does \fBnot\fR work @@ -186,19 +190,19 @@ is complete and untouched, but this can't be assumed in the general case. .SH "BUGS" .IX Header "BUGS" A method of verifying the \s-1RSA\s0 key using opaque \s-1RSA API\s0 functions might need -to be considered. Right now \fIRSA_check_key()\fR simply uses the \s-1RSA\s0 structure +to be considered. Right now \fBRSA_check_key()\fR simply uses the \s-1RSA\s0 structure elements directly, bypassing the \s-1RSA_METHOD\s0 table altogether (and completely violating encapsulation and object-orientation in the process). -The best fix will probably be to introduce a \*(L"\fIcheck_key()\fR\*(R" handler to the +The best fix will probably be to introduce a \*(L"\fBcheck_key()\fR\*(R" handler to the \&\s-1RSA_METHOD\s0 function table so that alternative implementations can also provide their own verifiers. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIBN_is_prime_ex\fR\|(3), -\&\fIERR_get_error\fR\|(3) +\&\fBBN_is_prime_ex\fR\|(3), +\&\fBERR_get_error\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIRSA_check_key_ex()\fR appeared after OpenSSL 1.0.2. +\&\fBRSA_check_key_ex()\fR appeared after OpenSSL 1.0.2. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/RSA_generate_key.3 b/secure/lib/libcrypto/man/RSA_generate_key.3 index be0645f9501d..4448e7de793f 100644 --- a/secure/lib/libcrypto/man/RSA_generate_key.3 +++ b/secure/lib/libcrypto/man/RSA_generate_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_GENERATE_KEY 3" -.TH RSA_GENERATE_KEY 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH RSA_GENERATE_KEY 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,14 +159,14 @@ Deprecated: .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIRSA_generate_key_ex()\fR generates a 2\-prime \s-1RSA\s0 key pair and stores it in the +\&\fBRSA_generate_key_ex()\fR generates a 2\-prime \s-1RSA\s0 key pair and stores it in the \&\fB\s-1RSA\s0\fR structure provided in \fBrsa\fR. The pseudo-random number generator must -be seeded prior to calling \fIRSA_generate_key_ex()\fR. +be seeded prior to calling \fBRSA_generate_key_ex()\fR. .PP -\&\fIRSA_generate_multi_prime_key()\fR generates a multi-prime \s-1RSA\s0 key pair and stores +\&\fBRSA_generate_multi_prime_key()\fR generates a multi-prime \s-1RSA\s0 key pair and stores it in the \fB\s-1RSA\s0\fR structure provided in \fBrsa\fR. The number of primes is given by the \fBprimes\fR parameter. The pseudo-random number generator must be seeded prior -to calling \fIRSA_generate_multi_prime_key()\fR. +to calling \fBRSA_generate_multi_prime_key()\fR. .PP The modulus size will be of length \fBbits\fR, the number of primes to form the modulus will be \fBprimes\fR, and the public exponent will be \fBe\fR. Key sizes @@ -180,15 +184,15 @@ In order to maintain adequate security level, the maximum number of permitted .PP A callback function may be used to provide feedback about the progress of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it -will be called as follows using the \fIBN_GENCB_call()\fR function -described on the \fIBN_generate_prime\fR\|(3) page. +will be called as follows using the \fBBN_GENCB_call()\fR function +described on the \fBBN_generate_prime\fR\|(3) page. .PP -\&\fIRSA_generate_prime()\fR is similar to \fIRSA_generate_prime_ex()\fR but +\&\fBRSA_generate_prime()\fR is similar to \fBRSA_generate_prime_ex()\fR but expects an old-style callback function; see -\&\fIBN_generate_prime\fR\|(3) for information on the old-style callback. +\&\fBBN_generate_prime\fR\|(3) for information on the old-style callback. .IP "\(bu" 2 While a random prime number is generated, it is called as -described in \fIBN_generate_prime\fR\|(3). +described in \fBBN_generate_prime\fR\|(3). .IP "\(bu" 2 When the n\-th randomly generated prime is rejected as not suitable for the key, \fBBN_GENCB_call(cb, 2, n)\fR is called. @@ -200,22 +204,22 @@ The process is then repeated for prime q and other primes (if any) with \fBBN_GENCB_call(cb, 3, i)\fR where \fBi\fR indicates the i\-th prime. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRSA_generate_multi_prime_key()\fR returns 1 on success or 0 on error. -\&\fIRSA_generate_key_ex()\fR returns 1 on success or 0 on error. -The error codes can be obtained by \fIERR_get_error\fR\|(3). +\&\fBRSA_generate_multi_prime_key()\fR returns 1 on success or 0 on error. +\&\fBRSA_generate_key_ex()\fR returns 1 on success or 0 on error. +The error codes can be obtained by \fBERR_get_error\fR\|(3). .PP -\&\fIRSA_generate_key()\fR returns a pointer to the \s-1RSA\s0 structure or +\&\fBRSA_generate_key()\fR returns a pointer to the \s-1RSA\s0 structure or \&\fB\s-1NULL\s0\fR if the key generation fails. .SH "BUGS" .IX Header "BUGS" \&\fBBN_GENCB_call(cb, 2, x)\fR is used with two different meanings. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIRAND_bytes\fR\|(3), \fIBN_generate_prime\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), \fBBN_generate_prime\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIRSA_generate_key()\fR was deprecated in OpenSSL 0.9.8; use -\&\fIRSA_generate_key_ex()\fR instead. +\&\fBRSA_generate_key()\fR was deprecated in OpenSSL 0.9.8; use +\&\fBRSA_generate_key_ex()\fR instead. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/RSA_get0_key.3 b/secure/lib/libcrypto/man/RSA_get0_key.3 index 0bef85e6acb9..7f267d369083 100644 --- a/secure/lib/libcrypto/man/RSA_get0_key.3 +++ b/secure/lib/libcrypto/man/RSA_get0_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_GET0_KEY 3" -.TH RSA_GET0_KEY 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH RSA_GET0_KEY 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -187,14 +191,14 @@ and \fBt\fR. \fBr\fR is the additional prime besides \fBp\fR and \fBq\fR. \fBd\f \&\fBt\fR are the exponent and coefficient for \s-1CRT\s0 calculations. .PP The \fBn\fR, \fBe\fR and \fBd\fR parameters can be obtained by calling -\&\fIRSA_get0_key()\fR. If they have not been set yet, then \fB*n\fR, \fB*e\fR and +\&\fBRSA_get0_key()\fR. If they have not been set yet, then \fB*n\fR, \fB*e\fR and \&\fB*d\fR will be set to \s-1NULL.\s0 Otherwise, they are set to pointers to their respective values. These point directly to the internal representations of the values and therefore should not be freed by the caller. .PP The \fBn\fR, \fBe\fR and \fBd\fR parameter values can be set by calling -\&\fIRSA_set0_key()\fR and passing the new values for \fBn\fR, \fBe\fR and \fBd\fR as +\&\fBRSA_set0_key()\fR and passing the new values for \fBn\fR, \fBe\fR and \fBd\fR as parameters to the function. The values \fBn\fR and \fBe\fR must be non-NULL the first time this function is called on a given \s-1RSA\s0 object. The value \fBd\fR may be \s-1NULL.\s0 On subsequent calls any of these values may be @@ -204,83 +208,84 @@ the \s-1RSA\s0 object, and therefore the values that have been passed in should not be freed by the caller after this function has been called. .PP In a similar fashion, the \fBp\fR and \fBq\fR parameters can be obtained and -set with \fIRSA_get0_factors()\fR and \fIRSA_set0_factors()\fR, and the \fBdmp1\fR, +set with \fBRSA_get0_factors()\fR and \fBRSA_set0_factors()\fR, and the \fBdmp1\fR, \&\fBdmq1\fR and \fBiqmp\fR parameters can be obtained and set with -\&\fIRSA_get0_crt_params()\fR and \fIRSA_set0_crt_params()\fR. +\&\fBRSA_get0_crt_params()\fR and \fBRSA_set0_crt_params()\fR. .PP -For \fIRSA_get0_key()\fR, \fIRSA_get0_factors()\fR, and \fIRSA_get0_crt_params()\fR, +For \fBRSA_get0_key()\fR, \fBRSA_get0_factors()\fR, and \fBRSA_get0_crt_params()\fR, \&\s-1NULL\s0 value \s-1BIGNUM\s0 ** output parameters are permitted. The functions ignore \s-1NULL\s0 parameters but return values for other, non-NULL, parameters. .PP -For multi-prime \s-1RSA,\s0 \fIRSA_get0_multi_prime_factors()\fR and \fIRSA_get0_multi_prime_params()\fR +For multi-prime \s-1RSA,\s0 \fBRSA_get0_multi_prime_factors()\fR and \fBRSA_get0_multi_prime_params()\fR can be used to obtain other primes and related \s-1CRT\s0 parameters. The -return values are stored in an array of \fB\s-1BIGNUM\s0 *\fR. \fIRSA_set0_multi_prime_params()\fR +return values are stored in an array of \fB\s-1BIGNUM\s0 *\fR. \fBRSA_set0_multi_prime_params()\fR sets a collect of multi-prime 'triplet' members (prime, exponent and coefficient) into an \s-1RSA\s0 object. .PP Any of the values \fBn\fR, \fBe\fR, \fBd\fR, \fBp\fR, \fBq\fR, \fBdmp1\fR, \fBdmq1\fR, and \fBiqmp\fR can also be retrieved separately by the corresponding function -\&\fIRSA_get0_n()\fR, \fIRSA_get0_e()\fR, \fIRSA_get0_d()\fR, \fIRSA_get0_p()\fR, \fIRSA_get0_q()\fR, -\&\fIRSA_get0_dmp1()\fR, \fIRSA_get0_dmq1()\fR, and \fIRSA_get0_iqmp()\fR, respectively. +\&\fBRSA_get0_n()\fR, \fBRSA_get0_e()\fR, \fBRSA_get0_d()\fR, \fBRSA_get0_p()\fR, \fBRSA_get0_q()\fR, +\&\fBRSA_get0_dmp1()\fR, \fBRSA_get0_dmq1()\fR, and \fBRSA_get0_iqmp()\fR, respectively. .PP -\&\fIRSA_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1RSA\s0 +\&\fBRSA_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1RSA\s0 object. Multiple flags can be passed in one go (bitwise ORed together). -Any flags that are already set are left set. \fIRSA_test_flags()\fR tests to +Any flags that are already set are left set. \fBRSA_test_flags()\fR tests to see whether the flags passed in the \fBflags\fR parameter are currently set in the \s-1RSA\s0 object. Multiple flags can be tested in one go. All flags that are currently set are returned, or zero if none of the -flags are set. \fIRSA_clear_flags()\fR clears the specified flags within the +flags are set. \fBRSA_clear_flags()\fR clears the specified flags within the \&\s-1RSA\s0 object. .PP -\&\fIRSA_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for +\&\fBRSA_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for this \s-1RSA\s0 object, or \s-1NULL\s0 if no such \s-1ENGINE\s0 has been set. .PP -\&\fIRSA_get_version()\fR returns the version of an \s-1RSA\s0 object \fBr\fR. +\&\fBRSA_get_version()\fR returns the version of an \s-1RSA\s0 object \fBr\fR. .SH "NOTES" .IX Header "NOTES" -Values retrieved with \fIRSA_get0_key()\fR are owned by the \s-1RSA\s0 object used -in the call and may therefore \fInot\fR be passed to \fIRSA_set0_key()\fR. If -needed, duplicate the received value using \fIBN_dup()\fR and pass the -duplicate. The same applies to \fIRSA_get0_factors()\fR and \fIRSA_set0_factors()\fR -as well as \fIRSA_get0_crt_params()\fR and \fIRSA_set0_crt_params()\fR. +Values retrieved with \fBRSA_get0_key()\fR are owned by the \s-1RSA\s0 object used +in the call and may therefore \fInot\fR be passed to \fBRSA_set0_key()\fR. If +needed, duplicate the received value using \fBBN_dup()\fR and pass the +duplicate. The same applies to \fBRSA_get0_factors()\fR and \fBRSA_set0_factors()\fR +as well as \fBRSA_get0_crt_params()\fR and \fBRSA_set0_crt_params()\fR. .PP -The caller should obtain the size by calling \fIRSA_get_multi_prime_extra_count()\fR +The caller should obtain the size by calling \fBRSA_get_multi_prime_extra_count()\fR in advance and allocate sufficient buffer to store the return values before -calling \fIRSA_get0_multi_prime_factors()\fR and \fIRSA_get0_multi_prime_params()\fR. +calling \fBRSA_get0_multi_prime_factors()\fR and \fBRSA_get0_multi_prime_params()\fR. .PP -\&\fIRSA_set0_multi_prime_params()\fR always clears the original multi-prime +\&\fBRSA_set0_multi_prime_params()\fR always clears the original multi-prime triplets in \s-1RSA\s0 object \fBr\fR and assign the new set of triplets into it. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRSA_set0_key()\fR, \fIRSA_set0_factors()\fR, \fIRSA_set0_crt_params()\fR and -\&\fIRSA_set0_multi_prime_params()\fR return 1 on success or 0 on failure. +\&\fBRSA_set0_key()\fR, \fBRSA_set0_factors()\fR, \fBRSA_set0_crt_params()\fR and +\&\fBRSA_set0_multi_prime_params()\fR return 1 on success or 0 on failure. .PP -\&\fIRSA_get0_n()\fR, \fIRSA_get0_e()\fR, \fIRSA_get0_d()\fR, \fIRSA_get0_p()\fR, \fIRSA_get0_q()\fR, -\&\fIRSA_get0_dmp1()\fR, \fIRSA_get0_dmq1()\fR, and \fIRSA_get0_iqmp()\fR +\&\fBRSA_get0_n()\fR, \fBRSA_get0_e()\fR, \fBRSA_get0_d()\fR, \fBRSA_get0_p()\fR, \fBRSA_get0_q()\fR, +\&\fBRSA_get0_dmp1()\fR, \fBRSA_get0_dmq1()\fR, and \fBRSA_get0_iqmp()\fR return the respective value. .PP -\&\fIRSA_get0_multi_prime_factors()\fR and \fIRSA_get0_multi_prime_crt_params()\fR return +\&\fBRSA_get0_multi_prime_factors()\fR and \fBRSA_get0_multi_prime_crt_params()\fR return 1 on success or 0 on failure. .PP -\&\fIRSA_get_multi_prime_extra_count()\fR returns two less than the number of primes +\&\fBRSA_get_multi_prime_extra_count()\fR returns two less than the number of primes in use, which is 0 for traditional \s-1RSA\s0 and the number of extra primes for multi-prime \s-1RSA.\s0 .PP -\&\fIRSA_get_version()\fR returns \fB\s-1RSA_ASN1_VERSION_MULTI\s0\fR for multi-prime \s-1RSA\s0 and +\&\fBRSA_get_version()\fR returns \fB\s-1RSA_ASN1_VERSION_MULTI\s0\fR for multi-prime \s-1RSA\s0 and \&\fB\s-1RSA_ASN1_VERSION_DEFAULT\s0\fR for normal two-prime \s-1RSA,\s0 as defined in \s-1RFC 8017.\s0 .PP -\&\fIRSA_test_flags()\fR returns the current state of the flags in the \s-1RSA\s0 object. +\&\fBRSA_test_flags()\fR returns the current state of the flags in the \s-1RSA\s0 object. .PP -\&\fIRSA_get0_engine()\fR returns the \s-1ENGINE\s0 set for the \s-1RSA\s0 object or \s-1NULL\s0 if no +\&\fBRSA_get0_engine()\fR returns the \s-1ENGINE\s0 set for the \s-1RSA\s0 object or \s-1NULL\s0 if no \&\s-1ENGINE\s0 has been set. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIRSA_new\fR\|(3), \fIRSA_size\fR\|(3) +\&\fBRSA_new\fR\|(3), \fBRSA_size\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIRSA_get_multi_prime_extra_count()\fR, \fIRSA_get0_multi_prime_factors()\fR, -\&\fIRSA_get0_multi_prime_crt_params()\fR, \fIRSA_set0_multi_prime_params()\fR, -and \fIRSA_get_version()\fR functions were added in OpenSSL 1.1.1. +The +\&\fBRSA_get_multi_prime_extra_count()\fR, \fBRSA_get0_multi_prime_factors()\fR, +\&\fBRSA_get0_multi_prime_crt_params()\fR, \fBRSA_set0_multi_prime_params()\fR, +and \fBRSA_get_version()\fR functions were added in OpenSSL 1.1.1. .PP Other functions described here were added in OpenSSL 1.1.0. .SH "COPYRIGHT" diff --git a/secure/lib/libcrypto/man/RSA_meth_new.3 b/secure/lib/libcrypto/man/RSA_meth_new.3 index 3445b19e4911..35f73e6ab4ae 100644 --- a/secure/lib/libcrypto/man/RSA_meth_new.3 +++ b/secure/lib/libcrypto/man/RSA_meth_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_METH_NEW 3" -.TH RSA_METH_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH RSA_METH_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -249,7 +253,7 @@ The \fB\s-1RSA_METHOD\s0\fR type is a structure used for the provision of custom for the implementation of the various \s-1RSA\s0 capabilities. See the rsa page for more information. .PP -\&\fIRSA_meth_new()\fR creates a new \fB\s-1RSA_METHOD\s0\fR structure. It should be +\&\fBRSA_meth_new()\fR creates a new \fB\s-1RSA_METHOD\s0\fR structure. It should be given a unique \fBname\fR and a set of \fBflags\fR. The \fBname\fR should be a \&\s-1NULL\s0 terminated string, which will be duplicated and stored in the \&\fB\s-1RSA_METHOD\s0\fR object. It is the callers responsibility to free the @@ -257,44 +261,44 @@ original string. The flags will be used during the construction of a new \fB\s-1RSA\s0\fR object based on this \fB\s-1RSA_METHOD\s0\fR. Any new \fB\s-1RSA\s0\fR object will have those flags set by default. .PP -\&\fIRSA_meth_dup()\fR creates a duplicate copy of the \fB\s-1RSA_METHOD\s0\fR object +\&\fBRSA_meth_dup()\fR creates a duplicate copy of the \fB\s-1RSA_METHOD\s0\fR object passed as a parameter. This might be useful for creating a new \&\fB\s-1RSA_METHOD\s0\fR based on an existing one, but with some differences. .PP -\&\fIRSA_meth_free()\fR destroys an \fB\s-1RSA_METHOD\s0\fR structure and frees up any +\&\fBRSA_meth_free()\fR destroys an \fB\s-1RSA_METHOD\s0\fR structure and frees up any memory associated with it. .PP -\&\fIRSA_meth_get0_name()\fR will return a pointer to the name of this +\&\fBRSA_meth_get0_name()\fR will return a pointer to the name of this \&\s-1RSA_METHOD.\s0 This is a pointer to the internal name string and so -should not be freed by the caller. \fIRSA_meth_set1_name()\fR sets the name +should not be freed by the caller. \fBRSA_meth_set1_name()\fR sets the name of the \s-1RSA_METHOD\s0 to \fBname\fR. The string is duplicated and the copy is stored in the \s-1RSA_METHOD\s0 structure, so the caller remains responsible for freeing the memory associated with the name. .PP -\&\fIRSA_meth_get_flags()\fR returns the current value of the flags associated -with this \s-1RSA_METHOD.\s0 \fIRSA_meth_set_flags()\fR provides the ability to set +\&\fBRSA_meth_get_flags()\fR returns the current value of the flags associated +with this \s-1RSA_METHOD.\s0 \fBRSA_meth_set_flags()\fR provides the ability to set these flags. .PP -The functions \fIRSA_meth_get0_app_data()\fR and \fIRSA_meth_set0_app_data()\fR +The functions \fBRSA_meth_get0_app_data()\fR and \fBRSA_meth_set0_app_data()\fR provide the ability to associate implementation specific data with the \&\s-1RSA_METHOD.\s0 It is the application's responsibility to free this data -before the \s-1RSA_METHOD\s0 is freed via a call to \fIRSA_meth_free()\fR. +before the \s-1RSA_METHOD\s0 is freed via a call to \fBRSA_meth_free()\fR. .PP -\&\fIRSA_meth_get_sign()\fR and \fIRSA_meth_set_sign()\fR get and set the function +\&\fBRSA_meth_get_sign()\fR and \fBRSA_meth_set_sign()\fR get and set the function used for creating an \s-1RSA\s0 signature respectively. This function will be -called in response to the application calling \fIRSA_sign()\fR. The -parameters for the function have the same meaning as for \fIRSA_sign()\fR. +called in response to the application calling \fBRSA_sign()\fR. The +parameters for the function have the same meaning as for \fBRSA_sign()\fR. .PP -\&\fIRSA_meth_get_verify()\fR and \fIRSA_meth_set_verify()\fR get and set the +\&\fBRSA_meth_get_verify()\fR and \fBRSA_meth_set_verify()\fR get and set the function used for verifying an \s-1RSA\s0 signature respectively. This function will be called in response to the application calling -\&\fIRSA_verify()\fR. The parameters for the function have the same meaning as -for \fIRSA_verify()\fR. +\&\fBRSA_verify()\fR. The parameters for the function have the same meaning as +for \fBRSA_verify()\fR. .PP -\&\fIRSA_meth_get_mod_exp()\fR and \fIRSA_meth_set_mod_exp()\fR get and set the +\&\fBRSA_meth_get_mod_exp()\fR and \fBRSA_meth_set_mod_exp()\fR get and set the function used for \s-1CRT\s0 computations. .PP -\&\fIRSA_meth_get_bn_mod_exp()\fR and \fIRSA_meth_set_bn_mod_exp()\fR get and set +\&\fBRSA_meth_get_bn_mod_exp()\fR and \fBRSA_meth_set_bn_mod_exp()\fR get and set the function used for \s-1CRT\s0 computations, specifically the following value: .PP @@ -302,53 +306,53 @@ value: \& r = a ^ p mod m .Ve .PP -Both the \fImod_exp()\fR and \fIbn_mod_exp()\fR functions are called by the +Both the \fBmod_exp()\fR and \fBbn_mod_exp()\fR functions are called by the default OpenSSL method during encryption, decryption, signing and verification. .PP -\&\fIRSA_meth_get_init()\fR and \fIRSA_meth_set_init()\fR get and set the function +\&\fBRSA_meth_get_init()\fR and \fBRSA_meth_set_init()\fR get and set the function used for creating a new \s-1RSA\s0 instance respectively. This function will -be called in response to the application calling \fIRSA_new()\fR (if the -current default \s-1RSA_METHOD\s0 is this one) or \fIRSA_new_method()\fR. The -\&\fIRSA_new()\fR and \fIRSA_new_method()\fR functions will allocate the memory for +be called in response to the application calling \fBRSA_new()\fR (if the +current default \s-1RSA_METHOD\s0 is this one) or \fBRSA_new_method()\fR. The +\&\fBRSA_new()\fR and \fBRSA_new_method()\fR functions will allocate the memory for the new \s-1RSA\s0 object, and a pointer to this newly allocated structure will be passed as a parameter to the function. This function may be \&\s-1NULL.\s0 .PP -\&\fIRSA_meth_get_finish()\fR and \fIRSA_meth_set_finish()\fR get and set the +\&\fBRSA_meth_get_finish()\fR and \fBRSA_meth_set_finish()\fR get and set the function used for destroying an instance of an \s-1RSA\s0 object respectively. This function will be called in response to the application calling -\&\fIRSA_free()\fR. A pointer to the \s-1RSA\s0 to be destroyed is passed as a +\&\fBRSA_free()\fR. A pointer to the \s-1RSA\s0 to be destroyed is passed as a parameter. The destroy function should be used for \s-1RSA\s0 implementation specific clean up. The memory for the \s-1RSA\s0 itself should not be freed by this function. This function may be \s-1NULL.\s0 .PP -\&\fIRSA_meth_get_keygen()\fR and \fIRSA_meth_set_keygen()\fR get and set the +\&\fBRSA_meth_get_keygen()\fR and \fBRSA_meth_set_keygen()\fR get and set the function used for generating a new \s-1RSA\s0 key pair respectively. This function will be called in response to the application calling -\&\fIRSA_generate_key_ex()\fR. The parameter for the function has the same -meaning as for \fIRSA_generate_key_ex()\fR. +\&\fBRSA_generate_key_ex()\fR. The parameter for the function has the same +meaning as for \fBRSA_generate_key_ex()\fR. .PP -\&\fIRSA_meth_get_multi_prime_keygen()\fR and \fIRSA_meth_set_multi_prime_keygen()\fR get +\&\fBRSA_meth_get_multi_prime_keygen()\fR and \fBRSA_meth_set_multi_prime_keygen()\fR get and set the function used for generating a new multi-prime \s-1RSA\s0 key pair respectively. This function will be called in response to the application calling -\&\fIRSA_generate_multi_prime_key()\fR. The parameter for the function has the same -meaning as for \fIRSA_generate_multi_prime_key()\fR. +\&\fBRSA_generate_multi_prime_key()\fR. The parameter for the function has the same +meaning as for \fBRSA_generate_multi_prime_key()\fR. .PP -\&\fIRSA_meth_get_pub_enc()\fR, \fIRSA_meth_set_pub_enc()\fR, -\&\fIRSA_meth_get_pub_dec()\fR, \fIRSA_meth_set_pub_dec()\fR, -\&\fIRSA_meth_get_priv_enc()\fR, \fIRSA_meth_set_priv_enc()\fR, -\&\fIRSA_meth_get_priv_dec()\fR, \fIRSA_meth_set_priv_dec()\fR get and set the +\&\fBRSA_meth_get_pub_enc()\fR, \fBRSA_meth_set_pub_enc()\fR, +\&\fBRSA_meth_get_pub_dec()\fR, \fBRSA_meth_set_pub_dec()\fR, +\&\fBRSA_meth_get_priv_enc()\fR, \fBRSA_meth_set_priv_enc()\fR, +\&\fBRSA_meth_get_priv_dec()\fR, \fBRSA_meth_set_priv_dec()\fR get and set the functions used for public and private key encryption and decryption. These functions will be called in response to the application calling -\&\fIRSA_public_encrypt()\fR, \fIRSA_private_decrypt()\fR, \fIRSA_private_encrypt()\fR and -\&\fIRSA_public_decrypt()\fR and take the same parameters as those. +\&\fBRSA_public_encrypt()\fR, \fBRSA_private_decrypt()\fR, \fBRSA_private_encrypt()\fR and +\&\fBRSA_public_decrypt()\fR and take the same parameters as those. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRSA_meth_new()\fR and \fIRSA_meth_dup()\fR return the newly allocated +\&\fBRSA_meth_new()\fR and \fBRSA_meth_dup()\fR return the newly allocated \&\s-1RSA_METHOD\s0 object or \s-1NULL\s0 on failure. .PP -\&\fIRSA_meth_get0_name()\fR and \fIRSA_meth_get_flags()\fR return the name and +\&\fBRSA_meth_get0_name()\fR and \fBRSA_meth_get_flags()\fR return the name and flags associated with the \s-1RSA_METHOD\s0 respectively. .PP All other RSA_meth_get_*() functions return the appropriate function @@ -359,12 +363,12 @@ RSA_meth_set1_name and all RSA_meth_set_*() functions return 1 on success or 0 on failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIRSA_new\fR\|(3), \fIRSA_generate_key_ex\fR\|(3), \fIRSA_sign\fR\|(3), -\&\fIRSA_set_method\fR\|(3), \fIRSA_size\fR\|(3), \fIRSA_get0_key\fR\|(3), -\&\fIRSA_generate_multi_prime_key\fR\|(3) +\&\fBRSA_new\fR\|(3), \fBRSA_generate_key_ex\fR\|(3), \fBRSA_sign\fR\|(3), +\&\fBRSA_set_method\fR\|(3), \fBRSA_size\fR\|(3), \fBRSA_get0_key\fR\|(3), +\&\fBRSA_generate_multi_prime_key\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIRSA_meth_get_multi_prime_keygen()\fR and \fIRSA_meth_set_multi_prime_keygen()\fR were +\&\fBRSA_meth_get_multi_prime_keygen()\fR and \fBRSA_meth_set_multi_prime_keygen()\fR were added in OpenSSL 1.1.1. .PP Other functions described here were added in OpenSSL 1.1.0. diff --git a/secure/lib/libcrypto/man/RSA_new.3 b/secure/lib/libcrypto/man/RSA_new.3 index 16e72fe5d19e..0dac8475f5af 100644 --- a/secure/lib/libcrypto/man/RSA_new.3 +++ b/secure/lib/libcrypto/man/RSA_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_NEW 3" -.TH RSA_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH RSA_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,24 +151,24 @@ RSA_new, RSA_free \- allocate and free RSA objects .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIRSA_new()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure. It is equivalent to +\&\fBRSA_new()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure. It is equivalent to calling RSA_new_method(\s-1NULL\s0). .PP -\&\fIRSA_free()\fR frees the \fB\s-1RSA\s0\fR structure and its components. The key is +\&\fBRSA_free()\fR frees the \fB\s-1RSA\s0\fR structure and its components. The key is erased before the memory is returned to the system. If \fBrsa\fR is \s-1NULL\s0 nothing is done. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -If the allocation fails, \fIRSA_new()\fR returns \fB\s-1NULL\s0\fR and sets an error -code that can be obtained by \fIERR_get_error\fR\|(3). Otherwise it returns +If the allocation fails, \fBRSA_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by \fBERR_get_error\fR\|(3). Otherwise it returns a pointer to the newly allocated structure. .PP -\&\fIRSA_free()\fR returns no value. +\&\fBRSA_free()\fR returns no value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), -\&\fIRSA_generate_key\fR\|(3), -\&\fIRSA_new_method\fR\|(3) +\&\fBERR_get_error\fR\|(3), +\&\fBRSA_generate_key\fR\|(3), +\&\fBRSA_new_method\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 index 70f2a885ca2c..06049fbcfcf8 100644 --- a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 +++ b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_PADDING_ADD_PKCS1_TYPE_1 3" -.TH RSA_PADDING_ADD_PKCS1_TYPE_1 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH RSA_PADDING_ADD_PKCS1_TYPE_1 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -174,17 +178,17 @@ RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1, RSA_padding_add_PK .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIRSA_padding_xxx_xxx()\fR functions are called from the \s-1RSA\s0 encrypt, +The \fBRSA_padding_xxx_xxx()\fR functions are called from the \s-1RSA\s0 encrypt, decrypt, sign and verify functions. Normally they should not be called from application programs. .PP However, they can also be called directly to implement padding for other -asymmetric ciphers. \fIRSA_padding_add_PKCS1_OAEP()\fR and -\&\fIRSA_padding_check_PKCS1_OAEP()\fR may be used in an application combined +asymmetric ciphers. \fBRSA_padding_add_PKCS1_OAEP()\fR and +\&\fBRSA_padding_check_PKCS1_OAEP()\fR may be used in an application combined with \fB\s-1RSA_NO_PADDING\s0\fR in order to implement \s-1OAEP\s0 with an encoding parameter. .PP -\&\fIRSA_padding_add_xxx()\fR encodes \fBfl\fR bytes from \fBf\fR so as to fit into +\&\fBRSA_padding_add_xxx()\fR encodes \fBfl\fR bytes from \fBf\fR so as to fit into \&\fBtlen\fR bytes and stores the result at \fBto\fR. An error occurs if \fBfl\fR does not meet the size requirements of the encoding method. .PP @@ -206,33 +210,38 @@ The following encoding methods are implemented: simply copy the data .PP The random number generator must be seeded prior to calling -\&\fIRSA_padding_add_xxx()\fR. +\&\fBRSA_padding_add_xxx()\fR. .PP -\&\fIRSA_padding_check_xxx()\fR verifies that the \fBfl\fR bytes at \fBf\fR contain +\&\fBRSA_padding_check_xxx()\fR verifies that the \fBfl\fR bytes at \fBf\fR contain a valid encoding for a \fBrsa_len\fR byte \s-1RSA\s0 key in the respective encoding method and stores the recovered data of at most \fBtlen\fR bytes (for \fB\s-1RSA_NO_PADDING\s0\fR: of size \fBtlen\fR) at \fBto\fR. .PP -For \fIRSA_padding_xxx_OAEP()\fR, \fBp\fR points to the encoding parameter +For \fBRSA_padding_xxx_OAEP()\fR, \fBp\fR points to the encoding parameter of length \fBpl\fR. \fBp\fR may be \fB\s-1NULL\s0\fR if \fBpl\fR is 0. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The \fIRSA_padding_add_xxx()\fR functions return 1 on success, 0 on error. -The \fIRSA_padding_check_xxx()\fR functions return the length of the +The \fBRSA_padding_add_xxx()\fR functions return 1 on success, 0 on error. +The \fBRSA_padding_check_xxx()\fR functions return the length of the recovered data, \-1 on error. Error codes can be obtained by calling -\&\fIERR_get_error\fR\|(3). +\&\fBERR_get_error\fR\|(3). .SH "WARNING" .IX Header "WARNING" -The \fIRSA_padding_check_PKCS1_type_2()\fR padding check leaks timing +The \fBRSA_padding_check_PKCS1_type_2()\fR padding check leaks timing information which can potentially be used to mount a Bleichenbacher padding oracle attack. This is an inherent weakness in the \s-1PKCS\s0 #1 -v1.5 padding design. Prefer \s-1PKCS1_OAEP\s0 padding. +v1.5 padding design. Prefer \s-1PKCS1_OAEP\s0 padding. Otherwise it can +be recommended to pass zero-padded \fBf\fR, so that \fBfl\fR equals to +\&\fBrsa_len\fR, and if fixed by protocol, \fBtlen\fR being set to the +expected length. In such case leakage would be minimal, it would +take attacker's ability to observe memory access pattern with byte +granilarity as it occurs, post-factum timing analysis won't do. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIRSA_public_encrypt\fR\|(3), -\&\fIRSA_private_decrypt\fR\|(3), -\&\fIRSA_sign\fR\|(3), \fIRSA_verify\fR\|(3) +\&\fBRSA_public_encrypt\fR\|(3), +\&\fBRSA_private_decrypt\fR\|(3), +\&\fBRSA_sign\fR\|(3), \fBRSA_verify\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/RSA_print.3 b/secure/lib/libcrypto/man/RSA_print.3 index 585b9d9d8507..a7a36f93fc42 100644 --- a/secure/lib/libcrypto/man/RSA_print.3 +++ b/secure/lib/libcrypto/man/RSA_print.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_PRINT 3" -.TH RSA_PRINT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH RSA_PRINT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -167,7 +171,7 @@ The output lines are indented by \fBoffset\fR spaces. These functions return 1 on success, 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIBN_bn2bin\fR\|(3) +\&\fBBN_bn2bin\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/RSA_private_encrypt.3 b/secure/lib/libcrypto/man/RSA_private_encrypt.3 index 1b5871725503..79d1597920ad 100644 --- a/secure/lib/libcrypto/man/RSA_private_encrypt.3 +++ b/secure/lib/libcrypto/man/RSA_private_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_PRIVATE_ENCRYPT 3" -.TH RSA_PRIVATE_ENCRYPT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH RSA_PRIVATE_ENCRYPT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,7 +155,7 @@ RSA_private_encrypt, RSA_public_decrypt \- low level signature operations .IX Header "DESCRIPTION" These functions handle \s-1RSA\s0 signatures at a low level. .PP -\&\fIRSA_private_encrypt()\fR signs the \fBflen\fR bytes at \fBfrom\fR (usually a +\&\fBRSA_private_encrypt()\fR signs the \fBflen\fR bytes at \fBfrom\fR (usually a message digest with an algorithm identifier) using the private key \&\fBrsa\fR and stores the signature in \fBto\fR. \fBto\fR must point to \&\fBRSA_size(rsa)\fR bytes of memory. @@ -161,7 +165,7 @@ message digest with an algorithm identifier) using the private key .IX Item "RSA_PKCS1_PADDING" \&\s-1PKCS\s0 #1 v1.5 padding. This function does not handle the \&\fBalgorithmIdentifier\fR specified in \s-1PKCS\s0 #1. When generating or -verifying \s-1PKCS\s0 #1 signatures, \fIRSA_sign\fR\|(3) and \fIRSA_verify\fR\|(3) should be +verifying \s-1PKCS\s0 #1 signatures, \fBRSA_sign\fR\|(3) and \fBRSA_verify\fR\|(3) should be used. .IP "\s-1RSA_NO_PADDING\s0" 4 .IX Item "RSA_NO_PADDING" @@ -169,23 +173,23 @@ Raw \s-1RSA\s0 signature. This mode should \fIonly\fR be used to implement cryptographically sound padding modes in the application code. Signing user data directly with \s-1RSA\s0 is insecure. .PP -\&\fIRSA_public_decrypt()\fR recovers the message digest from the \fBflen\fR +\&\fBRSA_public_decrypt()\fR recovers the message digest from the \fBflen\fR bytes long signature at \fBfrom\fR using the signer's public key \&\fBrsa\fR. \fBto\fR must point to a memory section large enough to hold the message digest (which is smaller than \fBRSA_size(rsa) \- 11\fR). \fBpadding\fR is the padding mode that was used to sign the data. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRSA_private_encrypt()\fR returns the size of the signature (i.e., -RSA_size(rsa)). \fIRSA_public_decrypt()\fR returns the size of the +\&\fBRSA_private_encrypt()\fR returns the size of the signature (i.e., +RSA_size(rsa)). \fBRSA_public_decrypt()\fR returns the size of the recovered message digest. .PP On error, \-1 is returned; the error codes can be -obtained by \fIERR_get_error\fR\|(3). +obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), -\&\fIRSA_sign\fR\|(3), \fIRSA_verify\fR\|(3) +\&\fBERR_get_error\fR\|(3), +\&\fBRSA_sign\fR\|(3), \fBRSA_verify\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/RSA_public_encrypt.3 b/secure/lib/libcrypto/man/RSA_public_encrypt.3 index 157cc7c3e7f5..1f58528e8386 100644 --- a/secure/lib/libcrypto/man/RSA_public_encrypt.3 +++ b/secure/lib/libcrypto/man/RSA_public_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_PUBLIC_ENCRYPT 3" -.TH RSA_PUBLIC_ENCRYPT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH RSA_PUBLIC_ENCRYPT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,7 +153,7 @@ RSA_public_encrypt, RSA_private_decrypt \- RSA public key cryptography .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIRSA_public_encrypt()\fR encrypts the \fBflen\fR bytes at \fBfrom\fR (usually a +\&\fBRSA_public_encrypt()\fR encrypts the \fBflen\fR bytes at \fBfrom\fR (usually a session key) using the public key \fBrsa\fR and stores the ciphertext in \&\fBto\fR. \fBto\fR must point to RSA_size(\fBrsa\fR) bytes of memory. .PP @@ -175,21 +179,21 @@ Encrypting user data directly with \s-1RSA\s0 is insecure. based padding modes, less than RSA_size(\fBrsa\fR) \- 41 for \&\s-1RSA_PKCS1_OAEP_PADDING\s0 and exactly RSA_size(\fBrsa\fR) for \s-1RSA_NO_PADDING.\s0 The random number generator must be seeded prior to calling -\&\fIRSA_public_encrypt()\fR. +\&\fBRSA_public_encrypt()\fR. .PP -\&\fIRSA_private_decrypt()\fR decrypts the \fBflen\fR bytes at \fBfrom\fR using the +\&\fBRSA_private_decrypt()\fR decrypts the \fBflen\fR bytes at \fBfrom\fR using the private key \fBrsa\fR and stores the plaintext in \fBto\fR. \fBto\fR must point to a memory section large enough to hold the decrypted data (which is smaller than RSA_size(\fBrsa\fR)). \fBpadding\fR is the padding mode that was used to encrypt the data. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRSA_public_encrypt()\fR returns the size of the encrypted data (i.e., -RSA_size(\fBrsa\fR)). \fIRSA_private_decrypt()\fR returns the size of the +\&\fBRSA_public_encrypt()\fR returns the size of the encrypted data (i.e., +RSA_size(\fBrsa\fR)). \fBRSA_private_decrypt()\fR returns the size of the recovered plaintext. .PP On error, \-1 is returned; the error codes can be -obtained by \fIERR_get_error\fR\|(3). +obtained by \fBERR_get_error\fR\|(3). .SH "WARNING" .IX Header "WARNING" Decryption failures in the \s-1RSA_PKCS1_PADDING\s0 mode leak information @@ -201,8 +205,8 @@ design. Prefer \s-1RSA_PKCS1_OAEP_PADDING.\s0 \&\s-1SSL, PKCS\s0 #1 v2.0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIRAND_bytes\fR\|(3), -\&\fIRSA_size\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), +\&\fBRSA_size\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/RSA_set_method.3 b/secure/lib/libcrypto/man/RSA_set_method.3 index ef1605b5d5d0..251b9c0a8e08 100644 --- a/secure/lib/libcrypto/man/RSA_set_method.3 +++ b/secure/lib/libcrypto/man/RSA_set_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_SET_METHOD 3" -.TH RSA_SET_METHOD 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH RSA_SET_METHOD 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -164,21 +168,21 @@ important information about how these \s-1RSA API\s0 functions are affected by t use of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. .PP Initially, the default \s-1RSA_METHOD\s0 is the OpenSSL internal implementation, -as returned by \fIRSA_PKCS1_OpenSSL()\fR. +as returned by \fBRSA_PKCS1_OpenSSL()\fR. .PP -\&\fIRSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1RSA\s0 +\&\fBRSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1RSA\s0 structures created later. \&\fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has been set as a default for \s-1RSA,\s0 so this function is no longer recommended. This function is not thread-safe and should not be called at the same time as other OpenSSL functions. .PP -\&\fIRSA_get_default_method()\fR returns a pointer to the current default +\&\fBRSA_get_default_method()\fR returns a pointer to the current default \&\s-1RSA_METHOD.\s0 However, the meaningfulness of this result is dependent on whether the \s-1ENGINE API\s0 is being used, so this function is no longer recommended. .PP -\&\fIRSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key +\&\fBRSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key \&\fBrsa\fR. This will replace the \s-1RSA_METHOD\s0 used by the \s-1RSA\s0 key and if the previous method was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will be released during the change. It is possible to have \s-1RSA\s0 keys that only @@ -187,23 +191,23 @@ that supports embedded hardware-protected keys), and in such cases attempting to change the \s-1RSA_METHOD\s0 for the key can have unexpected results. .PP -\&\fIRSA_get_method()\fR returns a pointer to the \s-1RSA_METHOD\s0 being used by \fBrsa\fR. +\&\fBRSA_get_method()\fR returns a pointer to the \s-1RSA_METHOD\s0 being used by \fBrsa\fR. This method may or may not be supplied by an \s-1ENGINE\s0 implementation, but if it is, the return value can only be guaranteed to be valid as long as the \&\s-1RSA\s0 key itself is valid and does not have its implementation changed by -\&\fIRSA_set_method()\fR. +\&\fBRSA_set_method()\fR. .PP -\&\fIRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current +\&\fBRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current \&\s-1RSA_METHOD.\s0 See the \s-1BUGS\s0 section. .PP -\&\fIRSA_new_method()\fR allocates and initializes an \s-1RSA\s0 structure so that +\&\fBRSA_new_method()\fR allocates and initializes an \s-1RSA\s0 structure so that \&\fBengine\fR will be used for the \s-1RSA\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the default \s-1ENGINE\s0 for \s-1RSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, -the \s-1RSA_METHOD\s0 controlled by \fIRSA_set_default_method()\fR is used. +the \s-1RSA_METHOD\s0 controlled by \fBRSA_set_default_method()\fR is used. .PP -\&\fIRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current method. +\&\fBRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current method. .PP -\&\fIRSA_new_method()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure so that +\&\fBRSA_new_method()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure so that \&\fBmethod\fR will be used for the \s-1RSA\s0 operations. If \fBmethod\fR is \fB\s-1NULL\s0\fR, the default method is used. .SH "THE RSA_METHOD STRUCTURE" @@ -267,39 +271,39 @@ the default method is used. .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRSA_PKCS1_OpenSSL()\fR, \fIRSA_PKCS1_null_method()\fR, \fIRSA_get_default_method()\fR -and \fIRSA_get_method()\fR return pointers to the respective RSA_METHODs. +\&\fBRSA_PKCS1_OpenSSL()\fR, \fBRSA_PKCS1_null_method()\fR, \fBRSA_get_default_method()\fR +and \fBRSA_get_method()\fR return pointers to the respective RSA_METHODs. .PP -\&\fIRSA_set_default_method()\fR returns no value. +\&\fBRSA_set_default_method()\fR returns no value. .PP -\&\fIRSA_set_method()\fR returns a pointer to the old \s-1RSA_METHOD\s0 implementation +\&\fBRSA_set_method()\fR returns a pointer to the old \s-1RSA_METHOD\s0 implementation that was replaced. However, this return value should probably be ignored because if it was supplied by an \s-1ENGINE,\s0 the pointer could be invalidated at any time if the \s-1ENGINE\s0 is unloaded (in fact it could be unloaded as a -result of the \fIRSA_set_method()\fR function releasing its handle to the +result of the \fBRSA_set_method()\fR function releasing its handle to the \&\s-1ENGINE\s0). For this reason, the return type may be replaced with a \fBvoid\fR declaration in a future release. .PP -\&\fIRSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained -by \fIERR_get_error\fR\|(3) if the allocation fails. Otherwise +\&\fBRSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained +by \fBERR_get_error\fR\|(3) if the allocation fails. Otherwise it returns a pointer to the newly allocated structure. .SH "BUGS" .IX Header "BUGS" -The behaviour of \fIRSA_flags()\fR is a mis-feature that is left as-is for now +The behaviour of \fBRSA_flags()\fR is a mis-feature that is left as-is for now to avoid creating compatibility problems. \s-1RSA\s0 functionality, such as the encryption functions, are controlled by the \fBflags\fR value in the \s-1RSA\s0 key itself, not by the \fBflags\fR value in the \s-1RSA_METHOD\s0 attached to the \s-1RSA\s0 key (which is what this function returns). If the flags element of an \s-1RSA\s0 key is changed, the changes will be honoured by \s-1RSA\s0 functionality but will not -be reflected in the return value of the \fIRSA_flags()\fR function \- in effect -\&\fIRSA_flags()\fR behaves more like an \fIRSA_default_flags()\fR function (which does +be reflected in the return value of the \fBRSA_flags()\fR function \- in effect +\&\fBRSA_flags()\fR behaves more like an \fBRSA_default_flags()\fR function (which does not currently exist). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIRSA_new\fR\|(3) +\&\fBRSA_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -The \fIRSA_null_method()\fR, which was a partial attempt to avoid patent issues, +The \fBRSA_null_method()\fR, which was a partial attempt to avoid patent issues, was replaced to always return \s-1NULL\s0 in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" diff --git a/secure/lib/libcrypto/man/RSA_sign.3 b/secure/lib/libcrypto/man/RSA_sign.3 index 763e92bd919c..4ac0725fef4d 100644 --- a/secure/lib/libcrypto/man/RSA_sign.3 +++ b/secure/lib/libcrypto/man/RSA_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_SIGN 3" -.TH RSA_SIGN 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH RSA_SIGN 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,13 +153,13 @@ RSA_sign, RSA_verify \- RSA signatures .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIRSA_sign()\fR signs the message digest \fBm\fR of size \fBm_len\fR using the +\&\fBRSA_sign()\fR signs the message digest \fBm\fR of size \fBm_len\fR using the private key \fBrsa\fR using RSASSA\-PKCS1\-v1_5 as specified in \s-1RFC 3447.\s0 It stores the signature in \fBsigret\fR and the signature size in \fBsiglen\fR. \&\fBsigret\fR must point to RSA_size(\fBrsa\fR) bytes of memory. Note that \s-1PKCS\s0 #1 adds meta-data, placing limits on the size of the key that can be used. -See \fIRSA_private_encrypt\fR\|(3) for lower-level +See \fBRSA_private_encrypt\fR\|(3) for lower-level operations. .PP \&\fBtype\fR denotes the message digest algorithm that was used to generate @@ -164,24 +168,24 @@ If \fBtype\fR is \fBNID_md5_sha1\fR, an \s-1SSL\s0 signature (\s-1MD5\s0 and \s-1SHA1\s0 message digests with \s-1PKCS\s0 #1 padding and no algorithm identifier) is created. .PP -\&\fIRSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR +\&\fBRSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR matches a given message digest \fBm\fR of size \fBm_len\fR. \fBtype\fR denotes the message digest algorithm that was used to generate the signature. \&\fBrsa\fR is the signer's public key. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRSA_sign()\fR returns 1 on success. -\&\fIRSA_verify()\fR returns 1 on successful verification. +\&\fBRSA_sign()\fR returns 1 on success. +\&\fBRSA_verify()\fR returns 1 on successful verification. .PP -The error codes can be obtained by \fIERR_get_error\fR\|(3). +The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1SSL, PKCS\s0 #1 v2.0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), -\&\fIRSA_private_encrypt\fR\|(3), -\&\fIRSA_public_decrypt\fR\|(3) +\&\fBERR_get_error\fR\|(3), +\&\fBRSA_private_encrypt\fR\|(3), +\&\fBRSA_public_decrypt\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 index c691ada572fb..a18a9e61647d 100644 --- a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 +++ b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_SIGN_ASN1_OCTET_STRING 3" -.TH RSA_SIGN_ASN1_OCTET_STRING 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH RSA_SIGN_ASN1_OCTET_STRING 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,7 +155,7 @@ RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING \- RSA signatures .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIRSA_sign_ASN1_OCTET_STRING()\fR signs the octet string \fBm\fR of size +\&\fBRSA_sign_ASN1_OCTET_STRING()\fR signs the octet string \fBm\fR of size \&\fBm_len\fR using the private key \fBrsa\fR represented in \s-1DER\s0 using \s-1PKCS\s0 #1 padding. It stores the signature in \fBsigret\fR and the signature size in \fBsiglen\fR. \fBsigret\fR must point to \fBRSA_size(rsa)\fR bytes of @@ -159,27 +163,27 @@ memory. .PP \&\fBdummy\fR is ignored. .PP -The random number generator must be seeded prior to calling \fIRSA_sign_ASN1_OCTET_STRING()\fR. +The random number generator must be seeded prior to calling \fBRSA_sign_ASN1_OCTET_STRING()\fR. .PP -\&\fIRSA_verify_ASN1_OCTET_STRING()\fR verifies that the signature \fBsigbuf\fR +\&\fBRSA_verify_ASN1_OCTET_STRING()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR is the \s-1DER\s0 representation of a given octet string \&\fBm\fR of size \fBm_len\fR. \fBdummy\fR is ignored. \fBrsa\fR is the signer's public key. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRSA_sign_ASN1_OCTET_STRING()\fR returns 1 on success, 0 otherwise. -\&\fIRSA_verify_ASN1_OCTET_STRING()\fR returns 1 on successful verification, 0 +\&\fBRSA_sign_ASN1_OCTET_STRING()\fR returns 1 on success, 0 otherwise. +\&\fBRSA_verify_ASN1_OCTET_STRING()\fR returns 1 on successful verification, 0 otherwise. .PP -The error codes can be obtained by \fIERR_get_error\fR\|(3). +The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "BUGS" .IX Header "BUGS" These functions serve no recognizable purpose. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), -\&\fIRAND_bytes\fR\|(3), \fIRSA_sign\fR\|(3), -\&\fIRSA_verify\fR\|(3) +\&\fBERR_get_error\fR\|(3), +\&\fBRAND_bytes\fR\|(3), \fBRSA_sign\fR\|(3), +\&\fBRSA_verify\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/RSA_size.3 b/secure/lib/libcrypto/man/RSA_size.3 index 5167e4cd7240..89b20f94cd7a 100644 --- a/secure/lib/libcrypto/man/RSA_size.3 +++ b/secure/lib/libcrypto/man/RSA_size.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_SIZE 3" -.TH RSA_SIZE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH RSA_SIZE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,29 +153,29 @@ RSA_size, RSA_bits, RSA_security_bits \- get RSA modulus size or security bits .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIRSA_size()\fR returns the \s-1RSA\s0 modulus size in bytes. It can be used to +\&\fBRSA_size()\fR returns the \s-1RSA\s0 modulus size in bytes. It can be used to determine how much memory must be allocated for an \s-1RSA\s0 encrypted value. .PP -\&\fIRSA_bits()\fR returns the number of significant bits. +\&\fBRSA_bits()\fR returns the number of significant bits. .PP \&\fBrsa\fR and \fBrsa\->n\fR must not be \fB\s-1NULL\s0\fR. .PP -\&\fIRSA_security_bits()\fR returns the number of security bits of the given \fBrsa\fR -key. See \fIBN_security_bits\fR\|(3). +\&\fBRSA_security_bits()\fR returns the number of security bits of the given \fBrsa\fR +key. See \fBBN_security_bits\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRSA_size()\fR returns the size of modulus in bytes. +\&\fBRSA_size()\fR returns the size of modulus in bytes. .PP -\&\fIDSA_bits()\fR returns the number of bits in the key. +\&\fBDSA_bits()\fR returns the number of bits in the key. .PP -\&\fIRSA_security_bits()\fR returns the number of security bits. +\&\fBRSA_security_bits()\fR returns the number of security bits. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIBN_num_bits\fR\|(3) +\&\fBBN_num_bits\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIRSA_bits()\fR was added in OpenSSL 1.1.0. +The \fBRSA_bits()\fR function was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SCT_new.3 b/secure/lib/libcrypto/man/SCT_new.3 index e5cf84c6cb47..7da6b1aaff77 100644 --- a/secure/lib/libcrypto/man/SCT_new.3 +++ b/secure/lib/libcrypto/man/SCT_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SCT_NEW 3" -.TH SCT_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SCT_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -205,37 +209,37 @@ record a certificate. By cryptographically verifying that a log did indeed issue an \s-1SCT,\s0 some confidence can be gained that the certificate is publicly known. .PP An internal representation of an \s-1SCT\s0 can be created in one of two ways. -The first option is to create a blank \s-1SCT,\s0 using \fISCT_new()\fR, and then populate +The first option is to create a blank \s-1SCT,\s0 using \fBSCT_new()\fR, and then populate it using: .IP "\(bu" 2 -\&\fISCT_set_version()\fR to set the \s-1SCT\s0 version. +\&\fBSCT_set_version()\fR to set the \s-1SCT\s0 version. .Sp Only \s-1SCT_VERSION_V1\s0 is currently supported. .IP "\(bu" 2 -\&\fISCT_set_log_entry_type()\fR to set the type of certificate the \s-1SCT\s0 was issued for: +\&\fBSCT_set_log_entry_type()\fR to set the type of certificate the \s-1SCT\s0 was issued for: .Sp \&\fB\s-1CT_LOG_ENTRY_TYPE_X509\s0\fR for a normal certificate. \&\fB\s-1CT_LOG_ENTRY_TYPE_PRECERT\s0\fR for a pre-certificate. .IP "\(bu" 2 -\&\fISCT_set0_log_id()\fR or \fISCT_set1_log_id()\fR to set the LogID of the \s-1CT\s0 log that the \s-1SCT\s0 came from. +\&\fBSCT_set0_log_id()\fR or \fBSCT_set1_log_id()\fR to set the LogID of the \s-1CT\s0 log that the \s-1SCT\s0 came from. .Sp The former takes ownership, whereas the latter makes a copy. See \s-1RFC 6962,\s0 Section 3.2 for the definition of LogID. .IP "\(bu" 2 -\&\fISCT_set_timestamp()\fR to set the time the \s-1SCT\s0 was issued (epoch time in milliseconds). +\&\fBSCT_set_timestamp()\fR to set the time the \s-1SCT\s0 was issued (epoch time in milliseconds). .IP "\(bu" 2 -\&\fISCT_set_signature_nid()\fR to set the \s-1NID\s0 of the signature. +\&\fBSCT_set_signature_nid()\fR to set the \s-1NID\s0 of the signature. .IP "\(bu" 2 -\&\fISCT_set0_signature()\fR or \fISCT_set1_signature()\fR to set the raw signature value. +\&\fBSCT_set0_signature()\fR or \fBSCT_set1_signature()\fR to set the raw signature value. .Sp The former takes ownership, whereas the latter makes a copy. .IP "\(bu" 2 -\&\fISCT_set0_extensions()\fR or \fBSCT_set1_extensions\fR to provide \s-1SCT\s0 extensions. +\&\fBSCT_set0_extensions()\fR or \fBSCT_set1_extensions\fR to provide \s-1SCT\s0 extensions. .Sp The former takes ownership, whereas the latter makes a copy. .PP Alternatively, the \s-1SCT\s0 can be pre-populated from the following data using -\&\fISCT_new_from_base64()\fR: +\&\fBSCT_new_from_base64()\fR: .IP "\(bu" 2 The \s-1SCT\s0 version (only \s-1SCT_VERSION_V1\s0 is currently supported). .IP "\(bu" 2 @@ -251,7 +255,7 @@ The \s-1SCT\s0 extensions, base64 encoded. .IP "\(bu" 2 The \s-1SCT\s0 signature, base64 encoded. .PP -\&\fISCT_set_source()\fR can be used to record where the \s-1SCT\s0 was found +\&\fBSCT_set_source()\fR can be used to record where the \s-1SCT\s0 was found (\s-1TLS\s0 extension, X.509 certificate extension or \s-1OCSP\s0 response). This is not required for verifying the \s-1SCT.\s0 .SH "NOTES" @@ -260,21 +264,21 @@ Some of the setters return int, instead of void. These will all return 1 on success, 0 on failure. They will not make changes on failure. .PP All of the setters will reset the validation status of the \s-1SCT\s0 to -\&\s-1SCT_VALIDATION_STATUS_NOT_SET\s0 (see \fISCT_validate\fR\|(3)). +\&\s-1SCT_VALIDATION_STATUS_NOT_SET\s0 (see \fBSCT_validate\fR\|(3)). .PP -\&\fISCT_set_source()\fR will call \fISCT_set_log_entry_type()\fR if the type of +\&\fBSCT_set_source()\fR will call \fBSCT_set_log_entry_type()\fR if the type of certificate the \s-1SCT\s0 was issued for can be inferred from where the \s-1SCT\s0 was found. For example, an \s-1SCT\s0 found in an X.509 extension must have been issued for a pre\- certificate. .PP -\&\fISCT_set_source()\fR will not refuse unknown values. +\&\fBSCT_set_source()\fR will not refuse unknown values. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISCT_set_version()\fR returns 1 if the specified version is supported, 0 otherwise. +\&\fBSCT_set_version()\fR returns 1 if the specified version is supported, 0 otherwise. .PP -\&\fISCT_set_log_entry_type()\fR returns 1 if the specified log entry type is supported, 0 otherwise. +\&\fBSCT_set_log_entry_type()\fR returns 1 if the specified log entry type is supported, 0 otherwise. .PP -\&\fISCT_set0_log_id()\fR and \fBSCT_set1_log_id\fR return 1 if the specified LogID is a +\&\fBSCT_set0_log_id()\fR and \fBSCT_set1_log_id\fR return 1 if the specified LogID is a valid \s-1SHA\-256\s0 hash, 0 otherwise. Additionally, \fBSCT_set1_log_id\fR returns 0 if malloc fails. .PP @@ -286,9 +290,9 @@ is copied successfully, 0 otherwise (i.e. if malloc fails). \&\fBSCT_set_source\fR returns 1 on success, 0 otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIct\fR\|(7), -\&\fISCT_validate\fR\|(3), -\&\fIOBJ_nid2obj\fR\|(3) +\&\fBct\fR\|(7), +\&\fBSCT_validate\fR\|(3), +\&\fBOBJ_nid2obj\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.1.0. diff --git a/secure/lib/libcrypto/man/SCT_print.3 b/secure/lib/libcrypto/man/SCT_print.3 index 9dbd759b9d6d..d60d48c2ed8f 100644 --- a/secure/lib/libcrypto/man/SCT_print.3 +++ b/secure/lib/libcrypto/man/SCT_print.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SCT_PRINT 3" -.TH SCT_PRINT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SCT_PRINT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,8 +152,8 @@ SCT_print, SCT_LIST_print, SCT_validation_status_string \- Prints Signed Certifi .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISCT_print()\fR prints a single Signed Certificate Timestamp (\s-1SCT\s0) to a bio in -a human-readable format. \fISCT_LIST_print()\fR prints an entire list of SCTs in a +\&\fBSCT_print()\fR prints a single Signed Certificate Timestamp (\s-1SCT\s0) to a bio in +a human-readable format. \fBSCT_LIST_print()\fR prints an entire list of SCTs in a similar way. A separator can be specified to delimit each \s-1SCT\s0 in the output. .PP The output can be indented by a specified number of spaces. If a \fB\s-1CTLOG_STORE\s0\fR @@ -157,19 +161,19 @@ is provided, it will be used to print the description of the \s-1CT\s0 log that each \s-1SCT\s0 (if that log is in the \s-1CTLOG_STORE\s0). Alternatively, \s-1NULL\s0 can be passed as the \s-1CTLOG_STORE\s0 parameter to disable this feature. .PP -\&\fISCT_validation_status_string()\fR will return the validation status of an \s-1SCT\s0 as -a human-readable string. Call \fISCT_validate()\fR or \fISCT_LIST_validate()\fR +\&\fBSCT_validation_status_string()\fR will return the validation status of an \s-1SCT\s0 as +a human-readable string. Call \fBSCT_validate()\fR or \fBSCT_LIST_validate()\fR beforehand in order to set the validation status of an \s-1SCT\s0 first. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISCT_validation_status_string()\fR returns a null-terminated string representing +\&\fBSCT_validation_status_string()\fR returns a null-terminated string representing the validation status of an \fB\s-1SCT\s0\fR object. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIct\fR\|(7), -\&\fIbio\fR\|(7), -\&\fICTLOG_STORE_new\fR\|(3), -\&\fISCT_validate\fR\|(3) +\&\fBct\fR\|(7), +\&\fBbio\fR\|(7), +\&\fBCTLOG_STORE_new\fR\|(3), +\&\fBSCT_validate\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.1.0. diff --git a/secure/lib/libcrypto/man/SCT_validate.3 b/secure/lib/libcrypto/man/SCT_validate.3 index 41496d14010a..e1ca9e683157 100644 --- a/secure/lib/libcrypto/man/SCT_validate.3 +++ b/secure/lib/libcrypto/man/SCT_validate.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SCT_VALIDATE 3" -.TH SCT_VALIDATE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SCT_VALIDATE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,10 +160,10 @@ SCT_validate, SCT_LIST_validate, SCT_get_validation_status \- checks Signed Cert .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISCT_validate()\fR will check that an \s-1SCT\s0 is valid and verify its signature. -\&\fISCT_LIST_validate()\fR performs the same checks on an entire stack of SCTs. +\&\fBSCT_validate()\fR will check that an \s-1SCT\s0 is valid and verify its signature. +\&\fBSCT_LIST_validate()\fR performs the same checks on an entire stack of SCTs. The result of the validation checks can be obtained by passing the \s-1SCT\s0 to -\&\fISCT_get_validation_status()\fR. +\&\fBSCT_get_validation_status()\fR. .PP A \s-1CT_POLICY_EVAL_CTX\s0 must be provided that specifies: .IP "\(bu" 2 @@ -189,23 +193,23 @@ status will be \s-1SCT_VALIDATION_STATUS_INVALID.\s0 If all checks pass, the validation status will be \s-1SCT_VALIDATION_STATUS_VALID.\s0 .SH "NOTES" .IX Header "NOTES" -A return value of 0 from \fISCT_LIST_validate()\fR should not be interpreted as a +A return value of 0 from \fBSCT_LIST_validate()\fR should not be interpreted as a failure. At a minimum, only one valid \s-1SCT\s0 may provide sufficient confidence that a certificate has been publicly logged. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISCT_validate()\fR returns a negative integer if an internal error occurs, 0 if the +\&\fBSCT_validate()\fR returns a negative integer if an internal error occurs, 0 if the \&\s-1SCT\s0 fails validation, or 1 if the \s-1SCT\s0 passes validation. .PP -\&\fISCT_LIST_validate()\fR returns a negative integer if an internal error occurs, 0 +\&\fBSCT_LIST_validate()\fR returns a negative integer if an internal error occurs, 0 if any of SCTs fails validation, or 1 if they all pass validation. .PP -\&\fISCT_get_validation_status()\fR returns the validation status of the \s-1SCT.\s0 -If \fISCT_validate()\fR or \fISCT_LIST_validate()\fR have not been passed that \s-1SCT,\s0 the +\&\fBSCT_get_validation_status()\fR returns the validation status of the \s-1SCT.\s0 +If \fBSCT_validate()\fR or \fBSCT_LIST_validate()\fR have not been passed that \s-1SCT,\s0 the returned value will be \s-1SCT_VALIDATION_STATUS_NOT_SET.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIct\fR\|(7) +\&\fBct\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.1.0. diff --git a/secure/lib/libcrypto/man/SHA256_Init.3 b/secure/lib/libcrypto/man/SHA256_Init.3 index bf295354d499..b2927dafbc10 100644 --- a/secure/lib/libcrypto/man/SHA256_Init.3 +++ b/secure/lib/libcrypto/man/SHA256_Init.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SHA256_INIT 3" -.TH SHA256_INIT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SHA256_INIT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -174,13 +178,13 @@ SHA1, SHA1_Init, SHA1_Update, SHA1_Final, SHA224, SHA224_Init, SHA224_Update, SH .SH "DESCRIPTION" .IX Header "DESCRIPTION" Applications should use the higher level functions -\&\fIEVP_DigestInit\fR\|(3) etc. instead of calling the hash +\&\fBEVP_DigestInit\fR\|(3) etc. instead of calling the hash functions directly. .PP \&\s-1SHA\-1\s0 (Secure Hash Algorithm) is a cryptographic hash function with a 160 bit output. .PP -\&\s-1\fISHA1\s0()\fR computes the \s-1SHA\-1\s0 message digest of the \fBn\fR +\&\s-1\fBSHA1\s0()\fR computes the \s-1SHA\-1\s0 message digest of the \fBn\fR bytes at \fBd\fR and places it in \fBmd\fR (which must have space for \&\s-1SHA_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static array. Note: setting \fBmd\fR to \s-1NULL\s0 is \fBnot thread safe\fR. @@ -188,12 +192,12 @@ is placed in a static array. Note: setting \fBmd\fR to \s-1NULL\s0 is \fBnot thr The following functions may be used if the message is not completely stored in memory: .PP -\&\fISHA1_Init()\fR initializes a \fB\s-1SHA_CTX\s0\fR structure. +\&\fBSHA1_Init()\fR initializes a \fB\s-1SHA_CTX\s0\fR structure. .PP -\&\fISHA1_Update()\fR can be called repeatedly with chunks of the message to +\&\fBSHA1_Update()\fR can be called repeatedly with chunks of the message to be hashed (\fBlen\fR bytes at \fBdata\fR). .PP -\&\fISHA1_Final()\fR places the message digest in \fBmd\fR, which must have space +\&\fBSHA1_Final()\fR places the message digest in \fBmd\fR, which must have space for \s-1SHA_DIGEST_LENGTH\s0 == 20 bytes of output, and erases the \fB\s-1SHA_CTX\s0\fR. .PP The \s-1SHA224, SHA256, SHA384\s0 and \s-1SHA512\s0 families of functions operate in the @@ -201,18 +205,18 @@ same way as for the \s-1SHA1\s0 functions. Note that \s-1SHA224\s0 and \s-1SHA25 \&\fB\s-1SHA256_CTX\s0\fR object instead of \fB\s-1SHA_CTX\s0\fR. \s-1SHA384\s0 and \s-1SHA512\s0 use \fB\s-1SHA512_CTX\s0\fR. The buffer \fBmd\fR must have space for the output from the \s-1SHA\s0 variant being used (defined by \s-1SHA224_DIGEST_LENGTH, SHA256_DIGEST_LENGTH, SHA384_DIGEST_LENGTH\s0 and -\&\s-1SHA512_DIGEST_LENGTH\s0). Also note that, as for the \s-1\fISHA1\s0()\fR function above, the -\&\s-1\fISHA224\s0()\fR, \s-1\fISHA256\s0()\fR, \s-1\fISHA384\s0()\fR and \s-1\fISHA512\s0()\fR functions are not thread safe if +\&\s-1SHA512_DIGEST_LENGTH\s0). Also note that, as for the \s-1\fBSHA1\s0()\fR function above, the +\&\s-1\fBSHA224\s0()\fR, \s-1\fBSHA256\s0()\fR, \s-1\fBSHA384\s0()\fR and \s-1\fBSHA512\s0()\fR functions are not thread safe if \&\fBmd\fR is \s-1NULL.\s0 .PP The predecessor of \s-1SHA\-1, SHA,\s0 is also implemented, but it should be used only when backward compatibility is required. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\s-1\fISHA1\s0()\fR, \s-1\fISHA224\s0()\fR, \s-1\fISHA256\s0()\fR, \s-1\fISHA384\s0()\fR and \s-1\fISHA512\s0()\fR return a pointer to the hash +\&\s-1\fBSHA1\s0()\fR, \s-1\fBSHA224\s0()\fR, \s-1\fBSHA256\s0()\fR, \s-1\fBSHA384\s0()\fR and \s-1\fBSHA512\s0()\fR return a pointer to the hash value. .PP -\&\fISHA1_Init()\fR, \fISHA1_Update()\fR and \fISHA1_Final()\fR and equivalent \s-1SHA224, SHA256, +\&\fBSHA1_Init()\fR, \fBSHA1_Update()\fR and \fBSHA1_Final()\fR and equivalent \s-1SHA224, SHA256, SHA384\s0 and \s-1SHA512\s0 functions return 1 for success, 0 otherwise. .SH "CONFORMING TO" .IX Header "CONFORMING TO" @@ -221,7 +225,7 @@ Standard), \&\s-1ANSI X9.30\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_DigestInit\fR\|(3) +\&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SMIME_read_CMS.3 b/secure/lib/libcrypto/man/SMIME_read_CMS.3 index 83184937f4c1..9c29d540cdd4 100644 --- a/secure/lib/libcrypto/man/SMIME_read_CMS.3 +++ b/secure/lib/libcrypto/man/SMIME_read_CMS.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_READ_CMS 3" -.TH SMIME_READ_CMS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SMIME_READ_CMS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,7 +149,7 @@ SMIME_read_CMS \- parse S/MIME message .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISMIME_read_CMS()\fR parses a message in S/MIME format. +\&\fBSMIME_read_CMS()\fR parses a message in S/MIME format. .PP \&\fBin\fR is a \s-1BIO\s0 to read the message from. .PP @@ -157,10 +161,10 @@ error occurred. .SH "NOTES" .IX Header "NOTES" If \fB*bcont\fR is not \s-1NULL\s0 then the message is clear text signed. \fB*bcont\fR can -then be passed to \fICMS_verify()\fR with the \fB\s-1CMS_DETACHED\s0\fR flag set. +then be passed to \fBCMS_verify()\fR with the \fB\s-1CMS_DETACHED\s0\fR flag set. .PP Otherwise the type of the returned structure can be determined -using \fICMS_get0_type()\fR. +using \fBCMS_get0_type()\fR. .PP To support future functionality if \fBbcont\fR is not \s-1NULL\s0 \fB*bcont\fR should be initialized to \s-1NULL.\s0 For example: @@ -173,7 +177,7 @@ initialized to \s-1NULL.\s0 For example: .Ve .SH "BUGS" .IX Header "BUGS" -The \s-1MIME\s0 parser used by \fISMIME_read_CMS()\fR is somewhat primitive. While it will +The \s-1MIME\s0 parser used by \fBSMIME_read_CMS()\fR is somewhat primitive. While it will handle most S/MIME messages more complex compound formats may not work. .PP The parser assumes that the CMS_ContentInfo structure is always base64 encoded @@ -185,14 +189,14 @@ which can be processed due to memory restraints: a streaming single pass option should be available. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISMIME_read_CMS()\fR returns a valid \fBCMS_ContentInfo\fR structure or \fB\s-1NULL\s0\fR -if an error occurred. The error can be obtained from \fIERR_get_error\fR\|(3). +\&\fBSMIME_read_CMS()\fR returns a valid \fBCMS_ContentInfo\fR structure or \fB\s-1NULL\s0\fR +if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fICMS_type\fR\|(3), -\&\fISMIME_read_CMS\fR\|(3), \fICMS_sign\fR\|(3), -\&\fICMS_verify\fR\|(3), \fICMS_encrypt\fR\|(3), -\&\fICMS_decrypt\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBCMS_type\fR\|(3), +\&\fBSMIME_read_CMS\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_verify\fR\|(3), \fBCMS_encrypt\fR\|(3), +\&\fBCMS_decrypt\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 index 013289bb6f81..41eafc1d201e 100644 --- a/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 +++ b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_READ_PKCS7 3" -.TH SMIME_READ_PKCS7 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SMIME_READ_PKCS7 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,7 +149,7 @@ SMIME_read_PKCS7 \- parse S/MIME message .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISMIME_read_PKCS7()\fR parses a message in S/MIME format. +\&\fBSMIME_read_PKCS7()\fR parses a message in S/MIME format. .PP \&\fBin\fR is a \s-1BIO\s0 to read the message from. .PP @@ -158,11 +162,11 @@ error occurred. .SH "NOTES" .IX Header "NOTES" If \fB*bcont\fR is not \fB\s-1NULL\s0\fR then the message is clear text -signed. \fB*bcont\fR can then be passed to \fIPKCS7_verify()\fR with +signed. \fB*bcont\fR can then be passed to \fBPKCS7_verify()\fR with the \fB\s-1PKCS7_DETACHED\s0\fR flag set. .PP Otherwise the type of the returned structure can be determined -using \fIPKCS7_type_is_enveloped()\fR, etc. +using \fBPKCS7_type_is_enveloped()\fR, etc. .PP To support future functionality if \fBbcont\fR is not \fB\s-1NULL\s0\fR \&\fB*bcont\fR should be initialized to \fB\s-1NULL\s0\fR. For example: @@ -175,7 +179,7 @@ To support future functionality if \fBbcont\fR is not \fB\s-1NULL\s0\fR .Ve .SH "BUGS" .IX Header "BUGS" -The \s-1MIME\s0 parser used by \fISMIME_read_PKCS7()\fR is somewhat primitive. +The \s-1MIME\s0 parser used by \fBSMIME_read_PKCS7()\fR is somewhat primitive. While it will handle most S/MIME messages more complex compound formats may not work. .PP @@ -188,14 +192,14 @@ of message which can be processed due to memory restraints: a streaming single pass option should be available. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISMIME_read_PKCS7()\fR returns a valid \fB\s-1PKCS7\s0\fR structure or \fB\s-1NULL\s0\fR -if an error occurred. The error can be obtained from \fIERR_get_error\fR\|(3). +\&\fBSMIME_read_PKCS7()\fR returns a valid \fB\s-1PKCS7\s0\fR structure or \fB\s-1NULL\s0\fR +if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), -\&\fISMIME_read_PKCS7\fR\|(3), \fIPKCS7_sign\fR\|(3), -\&\fIPKCS7_verify\fR\|(3), \fIPKCS7_encrypt\fR\|(3) -\&\fIPKCS7_decrypt\fR\|(3) +\&\fBERR_get_error\fR\|(3), +\&\fBSMIME_read_PKCS7\fR\|(3), \fBPKCS7_sign\fR\|(3), +\&\fBPKCS7_verify\fR\|(3), \fBPKCS7_encrypt\fR\|(3) +\&\fBPKCS7_decrypt\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SMIME_write_CMS.3 b/secure/lib/libcrypto/man/SMIME_write_CMS.3 index 49e124a9d0d1..20626c337bee 100644 --- a/secure/lib/libcrypto/man/SMIME_write_CMS.3 +++ b/secure/lib/libcrypto/man/SMIME_write_CMS.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_WRITE_CMS 3" -.TH SMIME_WRITE_CMS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SMIME_WRITE_CMS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,7 +149,7 @@ SMIME_write_CMS \- convert CMS structure to S/MIME format .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISMIME_write_CMS()\fR adds the appropriate \s-1MIME\s0 headers to a \s-1CMS\s0 +\&\fBSMIME_write_CMS()\fR adds the appropriate \s-1MIME\s0 headers to a \s-1CMS\s0 structure to produce an S/MIME message. .PP \&\fBout\fR is the \s-1BIO\s0 to write the data to. \fBcms\fR is the appropriate @@ -156,7 +160,7 @@ supplied in the \fBdata\fR argument. \fBflags\fR is an optional set of flags. The following flags can be passed in the \fBflags\fR parameter. .PP If \fB\s-1CMS_DETACHED\s0\fR is set then cleartext signing will be used, this option only -makes sense for SignedData where \fB\s-1CMS_DETACHED\s0\fR is also set when \fICMS_sign()\fR is +makes sense for SignedData where \fB\s-1CMS_DETACHED\s0\fR is also set when \fBCMS_sign()\fR is called. .PP If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are added to @@ -167,7 +171,7 @@ be set if \fB\s-1CMS_STREAM\s0\fR was also set in the previous call to a CMS_Con creation function. .PP If cleartext signing is being used and \fB\s-1CMS_STREAM\s0\fR not set then the data must -be read twice: once to compute the signature in \fICMS_sign()\fR and once to output +be read twice: once to compute the signature in \fBCMS_sign()\fR and once to output the S/MIME message. .PP If streaming is performed the content is output in \s-1BER\s0 format using indefinite @@ -175,16 +179,16 @@ length constructed encoding except in the case of signed data with detached content where the content is absent and \s-1DER\s0 format is used. .SH "BUGS" .IX Header "BUGS" -\&\fISMIME_write_CMS()\fR always base64 encodes \s-1CMS\s0 structures, there should be an +\&\fBSMIME_write_CMS()\fR always base64 encodes \s-1CMS\s0 structures, there should be an option to disable this. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISMIME_write_CMS()\fR returns 1 for success or 0 for failure. +\&\fBSMIME_write_CMS()\fR returns 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), -\&\fICMS_verify\fR\|(3), \fICMS_encrypt\fR\|(3) -\&\fICMS_decrypt\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_verify\fR\|(3), \fBCMS_encrypt\fR\|(3) +\&\fBCMS_decrypt\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 index 7a843bc61223..f61130d982d7 100644 --- a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 +++ b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_WRITE_PKCS7 3" -.TH SMIME_WRITE_PKCS7 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SMIME_WRITE_PKCS7 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,7 +149,7 @@ SMIME_write_PKCS7 \- convert PKCS#7 structure to S/MIME format .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISMIME_write_PKCS7()\fR adds the appropriate \s-1MIME\s0 headers to a PKCS#7 +\&\fBSMIME_write_PKCS7()\fR adds the appropriate \s-1MIME\s0 headers to a PKCS#7 structure to produce an S/MIME message. .PP \&\fBout\fR is the \s-1BIO\s0 to write the data to. \fBp7\fR is the appropriate \fB\s-1PKCS7\s0\fR @@ -157,7 +161,7 @@ The following flags can be passed in the \fBflags\fR parameter. .PP If \fB\s-1PKCS7_DETACHED\s0\fR is set then cleartext signing will be used, this option only makes sense for signedData where \fB\s-1PKCS7_DETACHED\s0\fR -is also set when \fIPKCS7_sign()\fR is also called. +is also set when \fBPKCS7_sign()\fR is also called. .PP If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are added to the content, this only makes sense if \fB\s-1PKCS7_DETACHED\s0\fR @@ -165,10 +169,10 @@ is also set. .PP If the \fB\s-1PKCS7_STREAM\s0\fR flag is set streaming is performed. This flag should only be set if \fB\s-1PKCS7_STREAM\s0\fR was also set in the previous call to -\&\fIPKCS7_sign()\fR or \fIPKCS7_encrypt()\fR. +\&\fBPKCS7_sign()\fR or \fBPKCS7_encrypt()\fR. .PP If cleartext signing is being used and \fB\s-1PKCS7_STREAM\s0\fR not set then -the data must be read twice: once to compute the signature in \fIPKCS7_sign()\fR +the data must be read twice: once to compute the signature in \fBPKCS7_sign()\fR and once to output the S/MIME message. .PP If streaming is performed the content is output in \s-1BER\s0 format using indefinite @@ -176,16 +180,16 @@ length constructed encoding except in the case of signed data with detached content where the content is absent and \s-1DER\s0 format is used. .SH "BUGS" .IX Header "BUGS" -\&\fISMIME_write_PKCS7()\fR always base64 encodes PKCS#7 structures, there +\&\fBSMIME_write_PKCS7()\fR always base64 encodes PKCS#7 structures, there should be an option to disable this. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISMIME_write_PKCS7()\fR returns 1 for success or 0 for failure. +\&\fBSMIME_write_PKCS7()\fR returns 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3), -\&\fIPKCS7_verify\fR\|(3), \fIPKCS7_encrypt\fR\|(3) -\&\fIPKCS7_decrypt\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3), +\&\fBPKCS7_verify\fR\|(3), \fBPKCS7_encrypt\fR\|(3) +\&\fBPKCS7_decrypt\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3 b/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3 index 90a95a070d35..87440930538c 100644 --- a/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3 +++ b/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CIPHER_GET_NAME 3" -.TH SSL_CIPHER_GET_NAME 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CIPHER_GET_NAME 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -159,38 +163,38 @@ SSL_CIPHER_get_name, SSL_CIPHER_standard_name, OPENSSL_cipher_name, SSL_CIPHER_g .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CIPHER_get_name()\fR returns a pointer to the name of \fBcipher\fR. If the +\&\fBSSL_CIPHER_get_name()\fR returns a pointer to the name of \fBcipher\fR. If the \&\fBcipher\fR is \s-1NULL,\s0 it returns \*(L"(\s-1NONE\s0)\*(R". .PP -\&\fISSL_CIPHER_standard_name()\fR returns a pointer to the standard \s-1RFC\s0 name of +\&\fBSSL_CIPHER_standard_name()\fR returns a pointer to the standard \s-1RFC\s0 name of \&\fBcipher\fR. If the \fBcipher\fR is \s-1NULL,\s0 it returns \*(L"(\s-1NONE\s0)\*(R". If the \fBcipher\fR has no standard name, it returns \fB\s-1NULL\s0\fR. If \fBcipher\fR was defined in both SSLv3 and \s-1TLS,\s0 it returns the \s-1TLS\s0 name. .PP -\&\fIOPENSSL_cipher_name()\fR returns a pointer to the OpenSSL name of \fBstdname\fR. +\&\fBOPENSSL_cipher_name()\fR returns a pointer to the OpenSSL name of \fBstdname\fR. If the \fBstdname\fR is \s-1NULL,\s0 or \fBstdname\fR has no corresponding OpenSSL name, it returns \*(L"(\s-1NONE\s0)\*(R". Where both exist, \fBstdname\fR should be the \s-1TLS\s0 name rather than the SSLv3 name. .PP -\&\fISSL_CIPHER_get_bits()\fR returns the number of secret bits used for \fBcipher\fR. +\&\fBSSL_CIPHER_get_bits()\fR returns the number of secret bits used for \fBcipher\fR. If \fBcipher\fR is \s-1NULL, 0\s0 is returned. .PP -\&\fISSL_CIPHER_get_version()\fR returns string which indicates the \s-1SSL/TLS\s0 protocol +\&\fBSSL_CIPHER_get_version()\fR returns string which indicates the \s-1SSL/TLS\s0 protocol version that first defined the cipher. It returns \*(L"(\s-1NONE\s0)\*(R" if \fBcipher\fR is \s-1NULL.\s0 .PP -\&\fISSL_CIPHER_get_cipher_nid()\fR returns the cipher \s-1NID\s0 corresponding to \fBc\fR. +\&\fBSSL_CIPHER_get_cipher_nid()\fR returns the cipher \s-1NID\s0 corresponding to \fBc\fR. If there is no cipher (e.g. for cipher suites with no encryption) then \&\fBNID_undef\fR is returned. .PP -\&\fISSL_CIPHER_get_digest_nid()\fR returns the digest \s-1NID\s0 corresponding to the \s-1MAC\s0 +\&\fBSSL_CIPHER_get_digest_nid()\fR returns the digest \s-1NID\s0 corresponding to the \s-1MAC\s0 used by \fBc\fR during record encryption/decryption. If there is no digest (e.g. for \s-1AEAD\s0 cipher suites) then \fBNID_undef\fR is returned. .PP -\&\fISSL_CIPHER_get_handshake_digest()\fR returns an \s-1EVP_MD\s0 for the digest used during +\&\fBSSL_CIPHER_get_handshake_digest()\fR returns an \s-1EVP_MD\s0 for the digest used during the \s-1SSL/TLS\s0 handshake when using the \s-1SSL_CIPHER\s0 \fBc\fR. Note that this may be different to the digest used to calculate the \s-1MAC\s0 for encrypted records. .PP -\&\fISSL_CIPHER_get_kx_nid()\fR returns the key exchange \s-1NID\s0 corresponding to the method +\&\fBSSL_CIPHER_get_kx_nid()\fR returns the key exchange \s-1NID\s0 corresponding to the method used by \fBc\fR. If there is no key exchange, then \fBNID_undef\fR is returned. If any appropriate key exchange algorithm can be used (as in the case of \s-1TLS 1.3\s0 cipher suites) \fBNID_kx_any\fR is returned. Examples (not comprehensive): @@ -202,7 +206,7 @@ cipher suites) \fBNID_kx_any\fR is returned. Examples (not comprehensive): \& NID_kx_psk .Ve .PP -\&\fISSL_CIPHER_get_auth_nid()\fR returns the authentication \s-1NID\s0 corresponding to the method +\&\fBSSL_CIPHER_get_auth_nid()\fR returns the authentication \s-1NID\s0 corresponding to the method used by \fBc\fR. If there is no authentication, then \fBNID_undef\fR is returned. If any appropriate authentication algorithm can be used (as in the case of \&\s-1TLS 1.3\s0 cipher suites) \fBNID_auth_any\fR is returned. Examples (not comprehensive): @@ -213,29 +217,29 @@ If any appropriate authentication algorithm can be used (as in the case of \& NID_auth_psk .Ve .PP -\&\fISSL_CIPHER_is_aead()\fR returns 1 if the cipher \fBc\fR is \s-1AEAD\s0 (e.g. \s-1GCM\s0 or +\&\fBSSL_CIPHER_is_aead()\fR returns 1 if the cipher \fBc\fR is \s-1AEAD\s0 (e.g. \s-1GCM\s0 or ChaCha20/Poly1305), and 0 if it is not \s-1AEAD.\s0 .PP -\&\fISSL_CIPHER_find()\fR returns a \fB\s-1SSL_CIPHER\s0\fR structure which has the cipher \s-1ID\s0 stored +\&\fBSSL_CIPHER_find()\fR returns a \fB\s-1SSL_CIPHER\s0\fR structure which has the cipher \s-1ID\s0 stored in \fBptr\fR. The \fBptr\fR parameter is a two element array of \fBchar\fR, which stores the two-byte \s-1TLS\s0 cipher \s-1ID\s0 (as allocated by \s-1IANA\s0) in network byte order. This parameter is usually retrieved from a \s-1TLS\s0 packet by using functions like -\&\fISSL_client_hello_get0_ciphers\fR\|(3). \fISSL_CIPHER_find()\fR returns \s-1NULL\s0 if an +\&\fBSSL_client_hello_get0_ciphers\fR\|(3). \fBSSL_CIPHER_find()\fR returns \s-1NULL\s0 if an error occurs or the indicated cipher is not found. .PP -\&\fISSL_CIPHER_get_id()\fR returns the OpenSSL-specific \s-1ID\s0 of the given cipher \fBc\fR. That \s-1ID\s0 is +\&\fBSSL_CIPHER_get_id()\fR returns the OpenSSL-specific \s-1ID\s0 of the given cipher \fBc\fR. That \s-1ID\s0 is not the same as the IANA-specific \s-1ID.\s0 .PP -\&\fISSL_CIPHER_get_protocol_id()\fR returns the two-byte \s-1ID\s0 used in the \s-1TLS\s0 protocol of the given +\&\fBSSL_CIPHER_get_protocol_id()\fR returns the two-byte \s-1ID\s0 used in the \s-1TLS\s0 protocol of the given cipher \fBc\fR. .PP -\&\fISSL_CIPHER_description()\fR returns a textual description of the cipher used +\&\fBSSL_CIPHER_description()\fR returns a textual description of the cipher used into the buffer \fBbuf\fR of length \fBlen\fR provided. If \fBbuf\fR is provided, it must be at least 128 bytes, otherwise a buffer will be allocated using -\&\fIOPENSSL_malloc()\fR. If the provided buffer is too small, or the allocation fails, +\&\fBOPENSSL_malloc()\fR. If the provided buffer is too small, or the allocation fails, \&\fB\s-1NULL\s0\fR is returned. .PP -The string returned by \fISSL_CIPHER_description()\fR consists of several fields +The string returned by \fBSSL_CIPHER_description()\fR consists of several fields separated by whitespace: .IP "<ciphername>" 4 .IX Item "<ciphername>" @@ -257,7 +261,7 @@ Encryption method, with number of secret bits, such as \fB\s-1AESGCM\s0(128)\fR. .IX Item "Mac=<message authentication code>" Message digest, such as \fB\s-1SHA256\s0\fR. .PP -Some examples for the output of \fISSL_CIPHER_description()\fR: +Some examples for the output of \fBSSL_CIPHER_description()\fR: .PP .Vb 2 \& ECDHE\-RSA\-AES256\-GCM\-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD @@ -265,49 +269,49 @@ Some examples for the output of \fISSL_CIPHER_description()\fR: .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CIPHER_get_name()\fR, \fISSL_CIPHER_standard_name()\fR, \fIOPENSSL_cipher_name()\fR, -\&\fISSL_CIPHER_get_version()\fR and \fISSL_CIPHER_description()\fR return the corresponding +\&\fBSSL_CIPHER_get_name()\fR, \fBSSL_CIPHER_standard_name()\fR, \fBOPENSSL_cipher_name()\fR, +\&\fBSSL_CIPHER_get_version()\fR and \fBSSL_CIPHER_description()\fR return the corresponding value in a null-terminated string for a specific cipher or \*(L"(\s-1NONE\s0)\*(R" if the cipher is not found. .PP -\&\fISSL_CIPHER_get_bits()\fR returns a positive integer representing the number of +\&\fBSSL_CIPHER_get_bits()\fR returns a positive integer representing the number of secret bits or 0 if an error occurred. .PP -\&\fISSL_CIPHER_get_cipher_nid()\fR, \fISSL_CIPHER_get_digest_nid()\fR, -\&\fISSL_CIPHER_get_kx_nid()\fR and \fISSL_CIPHER_get_auth_nid()\fR return the \s-1NID\s0 value or +\&\fBSSL_CIPHER_get_cipher_nid()\fR, \fBSSL_CIPHER_get_digest_nid()\fR, +\&\fBSSL_CIPHER_get_kx_nid()\fR and \fBSSL_CIPHER_get_auth_nid()\fR return the \s-1NID\s0 value or \&\fBNID_undef\fR if an error occurred. .PP -\&\fISSL_CIPHER_get_handshake_digest()\fR returns a valid \fB\s-1EVP_MD\s0\fR structure or \s-1NULL\s0 +\&\fBSSL_CIPHER_get_handshake_digest()\fR returns a valid \fB\s-1EVP_MD\s0\fR structure or \s-1NULL\s0 if an error occurred. .PP -\&\fISSL_CIPHER_is_aead()\fR returns 1 if the cipher is \s-1AEAD\s0 or 0 otherwise. +\&\fBSSL_CIPHER_is_aead()\fR returns 1 if the cipher is \s-1AEAD\s0 or 0 otherwise. .PP -\&\fISSL_CIPHER_find()\fR returns a valid \fB\s-1SSL_CIPHER\s0\fR structure or \s-1NULL\s0 if an error +\&\fBSSL_CIPHER_find()\fR returns a valid \fB\s-1SSL_CIPHER\s0\fR structure or \s-1NULL\s0 if an error occurred. .PP -\&\fISSL_CIPHER_get_id()\fR returns a 4\-byte integer representing the OpenSSL-specific \s-1ID.\s0 +\&\fBSSL_CIPHER_get_id()\fR returns a 4\-byte integer representing the OpenSSL-specific \s-1ID.\s0 .PP -\&\fISSL_CIPHER_get_protocol_id()\fR returns a 2\-byte integer representing the \s-1TLS\s0 +\&\fBSSL_CIPHER_get_protocol_id()\fR returns a 2\-byte integer representing the \s-1TLS\s0 protocol-specific \s-1ID.\s0 .SH "HISTORY" .IX Header "HISTORY" -\&\fISSL_CIPHER_get_version()\fR was updated to always return the correct protocol -string in OpenSSL 1.1.0. +The \fBSSL_CIPHER_get_version()\fR function was updated to always return the +correct protocol string in OpenSSL 1.1.0. .PP -\&\fISSL_CIPHER_description()\fR was changed to return \fB\s-1NULL\s0\fR on error, +The \fBSSL_CIPHER_description()\fR function was changed to return \fB\s-1NULL\s0\fR on error, rather than a fixed string, in OpenSSL 1.1.0. .PP -\&\fISSL_CIPHER_get_handshake_digest()\fR was added in OpenSSL 1.1.1. +The \fBSSL_CIPHER_get_handshake_digest()\fR function was added in OpenSSL 1.1.1. .PP -\&\fISSL_CIPHER_standard_name()\fR was globally available in OpenSSL 1.1.1. Before -OpenSSL 1.1.1, tracing (\fBenable-ssl-trace\fR argument to Configure) was +The \fBSSL_CIPHER_standard_name()\fR function was globally available in OpenSSL 1.1.1. + Before OpenSSL 1.1.1, tracing (\fBenable-ssl-trace\fR argument to Configure) was required to enable this function. .PP -\&\fIOPENSSL_cipher_name()\fR was added in OpenSSL 1.1.1. +The \fBOPENSSL_cipher_name()\fR function was added in OpenSSL 1.1.1. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_get_current_cipher\fR\|(3), -\&\fISSL_get_ciphers\fR\|(3), \fIciphers\fR\|(1) +\&\fBssl\fR\|(7), \fBSSL_get_current_cipher\fR\|(3), +\&\fBSSL_get_ciphers\fR\|(3), \fBciphers\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3 b/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3 index ae8786b32a89..d077e6b702db 100644 --- a/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3 +++ b/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_COMP_ADD_COMPRESSION_METHOD 3" -.TH SSL_COMP_ADD_COMPRESSION_METHOD 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_COMP_ADD_COMPRESSION_METHOD 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,19 +160,19 @@ Deprecated: .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_COMP_add_compression_method()\fR adds the compression method \fBcm\fR with +\&\fBSSL_COMP_add_compression_method()\fR adds the compression method \fBcm\fR with the identifier \fBid\fR to the list of available compression methods. This list is globally maintained for all \s-1SSL\s0 operations within this application. It cannot be set for specific \s-1SSL_CTX\s0 or \s-1SSL\s0 objects. .PP -\&\fISSL_COMP_get_compression_methods()\fR returns a stack of all of the available +\&\fBSSL_COMP_get_compression_methods()\fR returns a stack of all of the available compression methods or \s-1NULL\s0 on error. .PP -\&\fISSL_COMP_get0_name()\fR returns the name of the compression method \fBcomp\fR. +\&\fBSSL_COMP_get0_name()\fR returns the name of the compression method \fBcomp\fR. .PP -\&\fISSL_COMP_get_id()\fR returns the id of the compression method \fBcomp\fR. +\&\fBSSL_COMP_get_id()\fR returns the id of the compression method \fBcomp\fR. .PP -\&\fISSL_COMP_free_compression_methods()\fR releases any resources acquired to +\&\fBSSL_COMP_free_compression_methods()\fR releases any resources acquired to maintain the internal table of compression methods. .SH "NOTES" .IX Header "NOTES" @@ -182,7 +186,7 @@ compression methods with the same identifier will lead to connection failure. .PP An OpenSSL client speaking a protocol that allows compression (SSLv3, TLSv1) will unconditionally send the list of all compression methods enabled with -\&\fISSL_COMP_add_compression_method()\fR to the server during the handshake. +\&\fBSSL_COMP_add_compression_method()\fR to the server during the handshake. Unlike the mechanisms to set a cipher list, there is no method available to restrict the list of compression method on a per connection basis. .PP @@ -192,30 +196,29 @@ when a matching identifier is found. There is no way to restrict the list of compression methods supported on a per connection basis. .PP If enabled during compilation, the OpenSSL library will have the -\&\fICOMP_zlib()\fR compression method available. +\&\fBCOMP_zlib()\fR compression method available. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_COMP_add_compression_method()\fR may return the following values: +\&\fBSSL_COMP_add_compression_method()\fR may return the following values: .IP "0" 4 The operation succeeded. .IP "1" 4 .IX Item "1" The operation failed. Check the error queue to find out the reason. .PP -\&\fISSL_COMP_get_compression_methods()\fR returns the stack of compressions methods or +\&\fBSSL_COMP_get_compression_methods()\fR returns the stack of compressions methods or \&\s-1NULL\s0 on error. .PP -\&\fISSL_COMP_get0_name()\fR returns the name of the compression method or \s-1NULL\s0 on error. +\&\fBSSL_COMP_get0_name()\fR returns the name of the compression method or \s-1NULL\s0 on error. .PP -\&\fISSL_COMP_get_id()\fR returns the name of the compression method or \-1 on error. +\&\fBSSL_COMP_get_id()\fR returns the name of the compression method or \-1 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7) +\&\fBssl\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" -\&\fISSL_COMP_free_compression_methods()\fR was deprecated in OpenSSL 1.1.0; -do not use it. -\&\fISSL_COMP_get0_name()\fR and \fISSL_comp_get_id()\fR were added in OpenSSL 1.1.0d. +The \fBSSL_COMP_free_compression_methods()\fR function was deprecated in OpenSSL 1.1.0. +The \fBSSL_COMP_get0_name()\fR and \fBSSL_comp_get_id()\fR functions were added in OpenSSL 1.1.0d. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CONF_CTX_new.3 b/secure/lib/libcrypto/man/SSL_CONF_CTX_new.3 index dc50129f473c..d78c34f47025 100644 --- a/secure/lib/libcrypto/man/SSL_CONF_CTX_new.3 +++ b/secure/lib/libcrypto/man/SSL_CONF_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CONF_CTX_NEW 3" -.TH SSL_CONF_CTX_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CONF_CTX_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,27 +150,27 @@ SSL_CONF_CTX_new, SSL_CONF_CTX_free \- SSL configuration allocation functions .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The function \fISSL_CONF_CTX_new()\fR allocates and initialises an \fB\s-1SSL_CONF_CTX\s0\fR +The function \fBSSL_CONF_CTX_new()\fR allocates and initialises an \fB\s-1SSL_CONF_CTX\s0\fR structure for use with the \s-1SSL_CONF\s0 functions. .PP -The function \fISSL_CONF_CTX_free()\fR frees up the context \fBcctx\fR. +The function \fBSSL_CONF_CTX_free()\fR frees up the context \fBcctx\fR. If \fBcctx\fR is \s-1NULL\s0 nothing is done. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CONF_CTX_new()\fR returns either the newly allocated \fB\s-1SSL_CONF_CTX\s0\fR structure +\&\fBSSL_CONF_CTX_new()\fR returns either the newly allocated \fB\s-1SSL_CONF_CTX\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurs. .PP -\&\fISSL_CONF_CTX_free()\fR does not return a value. +\&\fBSSL_CONF_CTX_free()\fR does not return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_CONF_CTX_set_flags\fR\|(3), -\&\fISSL_CONF_CTX_set_ssl_ctx\fR\|(3), -\&\fISSL_CONF_CTX_set1_prefix\fR\|(3), -\&\fISSL_CONF_cmd\fR\|(3), -\&\fISSL_CONF_cmd_argv\fR\|(3) +\&\fBSSL_CONF_CTX_set_flags\fR\|(3), +\&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fBSSL_CONF_cmd\fR\|(3), +\&\fBSSL_CONF_cmd_argv\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -These functions were first added to OpenSSL 1.0.2 +These functions were added in OpenSSL 1.0.2. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CONF_CTX_set1_prefix.3 b/secure/lib/libcrypto/man/SSL_CONF_CTX_set1_prefix.3 index fff09f5370e0..d7359499a4a7 100644 --- a/secure/lib/libcrypto/man/SSL_CONF_CTX_set1_prefix.3 +++ b/secure/lib/libcrypto/man/SSL_CONF_CTX_set1_prefix.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CONF_CTX_SET1_PREFIX 3" -.TH SSL_CONF_CTX_SET1_PREFIX 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CONF_CTX_SET1_PREFIX 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,11 +149,11 @@ SSL_CONF_CTX_set1_prefix \- Set configuration context command prefix .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The function \fISSL_CONF_CTX_set1_prefix()\fR sets the command prefix of \fBcctx\fR +The function \fBSSL_CONF_CTX_set1_prefix()\fR sets the command prefix of \fBcctx\fR to \fBprefix\fR. If \fBprefix\fR is \fB\s-1NULL\s0\fR it is restored to the default value. .SH "NOTES" .IX Header "NOTES" -Command prefixes alter the commands recognised by subsequent \fISSL_CONF_cmd()\fR +Command prefixes alter the commands recognised by subsequent \fBSSL_CONF_cmd()\fR calls. For example for files, if the prefix \*(L"\s-1SSL\*(R"\s0 is set then command names such as \*(L"SSLProtocol\*(R", \*(L"SSLOptions\*(R" etc. are recognised instead of \*(L"Protocol\*(R" and \*(L"Options\*(R". Similarly for command lines if the prefix is \*(L"\-\-ssl\-\*(R" then @@ -163,17 +167,17 @@ If the \fB\s-1SSL_CONF_FLAG_FILE\s0\fR flag is set then prefix checks are case insensitive and no prefix is the default. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CONF_CTX_set1_prefix()\fR returns 1 for success and 0 for failure. +\&\fBSSL_CONF_CTX_set1_prefix()\fR returns 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_CONF_CTX_new\fR\|(3), -\&\fISSL_CONF_CTX_set_flags\fR\|(3), -\&\fISSL_CONF_CTX_set_ssl_ctx\fR\|(3), -\&\fISSL_CONF_cmd\fR\|(3), -\&\fISSL_CONF_cmd_argv\fR\|(3) +\&\fBSSL_CONF_CTX_new\fR\|(3), +\&\fBSSL_CONF_CTX_set_flags\fR\|(3), +\&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fBSSL_CONF_cmd\fR\|(3), +\&\fBSSL_CONF_cmd_argv\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -These functions were first added to OpenSSL 1.0.2 +These functions were added in OpenSSL 1.0.2. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CONF_CTX_set_flags.3 b/secure/lib/libcrypto/man/SSL_CONF_CTX_set_flags.3 index 7046c34de88d..99cc69e96676 100644 --- a/secure/lib/libcrypto/man/SSL_CONF_CTX_set_flags.3 +++ b/secure/lib/libcrypto/man/SSL_CONF_CTX_set_flags.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CONF_CTX_SET_FLAGS 3" -.TH SSL_CONF_CTX_SET_FLAGS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CONF_CTX_SET_FLAGS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,13 +150,13 @@ SSL_CONF_CTX_set_flags, SSL_CONF_CTX_clear_flags \- Set or clear SSL configurati .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The function \fISSL_CONF_CTX_set_flags()\fR sets \fBflags\fR in the context \fBcctx\fR. +The function \fBSSL_CONF_CTX_set_flags()\fR sets \fBflags\fR in the context \fBcctx\fR. .PP -The function \fISSL_CONF_CTX_clear_flags()\fR clears \fBflags\fR in the context \fBcctx\fR. +The function \fBSSL_CONF_CTX_clear_flags()\fR clears \fBflags\fR in the context \fBcctx\fR. .SH "NOTES" .IX Header "NOTES" -The flags set affect how subsequent calls to \fISSL_CONF_cmd()\fR or -\&\fISSL_CONF_argv()\fR behave. +The flags set affect how subsequent calls to \fBSSL_CONF_cmd()\fR or +\&\fBSSL_CONF_argv()\fR behave. .PP Currently the following \fBflags\fR values are recognised: .IP "\s-1SSL_CONF_FLAG_CMDLINE, SSL_CONF_FLAG_FILE\s0" 4 @@ -170,27 +174,27 @@ recognise certificate and private key options. .IX Item "SSL_CONF_FLAG_REQUIRE_PRIVATE" If this option is set then if a private key is not specified for a certificate it will attempt to load a private key from the certificate file when -\&\fISSL_CONF_CTX_finish()\fR is called. If a key cannot be loaded from the certificate +\&\fBSSL_CONF_CTX_finish()\fR is called. If a key cannot be loaded from the certificate file an error occurs. .IP "\s-1SSL_CONF_FLAG_SHOW_ERRORS\s0" 4 .IX Item "SSL_CONF_FLAG_SHOW_ERRORS" indicate errors relating to unrecognised options or missing arguments in the error queue. If this option isn't set such errors are only reflected -in the return values of \fISSL_CONF_set_cmd()\fR or \fISSL_CONF_set_argv()\fR +in the return values of \fBSSL_CONF_set_cmd()\fR or \fBSSL_CONF_set_argv()\fR .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CONF_CTX_set_flags()\fR and \fISSL_CONF_CTX_clear_flags()\fR returns the new flags +\&\fBSSL_CONF_CTX_set_flags()\fR and \fBSSL_CONF_CTX_clear_flags()\fR returns the new flags value after setting or clearing flags. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_CONF_CTX_new\fR\|(3), -\&\fISSL_CONF_CTX_set_ssl_ctx\fR\|(3), -\&\fISSL_CONF_CTX_set1_prefix\fR\|(3), -\&\fISSL_CONF_cmd\fR\|(3), -\&\fISSL_CONF_cmd_argv\fR\|(3) +\&\fBSSL_CONF_CTX_new\fR\|(3), +\&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fBSSL_CONF_cmd\fR\|(3), +\&\fBSSL_CONF_cmd_argv\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -These functions were first added to OpenSSL 1.0.2 +These functions were added in OpenSSL 1.0.2. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CONF_CTX_set_ssl_ctx.3 b/secure/lib/libcrypto/man/SSL_CONF_CTX_set_ssl_ctx.3 index 872517d5cebe..6169700e9f8f 100644 --- a/secure/lib/libcrypto/man/SSL_CONF_CTX_set_ssl_ctx.3 +++ b/secure/lib/libcrypto/man/SSL_CONF_CTX_set_ssl_ctx.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CONF_CTX_SET_SSL_CTX 3" -.TH SSL_CONF_CTX_SET_SSL_CTX 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CONF_CTX_SET_SSL_CTX 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,14 +150,14 @@ SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX_set_ssl \- set context to configure .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CONF_CTX_set_ssl_ctx()\fR sets the context associated with \fBcctx\fR to the +\&\fBSSL_CONF_CTX_set_ssl_ctx()\fR sets the context associated with \fBcctx\fR to the \&\fB\s-1SSL_CTX\s0\fR structure \fBctx\fR. Any previous \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR associated with -\&\fBcctx\fR is cleared. Subsequent calls to \fISSL_CONF_cmd()\fR will be sent to +\&\fBcctx\fR is cleared. Subsequent calls to \fBSSL_CONF_cmd()\fR will be sent to \&\fBctx\fR. .PP -\&\fISSL_CONF_CTX_set_ssl()\fR sets the context associated with \fBcctx\fR to the +\&\fBSSL_CONF_CTX_set_ssl()\fR sets the context associated with \fBcctx\fR to the \&\fB\s-1SSL\s0\fR structure \fBssl\fR. Any previous \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR associated with -\&\fBcctx\fR is cleared. Subsequent calls to \fISSL_CONF_cmd()\fR will be sent to +\&\fBcctx\fR is cleared. Subsequent calls to \fBSSL_CONF_cmd()\fR will be sent to \&\fBssl\fR. .SH "NOTES" .IX Header "NOTES" @@ -161,17 +165,17 @@ The context need not be set or it can be set to \fB\s-1NULL\s0\fR in which case syntax checking of commands is performed, where possible. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CONF_CTX_set_ssl_ctx()\fR and \fISSL_CTX_set_ssl()\fR do not return a value. +\&\fBSSL_CONF_CTX_set_ssl_ctx()\fR and \fBSSL_CTX_set_ssl()\fR do not return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_CONF_CTX_new\fR\|(3), -\&\fISSL_CONF_CTX_set_flags\fR\|(3), -\&\fISSL_CONF_CTX_set1_prefix\fR\|(3), -\&\fISSL_CONF_cmd\fR\|(3), -\&\fISSL_CONF_cmd_argv\fR\|(3) +\&\fBSSL_CONF_CTX_new\fR\|(3), +\&\fBSSL_CONF_CTX_set_flags\fR\|(3), +\&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fBSSL_CONF_cmd\fR\|(3), +\&\fBSSL_CONF_cmd_argv\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -These functions were first added to OpenSSL 1.0.2 +These functions were added in OpenSSL 1.0.2. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CONF_cmd.3 b/secure/lib/libcrypto/man/SSL_CONF_cmd.3 index d745d7df00a2..3d26c65b10b1 100644 --- a/secure/lib/libcrypto/man/SSL_CONF_cmd.3 +++ b/secure/lib/libcrypto/man/SSL_CONF_cmd.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CONF_CMD 3" -.TH SSL_CONF_CMD 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CONF_CMD 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,12 +150,12 @@ SSL_CONF_cmd_value_type, SSL_CONF_cmd \- send configuration command .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The function \fISSL_CONF_cmd()\fR performs configuration operation \fBcmd\fR with +The function \fBSSL_CONF_cmd()\fR performs configuration operation \fBcmd\fR with optional parameter \fBvalue\fR on \fBctx\fR. Its purpose is to simplify application configuration of \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR structures by providing a common framework for command line options or configuration files. .PP -\&\fISSL_CONF_cmd_value_type()\fR returns the type of value that \fBcmd\fR refers to. +\&\fBSSL_CONF_cmd_value_type()\fR returns the type of value that \fBcmd\fR refers to. .SH "SUPPORTED COMMAND LINE COMMANDS" .IX Header "SUPPORTED COMMAND LINE COMMANDS" Currently supported \fBcmd\fR names for command lines (i.e. when the @@ -231,12 +235,12 @@ associated with \fBcctx\fR. Sets the available ciphersuites for TLSv1.3 to value. This is a simple colon (\*(L":\*(R") separated list of TLSv1.3 ciphersuite names in order of preference. This list will be combined any configured TLSv1.2 and below ciphersuites. -See \fIciphers\fR\|(1) for more information. +See \fBciphers\fR\|(1) for more information. .IP "\fB\-cert\fR" 4 .IX Item "-cert" Attempts to use the file \fBvalue\fR as the certificate for the appropriate -context. It currently uses \fISSL_CTX_use_certificate_chain_file()\fR if an \fB\s-1SSL_CTX\s0\fR -structure is set or \fISSL_use_certificate_file()\fR with filetype \s-1PEM\s0 if an \fB\s-1SSL\s0\fR +context. It currently uses \fBSSL_CTX_use_certificate_chain_file()\fR if an \fB\s-1SSL_CTX\s0\fR +structure is set or \fBSSL_use_certificate_file()\fR with filetype \s-1PEM\s0 if an \fB\s-1SSL\s0\fR structure is set. This option is only supported if certificate operations are permitted. .IP "\fB\-key\fR" 4 @@ -355,12 +359,12 @@ structure is associated with \fBcctx\fR. Sets the available ciphersuites for TLSv1.3 to \fBvalue\fR. This is a simple colon (\*(L":\*(R") separated list of TLSv1.3 ciphersuite names in order of preference. This list will be combined any configured TLSv1.2 and below ciphersuites. -See \fIciphers\fR\|(1) for more information. +See \fBciphers\fR\|(1) for more information. .IP "\fBCertificate\fR" 4 .IX Item "Certificate" Attempts to use the file \fBvalue\fR as the certificate for the appropriate -context. It currently uses \fISSL_CTX_use_certificate_chain_file()\fR if an \fB\s-1SSL_CTX\s0\fR -structure is set or \fISSL_use_certificate_file()\fR with filetype \s-1PEM\s0 if an \fB\s-1SSL\s0\fR +context. It currently uses \fBSSL_CTX_use_certificate_chain_file()\fR if an \fB\s-1SSL_CTX\s0\fR +structure is set or \fBSSL_use_certificate_file()\fR with filetype \s-1PEM\s0 if an \fB\s-1SSL\s0\fR structure is set. This option is only supported if certificate operations are permitted. .IP "\fBPrivateKey\fR" 4 @@ -395,10 +399,6 @@ operations are permitted. Attempts to pad TLSv1.3 records so that they are a multiple of \fBvalue\fR in length on send. A \fBvalue\fR of 0 or 1 turns off padding. Otherwise, the \&\fBvalue\fR must be >1 or <=16384. -.IP "\fBNoRenegotiation\fR" 4 -.IX Item "NoRenegotiation" -Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting -\&\fB\s-1SSL_OP_NO_RENEGOTIATION\s0\fR. .IP "\fBSignatureAlgorithms\fR" 4 .IX Item "SignatureAlgorithms" This sets the supported signature algorithms for TLSv1.2 and TLSv1.3. @@ -497,7 +497,7 @@ sure to also leave \s-1TLS 1.1\s0 enabled. .IX Item "Options" The \fBvalue\fR argument is a comma separated list of various flags to set. If a flag string is preceded \fB\-\fR it is disabled. -See the \fISSL_CTX_set_options\fR\|(3) function for more details of +See the \fBSSL_CTX_set_options\fR\|(3) function for more details of individual options. .Sp Each option is listed below. Where an operation is enabled by default @@ -535,6 +535,9 @@ Only used by servers. \&\fBNoResumptionOnRenegotiation\fR: set \&\fB\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0\fR flag. Only used by servers. .Sp +\&\fBNoRenegotiation\fR: disables all attempts at renegotiation in TLSv1.2 and +earlier, same as setting \fB\s-1SSL_OP_NO_RENEGOTIATION\s0\fR. +.Sp \&\fBUnsafeLegacyRenegotiation\fR: permits the use of unsafe legacy renegotiation. Equivalent to \fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR. .Sp @@ -597,7 +600,7 @@ set of acceptable names for client CAs. Servers only. This option is only supported if certificate operations are permitted. .SH "SUPPORTED COMMAND TYPES" .IX Header "SUPPORTED COMMAND TYPES" -The function \fISSL_CONF_cmd_value_type()\fR currently returns one of the following +The function \fBSSL_CONF_cmd_value_type()\fR currently returns one of the following types: .IP "\fB\s-1SSL_CONF_TYPE_UNKNOWN\s0\fR" 4 .IX Item "SSL_CONF_TYPE_UNKNOWN" @@ -637,28 +640,28 @@ however the call sequence is: SSLv3 is \fBalways\fR disabled and attempt to override this by the user are ignored. .PP -By checking the return code of \fISSL_CONF_cmd()\fR it is possible to query if a -given \fBcmd\fR is recognised, this is useful if \fISSL_CONF_cmd()\fR values are +By checking the return code of \fBSSL_CONF_cmd()\fR it is possible to query if a +given \fBcmd\fR is recognised, this is useful if \fBSSL_CONF_cmd()\fR values are mixed with additional application specific operations. .PP -For example an application might call \fISSL_CONF_cmd()\fR and if it returns +For example an application might call \fBSSL_CONF_cmd()\fR and if it returns \&\-2 (unrecognised command) continue with processing of application specific commands. .PP -Applications can also use \fISSL_CONF_cmd()\fR to process command lines though the -utility function \fISSL_CONF_cmd_argv()\fR is normally used instead. One way +Applications can also use \fBSSL_CONF_cmd()\fR to process command lines though the +utility function \fBSSL_CONF_cmd_argv()\fR is normally used instead. One way to do this is to set the prefix to an appropriate value using -\&\fISSL_CONF_CTX_set1_prefix()\fR, pass the current argument to \fBcmd\fR and the +\&\fBSSL_CONF_CTX_set1_prefix()\fR, pass the current argument to \fBcmd\fR and the following argument to \fBvalue\fR (which may be \s-1NULL\s0). .PP In this case if the return value is positive then it is used to skip that -number of arguments as they have been processed by \fISSL_CONF_cmd()\fR. If \-2 is +number of arguments as they have been processed by \fBSSL_CONF_cmd()\fR. If \-2 is returned then \fBcmd\fR is not recognised and application specific arguments can be checked instead. If \-3 is returned a required argument is missing and an error is indicated. If 0 is returned some other error occurred and this can be reported back to the user. .PP -The function \fISSL_CONF_cmd_value_type()\fR can be used by applications to +The function \fBSSL_CONF_cmd_value_type()\fR can be used by applications to check for the existence of a command or to perform additional syntax checking or translation of the command value. For example if the return value is \fB\s-1SSL_CONF_TYPE_FILE\s0\fR an application could translate a relative @@ -728,7 +731,7 @@ Set supported curves to P\-256, P\-384: .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CONF_cmd()\fR returns 1 if the value of \fBcmd\fR is recognised and \fBvalue\fR is +\&\fBSSL_CONF_cmd()\fR returns 1 if the value of \fBcmd\fR is recognised and \fBvalue\fR is \&\fB\s-1NOT\s0\fR used and 2 if both \fBcmd\fR and \fBvalue\fR are used. In other words it returns the number of arguments processed. This is useful when processing command lines. @@ -744,20 +747,20 @@ error in the syntax of \fBvalue\fR in this case the error queue may provide additional information. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_CONF_CTX_new\fR\|(3), -\&\fISSL_CONF_CTX_set_flags\fR\|(3), -\&\fISSL_CONF_CTX_set1_prefix\fR\|(3), -\&\fISSL_CONF_CTX_set_ssl_ctx\fR\|(3), -\&\fISSL_CONF_cmd_argv\fR\|(3), -\&\fISSL_CTX_set_options\fR\|(3) +\&\fBSSL_CONF_CTX_new\fR\|(3), +\&\fBSSL_CONF_CTX_set_flags\fR\|(3), +\&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fBSSL_CONF_cmd_argv\fR\|(3), +\&\fBSSL_CTX_set_options\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fISSL_CONF_cmd()\fR was first added to OpenSSL 1.0.2 +The \fBSSL_CONF_cmd()\fR function was added in OpenSSL 1.0.2. .PP -\&\fB\s-1SSL_OP_NO_SSL2\s0\fR doesn't have effect since 1.1.0, but the macro is retained -for backwards compatibility. +The \fB\s-1SSL_OP_NO_SSL2\s0\fR option doesn't have effect since 1.1.0, but the macro +is retained for backwards compatibility. .PP -\&\fB\s-1SSL_CONF_TYPE_NONE\s0\fR was first added to OpenSSL 1.1.0. In earlier versions of +The \fB\s-1SSL_CONF_TYPE_NONE\s0\fR was added in OpenSSL 1.1.0. In earlier versions of OpenSSL passing a command which didn't take an argument would return \&\fB\s-1SSL_CONF_TYPE_UNKNOWN\s0\fR. .PP @@ -766,7 +769,7 @@ OpenSSL passing a command which didn't take an argument would return \&\fBAllowNoDHEKEX\fR and \fBPrioritizeChaCha\fR were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2012\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2012\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/SSL_CONF_cmd_argv.3 b/secure/lib/libcrypto/man/SSL_CONF_cmd_argv.3 index c7e9c0686136..5b729035ffdb 100644 --- a/secure/lib/libcrypto/man/SSL_CONF_cmd_argv.3 +++ b/secure/lib/libcrypto/man/SSL_CONF_cmd_argv.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CONF_CMD_ARGV 3" -.TH SSL_CONF_CMD_ARGV 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CONF_CMD_ARGV 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,13 +149,13 @@ SSL_CONF_cmd_argv \- SSL configuration command line processing .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The function \fISSL_CONF_cmd_argv()\fR processes at most two command line +The function \fBSSL_CONF_cmd_argv()\fR processes at most two command line arguments from \fBpargv\fR and \fBpargc\fR. The values of \fBpargv\fR and \fBpargc\fR are updated to reflect the number of command options processed. The \fBpargc\fR argument can be set to \fB\s-1NULL\s0\fR if it is not used. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CONF_cmd_argv()\fR returns the number of command arguments processed: 0, 1, 2 +\&\fBSSL_CONF_cmd_argv()\fR returns the number of command arguments processed: 0, 1, 2 or a negative error code. .PP If \-2 is returned then an argument for a command is missing. @@ -160,14 +164,14 @@ If \-1 is returned the command is recognised but couldn't be processed due to an error: for example a syntax error in the argument. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_CONF_CTX_new\fR\|(3), -\&\fISSL_CONF_CTX_set_flags\fR\|(3), -\&\fISSL_CONF_CTX_set1_prefix\fR\|(3), -\&\fISSL_CONF_CTX_set_ssl_ctx\fR\|(3), -\&\fISSL_CONF_cmd\fR\|(3) +\&\fBSSL_CONF_CTX_new\fR\|(3), +\&\fBSSL_CONF_CTX_set_flags\fR\|(3), +\&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fBSSL_CONF_cmd\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -These functions were first added to OpenSSL 1.0.2 +These functions were added in OpenSSL 1.0.2. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3 b/secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3 index 32db6fde693c..dbe3e517ce44 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_ADD1_CHAIN_CERT 3" -.TH SSL_CTX_ADD1_CHAIN_CERT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_ADD1_CHAIN_CERT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -165,21 +169,21 @@ SSL_CTX_set0_chain, SSL_CTX_set1_chain, SSL_CTX_add0_chain_cert, SSL_CTX_add1_ch .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set0_chain()\fR and \fISSL_CTX_set1_chain()\fR set the certificate chain +\&\fBSSL_CTX_set0_chain()\fR and \fBSSL_CTX_set1_chain()\fR set the certificate chain associated with the current certificate of \fBctx\fR to \fBsk\fR. .PP -\&\fISSL_CTX_add0_chain_cert()\fR and \fISSL_CTX_add1_chain_cert()\fR append the single +\&\fBSSL_CTX_add0_chain_cert()\fR and \fBSSL_CTX_add1_chain_cert()\fR append the single certificate \fBx509\fR to the chain associated with the current certificate of \&\fBctx\fR. .PP -\&\fISSL_CTX_get0_chain_certs()\fR retrieves the chain associated with the current +\&\fBSSL_CTX_get0_chain_certs()\fR retrieves the chain associated with the current certificate of \fBctx\fR. .PP -\&\fISSL_CTX_clear_chain_certs()\fR clears any existing chain associated with the +\&\fBSSL_CTX_clear_chain_certs()\fR clears any existing chain associated with the current certificate of \fBctx\fR. (This is implemented by calling -\&\fISSL_CTX_set0_chain()\fR with \fBsk\fR set to \fB\s-1NULL\s0\fR). +\&\fBSSL_CTX_set0_chain()\fR with \fBsk\fR set to \fB\s-1NULL\s0\fR). .PP -\&\fISSL_CTX_build_cert_chain()\fR builds the certificate chain for \fBctx\fR normally +\&\fBSSL_CTX_build_cert_chain()\fR builds the certificate chain for \fBctx\fR normally this uses the chain store or the verify store if the chain store is not set. If the function is successful the built chain will replace any existing chain. The \fBflags\fR parameter can be set to \fB\s-1SSL_BUILD_CHAIN_FLAG_UNTRUSTED\s0\fR to use @@ -195,22 +199,22 @@ Each of these functions operates on the \fIcurrent\fR end entity (i.e. server or client) certificate. This is the last certificate loaded or selected on the corresponding \fBctx\fR structure. .PP -\&\fISSL_CTX_select_current_cert()\fR selects \fBx509\fR as the current end entity +\&\fBSSL_CTX_select_current_cert()\fR selects \fBx509\fR as the current end entity certificate, but only if \fBx509\fR has already been loaded into \fBctx\fR using a -function such as \fISSL_CTX_use_certificate()\fR. +function such as \fBSSL_CTX_use_certificate()\fR. .PP -\&\fISSL_set0_chain()\fR, \fISSL_set1_chain()\fR, \fISSL_add0_chain_cert()\fR, -\&\fISSL_add1_chain_cert()\fR, \fISSL_get0_chain_certs()\fR, \fISSL_clear_chain_certs()\fR, -\&\fISSL_build_cert_chain()\fR, \fISSL_select_current_cert()\fR and \fISSL_set_current_cert()\fR +\&\fBSSL_set0_chain()\fR, \fBSSL_set1_chain()\fR, \fBSSL_add0_chain_cert()\fR, +\&\fBSSL_add1_chain_cert()\fR, \fBSSL_get0_chain_certs()\fR, \fBSSL_clear_chain_certs()\fR, +\&\fBSSL_build_cert_chain()\fR, \fBSSL_select_current_cert()\fR and \fBSSL_set_current_cert()\fR are similar except they apply to \s-1SSL\s0 structure \fBssl\fR. .PP -\&\fISSL_CTX_set_current_cert()\fR changes the current certificate to a value based +\&\fBSSL_CTX_set_current_cert()\fR changes the current certificate to a value based on the \fBop\fR argument. Currently \fBop\fR can be \fB\s-1SSL_CERT_SET_FIRST\s0\fR to use the first valid certificate or \fB\s-1SSL_CERT_SET_NEXT\s0\fR to set the next valid certificate after the current certificate. These two operations can be used to iterate over all certificates in an \fB\s-1SSL_CTX\s0\fR structure. .PP -\&\fISSL_set_current_cert()\fR also supports the option \fB\s-1SSL_CERT_SET_SERVER\s0\fR. +\&\fBSSL_set_current_cert()\fR also supports the option \fB\s-1SSL_CERT_SET_SERVER\s0\fR. If \fBssl\fR is a server and has sent a certificate to a connected client this option sets that certificate to the current certificate and returns 1. If the negotiated cipher suite is anonymous (and thus no certificate will @@ -226,48 +230,48 @@ not increment reference counts and the supplied certificate or chain .SH "NOTES" .IX Header "NOTES" The chains associate with an \s-1SSL_CTX\s0 structure are copied to any \s-1SSL\s0 -structures when \fISSL_new()\fR is called. \s-1SSL\s0 structures will not be affected +structures when \fBSSL_new()\fR is called. \s-1SSL\s0 structures will not be affected by any chains subsequently changed in the parent \s-1SSL_CTX.\s0 .PP One chain can be set for each key type supported by a server. So, for example, an \s-1RSA\s0 and a \s-1DSA\s0 certificate can (and often will) have different chains. .PP -The functions \fISSL_CTX_build_cert_chain()\fR and \fISSL_build_cert_chain()\fR can +The functions \fBSSL_CTX_build_cert_chain()\fR and \fBSSL_build_cert_chain()\fR can be used to check application configuration and to ensure any necessary subordinate CAs are sent in the correct order. Misconfigured applications sending incorrect certificate chains often cause problems with peers. .PP For example an application can add any set of certificates using -\&\fISSL_CTX_use_certificate_chain_file()\fR then call \fISSL_CTX_build_cert_chain()\fR +\&\fBSSL_CTX_use_certificate_chain_file()\fR then call \fBSSL_CTX_build_cert_chain()\fR with the option \fB\s-1SSL_BUILD_CHAIN_FLAG_CHECK\s0\fR to check and reorder them. .PP Applications can issue non fatal warnings when checking chains by setting the flag \fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERRORS\s0\fR and checking the return value. .PP -Calling \fISSL_CTX_build_cert_chain()\fR or \fISSL_build_cert_chain()\fR is more +Calling \fBSSL_CTX_build_cert_chain()\fR or \fBSSL_build_cert_chain()\fR is more efficient than the automatic chain building as it is only performed once. Automatic chain building is performed on each new session. .PP If any certificates are added using these functions no certificates added -using \fISSL_CTX_add_extra_chain_cert()\fR will be used. +using \fBSSL_CTX_add_extra_chain_cert()\fR will be used. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_set_current_cert()\fR with \fB\s-1SSL_CERT_SET_SERVER\s0\fR return 1 for success, 2 if +\&\fBSSL_set_current_cert()\fR with \fB\s-1SSL_CERT_SET_SERVER\s0\fR return 1 for success, 2 if no server certificate is used because the cipher suites is anonymous and 0 for failure. .PP -\&\fISSL_CTX_build_cert_chain()\fR and \fISSL_build_cert_chain()\fR return 1 for success +\&\fBSSL_CTX_build_cert_chain()\fR and \fBSSL_build_cert_chain()\fR return 1 for success and 0 for failure. If the flag \fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR\s0\fR and a verification error occurs then 2 is returned. .PP All other functions return 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_CTX_add_extra_chain_cert\fR\|(3) +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -These functions were first added to OpenSSL 1.0.2. +These functions were added in OpenSSL 1.0.2. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2013\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3 b/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3 index f3034c420fa8..f5e5c9b3f0f2 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_ADD_EXTRA_CHAIN_CERT 3" -.TH SSL_CTX_ADD_EXTRA_CHAIN_CERT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_ADD_EXTRA_CHAIN_CERT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,11 +150,11 @@ SSL_CTX_add_extra_chain_cert, SSL_CTX_clear_extra_chain_certs \- add or clear ex .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_add_extra_chain_cert()\fR adds the certificate \fBx509\fR to the extra chain +\&\fBSSL_CTX_add_extra_chain_cert()\fR adds the certificate \fBx509\fR to the extra chain certificates associated with \fBctx\fR. Several certificates can be added one after another. .PP -\&\fISSL_CTX_clear_extra_chain_certs()\fR clears all extra chain certificates +\&\fBSSL_CTX_clear_extra_chain_certs()\fR clears all extra chain certificates associated with \fBctx\fR. .PP These functions are implemented as macros. @@ -161,9 +165,9 @@ following the end entity certificate. .PP If no chain is specified, the library will try to complete the chain from the available \s-1CA\s0 certificates in the trusted \s-1CA\s0 storage, see -\&\fISSL_CTX_load_verify_locations\fR\|(3). +\&\fBSSL_CTX_load_verify_locations\fR\|(3). .PP -The \fBx509\fR certificate provided to \fISSL_CTX_add_extra_chain_cert()\fR will be +The \fBx509\fR certificate provided to \fBSSL_CTX_add_extra_chain_cert()\fR will be freed by the library when the \fB\s-1SSL_CTX\s0\fR is destroyed. An application \&\fBshould not\fR free the \fBx509\fR object. .SH "RESTRICTIONS" @@ -172,29 +176,29 @@ Only one set of extra chain certificates can be specified per \s-1SSL_CTX\s0 structure. Different chains for different certificates (for example if both \&\s-1RSA\s0 and \s-1DSA\s0 certificates are specified by the same server) or different \s-1SSL\s0 structures with the same parent \s-1SSL_CTX\s0 cannot be specified using this -function. For more flexibility functions such as \fISSL_add1_chain_cert()\fR should +function. For more flexibility functions such as \fBSSL_add1_chain_cert()\fR should be used instead. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_add_extra_chain_cert()\fR and \fISSL_CTX_clear_extra_chain_certs()\fR return +\&\fBSSL_CTX_add_extra_chain_cert()\fR and \fBSSL_CTX_clear_extra_chain_certs()\fR return 1 on success and 0 for failure. Check out the error stack to find out the reason for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), -\&\fISSL_CTX_use_certificate\fR\|(3), -\&\fISSL_CTX_set_client_cert_cb\fR\|(3), -\&\fISSL_CTX_load_verify_locations\fR\|(3) -\&\fISSL_CTX_set0_chain\fR\|(3) -\&\fISSL_CTX_set1_chain\fR\|(3) -\&\fISSL_CTX_add0_chain_cert\fR\|(3) -\&\fISSL_CTX_add1_chain_cert\fR\|(3) -\&\fISSL_set0_chain\fR\|(3) -\&\fISSL_set1_chain\fR\|(3) -\&\fISSL_add0_chain_cert\fR\|(3) -\&\fISSL_add1_chain_cert\fR\|(3) -\&\fISSL_CTX_build_cert_chain\fR\|(3) -\&\fISSL_build_cert_chain\fR\|(3) +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_use_certificate\fR\|(3), +\&\fBSSL_CTX_set_client_cert_cb\fR\|(3), +\&\fBSSL_CTX_load_verify_locations\fR\|(3) +\&\fBSSL_CTX_set0_chain\fR\|(3) +\&\fBSSL_CTX_set1_chain\fR\|(3) +\&\fBSSL_CTX_add0_chain_cert\fR\|(3) +\&\fBSSL_CTX_add1_chain_cert\fR\|(3) +\&\fBSSL_set0_chain\fR\|(3) +\&\fBSSL_set1_chain\fR\|(3) +\&\fBSSL_add0_chain_cert\fR\|(3) +\&\fBSSL_add1_chain_cert\fR\|(3) +\&\fBSSL_CTX_build_cert_chain\fR\|(3) +\&\fBSSL_build_cert_chain\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_add_session.3 b/secure/lib/libcrypto/man/SSL_CTX_add_session.3 index ad454f0a5a5c..c7e1c81d9882 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_add_session.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_add_session.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_ADD_SESSION 3" -.TH SSL_CTX_ADD_SESSION 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_ADD_SESSION 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,13 +151,13 @@ SSL_CTX_add_session, SSL_CTX_remove_session \- manipulate session cache .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_add_session()\fR adds the session \fBc\fR to the context \fBctx\fR. The +\&\fBSSL_CTX_add_session()\fR adds the session \fBc\fR to the context \fBctx\fR. The reference count for session \fBc\fR is incremented by 1. If a session with the same session id already exists, the old session is removed by calling -\&\fISSL_SESSION_free\fR\|(3). +\&\fBSSL_SESSION_free\fR\|(3). .PP -\&\fISSL_CTX_remove_session()\fR removes the session \fBc\fR from the context \fBctx\fR and -marks it as non-resumable. \fISSL_SESSION_free\fR\|(3) is called once for \fBc\fR. +\&\fBSSL_CTX_remove_session()\fR removes the session \fBc\fR from the context \fBctx\fR and +marks it as non-resumable. \fBSSL_SESSION_free\fR\|(3) is called once for \fBc\fR. .SH "NOTES" .IX Header "NOTES" When adding a new session to the internal session cache, it is examined @@ -161,7 +165,7 @@ whether a session with the same session id already exists. In this case it is assumed that both sessions are identical. If the same session is stored in a different \s-1SSL_SESSION\s0 object, The old session is removed and replaced by the new session. If the session is actually -identical (the \s-1SSL_SESSION\s0 object is identical), \fISSL_CTX_add_session()\fR +identical (the \s-1SSL_SESSION\s0 object is identical), \fBSSL_CTX_add_session()\fR is a no-op, and the return value is 0. .PP If a server \s-1SSL_CTX\s0 is configured with the \s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 @@ -169,7 +173,7 @@ flag then the internal cache will not be populated automatically by new sessions negotiated by the \s-1SSL/TLS\s0 implementation, even though the internal cache will be searched automatically for session-resume requests (the latter can be suppressed by \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0). So the -application can use \fISSL_CTX_add_session()\fR directly to have full control +application can use \fBSSL_CTX_add_session()\fR directly to have full control over the sessions that can be resumed if desired. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -183,9 +187,9 @@ session was not found in the cache. The operation succeeded. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), -\&\fISSL_CTX_set_session_cache_mode\fR\|(3), -\&\fISSL_SESSION_free\fR\|(3) +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_SESSION_free\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_config.3 b/secure/lib/libcrypto/man/SSL_CTX_config.3 index b6752c882c61..1e404daa13be 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_config.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_config.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_CONFIG 3" -.TH SSL_CTX_CONFIG 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_CONFIG 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,22 +150,22 @@ SSL_CTX_config, SSL_config \- configure SSL_CTX or SSL structure .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The functions \fISSL_CTX_config()\fR and \fISSL_config()\fR configure an \fB\s-1SSL_CTX\s0\fR or +The functions \fBSSL_CTX_config()\fR and \fBSSL_config()\fR configure an \fB\s-1SSL_CTX\s0\fR or \&\fB\s-1SSL\s0\fR structure using the configuration \fBname\fR. .SH "NOTES" .IX Header "NOTES" -By calling \fISSL_CTX_config()\fR or \fISSL_config()\fR an application can perform many +By calling \fBSSL_CTX_config()\fR or \fBSSL_config()\fR an application can perform many complex tasks based on the contents of the configuration file: greatly simplifying application configuration code. A degree of future proofing can also be achieved: an application can support configuration features in newer versions of OpenSSL automatically. .PP A configuration file must have been previously loaded, for example using -\&\fICONF_modules_load_file()\fR. See \fIconfig\fR\|(5) for details of the configuration +\&\fBCONF_modules_load_file()\fR. See \fBconfig\fR\|(5) for details of the configuration file syntax. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_config()\fR and \fISSL_config()\fR return 1 for success or 0 if an error +\&\fBSSL_CTX_config()\fR and \fBSSL_config()\fR return 1 for success or 0 if an error occurred. .SH "EXAMPLE" .IX Header "EXAMPLE" @@ -204,12 +208,12 @@ In this example two certificates and the cipher list are configured without the need for any additional application code. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIconfig\fR\|(5), -\&\fISSL_CONF_cmd\fR\|(3), -\&\fICONF_modules_load_file\fR\|(3) +\&\fBconfig\fR\|(5), +\&\fBSSL_CONF_cmd\fR\|(3), +\&\fBCONF_modules_load_file\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fISSL_CTX_config()\fR and \fISSL_config()\fR were first added to OpenSSL 1.1.0 +The \fBSSL_CTX_config()\fR and \fBSSL_config()\fR functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_ctrl.3 b/secure/lib/libcrypto/man/SSL_CTX_ctrl.3 index 9b6b27b93705..494d250bca82 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_ctrl.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_ctrl.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_CTRL 3" -.TH SSL_CTX_CTRL 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_CTRL 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,18 +153,18 @@ SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl \- internal han .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The SSL_*\fI_ctrl()\fR family of functions is used to manipulate settings of +The SSL_*\fB_ctrl()\fR family of functions is used to manipulate settings of the \s-1SSL_CTX\s0 and \s-1SSL\s0 objects. Depending on the command \fBcmd\fR the arguments \&\fBlarg\fR, \fBparg\fR, or \fBfp\fR are evaluated. These functions should never be called directly. All functionalities needed are made available via other functions or macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The return values of the SSL*\fI_ctrl()\fR functions depend on the command +The return values of the SSL*\fB_ctrl()\fR functions depend on the command supplied via the \fBcmd\fR parameter. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7) +\&\fBssl\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_dane_enable.3 b/secure/lib/libcrypto/man/SSL_CTX_dane_enable.3 index c9b83008cc63..76b2e96e9fe6 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_dane_enable.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_dane_enable.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_DANE_ENABLE 3" -.TH SSL_CTX_DANE_ENABLE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_DANE_ENABLE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -161,16 +165,16 @@ SSL_CTX_dane_enable, SSL_CTX_dane_mtype_set, SSL_dane_enable, SSL_dane_tlsa_add, These functions implement support for \s-1DANE TLSA\s0 (\s-1RFC6698\s0 and \s-1RFC7671\s0) peer authentication. .PP -\&\fISSL_CTX_dane_enable()\fR must be called first to initialize the shared state +\&\fBSSL_CTX_dane_enable()\fR must be called first to initialize the shared state required for \s-1DANE\s0 support. Individual connections associated with the context can then enable per-connection \s-1DANE\s0 support as appropriate. -\&\s-1DANE\s0 authentication is implemented in the \fIX509_verify_cert\fR\|(3) function, and -applications that override \fIX509_verify_cert\fR\|(3) via -\&\fISSL_CTX_set_cert_verify_callback\fR\|(3) are responsible to authenticate the peer +\&\s-1DANE\s0 authentication is implemented in the \fBX509_verify_cert\fR\|(3) function, and +applications that override \fBX509_verify_cert\fR\|(3) via +\&\fBSSL_CTX_set_cert_verify_callback\fR\|(3) are responsible to authenticate the peer chain in whatever manner they see fit. .PP -\&\fISSL_CTX_dane_mtype_set()\fR may then be called zero or more times to adjust the +\&\fBSSL_CTX_dane_mtype_set()\fR may then be called zero or more times to adjust the supported digest algorithms. This must be done before any \s-1SSL\s0 handles are created for the context. .PP @@ -181,24 +185,24 @@ Algorithms with a larger strength ordinal are considered more secure. Strength ordinals are used to implement \s-1RFC7671\s0 digest algorithm agility. Specifying a \fB\s-1NULL\s0\fR digest algorithm for a matching type disables support for that matching type. -Matching type \fIFull\fR\|(0) cannot be modified or disabled. +Matching type \fBFull\fR\|(0) cannot be modified or disabled. .PP By default, matching type \f(CW\*(C`SHA2\-256(1)\*(C'\fR (see \s-1RFC7218\s0 for definitions of the \s-1DANE TLSA\s0 parameter acronyms) is mapped to \f(CW\*(C`EVP_sha256()\*(C'\fR with a strength ordinal of \f(CW1\fR and matching type \f(CW\*(C`SHA2\-512(2)\*(C'\fR is mapped to \f(CW\*(C`EVP_sha512()\*(C'\fR with a strength ordinal of \f(CW2\fR. .PP -\&\fISSL_dane_enable()\fR must be called before the \s-1SSL\s0 handshake is initiated with -\&\fISSL_connect\fR\|(3) if (and only if) you want to enable \s-1DANE\s0 for that connection. +\&\fBSSL_dane_enable()\fR must be called before the \s-1SSL\s0 handshake is initiated with +\&\fBSSL_connect\fR\|(3) if (and only if) you want to enable \s-1DANE\s0 for that connection. (The connection must be associated with a DANE-enabled \s-1SSL\s0 context). The \fBbasedomain\fR argument specifies the \s-1RFC7671 TLSA\s0 base domain, which will be the primary peer reference identifier for certificate name checks. -Additional server names can be specified via \fISSL_add1_host\fR\|(3). +Additional server names can be specified via \fBSSL_add1_host\fR\|(3). The \fBbasedomain\fR is used as the default \s-1SNI\s0 hint if none has yet been -specified via \fISSL_set_tlsext_host_name\fR\|(3). +specified via \fBSSL_set_tlsext_host_name\fR\|(3). .PP -\&\fISSL_dane_tlsa_add()\fR may then be called one or more times, to load each of the +\&\fBSSL_dane_tlsa_add()\fR may then be called one or more times, to load each of the \&\s-1TLSA\s0 records that apply to the remote \s-1TLS\s0 peer. (This too must be done prior to the beginning of the \s-1SSL\s0 handshake). The arguments specify the fields of the \s-1TLSA\s0 record. @@ -210,7 +214,7 @@ A return value of 0 indicates that \*(L"unusable\*(R" \s-1TLSA\s0 records (with unsupported parameters) were provided. A negative return value indicates an internal error in processing the record. .PP -The caller is expected to check the return value of each \fISSL_dane_tlsa_add()\fR +The caller is expected to check the return value of each \fBSSL_dane_tlsa_add()\fR call and take appropriate action if none are usable or an internal error is encountered in processing some records. .PP @@ -219,37 +223,37 @@ and authentication will be based on any configured traditional trust-anchors; authentication success in this case does not mean that the peer was DANE-authenticated. .PP -\&\fISSL_get0_dane_authority()\fR can be used to get more detailed information about +\&\fBSSL_get0_dane_authority()\fR can be used to get more detailed information about the matched \s-1DANE\s0 trust-anchor after successful connection completion. The return value is negative if \s-1DANE\s0 verification failed (or was not enabled), 0 if an \s-1EE TLSA\s0 record directly matched the leaf certificate, or a positive number indicating the depth at which a \s-1TA\s0 record matched an issuer certificate. -The complete verified chain can be retrieved via \fISSL_get0_verified_chain\fR\|(3). +The complete verified chain can be retrieved via \fBSSL_get0_verified_chain\fR\|(3). The return value is an index into this verified chain, rather than the list of -certificates sent by the peer as returned by \fISSL_get_peer_cert_chain\fR\|(3). +certificates sent by the peer as returned by \fBSSL_get_peer_cert_chain\fR\|(3). .PP If the \fBmcert\fR argument is not \fB\s-1NULL\s0\fR and a \s-1TLSA\s0 record matched a chain certificate, a pointer to the matching certificate is returned via \fBmcert\fR. The returned address is a short-term internal reference to the certificate and must not be freed by the application. Applications that want to retain access to the certificate can call -\&\fIX509_up_ref\fR\|(3) to obtain a long-term reference which must then be freed via -\&\fIX509_free\fR\|(3) once no longer needed. +\&\fBX509_up_ref\fR\|(3) to obtain a long-term reference which must then be freed via +\&\fBX509_free\fR\|(3) once no longer needed. .PP If no \s-1TLSA\s0 records directly matched any elements of the certificate chain, but -a \s-1\fIDANE\-TA\s0\fR\|(2) \s-1\fISPKI\s0\fR\|(1) \fIFull\fR\|(0) record provided the public key that signed an +a \s-1\fBDANE\-TA\s0\fR\|(2) \s-1\fBSPKI\s0\fR\|(1) \fBFull\fR\|(0) record provided the public key that signed an element of the chain, then that key is returned via \fBmspki\fR argument (if not \&\s-1NULL\s0). In this case the return value is the depth of the top-most element of the validated certificate chain. As with \fBmcert\fR this is a short-term internal reference, and -\&\fIEVP_PKEY_up_ref\fR\|(3) and \fIEVP_PKEY_free\fR\|(3) can be used to acquire and +\&\fBEVP_PKEY_up_ref\fR\|(3) and \fBEVP_PKEY_free\fR\|(3) can be used to acquire and release long-term references respectively. .PP -\&\fISSL_get0_dane_tlsa()\fR can be used to retrieve the fields of the \s-1TLSA\s0 record that +\&\fBSSL_get0_dane_tlsa()\fR can be used to retrieve the fields of the \s-1TLSA\s0 record that matched the peer certificate chain. The return value indicates the match depth or failure to match just as with -\&\fISSL_get0_dane_authority()\fR. +\&\fBSSL_get0_dane_authority()\fR. When the return value is non-negative, the storage pointed to by the \fBusage\fR, \&\fBselector\fR, \fBmtype\fR and \fBdata\fR parameters is updated to the corresponding \&\s-1TLSA\s0 record fields. @@ -260,9 +264,9 @@ The \fBdata\fR parameter is set to a short-term internal-copy of the associated data field and must not be freed by the application. Applications that need long-term access to this field need to copy the content. .PP -\&\fISSL_CTX_dane_set_flags()\fR and \fISSL_dane_set_flags()\fR can be used to enable +\&\fBSSL_CTX_dane_set_flags()\fR and \fBSSL_dane_set_flags()\fR can be used to enable optional \s-1DANE\s0 verification features. -\&\fISSL_CTX_dane_clear_flags()\fR and \fISSL_dane_clear_flags()\fR can be used to disable +\&\fBSSL_CTX_dane_clear_flags()\fR and \fBSSL_dane_clear_flags()\fR can be used to disable the same features. The \fBflags\fR argument is a bitmask of the features to enable or disable. The \fBflags\fR set for an \fB\s-1SSL_CTX\s0\fR context are copied to each \fB\s-1SSL\s0\fR handle @@ -272,7 +276,7 @@ for the handle. .PP At present, the only available option is \fB\s-1DANE_FLAG_NO_DANE_EE_NAMECHECKS\s0\fR which can be used to disable server name checks when authenticating via -\&\s-1\fIDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records. +\&\s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records. For some applications, primarily web browsers, it is not safe to disable name checks due to \*(L"unknown key share\*(R" attacks, in which a malicious server can convince a client that a connection to a victim server is instead a secure @@ -280,7 +284,7 @@ connection to the malicious server. The malicious server may then be able to violate cross-origin scripting restrictions. Thus, despite the text of \s-1RFC7671,\s0 name checks are by default enabled for -\&\s-1\fIDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records, and can be disabled in applications where it is safe +\&\s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records, and can be disabled in applications where it is safe to do so. In particular, \s-1SMTP\s0 and \s-1XMPP\s0 clients should set this option as \s-1SRV\s0 and \s-1MX\s0 records already make it possible for a remote domain to redirect client @@ -288,8 +292,8 @@ connections to any server of its choice, and in any case \s-1SMTP\s0 and \s-1XMP do not execute scripts downloaded from remote servers. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The functions \fISSL_CTX_dane_enable()\fR, \fISSL_CTX_dane_mtype_set()\fR, -\&\fISSL_dane_enable()\fR and \fISSL_dane_tlsa_add()\fR return a positive value on success. +The functions \fBSSL_CTX_dane_enable()\fR, \fBSSL_CTX_dane_mtype_set()\fR, +\&\fBSSL_dane_enable()\fR and \fBSSL_dane_tlsa_add()\fR return a positive value on success. Negative return values indicate resource problems (out of memory, etc.) in the \&\s-1SSL\s0 library, while a return value of \fB0\fR indicates incorrect usage or invalid input, such as an unsupported \s-1TLSA\s0 record certificate usage, selector or @@ -298,14 +302,14 @@ Invalid input also includes malformed data, either a digest length that does not match the digest algorithm, or a \f(CWFull(0)\fR (binary \s-1ASN.1 DER\s0 form) certificate or a public key that fails to parse. .PP -The functions \fISSL_get0_dane_authority()\fR and \fISSL_get0_dane_tlsa()\fR return a +The functions \fBSSL_get0_dane_authority()\fR and \fBSSL_get0_dane_tlsa()\fR return a negative value when \s-1DANE\s0 authentication failed or was not enabled, a non-negative value indicates the chain depth at which the \s-1TLSA\s0 record matched a chain certificate, or the depth of the top-most certificate, when the \s-1TLSA\s0 record is a full public key that is its signer. .PP -The functions \fISSL_CTX_dane_set_flags()\fR, \fISSL_CTX_dane_clear_flags()\fR, -\&\fISSL_dane_set_flags()\fR and \fISSL_dane_clear_flags()\fR return the \fBflags\fR in effect +The functions \fBSSL_CTX_dane_set_flags()\fR, \fBSSL_CTX_dane_clear_flags()\fR, +\&\fBSSL_dane_set_flags()\fR and \fBSSL_dane_clear_flags()\fR return the \fBflags\fR in effect before they were called. .SH "EXAMPLE" .IX Header "EXAMPLE" @@ -460,7 +464,7 @@ are published for a given peer, and otherwise will use unauthenticated \s-1TLS\s even cleartext. .PP Such applications should generally treat any \s-1TLSA\s0 records published by the peer -with usages \s-1\fIPKIX\-TA\s0\fR\|(0) and \s-1\fIPKIX\-EE\s0\fR\|(1) as \*(L"unusable\*(R", and should not include +with usages \s-1\fBPKIX\-TA\s0\fR\|(0) and \s-1\fBPKIX\-EE\s0\fR\|(1) as \*(L"unusable\*(R", and should not include them among the \s-1TLSA\s0 records used to authenticate peer connections. In addition, some \s-1TLSA\s0 records with supported usages may be \*(L"unusable\*(R" as a result of invalid or unsupported parameters. @@ -469,31 +473,31 @@ When a peer has \s-1TLSA\s0 records, but none are \*(L"usable\*(R", an opportuni application must avoid cleartext, but cannot authenticate the peer, and so should generally proceed with an unauthenticated connection. Opportunistic applications need to note the return value of each -call to \fISSL_dane_tlsa_add()\fR, and if all return 0 (due to invalid +call to \fBSSL_dane_tlsa_add()\fR, and if all return 0 (due to invalid or unsupported parameters) disable peer authentication by calling -\&\fISSL_set_verify\fR\|(3) with \fBmode\fR equal to \fB\s-1SSL_VERIFY_NONE\s0\fR. +\&\fBSSL_set_verify\fR\|(3) with \fBmode\fR equal to \fB\s-1SSL_VERIFY_NONE\s0\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_new\fR\|(3), -\&\fISSL_add1_host\fR\|(3), -\&\fISSL_set_hostflags\fR\|(3), -\&\fISSL_set_tlsext_host_name\fR\|(3), -\&\fISSL_set_verify\fR\|(3), -\&\fISSL_CTX_set_cert_verify_callback\fR\|(3), -\&\fISSL_get0_verified_chain\fR\|(3), -\&\fISSL_get_peer_cert_chain\fR\|(3), -\&\fISSL_get_verify_result\fR\|(3), -\&\fISSL_connect\fR\|(3), -\&\fISSL_get0_peername\fR\|(3), -\&\fIX509_verify_cert\fR\|(3), -\&\fIX509_up_ref\fR\|(3), -\&\fIX509_free\fR\|(3), -\&\fIEVP_get_digestbyname\fR\|(3), -\&\fIEVP_PKEY_up_ref\fR\|(3), -\&\fIEVP_PKEY_free\fR\|(3) +\&\fBSSL_new\fR\|(3), +\&\fBSSL_add1_host\fR\|(3), +\&\fBSSL_set_hostflags\fR\|(3), +\&\fBSSL_set_tlsext_host_name\fR\|(3), +\&\fBSSL_set_verify\fR\|(3), +\&\fBSSL_CTX_set_cert_verify_callback\fR\|(3), +\&\fBSSL_get0_verified_chain\fR\|(3), +\&\fBSSL_get_peer_cert_chain\fR\|(3), +\&\fBSSL_get_verify_result\fR\|(3), +\&\fBSSL_connect\fR\|(3), +\&\fBSSL_get0_peername\fR\|(3), +\&\fBX509_verify_cert\fR\|(3), +\&\fBX509_up_ref\fR\|(3), +\&\fBX509_free\fR\|(3), +\&\fBEVP_get_digestbyname\fR\|(3), +\&\fBEVP_PKEY_up_ref\fR\|(3), +\&\fBEVP_PKEY_free\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -These functions were first added to OpenSSL 1.1.0. +These functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3 b/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3 index 8d4509a7be52..0983894cbb8f 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_FLUSH_SESSIONS 3" -.TH SSL_CTX_FLUSH_SESSIONS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_FLUSH_SESSIONS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,35 +149,35 @@ SSL_CTX_flush_sessions \- remove expired sessions .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_flush_sessions()\fR causes a run through the session cache of +\&\fBSSL_CTX_flush_sessions()\fR causes a run through the session cache of \&\fBctx\fR to remove sessions expired at time \fBtm\fR. .SH "NOTES" .IX Header "NOTES" If enabled, the internal session cache will collect all sessions established -up to the specified maximum number (see \fISSL_CTX_sess_set_cache_size()\fR). +up to the specified maximum number (see \fBSSL_CTX_sess_set_cache_size()\fR). As sessions will not be reused ones they are expired, they should be removed from the cache to save resources. This can either be done automatically whenever 255 new sessions were established (see -\&\fISSL_CTX_set_session_cache_mode\fR\|(3)) -or manually by calling \fISSL_CTX_flush_sessions()\fR. +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3)) +or manually by calling \fBSSL_CTX_flush_sessions()\fR. .PP The parameter \fBtm\fR specifies the time which should be used for the -expiration test, in most cases the actual time given by \fItime\fR\|(0) +expiration test, in most cases the actual time given by \fBtime\fR\|(0) will be used. .PP -\&\fISSL_CTX_flush_sessions()\fR will only check sessions stored in the internal +\&\fBSSL_CTX_flush_sessions()\fR will only check sessions stored in the internal cache. When a session is found and removed, the remove_session_cb is however called to synchronize with the external cache (see -\&\fISSL_CTX_sess_set_get_cb\fR\|(3)). +\&\fBSSL_CTX_sess_set_get_cb\fR\|(3)). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_flush_sessions()\fR does not return a value. +\&\fBSSL_CTX_flush_sessions()\fR does not return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), -\&\fISSL_CTX_set_session_cache_mode\fR\|(3), -\&\fISSL_CTX_set_timeout\fR\|(3), -\&\fISSL_CTX_sess_set_get_cb\fR\|(3) +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_CTX_set_timeout\fR\|(3), +\&\fBSSL_CTX_sess_set_get_cb\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_free.3 b/secure/lib/libcrypto/man/SSL_CTX_free.3 index 702b9af168f6..f4956d189b8a 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_free.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_free.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_FREE 3" -.TH SSL_CTX_FREE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_FREE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,29 +149,29 @@ SSL_CTX_free \- free an allocated SSL_CTX object .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_free()\fR decrements the reference count of \fBctx\fR, and removes the +\&\fBSSL_CTX_free()\fR decrements the reference count of \fBctx\fR, and removes the \&\s-1SSL_CTX\s0 object pointed to by \fBctx\fR and frees up the allocated memory if the reference count has reached 0. .PP -It also calls the \fIfree()\fRing procedures for indirectly affected items, if +It also calls the \fBfree()\fRing procedures for indirectly affected items, if applicable: the session cache, the list of ciphers, the list of Client CAs, the certificates and keys. .PP If \fBctx\fR is \s-1NULL\s0 nothing is done. .SH "WARNINGS" .IX Header "WARNINGS" -If a session-remove callback is set (\fISSL_CTX_sess_set_remove_cb()\fR), this +If a session-remove callback is set (\fBSSL_CTX_sess_set_remove_cb()\fR), this callback will be called for each session being freed from \fBctx\fR's session cache. This implies, that all corresponding sessions from an external session cache are removed as well. If this is not desired, the user should explicitly unset the callback by calling -SSL_CTX_sess_set_remove_cb(\fBctx\fR, \s-1NULL\s0) prior to calling \fISSL_CTX_free()\fR. +SSL_CTX_sess_set_remove_cb(\fBctx\fR, \s-1NULL\s0) prior to calling \fBSSL_CTX_free()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_free()\fR does not provide diagnostic information. +\&\fBSSL_CTX_free()\fR does not provide diagnostic information. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_CTX_new\fR\|(3), \fIssl\fR\|(7), -\&\fISSL_CTX_sess_set_get_cb\fR\|(3) +\&\fBSSL_CTX_new\fR\|(3), \fBssl\fR\|(7), +\&\fBSSL_CTX_sess_set_get_cb\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_get0_param.3 b/secure/lib/libcrypto/man/SSL_CTX_get0_param.3 index 94f0d5d1747e..d1a5567f20bc 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_get0_param.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_get0_param.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_GET0_PARAM 3" -.TH SSL_CTX_GET0_PARAM 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_GET0_PARAM 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,16 +152,16 @@ SSL_CTX_get0_param, SSL_get0_param, SSL_CTX_set1_param, SSL_set1_param \- get an .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_get0_param()\fR and \fISSL_get0_param()\fR retrieve an internal pointer to +\&\fBSSL_CTX_get0_param()\fR and \fBSSL_get0_param()\fR retrieve an internal pointer to the verification parameters for \fBctx\fR or \fBssl\fR respectively. The returned pointer must not be freed by the calling application. .PP -\&\fISSL_CTX_set1_param()\fR and \fISSL_set1_param()\fR set the verification parameters +\&\fBSSL_CTX_set1_param()\fR and \fBSSL_set1_param()\fR set the verification parameters to \fBvpm\fR for \fBctx\fR or \fBssl\fR. .SH "NOTES" .IX Header "NOTES" Typically parameters are retrieved from an \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR structure -using \fISSL_CTX_get0_param()\fR or \fISSL_get0_param()\fR and an application modifies +using \fBSSL_CTX_get0_param()\fR or \fBSSL_get0_param()\fR and an application modifies them to suit its needs: for example to add a hostname check. .SH "EXAMPLE" .IX Header "EXAMPLE" @@ -169,17 +173,17 @@ Check hostname matches \*(L"www.foo.com\*(R" in peer certificate: .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_get0_param()\fR and \fISSL_get0_param()\fR return a pointer to an +\&\fBSSL_CTX_get0_param()\fR and \fBSSL_get0_param()\fR return a pointer to an \&\fBX509_VERIFY_PARAM\fR structure. .PP -\&\fISSL_CTX_set1_param()\fR and \fISSL_set1_param()\fR return 1 for success and 0 +\&\fBSSL_CTX_set1_param()\fR and \fBSSL_set1_param()\fR return 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIX509_VERIFY_PARAM_set_flags\fR\|(3) +\&\fBX509_VERIFY_PARAM_set_flags\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -These functions were first added to OpenSSL 1.0.2. +These functions were added in OpenSSL 1.0.2. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3 b/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3 index c0cdcfcaafde..888a1d8b3189 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_GET_VERIFY_MODE 3" -.TH SSL_CTX_GET_VERIFY_MODE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_GET_VERIFY_MODE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,25 +154,25 @@ SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_ .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_get_verify_mode()\fR returns the verification mode currently set in +\&\fBSSL_CTX_get_verify_mode()\fR returns the verification mode currently set in \&\fBctx\fR. .PP -\&\fISSL_get_verify_mode()\fR returns the verification mode currently set in +\&\fBSSL_get_verify_mode()\fR returns the verification mode currently set in \&\fBssl\fR. .PP -\&\fISSL_CTX_get_verify_depth()\fR returns the verification depth limit currently set +\&\fBSSL_CTX_get_verify_depth()\fR returns the verification depth limit currently set in \fBctx\fR. If no limit has been explicitly set, \-1 is returned and the default value will be used. .PP -\&\fISSL_get_verify_depth()\fR returns the verification depth limit currently set +\&\fBSSL_get_verify_depth()\fR returns the verification depth limit currently set in \fBssl\fR. If no limit has been explicitly set, \-1 is returned and the default value will be used. .PP -\&\fISSL_CTX_get_verify_callback()\fR returns a function pointer to the verification +\&\fBSSL_CTX_get_verify_callback()\fR returns a function pointer to the verification callback currently set in \fBctx\fR. If no callback was explicitly set, the \&\s-1NULL\s0 pointer is returned and the default callback will be used. .PP -\&\fISSL_get_verify_callback()\fR returns a function pointer to the verification +\&\fBSSL_get_verify_callback()\fR returns a function pointer to the verification callback currently set in \fBssl\fR. If no callback was explicitly set, the \&\s-1NULL\s0 pointer is returned and the default callback will be used. .SH "RETURN VALUES" @@ -176,7 +180,7 @@ callback currently set in \fBssl\fR. If no callback was explicitly set, the See \s-1DESCRIPTION\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_CTX_set_verify\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_CTX_set_verify\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_has_client_custom_ext.3 b/secure/lib/libcrypto/man/SSL_CTX_has_client_custom_ext.3 index 4fee378010d7..9ac39f7b3ebb 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_has_client_custom_ext.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_has_client_custom_ext.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_HAS_CLIENT_CUSTOM_EXT 3" -.TH SSL_CTX_HAS_CLIENT_CUSTOM_EXT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_HAS_CLIENT_CUSTOM_EXT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,15 +149,15 @@ SSL_CTX_has_client_custom_ext \- check whether a handler exists for a particular .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_has_client_custom_ext()\fR checks whether a handler has been set for a -client extension of type \fBext_type\fR using \fISSL_CTX_add_client_custom_ext()\fR. +\&\fBSSL_CTX_has_client_custom_ext()\fR checks whether a handler has been set for a +client extension of type \fBext_type\fR using \fBSSL_CTX_add_client_custom_ext()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Returns 1 if a handler has been set, 0 otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), -\&\fISSL_CTX_add_client_custom_ext\fR\|(3) +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_add_client_custom_ext\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3 b/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3 index 83fd67e9fa90..663212fd1d56 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_LOAD_VERIFY_LOCATIONS 3" -.TH SSL_CTX_LOAD_VERIFY_LOCATIONS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_LOAD_VERIFY_LOCATIONS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -152,11 +156,11 @@ SSL_CTX_load_verify_locations, SSL_CTX_set_default_verify_paths, SSL_CTX_set_def .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_load_verify_locations()\fR specifies the locations for \fBctx\fR, at +\&\fBSSL_CTX_load_verify_locations()\fR specifies the locations for \fBctx\fR, at which \s-1CA\s0 certificates for verification purposes are located. The certificates available via \fBCAfile\fR and \fBCApath\fR are trusted. .PP -\&\fISSL_CTX_set_default_verify_paths()\fR specifies that the default locations from +\&\fBSSL_CTX_set_default_verify_paths()\fR specifies that the default locations from which \s-1CA\s0 certificates are loaded should be used. There is one default directory and one default file. The default \s-1CA\s0 certificates directory is called \*(L"certs\*(R" in the default OpenSSL directory. Alternatively the \s-1SSL_CERT_DIR\s0 environment @@ -164,12 +168,12 @@ variable can be defined to override this location. The default \s-1CA\s0 certifi file is called \*(L"cert.pem\*(R" in the default OpenSSL directory. Alternatively the \&\s-1SSL_CERT_FILE\s0 environment variable can be defined to override this location. .PP -\&\fISSL_CTX_set_default_verify_dir()\fR is similar to -\&\fISSL_CTX_set_default_verify_paths()\fR except that just the default directory is +\&\fBSSL_CTX_set_default_verify_dir()\fR is similar to +\&\fBSSL_CTX_set_default_verify_paths()\fR except that just the default directory is used. .PP -\&\fISSL_CTX_set_default_verify_file()\fR is similar to -\&\fISSL_CTX_set_default_verify_paths()\fR except that just the default file is +\&\fBSSL_CTX_set_default_verify_file()\fR is similar to +\&\fBSSL_CTX_set_default_verify_paths()\fR except that just the default file is used. .SH "NOTES" .IX Header "NOTES" @@ -185,7 +189,7 @@ format. The file can contain several \s-1CA\s0 certificates identified by sequences. Before, between, and after the certificates text is allowed which can be used e.g. for descriptions of the certificates. .PP -The \fBCAfile\fR is processed on execution of the \fISSL_CTX_load_verify_locations()\fR +The \fBCAfile\fR is processed on execution of the \fBSSL_CTX_load_verify_locations()\fR function. .PP If \fBCApath\fR is not \s-1NULL,\s0 it points to a directory containing \s-1CA\s0 certificates @@ -214,14 +218,14 @@ In server mode, when requesting a client certificate, the server must send the list of CAs of which it will accept client certificates. This list is not influenced by the contents of \fBCAfile\fR or \fBCApath\fR and must explicitly be set using the -\&\fISSL_CTX_set_client_CA_list\fR\|(3) +\&\fBSSL_CTX_set_client_CA_list\fR\|(3) family of functions. .PP When building its own certificate chain, an OpenSSL client/server will try to fill in missing certificates from \fBCAfile\fR/\fBCApath\fR, if the certificate chain was not explicitly specified (see -\&\fISSL_CTX_add_extra_chain_cert\fR\|(3), -\&\fISSL_CTX_use_certificate\fR\|(3). +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3), +\&\fBSSL_CTX_use_certificate\fR\|(3). .SH "WARNINGS" .IX Header "WARNINGS" If several \s-1CA\s0 certificates matching the name, key identifier, and serial @@ -261,18 +265,18 @@ stack to find out the reason. .IX Item "1" The operation succeeded. .PP -\&\fISSL_CTX_set_default_verify_paths()\fR, \fISSL_CTX_set_default_verify_dir()\fR and -\&\fISSL_CTX_set_default_verify_file()\fR all return 1 on success or 0 on failure. A +\&\fBSSL_CTX_set_default_verify_paths()\fR, \fBSSL_CTX_set_default_verify_dir()\fR and +\&\fBSSL_CTX_set_default_verify_file()\fR all return 1 on success or 0 on failure. A missing default location is still treated as a success. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), -\&\fISSL_CTX_set_client_CA_list\fR\|(3), -\&\fISSL_get_client_CA_list\fR\|(3), -\&\fISSL_CTX_use_certificate\fR\|(3), -\&\fISSL_CTX_add_extra_chain_cert\fR\|(3), -\&\fISSL_CTX_set_cert_store\fR\|(3), -\&\fISSL_CTX_set_client_CA_list\fR\|(3) +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_client_CA_list\fR\|(3), +\&\fBSSL_get_client_CA_list\fR\|(3), +\&\fBSSL_CTX_use_certificate\fR\|(3), +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3), +\&\fBSSL_CTX_set_cert_store\fR\|(3), +\&\fBSSL_CTX_set_client_CA_list\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_new.3 b/secure/lib/libcrypto/man/SSL_CTX_new.3 index ae7108110c86..a438f6b23f5b 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_new.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_NEW 3" -.TH SSL_CTX_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -194,12 +198,12 @@ TLSv1_2_method, TLSv1_2_server_method, TLSv1_2_client_method, SSL_CTX_new, SSL_C .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_new()\fR creates a new \fB\s-1SSL_CTX\s0\fR object as framework to +\&\fBSSL_CTX_new()\fR creates a new \fB\s-1SSL_CTX\s0\fR object as framework to establish \s-1TLS/SSL\s0 or \s-1DTLS\s0 enabled connections. An \fB\s-1SSL_CTX\s0\fR object is reference counted. Creating an \fB\s-1SSL_CTX\s0\fR object for the first time increments the reference count. Freeing it (using SSL_CTX_free) decrements it. When the reference count drops to zero, any memory or resources allocated to the -\&\fB\s-1SSL_CTX\s0\fR object are freed. \fISSL_CTX_up_ref()\fR increments the reference count for +\&\fB\s-1SSL_CTX\s0\fR object are freed. \fBSSL_CTX_up_ref()\fR increments the reference count for an existing \fB\s-1SSL_CTX\s0\fR structure. .SH "NOTES" .IX Header "NOTES" @@ -207,7 +211,7 @@ The \s-1SSL_CTX\s0 object uses \fBmethod\fR as connection method. The methods exist in a generic type (for client and server use), a server only type, and a client only type. \&\fBmethod\fR can be of the following types: -.IP "\fITLS_method()\fR, \fITLS_server_method()\fR, \fITLS_client_method()\fR" 4 +.IP "\fBTLS_method()\fR, \fBTLS_server_method()\fR, \fBTLS_client_method()\fR" 4 .IX Item "TLS_method(), TLS_server_method(), TLS_client_method()" These are the general-purpose \fIversion-flexible\fR \s-1SSL/TLS\s0 methods. The actual protocol version used will be negotiated to the highest version @@ -215,53 +219,53 @@ mutually supported by the client and the server. The supported protocols are SSLv3, TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3. Applications should use these methods, and avoid the version-specific methods described below. -.IP "\fISSLv23_method()\fR, \fISSLv23_server_method()\fR, \fISSLv23_client_method()\fR" 4 +.IP "\fBSSLv23_method()\fR, \fBSSLv23_server_method()\fR, \fBSSLv23_client_method()\fR" 4 .IX Item "SSLv23_method(), SSLv23_server_method(), SSLv23_client_method()" Use of these functions is deprecated. They have been replaced with the above -\&\fITLS_method()\fR, \fITLS_server_method()\fR and \fITLS_client_method()\fR respectively. New +\&\fBTLS_method()\fR, \fBTLS_server_method()\fR and \fBTLS_client_method()\fR respectively. New code should use those functions instead. -.IP "\fITLSv1_2_method()\fR, \fITLSv1_2_server_method()\fR, \fITLSv1_2_client_method()\fR" 4 +.IP "\fBTLSv1_2_method()\fR, \fBTLSv1_2_server_method()\fR, \fBTLSv1_2_client_method()\fR" 4 .IX Item "TLSv1_2_method(), TLSv1_2_server_method(), TLSv1_2_client_method()" A \s-1TLS/SSL\s0 connection established with these methods will only understand the TLSv1.2 protocol. -.IP "\fITLSv1_1_method()\fR, \fITLSv1_1_server_method()\fR, \fITLSv1_1_client_method()\fR" 4 +.IP "\fBTLSv1_1_method()\fR, \fBTLSv1_1_server_method()\fR, \fBTLSv1_1_client_method()\fR" 4 .IX Item "TLSv1_1_method(), TLSv1_1_server_method(), TLSv1_1_client_method()" A \s-1TLS/SSL\s0 connection established with these methods will only understand the TLSv1.1 protocol. -.IP "\fITLSv1_method()\fR, \fITLSv1_server_method()\fR, \fITLSv1_client_method()\fR" 4 +.IP "\fBTLSv1_method()\fR, \fBTLSv1_server_method()\fR, \fBTLSv1_client_method()\fR" 4 .IX Item "TLSv1_method(), TLSv1_server_method(), TLSv1_client_method()" A \s-1TLS/SSL\s0 connection established with these methods will only understand the TLSv1 protocol. -.IP "\fISSLv3_method()\fR, \fISSLv3_server_method()\fR, \fISSLv3_client_method()\fR" 4 +.IP "\fBSSLv3_method()\fR, \fBSSLv3_server_method()\fR, \fBSSLv3_client_method()\fR" 4 .IX Item "SSLv3_method(), SSLv3_server_method(), SSLv3_client_method()" A \s-1TLS/SSL\s0 connection established with these methods will only understand the SSLv3 protocol. The SSLv3 protocol is deprecated and should not be used. -.IP "\fIDTLS_method()\fR, \fIDTLS_server_method()\fR, \fIDTLS_client_method()\fR" 4 +.IP "\fBDTLS_method()\fR, \fBDTLS_server_method()\fR, \fBDTLS_client_method()\fR" 4 .IX Item "DTLS_method(), DTLS_server_method(), DTLS_client_method()" These are the version-flexible \s-1DTLS\s0 methods. Currently supported protocols are \s-1DTLS 1.0\s0 and \s-1DTLS 1.2.\s0 -.IP "\fIDTLSv1_2_method()\fR, \fIDTLSv1_2_server_method()\fR, \fIDTLSv1_2_client_method()\fR" 4 +.IP "\fBDTLSv1_2_method()\fR, \fBDTLSv1_2_server_method()\fR, \fBDTLSv1_2_client_method()\fR" 4 .IX Item "DTLSv1_2_method(), DTLSv1_2_server_method(), DTLSv1_2_client_method()" These are the version-specific methods for DTLSv1.2. -.IP "\fIDTLSv1_method()\fR, \fIDTLSv1_server_method()\fR, \fIDTLSv1_client_method()\fR" 4 +.IP "\fBDTLSv1_method()\fR, \fBDTLSv1_server_method()\fR, \fBDTLSv1_client_method()\fR" 4 .IX Item "DTLSv1_method(), DTLSv1_server_method(), DTLSv1_client_method()" These are the version-specific methods for DTLSv1. .PP -\&\fISSL_CTX_new()\fR initializes the list of ciphers, the session cache setting, the +\&\fBSSL_CTX_new()\fR initializes the list of ciphers, the session cache setting, the callbacks, the keys and certificates and the options to their default values. .PP -\&\fITLS_method()\fR, \fITLS_server_method()\fR, \fITLS_client_method()\fR, \fIDTLS_method()\fR, -\&\fIDTLS_server_method()\fR and \fIDTLS_client_method()\fR are the \fIversion-flexible\fR +\&\fBTLS_method()\fR, \fBTLS_server_method()\fR, \fBTLS_client_method()\fR, \fBDTLS_method()\fR, +\&\fBDTLS_server_method()\fR and \fBDTLS_client_method()\fR are the \fIversion-flexible\fR methods. All other methods only support one specific protocol version. Use the \fIversion-flexible\fR methods instead of the version specific methods. .PP If you want to limit the supported protocols for the version flexible -methods you can use \fISSL_CTX_set_min_proto_version\fR\|(3), -\&\fISSL_set_min_proto_version\fR\|(3), \fISSL_CTX_set_max_proto_version\fR\|(3) and -\&\fISSL_set_max_proto_version\fR\|(3) functions. -Using these functions it is possible to choose e.g. \fITLS_server_method()\fR +methods you can use \fBSSL_CTX_set_min_proto_version\fR\|(3), +\&\fBSSL_set_min_proto_version\fR\|(3), \fBSSL_CTX_set_max_proto_version\fR\|(3) and +\&\fBSSL_set_max_proto_version\fR\|(3) functions. +Using these functions it is possible to choose e.g. \fBTLS_server_method()\fR and be able to negotiate with all possible clients, but to only allow newer protocols like \s-1TLS 1.0, TLS 1.1, TLS 1.2\s0 or \s-1TLS 1.3.\s0 .PP @@ -269,7 +273,7 @@ The list of protocols available can also be limited using the \&\fBSSL_OP_NO_SSLv3\fR, \fBSSL_OP_NO_TLSv1\fR, \fBSSL_OP_NO_TLSv1_1\fR, \&\fBSSL_OP_NO_TLSv1_3\fR, \fBSSL_OP_NO_TLSv1_2\fR and \fBSSL_OP_NO_TLSv1_3\fR options of the -\&\fISSL_CTX_set_options\fR\|(3) or \fISSL_set_options\fR\|(3) functions, but this approach +\&\fBSSL_CTX_set_options\fR\|(3) or \fBSSL_set_options\fR\|(3) functions, but this approach is not recommended. Clients should avoid creating \*(L"holes\*(R" in the set of protocols they support. When disabling a protocol, make sure that you also disable either all previous or all subsequent protocol versions. @@ -278,7 +282,7 @@ previous protocol versions, the effect is to also disable all subsequent protocol versions. .PP The SSLv3 protocol is deprecated and should generally not be used. -Applications should typically use \fISSL_CTX_set_min_proto_version\fR\|(3) to set +Applications should typically use \fBSSL_CTX_set_min_proto_version\fR\|(3) to set the minimum protocol to at least \fB\s-1TLS1_VERSION\s0\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -291,22 +295,22 @@ the reason. .IX Item "Pointer to an SSL_CTX object" The return value points to an allocated \s-1SSL_CTX\s0 object. .Sp -\&\fISSL_CTX_up_ref()\fR returns 1 for success and 0 for failure. +\&\fBSSL_CTX_up_ref()\fR returns 1 for success and 0 for failure. .SH "HISTORY" .IX Header "HISTORY" -Support for SSLv2 and the corresponding \fISSLv2_method()\fR, -\&\fISSLv2_server_method()\fR and \fISSLv2_client_method()\fR functions where +Support for SSLv2 and the corresponding \fBSSLv2_method()\fR, +\&\fBSSLv2_server_method()\fR and \fBSSLv2_client_method()\fR functions where removed in OpenSSL 1.1.0. .PP -\&\fISSLv23_method()\fR, \fISSLv23_server_method()\fR and \fISSLv23_client_method()\fR -were deprecated and the preferred \fITLS_method()\fR, \fITLS_server_method()\fR -and \fITLS_client_method()\fR functions were introduced in OpenSSL 1.1.0. +\&\fBSSLv23_method()\fR, \fBSSLv23_server_method()\fR and \fBSSLv23_client_method()\fR +were deprecated and the preferred \fBTLS_method()\fR, \fBTLS_server_method()\fR +and \fBTLS_client_method()\fR functions were introduced in OpenSSL 1.1.0. .PP All version-specific methods were deprecated in OpenSSL 1.1.0. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_CTX_set_options\fR\|(3), \fISSL_CTX_free\fR\|(3), \fISSL_accept\fR\|(3), -\&\fISSL_CTX_set_min_proto_version\fR\|(3), \fIssl\fR\|(7), \fISSL_set_connect_state\fR\|(3) +\&\fBSSL_CTX_set_options\fR\|(3), \fBSSL_CTX_free\fR\|(3), \fBSSL_accept\fR\|(3), +\&\fBSSL_CTX_set_min_proto_version\fR\|(3), \fBssl\fR\|(7), \fBSSL_set_connect_state\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_sess_number.3 b/secure/lib/libcrypto/man/SSL_CTX_sess_number.3 index 24f80480844f..bea9ee15ae9a 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_sess_number.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_sess_number.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SESS_NUMBER 3" -.TH SSL_CTX_SESS_NUMBER 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SESS_NUMBER 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,53 +160,53 @@ SSL_CTX_sess_number, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_se .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_sess_number()\fR returns the current number of sessions in the internal +\&\fBSSL_CTX_sess_number()\fR returns the current number of sessions in the internal session cache. .PP -\&\fISSL_CTX_sess_connect()\fR returns the number of started \s-1SSL/TLS\s0 handshakes in +\&\fBSSL_CTX_sess_connect()\fR returns the number of started \s-1SSL/TLS\s0 handshakes in client mode. .PP -\&\fISSL_CTX_sess_connect_good()\fR returns the number of successfully established +\&\fBSSL_CTX_sess_connect_good()\fR returns the number of successfully established \&\s-1SSL/TLS\s0 sessions in client mode. .PP -\&\fISSL_CTX_sess_connect_renegotiate()\fR returns the number of started renegotiations +\&\fBSSL_CTX_sess_connect_renegotiate()\fR returns the number of started renegotiations in client mode. .PP -\&\fISSL_CTX_sess_accept()\fR returns the number of started \s-1SSL/TLS\s0 handshakes in +\&\fBSSL_CTX_sess_accept()\fR returns the number of started \s-1SSL/TLS\s0 handshakes in server mode. .PP -\&\fISSL_CTX_sess_accept_good()\fR returns the number of successfully established +\&\fBSSL_CTX_sess_accept_good()\fR returns the number of successfully established \&\s-1SSL/TLS\s0 sessions in server mode. .PP -\&\fISSL_CTX_sess_accept_renegotiate()\fR returns the number of started renegotiations +\&\fBSSL_CTX_sess_accept_renegotiate()\fR returns the number of started renegotiations in server mode. .PP -\&\fISSL_CTX_sess_hits()\fR returns the number of successfully reused sessions. -In client mode a session set with \fISSL_set_session\fR\|(3) +\&\fBSSL_CTX_sess_hits()\fR returns the number of successfully reused sessions. +In client mode a session set with \fBSSL_set_session\fR\|(3) successfully reused is counted as a hit. In server mode a session successfully retrieved from internal or external cache is counted as a hit. .PP -\&\fISSL_CTX_sess_cb_hits()\fR returns the number of successfully retrieved sessions +\&\fBSSL_CTX_sess_cb_hits()\fR returns the number of successfully retrieved sessions from the external session cache in server mode. .PP -\&\fISSL_CTX_sess_misses()\fR returns the number of sessions proposed by clients +\&\fBSSL_CTX_sess_misses()\fR returns the number of sessions proposed by clients that were not found in the internal session cache in server mode. .PP -\&\fISSL_CTX_sess_timeouts()\fR returns the number of sessions proposed by clients +\&\fBSSL_CTX_sess_timeouts()\fR returns the number of sessions proposed by clients and either found in the internal or external session cache in server mode, but that were invalid due to timeout. These sessions are not included in -the \fISSL_CTX_sess_hits()\fR count. +the \fBSSL_CTX_sess_hits()\fR count. .PP -\&\fISSL_CTX_sess_cache_full()\fR returns the number of sessions that were removed +\&\fBSSL_CTX_sess_cache_full()\fR returns the number of sessions that were removed because the maximum session cache size was exceeded. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The functions return the values indicated in the \s-1DESCRIPTION\s0 section. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_set_session\fR\|(3), -\&\fISSL_CTX_set_session_cache_mode\fR\|(3) -\&\fISSL_CTX_sess_set_cache_size\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_set_session\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3) +\&\fBSSL_CTX_sess_set_cache_size\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3 b/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3 index 1e21c15ffa3a..0a849443926f 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SESS_SET_CACHE_SIZE 3" -.TH SSL_CTX_SESS_SET_CACHE_SIZE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SESS_SET_CACHE_SIZE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,22 +150,22 @@ SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size \- manipulate session c .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_sess_set_cache_size()\fR sets the size of the internal session cache +\&\fBSSL_CTX_sess_set_cache_size()\fR sets the size of the internal session cache of context \fBctx\fR to \fBt\fR. This value is a hint and not an absolute; see the notes below. .PP -\&\fISSL_CTX_sess_get_cache_size()\fR returns the currently valid session cache size. +\&\fBSSL_CTX_sess_get_cache_size()\fR returns the currently valid session cache size. .SH "NOTES" .IX Header "NOTES" The internal session cache size is \s-1SSL_SESSION_CACHE_MAX_SIZE_DEFAULT,\s0 currently 1024*20, so that up to 20000 sessions can be held. This size -can be modified using the \fISSL_CTX_sess_set_cache_size()\fR call. A special +can be modified using the \fBSSL_CTX_sess_set_cache_size()\fR call. A special case is the size 0, which is used for unlimited size. .PP If adding the session makes the cache exceed its size, then unused sessions are dropped from the end of the cache. Cache space may also be reclaimed by calling -\&\fISSL_CTX_flush_sessions\fR\|(3) to remove +\&\fBSSL_CTX_flush_sessions\fR\|(3) to remove expired sessions. .PP If the size of the session cache is reduced and more sessions are already @@ -170,15 +174,15 @@ session shall be added. This removal is not synchronized with the expiration of sessions. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_sess_set_cache_size()\fR returns the previously valid size. +\&\fBSSL_CTX_sess_set_cache_size()\fR returns the previously valid size. .PP -\&\fISSL_CTX_sess_get_cache_size()\fR returns the currently valid size. +\&\fBSSL_CTX_sess_get_cache_size()\fR returns the currently valid size. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), -\&\fISSL_CTX_set_session_cache_mode\fR\|(3), -\&\fISSL_CTX_sess_number\fR\|(3), -\&\fISSL_CTX_flush_sessions\fR\|(3) +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_CTX_sess_number\fR\|(3), +\&\fBSSL_CTX_flush_sessions\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3 index 87db05672f8e..e1f1f1a6195a 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SESS_SET_GET_CB 3" -.TH SSL_CTX_SESS_SET_GET_CB 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SESS_SET_GET_CB 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -161,22 +165,22 @@ SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SS .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_sess_set_new_cb()\fR sets the callback function, which is automatically +\&\fBSSL_CTX_sess_set_new_cb()\fR sets the callback function, which is automatically called whenever a new session was negotiated. .PP -\&\fISSL_CTX_sess_set_remove_cb()\fR sets the callback function, which is +\&\fBSSL_CTX_sess_set_remove_cb()\fR sets the callback function, which is automatically called whenever a session is removed by the \s-1SSL\s0 engine, because it is considered faulty or the session has become obsolete because of exceeding the timeout value. .PP -\&\fISSL_CTX_sess_set_get_cb()\fR sets the callback function which is called, +\&\fBSSL_CTX_sess_set_get_cb()\fR sets the callback function which is called, whenever a \s-1SSL/TLS\s0 client proposed to resume a session but the session could not be found in the internal session cache (see -\&\fISSL_CTX_set_session_cache_mode\fR\|(3)). +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3)). (\s-1SSL/TLS\s0 server only.) .PP -\&\fISSL_CTX_sess_get_new_cb()\fR, \fISSL_CTX_sess_get_remove_cb()\fR, and -\&\fISSL_CTX_sess_get_get_cb()\fR retrieve the function pointers set by the +\&\fBSSL_CTX_sess_get_new_cb()\fR, \fBSSL_CTX_sess_get_remove_cb()\fR, and +\&\fBSSL_CTX_sess_get_get_cb()\fR retrieve the function pointers set by the corresponding set callback functions. If a callback function has not been set, the \s-1NULL\s0 pointer is returned. .SH "NOTES" @@ -184,53 +188,53 @@ set, the \s-1NULL\s0 pointer is returned. In order to allow external session caching, synchronization with the internal session cache is realized via callback functions. Inside these callback functions, session can be saved to disk or put into a database using the -\&\fId2i_SSL_SESSION\fR\|(3) interface. +\&\fBd2i_SSL_SESSION\fR\|(3) interface. .PP -The \fInew_session_cb()\fR is called, whenever a new session has been negotiated +The \fBnew_session_cb()\fR is called, whenever a new session has been negotiated and session caching is enabled (see -\&\fISSL_CTX_set_session_cache_mode\fR\|(3)). -The \fInew_session_cb()\fR is passed the \fBssl\fR connection and the ssl session +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3)). +The \fBnew_session_cb()\fR is passed the \fBssl\fR connection and the ssl session \&\fBsess\fR. If the callback returns \fB0\fR, the session will be immediately removed again. Note that in TLSv1.3, sessions are established after the main handshake has completed. The server decides when to send the client the session information and this may occur some time after the end of the handshake (or not -at all). This means that applications should expect the \fInew_session_cb()\fR +at all). This means that applications should expect the \fBnew_session_cb()\fR function to be invoked during the handshake (for <= TLSv1.2) or after the handshake (for TLSv1.3). It is also possible in TLSv1.3 for multiple sessions to -be established with a single connection. In these case the \fInew_session_cb()\fR +be established with a single connection. In these case the \fBnew_session_cb()\fR function will be invoked multiple times. .PP In TLSv1.3 it is recommended that each \s-1SSL_SESSION\s0 object is only used for resumption once. One way of enforcing that is for applications to call -\&\fISSL_CTX_remove_session\fR\|(3) after a session has been used. +\&\fBSSL_CTX_remove_session\fR\|(3) after a session has been used. .PP -The \fIremove_session_cb()\fR is called, whenever the \s-1SSL\s0 engine removes a session +The \fBremove_session_cb()\fR is called, whenever the \s-1SSL\s0 engine removes a session from the internal cache. This happens when the session is removed because it is expired or when a connection was not shutdown cleanly. It also happens for all sessions in the internal session cache when -\&\fISSL_CTX_free\fR\|(3) is called. The \fIremove_session_cb()\fR is passed +\&\fBSSL_CTX_free\fR\|(3) is called. The \fBremove_session_cb()\fR is passed the \fBctx\fR and the ssl session \fBsess\fR. It does not provide any feedback. .PP -The \fIget_session_cb()\fR is only called on \s-1SSL/TLS\s0 servers with the session id -proposed by the client. The \fIget_session_cb()\fR is always called, also when -session caching was disabled. The \fIget_session_cb()\fR is passed the +The \fBget_session_cb()\fR is only called on \s-1SSL/TLS\s0 servers with the session id +proposed by the client. The \fBget_session_cb()\fR is always called, also when +session caching was disabled. The \fBget_session_cb()\fR is passed the \&\fBssl\fR connection, the session id of length \fBlength\fR at the memory location \&\fBdata\fR. With the parameter \fBcopy\fR the callback can require the \&\s-1SSL\s0 engine to increment the reference count of the \s-1SSL_SESSION\s0 object, Normally the reference count is not incremented and therefore the session must not be explicitly freed with -\&\fISSL_SESSION_free\fR\|(3). +\&\fBSSL_SESSION_free\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_sess_get_new_cb()\fR, \fISSL_CTX_sess_get_remove_cb()\fR and \fISSL_CTX_sess_get_get_cb()\fR +\&\fBSSL_CTX_sess_get_new_cb()\fR, \fBSSL_CTX_sess_get_remove_cb()\fR and \fBSSL_CTX_sess_get_get_cb()\fR return different callback function pointers respectively. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fId2i_SSL_SESSION\fR\|(3), -\&\fISSL_CTX_set_session_cache_mode\fR\|(3), -\&\fISSL_CTX_flush_sessions\fR\|(3), -\&\fISSL_SESSION_free\fR\|(3), -\&\fISSL_CTX_free\fR\|(3) +\&\fBssl\fR\|(7), \fBd2i_SSL_SESSION\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_CTX_flush_sessions\fR\|(3), +\&\fBSSL_SESSION_free\fR\|(3), +\&\fBSSL_CTX_free\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_sessions.3 b/secure/lib/libcrypto/man/SSL_CTX_sessions.3 index 58cc0874978f..80658f5d7de1 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_sessions.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_sessions.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SESSIONS 3" -.TH SSL_CTX_SESSIONS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SESSIONS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,25 +149,25 @@ SSL_CTX_sessions \- access internal session cache .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_sessions()\fR returns a pointer to the lhash databases containing the +\&\fBSSL_CTX_sessions()\fR returns a pointer to the lhash databases containing the internal session cache for \fBctx\fR. .SH "NOTES" .IX Header "NOTES" The sessions in the internal session cache are kept in an -\&\s-1\fILHASH\s0\fR\|(3) type database. It is possible to directly +\&\s-1\fBLHASH\s0\fR\|(3) type database. It is possible to directly access this database e.g. for searching. In parallel, the sessions form a linked list which is maintained separately from the -\&\s-1\fILHASH\s0\fR\|(3) operations, so that the database must not be +\&\s-1\fBLHASH\s0\fR\|(3) operations, so that the database must not be modified directly but by using the -\&\fISSL_CTX_add_session\fR\|(3) family of functions. +\&\fBSSL_CTX_add_session\fR\|(3) family of functions. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_sessions()\fR returns a pointer to the lhash of \fB\s-1SSL_SESSION\s0\fR. +\&\fBSSL_CTX_sessions()\fR returns a pointer to the lhash of \fB\s-1SSL_SESSION\s0\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \s-1\fILHASH\s0\fR\|(3), -\&\fISSL_CTX_add_session\fR\|(3), -\&\fISSL_CTX_set_session_cache_mode\fR\|(3) +\&\fBssl\fR\|(7), \s-1\fBLHASH\s0\fR\|(3), +\&\fBSSL_CTX_add_session\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3 b/secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3 index b472fd76f94e..85154140df4a 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET0_CA_LIST 3" -.TH SSL_CTX_SET0_CA_LIST 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET0_CA_LIST 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -165,7 +169,7 @@ between two communicating peers. For \s-1TLS\s0 versions 1.2 and earlier the list of \s-1CA\s0 names is only sent from the server to the client when requesting a client certificate. So any list of \s-1CA\s0 names set is never sent from client to server and the list of \s-1CA\s0 names retrieved -by \fISSL_get0_peer_CA_list()\fR is always \fB\s-1NULL\s0\fR. +by \fBSSL_get0_peer_CA_list()\fR is always \fB\s-1NULL\s0\fR. .PP For \s-1TLS 1.3\s0 the list of \s-1CA\s0 names is sent using the \fBcertificate_authorities\fR extension and may be sent by a client (in the ClientHello message) or by @@ -182,34 +186,34 @@ should be avoided unless required. The \*(L"client \s-1CA\s0 list\*(R" functions below only have an effect when called on the server side. .PP -\&\fISSL_CTX_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when +\&\fBSSL_CTX_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when requesting a client certificate for \fBctx\fR. Ownership of \fBlist\fR is transferred to \fBctx\fR and it should not be freed by the caller. .PP -\&\fISSL_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when +\&\fBSSL_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when requesting a client certificate for the chosen \fBssl\fR, overriding the setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object. Ownership of \fBlist\fR is transferred to \fBs\fR and it should not be freed by the caller. .PP -\&\fISSL_CTX_get_client_CA_list()\fR returns the list of client CAs explicitly set for -\&\fBctx\fR using \fISSL_CTX_set_client_CA_list()\fR. The returned list should not be freed +\&\fBSSL_CTX_get_client_CA_list()\fR returns the list of client CAs explicitly set for +\&\fBctx\fR using \fBSSL_CTX_set_client_CA_list()\fR. The returned list should not be freed by the caller. .PP -\&\fISSL_get_client_CA_list()\fR returns the list of client CAs explicitly -set for \fBssl\fR using \fISSL_set_client_CA_list()\fR or \fBssl\fR's \s-1SSL_CTX\s0 object with -\&\fISSL_CTX_set_client_CA_list()\fR, when in server mode. In client mode, +\&\fBSSL_get_client_CA_list()\fR returns the list of client CAs explicitly +set for \fBssl\fR using \fBSSL_set_client_CA_list()\fR or \fBssl\fR's \s-1SSL_CTX\s0 object with +\&\fBSSL_CTX_set_client_CA_list()\fR, when in server mode. In client mode, SSL_get_client_CA_list returns the list of client CAs sent from the server, if any. The returned list should not be freed by the caller. .PP -\&\fISSL_CTX_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the +\&\fBSSL_CTX_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the list of CAs sent to the client when requesting a client certificate for \&\fBctx\fR. .PP -\&\fISSL_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the +\&\fBSSL_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the list of CAs sent to the client when requesting a client certificate for the chosen \fBssl\fR, overriding the setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object. .PP -\&\fISSL_get0_peer_CA_list()\fR retrieves the list of \s-1CA\s0 names (if any) the peer +\&\fBSSL_get0_peer_CA_list()\fR retrieves the list of \s-1CA\s0 names (if any) the peer has sent. This can be called on either the server or the client side. The returned list should not be freed by the caller. .PP @@ -223,63 +227,63 @@ Typically, on the server side, the \*(L"client \s-1CA\s0 list \*(R" functions sh preference. As noted above in most cases it is not necessary to set \s-1CA\s0 names on the client side. .PP -\&\fISSL_CTX_set0_CA_list()\fR sets the list of CAs to be sent to the peer to +\&\fBSSL_CTX_set0_CA_list()\fR sets the list of CAs to be sent to the peer to \&\fBname_list\fR. Ownership of \fBname_list\fR is transferred to \fBctx\fR and it should not be freed by the caller. .PP -\&\fISSL_set0_CA_list()\fR sets the list of CAs to be sent to the peer to \fBname_list\fR +\&\fBSSL_set0_CA_list()\fR sets the list of CAs to be sent to the peer to \fBname_list\fR overriding any list set in the parent \fB\s-1SSL_CTX\s0\fR of \fBs\fR. Ownership of \&\fBname_list\fR is transferred to \fBs\fR and it should not be freed by the caller. .PP -\&\fISSL_CTX_get0_CA_list()\fR retrieves any previously set list of CAs set for +\&\fBSSL_CTX_get0_CA_list()\fR retrieves any previously set list of CAs set for \&\fBctx\fR. The returned list should not be freed by the caller. .PP -\&\fISSL_get0_CA_list()\fR retrieves any previously set list of CAs set for +\&\fBSSL_get0_CA_list()\fR retrieves any previously set list of CAs set for \&\fBs\fR or if none are set the list from the parent \fB\s-1SSL_CTX\s0\fR is retrieved. The returned list should not be freed by the caller. .PP -\&\fISSL_CTX_add1_to_CA_list()\fR appends the \s-1CA\s0 subject name extracted from \fBx\fR to the +\&\fBSSL_CTX_add1_to_CA_list()\fR appends the \s-1CA\s0 subject name extracted from \fBx\fR to the list of CAs sent to peer for \fBctx\fR. .PP -\&\fISSL_add1_to_CA_list()\fR appends the \s-1CA\s0 subject name extracted from \fBx\fR to the +\&\fBSSL_add1_to_CA_list()\fR appends the \s-1CA\s0 subject name extracted from \fBx\fR to the list of CAs sent to the peer for \fBs\fR, overriding the setting in the parent \&\fB\s-1SSL_CTX\s0\fR. .SH "NOTES" .IX Header "NOTES" When a \s-1TLS/SSL\s0 server requests a client certificate (see -\&\fB\f(BISSL_CTX_set_verify\fB\|(3)\fR), it sends a list of CAs, for which it will accept +\&\fB\fBSSL_CTX_set_verify\fB\|(3)\fR), it sends a list of CAs, for which it will accept certificates, to the client. .PP -This list must explicitly be set using \fISSL_CTX_set_client_CA_list()\fR or -\&\fISSL_CTX_set0_CA_list()\fR for \fBctx\fR and \fISSL_set_client_CA_list()\fR or -\&\fISSL_set0_CA_list()\fR for the specific \fBssl\fR. The list specified +This list must explicitly be set using \fBSSL_CTX_set_client_CA_list()\fR or +\&\fBSSL_CTX_set0_CA_list()\fR for \fBctx\fR and \fBSSL_set_client_CA_list()\fR or +\&\fBSSL_set0_CA_list()\fR for the specific \fBssl\fR. The list specified overrides the previous setting. The CAs listed do not become trusted (\fBlist\fR only contains the names, not the complete certificates); use -\&\fISSL_CTX_load_verify_locations\fR\|(3) to additionally load them for verification. +\&\fBSSL_CTX_load_verify_locations\fR\|(3) to additionally load them for verification. .PP If the list of acceptable CAs is compiled in a file, the -\&\fISSL_load_client_CA_file\fR\|(3) function can be used to help to import the +\&\fBSSL_load_client_CA_file\fR\|(3) function can be used to help to import the necessary data. .PP -\&\fISSL_CTX_add_client_CA()\fR, \fISSL_CTX_add1_to_CA_list()\fR, \fISSL_add_client_CA()\fR and -\&\fISSL_add1_to_CA_list()\fR can be used to add additional items the list of CAs. If no -list was specified before using \fISSL_CTX_set_client_CA_list()\fR, -\&\fISSL_CTX_set0_CA_list()\fR, \fISSL_set_client_CA_list()\fR or \fISSL_set0_CA_list()\fR, a +\&\fBSSL_CTX_add_client_CA()\fR, \fBSSL_CTX_add1_to_CA_list()\fR, \fBSSL_add_client_CA()\fR and +\&\fBSSL_add1_to_CA_list()\fR can be used to add additional items the list of CAs. If no +list was specified before using \fBSSL_CTX_set_client_CA_list()\fR, +\&\fBSSL_CTX_set0_CA_list()\fR, \fBSSL_set_client_CA_list()\fR or \fBSSL_set0_CA_list()\fR, a new \s-1CA\s0 list for \fBctx\fR or \fBssl\fR (as appropriate) is opened. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_client_CA_list()\fR, \fISSL_set_client_CA_list()\fR, -\&\fISSL_CTX_set_client_CA_list()\fR, \fISSL_set_client_CA_list()\fR, \fISSL_CTX_set0_CA_list()\fR -and \fISSL_set0_CA_list()\fR do not return a value. +\&\fBSSL_CTX_set_client_CA_list()\fR, \fBSSL_set_client_CA_list()\fR, +\&\fBSSL_CTX_set_client_CA_list()\fR, \fBSSL_set_client_CA_list()\fR, \fBSSL_CTX_set0_CA_list()\fR +and \fBSSL_set0_CA_list()\fR do not return a value. .PP -\&\fISSL_CTX_get_client_CA_list()\fR, \fISSL_get_client_CA_list()\fR, \fISSL_CTX_get0_CA_list()\fR -and \fISSL_get0_CA_list()\fR return a stack of \s-1CA\s0 names or \fB\s-1NULL\s0\fR is no \s-1CA\s0 names are +\&\fBSSL_CTX_get_client_CA_list()\fR, \fBSSL_get_client_CA_list()\fR, \fBSSL_CTX_get0_CA_list()\fR +and \fBSSL_get0_CA_list()\fR return a stack of \s-1CA\s0 names or \fB\s-1NULL\s0\fR is no \s-1CA\s0 names are set. .PP -\&\fISSL_CTX_add_client_CA()\fR,\fISSL_add_client_CA()\fR, \fISSL_CTX_add1_to_CA_list()\fR and -\&\fISSL_add1_to_CA_list()\fR return 1 for success and 0 for failure. +\&\fBSSL_CTX_add_client_CA()\fR,\fBSSL_add_client_CA()\fR, \fBSSL_CTX_add1_to_CA_list()\fR and +\&\fBSSL_add1_to_CA_list()\fR return 1 for success and 0 for failure. .PP -\&\fISSL_get0_peer_CA_list()\fR returns a stack of \s-1CA\s0 names sent by the peer or +\&\fBSSL_get0_peer_CA_list()\fR returns a stack of \s-1CA\s0 names sent by the peer or \&\fB\s-1NULL\s0\fR or an empty stack if no list was sent. .SH "EXAMPLES" .IX Header "EXAMPLES" @@ -290,12 +294,12 @@ Scan all certificates in \fBCAfile\fR and list them as acceptable CAs: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), -\&\fISSL_load_client_CA_file\fR\|(3), -\&\fISSL_CTX_load_verify_locations\fR\|(3) +\&\fBssl\fR\|(7), +\&\fBSSL_load_client_CA_file\fR\|(3), +\&\fBSSL_CTX_load_verify_locations\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/SSL_CTX_set1_curves.3 b/secure/lib/libcrypto/man/SSL_CTX_set1_curves.3 index 4ecaa4c28253..8ba0f7a0bc70 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set1_curves.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set1_curves.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET1_CURVES 3" -.TH SSL_CTX_SET1_CURVES 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET1_CURVES 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -164,20 +168,20 @@ SSL_CTX_set1_groups, SSL_CTX_set1_groups_list, SSL_set1_groups, SSL_set1_groups_ For all of the functions below that set the supported groups there must be at least one group in the list. .PP -\&\fISSL_CTX_set1_groups()\fR sets the supported groups for \fBctx\fR to \fBglistlen\fR +\&\fBSSL_CTX_set1_groups()\fR sets the supported groups for \fBctx\fR to \fBglistlen\fR groups in the array \fBglist\fR. The array consist of all NIDs of groups in preference order. For a \s-1TLS\s0 client the groups are used directly in the supported groups extension. For a \s-1TLS\s0 server the groups are used to determine the set of shared groups. .PP -\&\fISSL_CTX_set1_groups_list()\fR sets the supported groups for \fBctx\fR to +\&\fBSSL_CTX_set1_groups_list()\fR sets the supported groups for \fBctx\fR to string \fBlist\fR. The string is a colon separated list of group NIDs or names, for example \*(L"P\-521:P\-384:P\-256\*(R". .PP -\&\fISSL_set1_groups()\fR and \fISSL_set1_groups_list()\fR are similar except they set +\&\fBSSL_set1_groups()\fR and \fBSSL_set1_groups_list()\fR are similar except they set supported groups for the \s-1SSL\s0 structure \fBssl\fR. .PP -\&\fISSL_get1_groups()\fR returns the set of supported groups sent by a client +\&\fBSSL_get1_groups()\fR returns the set of supported groups sent by a client in the supported groups extension. It returns the total number of supported groups. The \fBgroups\fR parameter can be \fB\s-1NULL\s0\fR to simply return the number of groups for memory allocation purposes. The @@ -185,7 +189,7 @@ return the number of groups for memory allocation purposes. The order. It can return zero if the client did not send a supported groups extension. .PP -\&\fISSL_get_shared_group()\fR returns shared group \fBn\fR for a server-side +\&\fBSSL_get_shared_group()\fR returns shared group \fBn\fR for a server-side \&\s-1SSL\s0 \fBssl\fR. If \fBn\fR is \-1 then the total number of shared groups is returned, which may be zero. Other than for diagnostic purposes, most applications will only be interested in the first shared group @@ -206,24 +210,24 @@ configuration purposes either on a command line or in a file it should consider using the \s-1SSL_CONF\s0 interface instead of manually parsing options. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set1_groups()\fR, \fISSL_CTX_set1_groups_list()\fR, \fISSL_set1_groups()\fR and -\&\fISSL_set1_groups_list()\fR, return 1 for success and 0 for failure. +\&\fBSSL_CTX_set1_groups()\fR, \fBSSL_CTX_set1_groups_list()\fR, \fBSSL_set1_groups()\fR and +\&\fBSSL_set1_groups_list()\fR, return 1 for success and 0 for failure. .PP -\&\fISSL_get1_groups()\fR returns the number of groups, which may be zero. +\&\fBSSL_get1_groups()\fR returns the number of groups, which may be zero. .PP -\&\fISSL_get_shared_group()\fR returns the \s-1NID\s0 of shared group \fBn\fR or NID_undef if there +\&\fBSSL_get_shared_group()\fR returns the \s-1NID\s0 of shared group \fBn\fR or NID_undef if there is no shared group \fBn\fR; or the total number of shared groups if \fBn\fR is \-1. .PP -When called on a client \fBssl\fR, \fISSL_get_shared_group()\fR has no meaning and +When called on a client \fBssl\fR, \fBSSL_get_shared_group()\fR has no meaning and returns \-1. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_CTX_add_extra_chain_cert\fR\|(3) +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -The curve functions were first added to OpenSSL 1.0.2. The equivalent group -functions were first added to OpenSSL 1.1.1. +The curve functions were added in OpenSSL 1.0.2. The equivalent group +functions were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set1_sigalgs.3 b/secure/lib/libcrypto/man/SSL_CTX_set1_sigalgs.3 index a9df67fd5a63..47b6e8640e0f 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set1_sigalgs.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set1_sigalgs.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET1_SIGALGS 3" -.TH SSL_CTX_SET1_SIGALGS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET1_SIGALGS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,23 +157,23 @@ SSL_CTX_set1_sigalgs, SSL_set1_sigalgs, SSL_CTX_set1_sigalgs_list, SSL_set1_siga .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set1_sigalgs()\fR and \fISSL_set1_sigalgs()\fR set the supported signature +\&\fBSSL_CTX_set1_sigalgs()\fR and \fBSSL_set1_sigalgs()\fR set the supported signature algorithms for \fBctx\fR or \fBssl\fR. The array \fBslist\fR of length \fBslistlen\fR must consist of pairs of NIDs corresponding to digest and public key algorithms. .PP -\&\fISSL_CTX_set1_sigalgs_list()\fR and \fISSL_set1_sigalgs_list()\fR set the supported +\&\fBSSL_CTX_set1_sigalgs_list()\fR and \fBSSL_set1_sigalgs_list()\fR set the supported signature algorithms for \fBctx\fR or \fBssl\fR. The \fBstr\fR parameter must be a null terminated string consisting of a colon separated list of elements, where each element is either a combination of a public key algorithm and a digest separated by \fB+\fR, or a \s-1TLS 1\s0.3\-style named SignatureScheme such as rsa_pss_pss_sha256. .PP -\&\fISSL_CTX_set1_client_sigalgs()\fR, \fISSL_set1_client_sigalgs()\fR, -\&\fISSL_CTX_set1_client_sigalgs_list()\fR and \fISSL_set1_client_sigalgs_list()\fR set +\&\fBSSL_CTX_set1_client_sigalgs()\fR, \fBSSL_set1_client_sigalgs()\fR, +\&\fBSSL_CTX_set1_client_sigalgs_list()\fR and \fBSSL_set1_client_sigalgs_list()\fR set signature algorithms related to client authentication, otherwise they are -identical to \fISSL_CTX_set1_sigalgs()\fR, \fISSL_set1_sigalgs()\fR, -\&\fISSL_CTX_set1_sigalgs_list()\fR and \fISSL_set1_sigalgs_list()\fR. +identical to \fBSSL_CTX_set1_sigalgs()\fR, \fBSSL_set1_sigalgs()\fR, +\&\fBSSL_CTX_set1_sigalgs_list()\fR and \fBSSL_set1_sigalgs_list()\fR. .PP All these functions are implemented as macros. The signature algorithm parameter (integer array or string) is not freed: the application should @@ -233,8 +237,8 @@ using a string: All these functions return 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_get_shared_sigalgs\fR\|(3), -\&\fISSL_CONF_CTX_new\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_get_shared_sigalgs\fR\|(3), +\&\fBSSL_CONF_CTX_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set1_verify_cert_store.3 b/secure/lib/libcrypto/man/SSL_CTX_set1_verify_cert_store.3 index 69b7abdabd9a..41437a2bbe96 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set1_verify_cert_store.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set1_verify_cert_store.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET1_VERIFY_CERT_STORE 3" -.TH SSL_CTX_SET1_VERIFY_CERT_STORE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET1_VERIFY_CERT_STORE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,14 +157,14 @@ SSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store, SSL_CTX_set0_cha .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set0_verify_cert_store()\fR and \fISSL_CTX_set1_verify_cert_store()\fR +\&\fBSSL_CTX_set0_verify_cert_store()\fR and \fBSSL_CTX_set1_verify_cert_store()\fR set the certificate store used for certificate verification to \fBst\fR. .PP -\&\fISSL_CTX_set0_chain_cert_store()\fR and \fISSL_CTX_set1_chain_cert_store()\fR +\&\fBSSL_CTX_set0_chain_cert_store()\fR and \fBSSL_CTX_set1_chain_cert_store()\fR set the certificate store used for certificate chain building to \fBst\fR. .PP -\&\fISSL_set0_verify_cert_store()\fR, \fISSL_set1_verify_cert_store()\fR, -\&\fISSL_set0_chain_cert_store()\fR and \fISSL_set1_chain_cert_store()\fR are similar +\&\fBSSL_set0_verify_cert_store()\fR, \fBSSL_set1_verify_cert_store()\fR, +\&\fBSSL_set0_chain_cert_store()\fR and \fBSSL_set1_chain_cert_store()\fR are similar except they apply to \s-1SSL\s0 structure \fBssl\fR. .PP All these functions are implemented as macros. Those containing a \fB1\fR @@ -171,7 +175,7 @@ after the operation. .SH "NOTES" .IX Header "NOTES" The stores pointers associated with an \s-1SSL_CTX\s0 structure are copied to any \s-1SSL\s0 -structures when \fISSL_new()\fR is called. As a result \s-1SSL\s0 structures will not be +structures when \fBSSL_new()\fR is called. As a result \s-1SSL\s0 structures will not be affected if the parent \s-1SSL_CTX\s0 store pointer is set to a new value. .PP The verification store is used to verify the certificate chain sent by the @@ -183,8 +187,8 @@ The chain store is used to build the certificate chain. .PP If the mode \fB\s-1SSL_MODE_NO_AUTO_CHAIN\s0\fR is set or a certificate chain is configured already (for example using the functions such as -\&\fISSL_CTX_add1_chain_cert\fR\|(3) or -\&\fISSL_CTX_add_extra_chain_cert\fR\|(3)) then +\&\fBSSL_CTX_add1_chain_cert\fR\|(3) or +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3)) then automatic chain building is disabled. .PP If the mode \fB\s-1SSL_MODE_NO_AUTO_CHAIN\s0\fR is set then automatic chain building @@ -198,20 +202,20 @@ versions of OpenSSL. All these functions return 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_CTX_add_extra_chain_cert\fR\|(3) -\&\fISSL_CTX_set0_chain\fR\|(3) -\&\fISSL_CTX_set1_chain\fR\|(3) -\&\fISSL_CTX_add0_chain_cert\fR\|(3) -\&\fISSL_CTX_add1_chain_cert\fR\|(3) -\&\fISSL_set0_chain\fR\|(3) -\&\fISSL_set1_chain\fR\|(3) -\&\fISSL_add0_chain_cert\fR\|(3) -\&\fISSL_add1_chain_cert\fR\|(3) -\&\fISSL_CTX_build_cert_chain\fR\|(3) -\&\fISSL_build_cert_chain\fR\|(3) +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) +\&\fBSSL_CTX_set0_chain\fR\|(3) +\&\fBSSL_CTX_set1_chain\fR\|(3) +\&\fBSSL_CTX_add0_chain_cert\fR\|(3) +\&\fBSSL_CTX_add1_chain_cert\fR\|(3) +\&\fBSSL_set0_chain\fR\|(3) +\&\fBSSL_set1_chain\fR\|(3) +\&\fBSSL_add0_chain_cert\fR\|(3) +\&\fBSSL_add1_chain_cert\fR\|(3) +\&\fBSSL_CTX_build_cert_chain\fR\|(3) +\&\fBSSL_build_cert_chain\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -These functions were first added to OpenSSL 1.0.2. +These functions were added in OpenSSL 1.0.2. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2013\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_alpn_select_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_alpn_select_cb.3 index 31adb6da99be..57fc3b9cc622 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_alpn_select_cb.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_alpn_select_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_ALPN_SELECT_CB 3" -.TH SSL_CTX_SET_ALPN_SELECT_CB 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_ALPN_SELECT_CB 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -179,12 +183,12 @@ SSL_CTX_set_alpn_protos, SSL_set_alpn_protos, SSL_CTX_set_alpn_select_cb, SSL_CT .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_alpn_protos()\fR and \fISSL_set_alpn_protos()\fR are used by the client to +\&\fBSSL_CTX_set_alpn_protos()\fR and \fBSSL_set_alpn_protos()\fR are used by the client to set the list of protocols available to be negotiated. The \fBprotos\fR must be in protocol-list format, described below. The length of \fBprotos\fR is specified in \&\fBprotos_len\fR. .PP -\&\fISSL_CTX_set_alpn_select_cb()\fR sets the application callback \fBcb\fR used by a +\&\fBSSL_CTX_set_alpn_select_cb()\fR sets the application callback \fBcb\fR used by a server to select which protocol to use for the incoming connection. When \fBcb\fR is \s-1NULL, ALPN\s0 is not used. The \fBarg\fR value is a pointer which is passed to the application callback. @@ -194,9 +198,9 @@ vector in protocol-list format. The value of the \fBout\fR, \fBoutlen\fR vector should be set to the value of a single protocol selected from the \fBin\fR, \&\fBinlen\fR vector. The \fBout\fR buffer may point directly into \fBin\fR, or to a buffer that outlives the handshake. The \fBarg\fR parameter is the pointer set via -\&\fISSL_CTX_set_alpn_select_cb()\fR. +\&\fBSSL_CTX_set_alpn_select_cb()\fR. .PP -\&\fISSL_select_next_proto()\fR is a helper function used to select protocols. It +\&\fBSSL_select_next_proto()\fR is a helper function used to select protocols. It implements the standard protocol selection. It is expected that this function is called from the application callback \fBcb\fR. The protocol data in \fBserver\fR, \&\fBserver_len\fR and \fBclient\fR, \fBclient_len\fR must be in the protocol-list format @@ -207,7 +211,7 @@ in \fBout\fR, \fBoutlen\fR. The \fBout\fR value will point into either \fBserver item in \fBclient\fR, \fBclient_len\fR is returned in \fBout\fR, \fBoutlen\fR. This function can also be used in the \s-1NPN\s0 callback. .PP -\&\fISSL_CTX_set_next_proto_select_cb()\fR sets a callback \fBcb\fR that is called when a +\&\fBSSL_CTX_set_next_proto_select_cb()\fR sets a callback \fBcb\fR that is called when a client needs to select a protocol from the server's provided list, and a user-defined pointer argument \fBarg\fR which will be passed to this callback. For the callback itself, \fBout\fR @@ -217,9 +221,9 @@ server's advertised protocols are provided in \fBin\fR and \fBinlen\fR. The callback can assume that \fBin\fR is syntactically valid. The client must select a protocol. It is fatal to the connection if this callback returns a value other than \fB\s-1SSL_TLSEXT_ERR_OK\s0\fR. The \fBarg\fR parameter is the pointer -set via \fISSL_CTX_set_next_proto_select_cb()\fR. +set via \fBSSL_CTX_set_next_proto_select_cb()\fR. .PP -\&\fISSL_CTX_set_next_protos_advertised_cb()\fR sets a callback \fBcb\fR that is called +\&\fBSSL_CTX_set_next_protos_advertised_cb()\fR sets a callback \fBcb\fR that is called when a \s-1TLS\s0 server needs a list of supported protocols for Next Protocol Negotiation. The returned list must be in protocol-list format, described below. The list is @@ -229,11 +233,11 @@ reference to it. The callback should return \fB\s-1SSL_TLSEXT_ERR_OK\s0\fR if it wishes to advertise. Otherwise, no such extension will be included in the ServerHello. .PP -\&\fISSL_get0_alpn_selected()\fR returns a pointer to the selected protocol in \fBdata\fR +\&\fBSSL_get0_alpn_selected()\fR returns a pointer to the selected protocol in \fBdata\fR with length \fBlen\fR. It is not NUL-terminated. \fBdata\fR is set to \s-1NULL\s0 and \fBlen\fR is set to 0 if no protocol has been selected. \fBdata\fR must not be freed. .PP -\&\fISSL_get0_next_proto_negotiated()\fR sets \fBdata\fR and \fBlen\fR to point to the +\&\fBSSL_get0_next_proto_negotiated()\fR sets \fBdata\fR and \fBlen\fR to point to the client's requested protocol for this connection. If the client did not request any protocol or \s-1NPN\s0 is not enabled, then \fBdata\fR is set to \s-1NULL\s0 and \&\fBlen\fR to 0. Note that @@ -265,10 +269,10 @@ If there is no \s-1ALPN\s0 proposed in the ClientHello, the \s-1ALPN\s0 callback invoked. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_alpn_protos()\fR and \fISSL_set_alpn_protos()\fR return 0 on success, and +\&\fBSSL_CTX_set_alpn_protos()\fR and \fBSSL_set_alpn_protos()\fR return 0 on success, and non\-0 on failure. \s-1WARNING:\s0 these functions reverse the return value convention. .PP -\&\fISSL_select_next_proto()\fR returns one of the following: +\&\fBSSL_select_next_proto()\fR returns one of the following: .IP "\s-1OPENSSL_NPN_NEGOTIATED\s0" 4 .IX Item "OPENSSL_NPN_NEGOTIATED" A match was found and is returned in \fBout\fR, \fBoutlen\fR. @@ -290,16 +294,16 @@ configuration. \&\s-1ALPN\s0 protocol not selected, e.g., because no \s-1ALPN\s0 protocols are configured for this connection. .PP -The callback set using \fISSL_CTX_set_next_proto_select_cb()\fR should return +The callback set using \fBSSL_CTX_set_next_proto_select_cb()\fR should return \&\fB\s-1SSL_TLSEXT_ERR_OK\s0\fR if successful. Any other value is fatal to the connection. .PP -The callback set using \fISSL_CTX_set_next_protos_advertised_cb()\fR should return +The callback set using \fBSSL_CTX_set_next_protos_advertised_cb()\fR should return \&\fB\s-1SSL_TLSEXT_ERR_OK\s0\fR if it wishes to advertise. Otherwise, no such extension will be included in the ServerHello. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_CTX_set_tlsext_servername_callback\fR\|(3), -\&\fISSL_CTX_set_tlsext_servername_arg\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_CTX_set_tlsext_servername_callback\fR\|(3), +\&\fBSSL_CTX_set_tlsext_servername_arg\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_cert_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_cert_cb.3 index a820746e07e1..f031b5370029 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_cert_cb.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_cert_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CERT_CB 3" -.TH SSL_CTX_SET_CERT_CB 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_CERT_CB 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,31 +153,31 @@ SSL_CTX_set_cert_cb, SSL_set_cert_cb \- handle certificate callback function .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_cert_cb()\fR and \fISSL_set_cert_cb()\fR sets the \fIcert_cb()\fR callback, +\&\fBSSL_CTX_set_cert_cb()\fR and \fBSSL_set_cert_cb()\fR sets the \fBcert_cb()\fR callback, \&\fBarg\fR value is pointer which is passed to the application callback. .PP -When \fIcert_cb()\fR is \s-1NULL,\s0 no callback function is used. +When \fBcert_cb()\fR is \s-1NULL,\s0 no callback function is used. .PP -\&\fIcert_cb()\fR is the application defined callback. It is called before a +\&\fBcert_cb()\fR is the application defined callback. It is called before a certificate will be used by a client or server. The callback can then inspect the passed \fBssl\fR structure and set or clear any appropriate certificates. If the callback is successful it \fB\s-1MUST\s0\fR return 1 even if no certificates have been set. A zero is returned on error which will abort the handshake with a fatal internal error alert. A negative return value will suspend the handshake and the handshake function will return immediately. -\&\fISSL_get_error\fR\|(3) will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to +\&\fBSSL_get_error\fR\|(3) will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to indicate, that the handshake was suspended. The next call to the handshake -function will again lead to the call of \fIcert_cb()\fR. It is the job of the -\&\fIcert_cb()\fR to store information about the state of the last call, +function will again lead to the call of \fBcert_cb()\fR. It is the job of the +\&\fBcert_cb()\fR to store information about the state of the last call, if required to continue. .SH "NOTES" .IX Header "NOTES" -An application will typically call \fISSL_use_certificate()\fR and -\&\fISSL_use_PrivateKey()\fR to set the end entity certificate and private key. +An application will typically call \fBSSL_use_certificate()\fR and +\&\fBSSL_use_PrivateKey()\fR to set the end entity certificate and private key. It can add intermediate and optionally the root \s-1CA\s0 certificates using -\&\fISSL_add1_chain_cert()\fR. +\&\fBSSL_add1_chain_cert()\fR. .PP -It might also call \fISSL_certs_clear()\fR to delete any certificates associated +It might also call \fBSSL_certs_clear()\fR to delete any certificates associated with the \fB\s-1SSL\s0\fR object. .PP The certificate callback functionality supersedes the (largely broken) @@ -192,13 +196,13 @@ by the callback. So if an \s-1EC\s0 chain is set for a curve the client does not support it will \fBnot\fR be used. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_cert_cb()\fR and \fISSL_set_cert_cb()\fR do not return values. +\&\fBSSL_CTX_set_cert_cb()\fR and \fBSSL_set_cert_cb()\fR do not return values. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_use_certificate\fR\|(3), -\&\fISSL_add1_chain_cert\fR\|(3), -\&\fISSL_get_client_CA_list\fR\|(3), -\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_use_certificate\fR\|(3), +\&\fBSSL_add1_chain_cert\fR\|(3), +\&\fBSSL_get_client_CA_list\fR\|(3), +\&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2014\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3 b/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3 index b4cd6315ebe2..39f816210b25 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CERT_STORE 3" -.TH SSL_CTX_SET_CERT_STORE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_CERT_STORE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,15 +151,15 @@ SSL_CTX_set_cert_store, SSL_CTX_set1_cert_store, SSL_CTX_get_cert_store \- manip .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_cert_store()\fR sets/replaces the certificate verification storage +\&\fBSSL_CTX_set_cert_store()\fR sets/replaces the certificate verification storage of \fBctx\fR to/with \fBstore\fR. If another X509_STORE object is currently -set in \fBctx\fR, it will be \fIX509_STORE_free()\fRed. +set in \fBctx\fR, it will be \fBX509_STORE_free()\fRed. .PP -\&\fISSL_CTX_set1_cert_store()\fR sets/replaces the certificate verification storage +\&\fBSSL_CTX_set1_cert_store()\fR sets/replaces the certificate verification storage of \fBctx\fR to/with \fBstore\fR. The \fBstore\fR's reference count is incremented. -If another X509_STORE object is currently set in \fBctx\fR, it will be \fIX509_STORE_free()\fRed. +If another X509_STORE object is currently set in \fBctx\fR, it will be \fBX509_STORE_free()\fRed. .PP -\&\fISSL_CTX_get_cert_store()\fR returns a pointer to the current certificate +\&\fBSSL_CTX_get_cert_store()\fR returns a pointer to the current certificate verification storage. .SH "NOTES" .IX Header "NOTES" @@ -165,46 +169,46 @@ via lookup methods, handled inside the X509_STORE. From the X509_STORE the X509_STORE_CTX used when verifying certificates is created. .PP Typically the trusted certificate store is handled indirectly via using -\&\fISSL_CTX_load_verify_locations\fR\|(3). -Using the \fISSL_CTX_set_cert_store()\fR and \fISSL_CTX_get_cert_store()\fR functions +\&\fBSSL_CTX_load_verify_locations\fR\|(3). +Using the \fBSSL_CTX_set_cert_store()\fR and \fBSSL_CTX_get_cert_store()\fR functions it is possible to manipulate the X509_STORE object beyond the -\&\fISSL_CTX_load_verify_locations\fR\|(3) +\&\fBSSL_CTX_load_verify_locations\fR\|(3) call. .PP Currently no detailed documentation on how to use the X509_STORE object is available. Not all members of the X509_STORE are used when -the verification takes place. So will e.g. the \fIverify_callback()\fR be -overridden with the \fIverify_callback()\fR set via the -\&\fISSL_CTX_set_verify\fR\|(3) family of functions. +the verification takes place. So will e.g. the \fBverify_callback()\fR be +overridden with the \fBverify_callback()\fR set via the +\&\fBSSL_CTX_set_verify\fR\|(3) family of functions. This document must therefore be updated when documentation about the X509_STORE object and its handling becomes available. .PP -\&\fISSL_CTX_set_cert_store()\fR does not increment the \fBstore\fR's reference +\&\fBSSL_CTX_set_cert_store()\fR does not increment the \fBstore\fR's reference count, so it should not be used to assign an X509_STORE that is owned by another \s-1SSL_CTX.\s0 .PP -To share X509_STOREs between two SSL_CTXs, use \fISSL_CTX_get_cert_store()\fR +To share X509_STOREs between two SSL_CTXs, use \fBSSL_CTX_get_cert_store()\fR to get the X509_STORE from the first \s-1SSL_CTX,\s0 and then use -\&\fISSL_CTX_set1_cert_store()\fR to assign to the second \s-1SSL_CTX\s0 and +\&\fBSSL_CTX_set1_cert_store()\fR to assign to the second \s-1SSL_CTX\s0 and increment the reference count of the X509_STORE. .SH "RESTRICTIONS" .IX Header "RESTRICTIONS" The X509_STORE structure used by an \s-1SSL_CTX\s0 is used for verifying peer certificates and building certificate chains, it is also shared by every child \s-1SSL\s0 structure. Applications wanting finer control can use -functions such as \fISSL_CTX_set1_verify_cert_store()\fR instead. +functions such as \fBSSL_CTX_set1_verify_cert_store()\fR instead. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_cert_store()\fR does not return diagnostic output. +\&\fBSSL_CTX_set_cert_store()\fR does not return diagnostic output. .PP -\&\fISSL_CTX_set1_cert_store()\fR does not return diagnostic output. +\&\fBSSL_CTX_set1_cert_store()\fR does not return diagnostic output. .PP -\&\fISSL_CTX_get_cert_store()\fR returns the current setting. +\&\fBSSL_CTX_get_cert_store()\fR returns the current setting. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), -\&\fISSL_CTX_load_verify_locations\fR\|(3), -\&\fISSL_CTX_set_verify\fR\|(3) +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_load_verify_locations\fR\|(3), +\&\fBSSL_CTX_set_verify\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3 index 7ce851d7c817..ddd1976b3521 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CERT_VERIFY_CALLBACK 3" -.TH SSL_CTX_SET_CERT_VERIFY_CALLBACK 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_CERT_VERIFY_CALLBACK 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,16 +151,16 @@ SSL_CTX_set_cert_verify_callback \- set peer certificate verification procedure .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_cert_verify_callback()\fR sets the verification callback function for +\&\fBSSL_CTX_set_cert_verify_callback()\fR sets the verification callback function for \&\fIctx\fR. \s-1SSL\s0 objects that are created from \fIctx\fR inherit the setting valid at -the time when \fISSL_new\fR\|(3) is called. +the time when \fBSSL_new\fR\|(3) is called. .SH "NOTES" .IX Header "NOTES" Whenever a certificate is verified during a \s-1SSL/TLS\s0 handshake, a verification function is called. If the application does not explicitly specify a verification callback function, the built-in verification function is used. If a verification callback \fIcallback\fR is specified via -\&\fISSL_CTX_set_cert_verify_callback()\fR, the supplied callback function is called +\&\fBSSL_CTX_set_cert_verify_callback()\fR, the supplied callback function is called instead. By setting \fIcallback\fR to \s-1NULL,\s0 the default behaviour is restored. .PP When the verification must be performed, \fIcallback\fR will be called with @@ -172,15 +176,15 @@ returning 1) the verification result must be set in any case using the will be informed about the detailed result of the verification procedure! .PP Within \fIx509_store_ctx\fR, \fIcallback\fR has access to the \fIverify_callback\fR -function set using \fISSL_CTX_set_verify\fR\|(3). +function set using \fBSSL_CTX_set_verify\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_cert_verify_callback()\fR does not return a value. +\&\fBSSL_CTX_set_cert_verify_callback()\fR does not return a value. .SH "WARNINGS" .IX Header "WARNINGS" Do not mix the verification callback described in this function with the \&\fBverify_callback\fR function called during the verification process. The -latter is set using the \fISSL_CTX_set_verify\fR\|(3) +latter is set using the \fBSSL_CTX_set_verify\fR\|(3) family of functions. .PP Providing a complete verification procedure including certificate purpose @@ -189,12 +193,12 @@ and in most cases it should be sufficient to modify its behaviour using the \fBverify_callback\fR function. .SH "BUGS" .IX Header "BUGS" -\&\fISSL_CTX_set_cert_verify_callback()\fR does not provide diagnostic information. +\&\fBSSL_CTX_set_cert_verify_callback()\fR does not provide diagnostic information. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_CTX_set_verify\fR\|(3), -\&\fISSL_get_verify_result\fR\|(3), -\&\fISSL_CTX_load_verify_locations\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_CTX_set_verify\fR\|(3), +\&\fBSSL_get_verify_result\fR\|(3), +\&\fBSSL_CTX_load_verify_locations\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3 b/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3 index 0ca9184fd1f5..e6b9289667c0 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CIPHER_LIST 3" -.TH SSL_CTX_SET_CIPHER_LIST 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_CIPHER_LIST 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,16 +153,16 @@ SSL_CTX_set_cipher_list, SSL_set_cipher_list, SSL_CTX_set_ciphersuites, SSL_set_ .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_cipher_list()\fR sets the list of available ciphers (TLSv1.2 and below) +\&\fBSSL_CTX_set_cipher_list()\fR sets the list of available ciphers (TLSv1.2 and below) for \fBctx\fR using the control string \fBstr\fR. The format of the string is described -in \fIciphers\fR\|(1). The list of ciphers is inherited by all +in \fBciphers\fR\|(1). The list of ciphers is inherited by all \&\fBssl\fR objects created from \fBctx\fR. This function does not impact TLSv1.3 -ciphersuites. Use \fISSL_CTX_set_ciphersuites()\fR to configure those. +ciphersuites. Use \fBSSL_CTX_set_ciphersuites()\fR to configure those. .PP -\&\fISSL_set_cipher_list()\fR sets the list of ciphers (TLSv1.2 and below) only for +\&\fBSSL_set_cipher_list()\fR sets the list of ciphers (TLSv1.2 and below) only for \&\fBssl\fR. .PP -\&\fISSL_CTX_set_ciphersuites()\fR is used to configure the available TLSv1.3 +\&\fBSSL_CTX_set_ciphersuites()\fR is used to configure the available TLSv1.3 ciphersuites for \fBctx\fR. This is a simple colon (\*(L":\*(R") separated list of TLSv1.3 ciphersuite names in order of perference. Valid TLSv1.3 ciphersuite names are: .IP "\s-1TLS_AES_128_GCM_SHA256\s0" 4 @@ -178,12 +182,12 @@ An empty list is permissible. The default value for the this setting is: .PP \&\*(L"\s-1TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256\*(R"\s0 .PP -\&\fISSL_set_ciphersuites()\fR is the same as \fISSL_CTX_set_ciphersuites()\fR except it +\&\fBSSL_set_ciphersuites()\fR is the same as \fBSSL_CTX_set_ciphersuites()\fR except it configures the ciphersuites for \fBssl\fR. .SH "NOTES" .IX Header "NOTES" -The control string \fBstr\fR for \fISSL_CTX_set_cipher_list()\fR and -\&\fISSL_set_cipher_list()\fR should be universally usable and not depend +The control string \fBstr\fR for \fBSSL_CTX_set_cipher_list()\fR and +\&\fBSSL_set_cipher_list()\fR should be universally usable and not depend on details of the library configuration (ciphers compiled in). Thus no syntax checking takes place. Items that are not recognized, because the corresponding ciphers are not compiled in or because they are mistyped, @@ -199,11 +203,11 @@ All other ciphers need a corresponding certificate and key. .PP A \s-1RSA\s0 cipher can only be chosen, when a \s-1RSA\s0 certificate is available. \&\s-1RSA\s0 ciphers using \s-1DHE\s0 need a certificate and key and additional DH-parameters -(see \fISSL_CTX_set_tmp_dh_callback\fR\|(3)). +(see \fBSSL_CTX_set_tmp_dh_callback\fR\|(3)). .PP A \s-1DSA\s0 cipher can only be chosen, when a \s-1DSA\s0 certificate is available. \&\s-1DSA\s0 ciphers always use \s-1DH\s0 key exchange and therefore need DH-parameters -(see \fISSL_CTX_set_tmp_dh_callback\fR\|(3)). +(see \fBSSL_CTX_set_tmp_dh_callback\fR\|(3)). .PP When these conditions are not met for any cipher in the list (e.g. a client only supports export \s-1RSA\s0 ciphers with an asymmetric key length @@ -212,17 +216,17 @@ keys), the \*(L"no shared cipher\*(R" (\s-1SSL_R_NO_SHARED_CIPHER\s0) error is g and the handshake will fail. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_cipher_list()\fR and \fISSL_set_cipher_list()\fR return 1 if any cipher +\&\fBSSL_CTX_set_cipher_list()\fR and \fBSSL_set_cipher_list()\fR return 1 if any cipher could be selected and 0 on complete failure. .PP -\&\fISSL_CTX_set_ciphersuites()\fR and \fISSL_set_ciphersuites()\fR return 1 if the requested +\&\fBSSL_CTX_set_ciphersuites()\fR and \fBSSL_set_ciphersuites()\fR return 1 if the requested ciphersuite list was configured, and 0 otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_get_ciphers\fR\|(3), -\&\fISSL_CTX_use_certificate\fR\|(3), -\&\fISSL_CTX_set_tmp_dh_callback\fR\|(3), -\&\fIciphers\fR\|(1) +\&\fBssl\fR\|(7), \fBSSL_get_ciphers\fR\|(3), +\&\fBSSL_CTX_use_certificate\fR\|(3), +\&\fBSSL_CTX_set_tmp_dh_callback\fR\|(3), +\&\fBciphers\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3 index e17a64c5e6f0..6e04b2032b30 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CLIENT_CERT_CB 3" -.TH SSL_CTX_SET_CLIENT_CERT_CB 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_CLIENT_CERT_CB 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,25 +154,25 @@ SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb \- handle client certific .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_client_cert_cb()\fR sets the \fIclient_cert_cb()\fR callback, that is +\&\fBSSL_CTX_set_client_cert_cb()\fR sets the \fBclient_cert_cb()\fR callback, that is called when a client certificate is requested by a server and no certificate was yet set for the \s-1SSL\s0 object. .PP -When \fIclient_cert_cb()\fR is \s-1NULL,\s0 no callback function is used. +When \fBclient_cert_cb()\fR is \s-1NULL,\s0 no callback function is used. .PP -\&\fISSL_CTX_get_client_cert_cb()\fR returns a pointer to the currently set callback +\&\fBSSL_CTX_get_client_cert_cb()\fR returns a pointer to the currently set callback function. .PP -\&\fIclient_cert_cb()\fR is the application defined callback. If it wants to +\&\fBclient_cert_cb()\fR is the application defined callback. If it wants to set a certificate, a certificate/private key combination must be set using the \fBx509\fR and \fBpkey\fR arguments and \*(L"1\*(R" must be returned. The certificate will be installed into \fBssl\fR, see the \s-1NOTES\s0 and \s-1BUGS\s0 sections. If no certificate should be set, \*(L"0\*(R" has to be returned and no certificate will be sent. A negative return value will suspend the handshake and the -handshake function will return immediately. \fISSL_get_error\fR\|(3) +handshake function will return immediately. \fBSSL_get_error\fR\|(3) will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to indicate, that the handshake was suspended. The next call to the handshake function will again lead to the call -of \fIclient_cert_cb()\fR. It is the job of the \fIclient_cert_cb()\fR to store information +of \fBclient_cert_cb()\fR. It is the job of the \fBclient_cert_cb()\fR to store information about the state of the last call, if required to continue. .SH "NOTES" .IX Header "NOTES" @@ -177,7 +181,7 @@ from the client. A client certificate must only be sent, when the server did send the request. .PP When a certificate was set using the -\&\fISSL_CTX_use_certificate\fR\|(3) family of functions, +\&\fBSSL_CTX_use_certificate\fR\|(3) family of functions, it will be sent to the server. The \s-1TLS\s0 standard requires that only a certificate is sent, if it matches the list of acceptable CAs sent by the server. This constraint is violated by the default behavior of the OpenSSL @@ -189,18 +193,18 @@ If a callback function is defined and no certificate was yet defined for the \&\s-1SSL\s0 object, the callback function will be called. If the callback function returns a certificate, the OpenSSL library will try to load the private key and certificate data into the \s-1SSL\s0 -object using the \fISSL_use_certificate()\fR and \fISSL_use_private_key()\fR functions. +object using the \fBSSL_use_certificate()\fR and \fBSSL_use_private_key()\fR functions. Thus it will permanently install the certificate and key for this \s-1SSL\s0 -object. It will not be reset by calling \fISSL_clear\fR\|(3). +object. It will not be reset by calling \fBSSL_clear\fR\|(3). If the callback returns no certificate, the OpenSSL library will not send a certificate. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_get_client_cert_cb()\fR returns function pointer of \fIclient_cert_cb()\fR or +\&\fBSSL_CTX_get_client_cert_cb()\fR returns function pointer of \fBclient_cert_cb()\fR or \&\s-1NULL\s0 if the callback is not set. .SH "BUGS" .IX Header "BUGS" -The \fIclient_cert_cb()\fR cannot return a complete certificate chain, it can +The \fBclient_cert_cb()\fR cannot return a complete certificate chain, it can only return one client certificate. If the chain only has a length of 2, the root \s-1CA\s0 certificate may be omitted according to the \s-1TLS\s0 standard and thus a standard conforming answer can be sent to the server. For a @@ -210,7 +214,7 @@ either adding the intermediate \s-1CA\s0 certificates into the trusted certificate store for the \s-1SSL_CTX\s0 object (resulting in having to add \&\s-1CA\s0 certificates that otherwise maybe would not be trusted), or by adding the chain certificates using the -\&\fISSL_CTX_add_extra_chain_cert\fR\|(3) +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) function, which is only available for the \s-1SSL_CTX\s0 object as a whole and that therefore probably can only apply for one client certificate, making the concept of the callback function (to allow the choice from several @@ -218,15 +222,15 @@ certificates) questionable. .PP Once the \s-1SSL\s0 object has been used in conjunction with the callback function, the certificate will be set for the \s-1SSL\s0 object and will not be cleared -even when \fISSL_clear\fR\|(3) is being called. It is therefore -mandatory to destroy the \s-1SSL\s0 object using \fISSL_free\fR\|(3) +even when \fBSSL_clear\fR\|(3) is being called. It is therefore +mandatory to destroy the \s-1SSL\s0 object using \fBSSL_free\fR\|(3) and create a new one to return to the previous state. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_CTX_use_certificate\fR\|(3), -\&\fISSL_CTX_add_extra_chain_cert\fR\|(3), -\&\fISSL_get_client_CA_list\fR\|(3), -\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_CTX_use_certificate\fR\|(3), +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3), +\&\fBSSL_get_client_CA_list\fR\|(3), +\&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_client_hello_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_client_hello_cb.3 index 7afa7f2c18c2..e1a2d0f6edc4 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_client_hello_cb.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_client_hello_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CLIENT_HELLO_CB 3" -.TH SSL_CTX_SET_CLIENT_HELLO_CB 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_CLIENT_HELLO_CB 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,46 +160,46 @@ SSL_CTX_set_client_hello_cb, SSL_client_hello_cb_fn, SSL_client_hello_isv2, SSL_ .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_client_hello_cb()\fR sets the callback function, which is automatically +\&\fBSSL_CTX_set_client_hello_cb()\fR sets the callback function, which is automatically called during the early stages of ClientHello processing on the server. The argument supplied when setting the callback is passed back to the callback at runtime. A callback that returns failure (0) will cause the connection to terminate, and callbacks returning failure should indicate what alert value is to be sent in the \fBal\fR parameter. A callback may also return a negative value to suspend the handshake, and the handshake -function will return immediately. \fISSL_get_error\fR\|(3) will return +function will return immediately. \fBSSL_get_error\fR\|(3) will return \&\s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0 to indicate that the handshake was suspended. It is the job of the ClientHello callback to store information about the state of the last call if needed to continue. On the next call into the handshake function, the ClientHello callback will be called again, and, if it returns success, normal handshake processing will continue from that point. .PP -\&\fISSL_client_hello_isv2()\fR indicates whether the ClientHello was carried in a +\&\fBSSL_client_hello_isv2()\fR indicates whether the ClientHello was carried in a SSLv2 record and is in the SSLv2 format. The SSLv2 format has substantial differences from the normal SSLv3 format, including using three bytes per cipher suite, and not allowing extensions. Additionally, the SSLv2 format -\&'challenge' field is exposed via \fISSL_client_hello_get0_random()\fR, padded to +\&'challenge' field is exposed via \fBSSL_client_hello_get0_random()\fR, padded to \&\s-1SSL3_RANDOM_SIZE\s0 bytes with zeros if needed. For SSLv2 format ClientHellos, -\&\fISSL_client_hello_get0_compression_methods()\fR returns a dummy list that only includes +\&\fBSSL_client_hello_get0_compression_methods()\fR returns a dummy list that only includes the null compression method, since the SSLv2 format does not include a mechanism by which to negotiate compression. .PP -\&\fISSL_client_hello_get0_random()\fR, \fISSL_client_hello_get0_session_id()\fR, -\&\fISSL_client_hello_get0_ciphers()\fR, and -\&\fISSL_client_hello_get0_compression_methods()\fR provide access to the corresponding +\&\fBSSL_client_hello_get0_random()\fR, \fBSSL_client_hello_get0_session_id()\fR, +\&\fBSSL_client_hello_get0_ciphers()\fR, and +\&\fBSSL_client_hello_get0_compression_methods()\fR provide access to the corresponding ClientHello fields, returning the field length and optionally setting an out pointer to the octets of that field. .PP -Similarly, \fISSL_client_hello_get0_ext()\fR provides access to individual extensions +Similarly, \fBSSL_client_hello_get0_ext()\fR provides access to individual extensions from the ClientHello on a per-extension basis. For the provided wire protocol extension type value, the extension value and length are returned in the output parameters (if present). .PP -\&\fISSL_client_hello_get1_extensions_present()\fR can be used prior to -\&\fISSL_client_hello_get0_ext()\fR, to determine which extensions are present in the +\&\fBSSL_client_hello_get1_extensions_present()\fR can be used prior to +\&\fBSSL_client_hello_get0_ext()\fR, to determine which extensions are present in the ClientHello before querying for them. The \fBout\fR and \fBoutlen\fR parameters are both required, and on success the caller must release the storage allocated for -\&\fB*out\fR using \fIOPENSSL_free()\fR. The contents of \fB*out\fR is an array of integers +\&\fB*out\fR using \fBOPENSSL_free()\fR. The contents of \fB*out\fR is an array of integers holding the numerical value of the \s-1TLS\s0 extension types in the order they appear in the ClientHello. \fB*outlen\fR contains the number of elements in the array. .SH "NOTES" @@ -223,28 +227,28 @@ The application's supplied ClientHello callback returns \&\s-1SSL_CLIENT_HELLO_SUCCESS\s0 on success, \s-1SSL_CLIENT_HELLO_ERROR\s0 on failure, and \&\s-1SSL_CLIENT_HELLO_RETRY\s0 to suspend processing. .PP -\&\fISSL_client_hello_isv2()\fR returns 1 for SSLv2\-format ClientHellos and 0 otherwise. +\&\fBSSL_client_hello_isv2()\fR returns 1 for SSLv2\-format ClientHellos and 0 otherwise. .PP -\&\fISSL_client_hello_get0_random()\fR, \fISSL_client_hello_get0_session_id()\fR, -\&\fISSL_client_hello_get0_ciphers()\fR, and -\&\fISSL_client_hello_get0_compression_methods()\fR return the length of the +\&\fBSSL_client_hello_get0_random()\fR, \fBSSL_client_hello_get0_session_id()\fR, +\&\fBSSL_client_hello_get0_ciphers()\fR, and +\&\fBSSL_client_hello_get0_compression_methods()\fR return the length of the corresponding ClientHello fields. If zero is returned, the output pointer should not be assumed to be valid. .PP -\&\fISSL_client_hello_get0_ext()\fR returns 1 if the extension of type 'type' is present, and +\&\fBSSL_client_hello_get0_ext()\fR returns 1 if the extension of type 'type' is present, and 0 otherwise. .PP -\&\fISSL_client_hello_get1_extensions_present()\fR returns 1 on success and 0 on failure. +\&\fBSSL_client_hello_get1_extensions_present()\fR returns 1 on success and 0 on failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_CTX_set_tlsext_servername_callback\fR\|(3), +\&\fBssl\fR\|(7), \fBSSL_CTX_set_tlsext_servername_callback\fR\|(3), SSL_bytes_to_cipher_list .SH "HISTORY" .IX Header "HISTORY" -The \s-1SSL\s0 ClientHello callback, \fISSL_client_hello_isv2()\fR, -\&\fISSL_client_hello_get0_random()\fR, \fISSL_client_hello_get0_session_id()\fR, -\&\fISSL_client_hello_get0_ciphers()\fR, \fISSL_client_hello_get0_compression_methods()\fR, -\&\fISSL_client_hello_get0_ext()\fR, and \fISSL_client_hello_get1_extensions_present()\fR +The \s-1SSL\s0 ClientHello callback, \fBSSL_client_hello_isv2()\fR, +\&\fBSSL_client_hello_get0_random()\fR, \fBSSL_client_hello_get0_session_id()\fR, +\&\fBSSL_client_hello_get0_ciphers()\fR, \fBSSL_client_hello_get0_compression_methods()\fR, +\&\fBSSL_client_hello_get0_ext()\fR, and \fBSSL_client_hello_get1_extensions_present()\fR were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_ct_validation_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_ct_validation_callback.3 index 84d916e9a767..59be2ec7190c 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_ct_validation_callback.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_ct_validation_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CT_VALIDATION_CALLBACK 3" -.TH SSL_CTX_SET_CT_VALIDATION_CALLBACK 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_CT_VALIDATION_CALLBACK 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -158,7 +162,7 @@ ssl_ct_validation_cb, SSL_enable_ct, SSL_CTX_enable_ct, SSL_disable_ct, SSL_CTX_ .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_enable_ct()\fR and \fISSL_CTX_enable_ct()\fR enable the processing of signed +\&\fBSSL_enable_ct()\fR and \fBSSL_CTX_enable_ct()\fR enable the processing of signed certificate timestamps (SCTs) either for a given \s-1SSL\s0 connection or for all connections that share the given \s-1SSL\s0 context, respectively. This is accomplished by setting a built-in \s-1CT\s0 validation callback. @@ -174,10 +178,10 @@ despite lack of valid SCTs. However, in that case if the verification status before the built-in callback was \fBX509_V_OK\fR it will be set to \fBX509_V_ERR_NO_VALID_SCTS\fR after the callback. -Applications can call \fISSL_get_verify_result\fR\|(3) to check the status at +Applications can call \fBSSL_get_verify_result\fR\|(3) to check the status at handshake completion, even after session resumption since the verification status is part of the saved session state. -See \fISSL_set_verify\fR\|(3), <\fISSL_get_verify_result\fR\|(3)>, \fISSL_session_reused\fR\|(3). +See \fBSSL_set_verify\fR\|(3), <\fBSSL_get_verify_result\fR\|(3)>, \fBSSL_session_reused\fR\|(3). .PP If \fBvalidation_mode\fR is equal to \fB\s-1SSL_CT_VALIDATION_PERMISSIVE\s0\fR, then the handshake continues, and the verification status is not modified, regardless of @@ -190,7 +194,7 @@ Therefore, in applications that delay \s-1SCT\s0 policy enforcement until after handshake completion, such delayed \s-1SCT\s0 checks should only be performed when the session is not resumed. .PP -\&\fISSL_set_ct_validation_callback()\fR and \fISSL_CTX_set_ct_validation_callback()\fR +\&\fBSSL_set_ct_validation_callback()\fR and \fBSSL_CTX_set_ct_validation_callback()\fR register a custom callback that may implement a different policy than either of the above. This callback can examine the peer's SCTs and determine whether they are @@ -211,25 +215,25 @@ employing an anonymous (aNULL) cipher suite. In that case the handshake continues as it would had no callback been requested. Callbacks are also not invoked when the peer certificate chain is invalid or -validated via \s-1\fIDANE\-TA\s0\fR\|(2) or \s-1\fIDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records which use a private X.509 +validated via \s-1\fBDANE\-TA\s0\fR\|(2) or \s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records which use a private X.509 \&\s-1PKI,\s0 or no X.509 \s-1PKI\s0 at all, respectively. Clients that require SCTs are expected to not have enabled any aNULL ciphers -nor to have specified server verification via \s-1\fIDANE\-TA\s0\fR\|(2) or \s-1\fIDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 +nor to have specified server verification via \s-1\fBDANE\-TA\s0\fR\|(2) or \s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records. .PP -\&\fISSL_disable_ct()\fR and \fISSL_CTX_disable_ct()\fR turn off \s-1CT\s0 processing, whether +\&\fBSSL_disable_ct()\fR and \fBSSL_CTX_disable_ct()\fR turn off \s-1CT\s0 processing, whether enabled via the built-in or the custom callbacks, by setting a \s-1NULL\s0 callback. These may be implemented as macros. .PP -\&\fISSL_ct_is_enabled()\fR and \fISSL_CTX_ct_is_enabled()\fR return 1 if \s-1CT\s0 processing is -enabled via either \fISSL_enable_ct()\fR or a non-null custom callback, and 0 +\&\fBSSL_ct_is_enabled()\fR and \fBSSL_CTX_ct_is_enabled()\fR return 1 if \s-1CT\s0 processing is +enabled via either \fBSSL_enable_ct()\fR or a non-null custom callback, and 0 otherwise. .SH "NOTES" .IX Header "NOTES" When \s-1SCT\s0 processing is enabled, \s-1OCSP\s0 stapling will be enabled. This is because one possible source of SCTs is the \s-1OCSP\s0 response from a server. .PP -The time returned by \fISSL_SESSION_get_time()\fR will be used to evaluate whether any +The time returned by \fBSSL_SESSION_get_time()\fR will be used to evaluate whether any presented SCTs have timestamps that are in the future (and therefore invalid). .SH "RESTRICTIONS" .IX Header "RESTRICTIONS" @@ -238,25 +242,25 @@ be set if a custom client extension handler has been registered to handle \s-1SC extensions (\fBTLSEXT_TYPE_signed_certificate_timestamp\fR). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_enable_ct()\fR, \fISSL_CTX_enable_ct()\fR, \fISSL_CTX_set_ct_validation_callback()\fR and -\&\fISSL_set_ct_validation_callback()\fR return 1 if the \fBcallback\fR is successfully +\&\fBSSL_enable_ct()\fR, \fBSSL_CTX_enable_ct()\fR, \fBSSL_CTX_set_ct_validation_callback()\fR and +\&\fBSSL_set_ct_validation_callback()\fR return 1 if the \fBcallback\fR is successfully set. They return 0 if an error occurs, e.g. a custom client extension handler has been setup to handle SCTs. .PP -\&\fISSL_disable_ct()\fR and \fISSL_CTX_disable_ct()\fR do not return a result. +\&\fBSSL_disable_ct()\fR and \fBSSL_CTX_disable_ct()\fR do not return a result. .PP -\&\fISSL_CTX_ct_is_enabled()\fR and \fISSL_ct_is_enabled()\fR return a 1 if a non-null \s-1CT\s0 +\&\fBSSL_CTX_ct_is_enabled()\fR and \fBSSL_ct_is_enabled()\fR return a 1 if a non-null \s-1CT\s0 validation callback is set, or 0 if no callback (or equivalently a \s-1NULL\s0 callback) is set. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), -<\fISSL_get_verify_result\fR\|(3)>, -\&\fISSL_session_reused\fR\|(3), -\&\fISSL_set_verify\fR\|(3), -\&\fISSL_CTX_set_verify\fR\|(3), -\&\fISSL_SESSION_get_time\fR\|(3) +\&\fBssl\fR\|(7), +<\fBSSL_get_verify_result\fR\|(3)>, +\&\fBSSL_session_reused\fR\|(3), +\&\fBSSL_set_verify\fR\|(3), +\&\fBSSL_CTX_set_verify\fR\|(3), +\&\fBSSL_SESSION_get_time\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_ctlog_list_file.3 b/secure/lib/libcrypto/man/SSL_CTX_set_ctlog_list_file.3 index 668dfba07c10..f8a5daa487f0 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_ctlog_list_file.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_ctlog_list_file.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CTLOG_LIST_FILE 3" -.TH SSL_CTX_SET_CTLOG_LIST_FILE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_CTLOG_LIST_FILE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,12 +150,12 @@ SSL_CTX_set_default_ctlog_list_file, SSL_CTX_set_ctlog_list_file \- load a Certi .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_default_ctlog_list_file()\fR loads a list of Certificate Transparency +\&\fBSSL_CTX_set_default_ctlog_list_file()\fR loads a list of Certificate Transparency (\s-1CT\s0) logs from the default file location, \*(L"ct_log_list.cnf\*(R", found in the directory where OpenSSL is installed. .PP -\&\fISSL_CTX_set_ctlog_list_file()\fR loads a list of \s-1CT\s0 logs from a specific path. -See \fICTLOG_STORE_new\fR\|(3) for the file format. +\&\fBSSL_CTX_set_ctlog_list_file()\fR loads a list of \s-1CT\s0 logs from a specific path. +See \fBCTLOG_STORE_new\fR\|(3) for the file format. .SH "NOTES" .IX Header "NOTES" These functions will not clear the existing \s-1CT\s0 log list \- it will be appended @@ -161,17 +165,17 @@ If an error occurs whilst parsing a particular log entry in the file, that log entry will be skipped. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_default_ctlog_list_file()\fR and \fISSL_CTX_set_ctlog_list_file()\fR +\&\fBSSL_CTX_set_default_ctlog_list_file()\fR and \fBSSL_CTX_set_ctlog_list_file()\fR return 1 if the log list is successfully loaded, and 0 if an error occurs. In the case of an error, the log list may have been partially loaded. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), -\&\fISSL_CTX_set_ct_validation_callback\fR\|(3), -\&\fICTLOG_STORE_new\fR\|(3) +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_ct_validation_callback\fR\|(3), +\&\fBCTLOG_STORE_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3 index d305fc269239..0f5d335ae8ab 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_DEFAULT_PASSWD_CB 3" -.TH SSL_CTX_SET_DEFAULT_PASSWD_CB 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_DEFAULT_PASSWD_CB 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,22 +157,22 @@ SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata, SSL_CTX_g .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_default_passwd_cb()\fR sets the default password callback called +\&\fBSSL_CTX_set_default_passwd_cb()\fR sets the default password callback called when loading/storing a \s-1PEM\s0 certificate with encryption. .PP -\&\fISSL_CTX_set_default_passwd_cb_userdata()\fR sets a pointer to userdata, \fBu\fR, +\&\fBSSL_CTX_set_default_passwd_cb_userdata()\fR sets a pointer to userdata, \fBu\fR, which will be provided to the password callback on invocation. .PP -\&\fISSL_CTX_get_default_passwd_cb()\fR returns a function pointer to the password +\&\fBSSL_CTX_get_default_passwd_cb()\fR returns a function pointer to the password callback currently set in \fBctx\fR. If no callback was explicitly set, the \&\s-1NULL\s0 pointer is returned. .PP -\&\fISSL_CTX_get_default_passwd_cb_userdata()\fR returns a pointer to the userdata +\&\fBSSL_CTX_get_default_passwd_cb_userdata()\fR returns a pointer to the userdata currently set in \fBctx\fR. If no userdata was explicitly set, the \s-1NULL\s0 pointer is returned. .PP -\&\fISSL_set_default_passwd_cb()\fR, \fISSL_set_default_passwd_cb_userdata()\fR, -\&\fISSL_get_default_passwd_cb()\fR and \fISSL_get_default_passwd_cb_userdata()\fR perform +\&\fBSSL_set_default_passwd_cb()\fR, \fBSSL_set_default_passwd_cb_userdata()\fR, +\&\fBSSL_get_default_passwd_cb()\fR and \fBSSL_get_default_passwd_cb_userdata()\fR perform the same function as their \s-1SSL_CTX\s0 counterparts, but using an \s-1SSL\s0 object. .PP The password callback, which must be provided by the application, hands back the @@ -179,7 +183,7 @@ is provided. The function must store the password into the provided buffer be returned to the calling function. \fBrwflag\fR indicates whether the callback is used for reading/decryption (rwflag=0) or writing/encryption (rwflag=1). -For more details, see \fIpem_password_cb\fR\|(3). +For more details, see \fBpem_password_cb\fR\|(3). .SH "NOTES" .IX Header "NOTES" When loading or storing private keys, a password might be supplied to @@ -219,13 +223,13 @@ truncated. .Ve .SH "HISTORY" .IX Header "HISTORY" -\&\fISSL_CTX_get_default_passwd_cb()\fR, \fISSL_CTX_get_default_passwd_cb_userdata()\fR, -\&\fISSL_set_default_passwd_cb()\fR and \fISSL_set_default_passwd_cb_userdata()\fR were -first added to OpenSSL 1.1.0 +\&\fBSSL_CTX_get_default_passwd_cb()\fR, \fBSSL_CTX_get_default_passwd_cb_userdata()\fR, +\&\fBSSL_set_default_passwd_cb()\fR and \fBSSL_set_default_passwd_cb_userdata()\fR were +added in OpenSSL 1.1.0. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), -\&\fISSL_CTX_use_certificate\fR\|(3) +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_use_certificate\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_ex_data.3 b/secure/lib/libcrypto/man/SSL_CTX_set_ex_data.3 index bf336888eaf6..dcb97a30708d 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_ex_data.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_ex_data.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_EX_DATA 3" -.TH SSL_CTX_SET_EX_DATA 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_EX_DATA 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,23 +155,23 @@ SSL_CTX_get_ex_data, SSL_CTX_set_ex_data, SSL_get_ex_data, SSL_set_ex_data \&\- .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -SSL*\fI_set_ex_data()\fR functions can be used to store arbitrary user data into the +SSL*\fB_set_ex_data()\fR functions can be used to store arbitrary user data into the \&\fB\s-1SSL_CTX\s0\fR, or \fB\s-1SSL\s0\fR object. The user must supply a unique index -which they can subsequently use to retrieve the data using SSL*\fI_get_ex_data()\fR. +which they can subsequently use to retrieve the data using SSL*\fB_get_ex_data()\fR. .PP -For more detailed information see \fICRYPTO_get_ex_data\fR\|(3) and -\&\fICRYPTO_set_ex_data\fR\|(3) which implement these functions and -\&\fICRYPTO_get_ex_new_index\fR\|(3) for generating a unique index. +For more detailed information see \fBCRYPTO_get_ex_data\fR\|(3) and +\&\fBCRYPTO_set_ex_data\fR\|(3) which implement these functions and +\&\fBCRYPTO_get_ex_new_index\fR\|(3) for generating a unique index. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The SSL*\fI_set_ex_data()\fR functions return 1 if the item is successfully stored +The SSL*\fB_set_ex_data()\fR functions return 1 if the item is successfully stored and 0 if it is not. -The SSL*\fI_get_ex_data()\fR functions return the ex_data pointer if successful, +The SSL*\fB_get_ex_data()\fR functions return the ex_data pointer if successful, otherwise \s-1NULL.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fICRYPTO_get_ex_data\fR\|(3), \fICRYPTO_set_ex_data\fR\|(3), -\&\fICRYPTO_get_ex_new_index\fR\|(3) +\&\fBCRYPTO_get_ex_data\fR\|(3), \fBCRYPTO_set_ex_data\fR\|(3), +\&\fBCRYPTO_get_ex_new_index\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_generate_session_id.3 b/secure/lib/libcrypto/man/SSL_CTX_set_generate_session_id.3 index 2d015ae12385..6abe0346164e 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_generate_session_id.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_generate_session_id.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_GENERATE_SESSION_ID 3" -.TH SSL_CTX_SET_GENERATE_SESSION_ID 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_GENERATE_SESSION_ID 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,13 +155,13 @@ SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, SSL_has_matching_s .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_generate_session_id()\fR sets the callback function for generating +\&\fBSSL_CTX_set_generate_session_id()\fR sets the callback function for generating new session ids for \s-1SSL/TLS\s0 sessions for \fBctx\fR to be \fBcb\fR. .PP -\&\fISSL_set_generate_session_id()\fR sets the callback function for generating +\&\fBSSL_set_generate_session_id()\fR sets the callback function for generating new session ids for \s-1SSL/TLS\s0 sessions for \fBssl\fR to be \fBcb\fR. .PP -\&\fISSL_has_matching_session_id()\fR checks, whether a session with id \fBid\fR +\&\fBSSL_has_matching_session_id()\fR checks, whether a session with id \fBid\fR (of length \fBid_len\fR) is already contained in the internal session cache of the parent context of \fBssl\fR. .SH "NOTES" @@ -190,7 +194,7 @@ Since the sessions must be distinguished, session ids must be unique. Without the callback a random number is used, so that the probability of generating the same session id is extremely small (2^256 for SSLv3/TLSv1). In order to assure the uniqueness of the generated session id, the callback must call -\&\fISSL_has_matching_session_id()\fR and generate another id if a conflict occurs. +\&\fBSSL_has_matching_session_id()\fR and generate another id if a conflict occurs. If an id conflict is not resolved, the handshake will fail. If the application codes e.g. a unique host id, a unique process number, and a unique sequence number into the session id, uniqueness could easily be @@ -200,13 +204,13 @@ guarantee uniqueness, it is recommended to use the maximum \fBid_len\fR and fill in the bytes not used to code special information with random data to avoid collisions. .PP -\&\fISSL_has_matching_session_id()\fR will only query the internal session cache, +\&\fBSSL_has_matching_session_id()\fR will only query the internal session cache, not the external one. Since the session id is generated before the handshake is completed, it is not immediately added to the cache. If another thread is using the same internal session cache, a race condition can occur in that another thread generates the same session id. Collisions can also occur when using an external session cache, since -the external cache is not tested with \fISSL_has_matching_session_id()\fR +the external cache is not tested with \fBSSL_has_matching_session_id()\fR and the same race condition applies. .PP The callback must return 0 if it cannot generate a session id for whatever @@ -245,14 +249,14 @@ server id given, and will fill the rest with pseudo random bytes: .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_generate_session_id()\fR and \fISSL_set_generate_session_id()\fR +\&\fBSSL_CTX_set_generate_session_id()\fR and \fBSSL_set_generate_session_id()\fR always return 1. .PP -\&\fISSL_has_matching_session_id()\fR returns 1 if another session with the +\&\fBSSL_has_matching_session_id()\fR returns 1 if another session with the same id is already in the cache. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_get_version\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_get_version\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3 index 459d4603df73..bf37b719ed11 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_INFO_CALLBACK 3" -.TH SSL_CTX_SET_INFO_CALLBACK 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_INFO_CALLBACK 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,21 +153,21 @@ SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to +\&\fBSSL_CTX_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to obtain state information for \s-1SSL\s0 objects created from \fBctx\fR during connection setup and use. The setting for \fBctx\fR is overridden from the setting for a specific \s-1SSL\s0 object, if specified. When \fBcallback\fR is \s-1NULL,\s0 no callback function is used. .PP -\&\fISSL_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to +\&\fBSSL_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to obtain state information for \fBssl\fR during connection setup and use. When \fBcallback\fR is \s-1NULL,\s0 the callback setting currently valid for \&\fBctx\fR is used. .PP -\&\fISSL_CTX_get_info_callback()\fR returns a pointer to the currently set information +\&\fBSSL_CTX_get_info_callback()\fR returns a pointer to the currently set information callback function for \fBctx\fR. .PP -\&\fISSL_get_info_callback()\fR returns a pointer to the currently set information +\&\fBSSL_get_info_callback()\fR returns a pointer to the currently set information callback function for \fBssl\fR. .SH "NOTES" .IX Header "NOTES" @@ -214,27 +218,23 @@ Callback has been called due to an alert being sent or received. .IP "\s-1SSL_CB_HANDSHAKE_START\s0" 4 .IX Item "SSL_CB_HANDSHAKE_START" .PD -Callback has been called because a new handshake is started. In TLSv1.3 this is -also used for the start of post-handshake message exchanges such as for the -exchange of session tickets, or for key updates. It also occurs when resuming a -handshake following a pause to handle early data. -.IP "\s-1SSL_CB_HANDSHAKE_DONE\s0 0x20" 4 -.IX Item "SSL_CB_HANDSHAKE_DONE 0x20" -Callback has been called because a handshake is finished. In TLSv1.3 this is -also used at the end of an exchange of post-handshake messages such as for -session tickets or key updates. It also occurs if the handshake is paused to -allow the exchange of early data. +Callback has been called because a new handshake is started. It also occurs when +resuming a handshake following a pause to handle early data. +.IP "\s-1SSL_CB_HANDSHAKE_DONE\s0" 4 +.IX Item "SSL_CB_HANDSHAKE_DONE" +Callback has been called because a handshake is finished. It also occurs if the +handshake is paused to allow the exchange of early data. .PP The current state information can be obtained using the -\&\fISSL_state_string\fR\|(3) family of functions. +\&\fBSSL_state_string\fR\|(3) family of functions. .PP The \fBret\fR information can be evaluated using the -\&\fISSL_alert_type_string\fR\|(3) family of functions. +\&\fBSSL_alert_type_string\fR\|(3) family of functions. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_set_info_callback()\fR does not provide diagnostic information. +\&\fBSSL_set_info_callback()\fR does not provide diagnostic information. .PP -\&\fISSL_get_info_callback()\fR returns the current setting. +\&\fBSSL_get_info_callback()\fR returns the current setting. .SH "EXAMPLES" .IX Header "EXAMPLES" The following example callback function prints state strings, information @@ -273,11 +273,11 @@ about alerts being handled and error messages to the \fBbio_err\fR \s-1BIO.\s0 .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_state_string\fR\|(3), -\&\fISSL_alert_type_string\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_state_string\fR\|(3), +\&\fBSSL_alert_type_string\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_keylog_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_keylog_callback.3 index 5240fc42b9fd..f62bf78860dd 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_keylog_callback.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_keylog_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_KEYLOG_CALLBACK 3" -.TH SSL_CTX_SET_KEYLOG_CALLBACK 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_KEYLOG_CALLBACK 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,11 +152,11 @@ SSL_CTX_set_keylog_callback, SSL_CTX_get_keylog_callback, SSL_CTX_keylog_cb_func .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_keylog_callback()\fR sets the \s-1TLS\s0 key logging callback. This callback +\&\fBSSL_CTX_set_keylog_callback()\fR sets the \s-1TLS\s0 key logging callback. This callback is called whenever \s-1TLS\s0 key material is generated or received, in order to allow applications to store this keying material for debugging purposes. .PP -\&\fISSL_CTX_get_keylog_callback()\fR retrieves the previously set \s-1TLS\s0 key logging +\&\fBSSL_CTX_get_keylog_callback()\fR retrieves the previously set \s-1TLS\s0 key logging callback. If no callback has been set, this will return \s-1NULL.\s0 When there is no key logging callback, or if SSL_CTX_set_keylog_callback is called with \s-1NULL\s0 as the value of cb, no logging of key material will be done. @@ -164,11 +168,11 @@ file, the key logging callback should log \fBline\fR, followed by a newline. \&\fBline\fR will always be a NULL-terminated string. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_get_keylog_callback()\fR returns a pointer to \fBSSL_CTX_keylog_cb_func\fR or +\&\fBSSL_CTX_get_keylog_callback()\fR returns a pointer to \fBSSL_CTX_keylog_cb_func\fR or \&\s-1NULL\s0 if the callback is not set. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7) +\&\fBssl\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_max_cert_list.3 b/secure/lib/libcrypto/man/SSL_CTX_set_max_cert_list.3 index 725d719172a8..799d66fee8e9 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_max_cert_list.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_max_cert_list.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_MAX_CERT_LIST 3" -.TH SSL_CTX_SET_MAX_CERT_LIST 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_MAX_CERT_LIST 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,18 +153,18 @@ SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, SSL .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_max_cert_list()\fR sets the maximum size allowed for the peer's +\&\fBSSL_CTX_set_max_cert_list()\fR sets the maximum size allowed for the peer's certificate chain for all \s-1SSL\s0 objects created from \fBctx\fR to be <size> bytes. The \s-1SSL\s0 objects inherit the setting valid for \fBctx\fR at the time -\&\fISSL_new\fR\|(3) is being called. +\&\fBSSL_new\fR\|(3) is being called. .PP -\&\fISSL_CTX_get_max_cert_list()\fR returns the currently set maximum size for \fBctx\fR. +\&\fBSSL_CTX_get_max_cert_list()\fR returns the currently set maximum size for \fBctx\fR. .PP -\&\fISSL_set_max_cert_list()\fR sets the maximum size allowed for the peer's +\&\fBSSL_set_max_cert_list()\fR sets the maximum size allowed for the peer's certificate chain for \fBssl\fR to be <size> bytes. This setting stays valid until a new value is set. .PP -\&\fISSL_get_max_cert_list()\fR returns the currently set maximum size for \fBssl\fR. +\&\fBSSL_get_max_cert_list()\fR returns the currently set maximum size for \fBssl\fR. .SH "NOTES" .IX Header "NOTES" During the handshake process, the peer may send a certificate chain. @@ -173,7 +177,7 @@ chain is set. The default value for the maximum certificate chain size is 100kB (30kB on the 16bit \s-1DOS\s0 platform). This should be sufficient for usual certificate chains (OpenSSL's default maximum chain length is 10, see -\&\fISSL_CTX_set_verify\fR\|(3), and certificates +\&\fBSSL_CTX_set_verify\fR\|(3), and certificates without special extensions have a typical size of 1\-2kB). .PP For special applications it can be necessary to extend the maximum certificate @@ -190,15 +194,15 @@ If the maximum certificate chain size allowed is exceeded, the handshake will fail with a \s-1SSL_R_EXCESSIVE_MESSAGE_SIZE\s0 error. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_max_cert_list()\fR and \fISSL_set_max_cert_list()\fR return the previously +\&\fBSSL_CTX_set_max_cert_list()\fR and \fBSSL_set_max_cert_list()\fR return the previously set value. .PP -\&\fISSL_CTX_get_max_cert_list()\fR and \fISSL_get_max_cert_list()\fR return the currently +\&\fBSSL_CTX_get_max_cert_list()\fR and \fBSSL_get_max_cert_list()\fR return the currently set value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_new\fR\|(3), -\&\fISSL_CTX_set_verify\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3), +\&\fBSSL_CTX_set_verify\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_min_proto_version.3 b/secure/lib/libcrypto/man/SSL_CTX_set_min_proto_version.3 index 1685d2307251..97170bf5c8f7 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_min_proto_version.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_min_proto_version.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_MIN_PROTO_VERSION 3" -.TH SSL_CTX_SET_MIN_PROTO_VERSION 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_MIN_PROTO_VERSION 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,7 +160,7 @@ SSL_CTX_set_min_proto_version, SSL_CTX_set_max_proto_version, SSL_CTX_get_min_pr The functions get or set the minimum and maximum supported protocol versions for the \fBctx\fR or \fBssl\fR. This works in combination with the options set via -\&\fISSL_CTX_set_options\fR\|(3) that also make it possible to disable +\&\fBSSL_CTX_set_options\fR\|(3) that also make it possible to disable specific protocol versions. Use these functions instead of disabling specific protocol versions. .PP @@ -184,7 +188,7 @@ The setter functions were added in OpenSSL 1.1.0. The getter functions were added in OpenSSL 1.1.1. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_CTX_set_options\fR\|(3), \fISSL_CONF_cmd\fR\|(3) +\&\fBSSL_CTX_set_options\fR\|(3), \fBSSL_CONF_cmd\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_mode.3 b/secure/lib/libcrypto/man/SSL_CTX_set_mode.3 index 72263e57e0a6..b1be60117568 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_mode.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_mode.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_MODE 3" -.TH SSL_CTX_SET_MODE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_MODE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,17 +155,17 @@ SSL_CTX_set_mode, SSL_CTX_clear_mode, SSL_set_mode, SSL_clear_mode, SSL_CTX_get_ .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_mode()\fR adds the mode set via bitmask in \fBmode\fR to \fBctx\fR. +\&\fBSSL_CTX_set_mode()\fR adds the mode set via bitmask in \fBmode\fR to \fBctx\fR. Options already set before are not cleared. -\&\fISSL_CTX_clear_mode()\fR removes the mode set via bitmask in \fBmode\fR from \fBctx\fR. +\&\fBSSL_CTX_clear_mode()\fR removes the mode set via bitmask in \fBmode\fR from \fBctx\fR. .PP -\&\fISSL_set_mode()\fR adds the mode set via bitmask in \fBmode\fR to \fBssl\fR. +\&\fBSSL_set_mode()\fR adds the mode set via bitmask in \fBmode\fR to \fBssl\fR. Options already set before are not cleared. -\&\fISSL_clear_mode()\fR removes the mode set via bitmask in \fBmode\fR from \fBssl\fR. +\&\fBSSL_clear_mode()\fR removes the mode set via bitmask in \fBmode\fR from \fBssl\fR. .PP -\&\fISSL_CTX_get_mode()\fR returns the mode set for \fBctx\fR. +\&\fBSSL_CTX_get_mode()\fR returns the mode set for \fBctx\fR. .PP -\&\fISSL_get_mode()\fR returns the mode set for \fBssl\fR. +\&\fBSSL_get_mode()\fR returns the mode set for \fBssl\fR. .SH "NOTES" .IX Header "NOTES" The following mode changes are available: @@ -169,23 +173,23 @@ The following mode changes are available: .IX Item "SSL_MODE_ENABLE_PARTIAL_WRITE" Allow SSL_write_ex(..., n, &r) to return with 0 < r < n (i.e. report success when just a single record has been written). This works in a similar way for -\&\fISSL_write()\fR. When not set (the default), \fISSL_write_ex()\fR or \fISSL_write()\fR will only -report success once the complete chunk was written. Once \fISSL_write_ex()\fR or -\&\fISSL_write()\fR returns successful, \fBr\fR bytes have been written and the next call -to \fISSL_write_ex()\fR or \fISSL_write()\fR must only send the n\-r bytes left, imitating -the behaviour of \fIwrite()\fR. +\&\fBSSL_write()\fR. When not set (the default), \fBSSL_write_ex()\fR or \fBSSL_write()\fR will only +report success once the complete chunk was written. Once \fBSSL_write_ex()\fR or +\&\fBSSL_write()\fR returns successful, \fBr\fR bytes have been written and the next call +to \fBSSL_write_ex()\fR or \fBSSL_write()\fR must only send the n\-r bytes left, imitating +the behaviour of \fBwrite()\fR. .IP "\s-1SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\s0" 4 .IX Item "SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER" -Make it possible to retry \fISSL_write_ex()\fR or \fISSL_write()\fR with changed buffer +Make it possible to retry \fBSSL_write_ex()\fR or \fBSSL_write()\fR with changed buffer location (the buffer contents must stay the same). This is not the default to -avoid the misconception that non-blocking \fISSL_write()\fR behaves like -non-blocking \fIwrite()\fR. +avoid the misconception that non-blocking \fBSSL_write()\fR behaves like +non-blocking \fBwrite()\fR. .IP "\s-1SSL_MODE_AUTO_RETRY\s0" 4 .IX Item "SSL_MODE_AUTO_RETRY" During normal operations, non-application data records might need to be sent or received that the application is not aware of. If a non-application data record was processed, -\&\fISSL_read_ex\fR\|(3) and \fISSL_read\fR\|(3) can return with a failure and indicate the +\&\fBSSL_read_ex\fR\|(3) and \fBSSL_read\fR\|(3) can return with a failure and indicate the need to retry with \fB\s-1SSL_ERROR_WANT_READ\s0\fR. If such a non-application data record was processed, the flag \&\fB\s-1SSL_MODE_AUTO_RETRY\s0\fR causes it to try to process the next record instead of @@ -204,8 +208,8 @@ to only return after successfully processing an application data record or a failure. .Sp Turning off \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR can be useful with blocking \fB\s-1BIO\s0\fRs in case -they are used in combination with something like \fIselect()\fR or \fIpoll()\fR. -Otherwise the call to \fISSL_read()\fR or \fISSL_read_ex()\fR might hang when a +they are used in combination with something like \fBselect()\fR or \fBpoll()\fR. +Otherwise the call to \fBSSL_read()\fR or \fBSSL_read_ex()\fR might hang when a non-application record was sent and no application data was sent. .IP "\s-1SSL_MODE_RELEASE_BUFFERS\s0" 4 .IX Item "SSL_MODE_RELEASE_BUFFERS" @@ -227,26 +231,34 @@ in draft\-ietf\-tls\-downgrade\-scsv\-00. .IX Item "SSL_MODE_ASYNC" Enable asynchronous processing. \s-1TLS I/O\s0 operations may indicate a retry with \&\s-1SSL_ERROR_WANT_ASYNC\s0 with this mode set if an asynchronous capable engine is -used to perform cryptographic operations. See \fISSL_get_error\fR\|(3). +used to perform cryptographic operations. See \fBSSL_get_error\fR\|(3). +.IP "\s-1SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG\s0" 4 +.IX Item "SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG" +Older versions of OpenSSL had a bug in the computation of the label length +used for computing the endpoint-pair shared secret. The bug was that the +terminating zero was included in the length of the label. Setting this option +enables this behaviour to allow interoperability with such broken +implementations. Please note that setting this option breaks interoperability +with correct implementations. This option only applies to \s-1DTLS\s0 over \s-1SCTP.\s0 .PP All modes are off by default except for \s-1SSL_MODE_AUTO_RETRY\s0 which is on by default since 1.1.1. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_mode()\fR and \fISSL_set_mode()\fR return the new mode bitmask +\&\fBSSL_CTX_set_mode()\fR and \fBSSL_set_mode()\fR return the new mode bitmask after adding \fBmode\fR. .PP -\&\fISSL_CTX_get_mode()\fR and \fISSL_get_mode()\fR return the current bitmask. +\&\fBSSL_CTX_get_mode()\fR and \fBSSL_get_mode()\fR return the current bitmask. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_read_ex\fR\|(3), \fISSL_read\fR\|(3), \fISSL_write_ex\fR\|(3) or -\&\fISSL_write\fR\|(3), \fISSL_get_error\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), \fBSSL_write_ex\fR\|(3) or +\&\fBSSL_write\fR\|(3), \fBSSL_get_error\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\s-1SSL_MODE_ASYNC\s0 was first added to OpenSSL 1.1.0. +\&\s-1SSL_MODE_ASYNC\s0 was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_msg_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_msg_callback.3 index 30f526327b50..7390cfb6ae4a 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_msg_callback.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_msg_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_MSG_CALLBACK 3" -.TH SSL_CTX_SET_MSG_CALLBACK 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_MSG_CALLBACK 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,18 +159,18 @@ SSL_CTX_set_msg_callback, SSL_CTX_set_msg_callback_arg, SSL_set_msg_callback, SS .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_msg_callback()\fR or \fISSL_set_msg_callback()\fR can be used to +\&\fBSSL_CTX_set_msg_callback()\fR or \fBSSL_set_msg_callback()\fR can be used to define a message callback function \fIcb\fR for observing all \s-1SSL/TLS\s0 protocol messages (such as handshake messages) that are received or sent, as well as other events that occur during processing. -\&\fISSL_CTX_set_msg_callback_arg()\fR and \fISSL_set_msg_callback_arg()\fR +\&\fBSSL_CTX_set_msg_callback_arg()\fR and \fBSSL_set_msg_callback_arg()\fR can be used to set argument \fIarg\fR to the callback function, which is available for arbitrary application use. .PP -\&\fISSL_CTX_set_msg_callback()\fR and \fISSL_CTX_set_msg_callback_arg()\fR specify +\&\fBSSL_CTX_set_msg_callback()\fR and \fBSSL_CTX_set_msg_callback_arg()\fR specify default settings that will be copied to new \fB\s-1SSL\s0\fR objects by -\&\fISSL_new\fR\|(3). \fISSL_set_msg_callback()\fR and -\&\fISSL_set_msg_callback_arg()\fR modify the actual settings of an \fB\s-1SSL\s0\fR +\&\fBSSL_new\fR\|(3). \fBSSL_set_msg_callback()\fR and +\&\fBSSL_set_msg_callback_arg()\fR modify the actual settings of an \fB\s-1SSL\s0\fR object. Using a \fB\s-1NULL\s0\fR pointer for \fIcb\fR disables the message callback. .PP When \fIcb\fR is called by the \s-1SSL/TLS\s0 library the function arguments have the @@ -199,7 +203,7 @@ The \fB\s-1SSL\s0\fR object that received or sent the message. .IP "\fIarg\fR" 4 .IX Item "arg" The user-defined argument optionally defined by -\&\fISSL_CTX_set_msg_callback_arg()\fR or \fISSL_set_msg_callback_arg()\fR. +\&\fBSSL_CTX_set_msg_callback_arg()\fR or \fBSSL_set_msg_callback_arg()\fR. .SH "NOTES" .IX Header "NOTES" Protocol messages are passed to the callback function after decryption @@ -230,15 +234,14 @@ records the content type in the record header is always an \*(L"inner\*(R" content type. \fBbuf\fR contains the encoded \*(L"inner\*(R" content type byte. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_msg_callback()\fR, \fISSL_CTX_set_msg_callback_arg()\fR, \fISSL_set_msg_callback()\fR -and \fISSL_set_msg_callback_arg()\fR do not return values. +\&\fBSSL_CTX_set_msg_callback()\fR, \fBSSL_CTX_set_msg_callback_arg()\fR, \fBSSL_set_msg_callback()\fR +and \fBSSL_set_msg_callback_arg()\fR do not return values. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_new\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -The pseudo content type \fB\s-1SSL3_RT_INNER_CONTENT_TYPE\s0\fR was added in OpenSSL -1.1.1. +The pseudo content type \fB\s-1SSL3_RT_INNER_CONTENT_TYPE\s0\fR was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_num_tickets.3 b/secure/lib/libcrypto/man/SSL_CTX_set_num_tickets.3 index 27ae20e52499..005baf0e2049 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_num_tickets.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_num_tickets.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_NUM_TICKETS 3" -.TH SSL_CTX_SET_NUM_TICKETS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_NUM_TICKETS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,36 +152,36 @@ SSL_set_num_tickets, SSL_get_num_tickets, SSL_CTX_set_num_tickets, SSL_CTX_get_n .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_num_tickets()\fR and \fISSL_set_num_tickets()\fR can be called for a server -application and set the number of session tickets that will be sent to the -client after a full handshake. Set the desired value (which could be 0) in the -\&\fBnum_tickets\fR argument. Typically these functions should be called before the -start of the handshake. +\&\fBSSL_CTX_set_num_tickets()\fR and \fBSSL_set_num_tickets()\fR can be called for a server +application and set the number of TLSv1.3 session tickets that will be sent to +the client after a full handshake. Set the desired value (which could be 0) in +the \fBnum_tickets\fR argument. Typically these functions should be called before +the start of the handshake. .PP The default number of tickets is 2; the default number of tickets sent following a resumption handshake is 1 but this cannot be changed using these functions. The number of tickets following a resumption handshake can be reduced to 0 using -custom session ticket callbacks (see \fISSL_CTX_set_session_ticket_cb\fR\|(3)). +custom session ticket callbacks (see \fBSSL_CTX_set_session_ticket_cb\fR\|(3)). .PP Tickets are also issued on receipt of a post-handshake certificate from the client following a request by the server using -\&\fISSL_verify_client_post_handshake\fR\|(3). These new tickets will be associated +\&\fBSSL_verify_client_post_handshake\fR\|(3). These new tickets will be associated with the updated client identity (i.e. including their certificate and verification status). The number of tickets issued will normally be the same as was used for the initial handshake. If the initial handshake was a full -handshake then \fISSL_set_num_tickets()\fR can be called again prior to calling -\&\fISSL_verify_client_post_handshake()\fR to update the number of tickets that will be +handshake then \fBSSL_set_num_tickets()\fR can be called again prior to calling +\&\fBSSL_verify_client_post_handshake()\fR to update the number of tickets that will be sent. .PP -\&\fISSL_CTX_get_num_tickets()\fR and \fISSL_get_num_tickets()\fR return the number of -tickets set by a previous call to \fISSL_CTX_set_num_tickets()\fR or -\&\fISSL_set_num_tickets()\fR, or 2 if no such call has been made. +\&\fBSSL_CTX_get_num_tickets()\fR and \fBSSL_get_num_tickets()\fR return the number of +tickets set by a previous call to \fBSSL_CTX_set_num_tickets()\fR or +\&\fBSSL_set_num_tickets()\fR, or 2 if no such call has been made. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_num_tickets()\fR and \fISSL_set_num_tickets()\fR return 1 on success or 0 on +\&\fBSSL_CTX_set_num_tickets()\fR and \fBSSL_set_num_tickets()\fR return 1 on success or 0 on failure. .PP -\&\fISSL_CTX_get_num_tickets()\fR and \fISSL_get_num_tickets()\fR return the number of tickets +\&\fBSSL_CTX_get_num_tickets()\fR and \fBSSL_get_num_tickets()\fR return the number of tickets that have been previously set. .SH "HISTORY" .IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_options.3 b/secure/lib/libcrypto/man/SSL_CTX_set_options.3 index 6ec99200e9c3..b599d30b36a9 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_options.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_options.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_OPTIONS 3" -.TH SSL_CTX_SET_OPTIONS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_OPTIONS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -154,22 +158,22 @@ SSL_CTX_set_options, SSL_set_options, SSL_CTX_clear_options, SSL_clear_options, .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_options()\fR adds the options set via bitmask in \fBoptions\fR to \fBctx\fR. +\&\fBSSL_CTX_set_options()\fR adds the options set via bitmask in \fBoptions\fR to \fBctx\fR. Options already set before are not cleared! .PP -\&\fISSL_set_options()\fR adds the options set via bitmask in \fBoptions\fR to \fBssl\fR. +\&\fBSSL_set_options()\fR adds the options set via bitmask in \fBoptions\fR to \fBssl\fR. Options already set before are not cleared! .PP -\&\fISSL_CTX_clear_options()\fR clears the options set via bitmask in \fBoptions\fR +\&\fBSSL_CTX_clear_options()\fR clears the options set via bitmask in \fBoptions\fR to \fBctx\fR. .PP -\&\fISSL_clear_options()\fR clears the options set via bitmask in \fBoptions\fR to \fBssl\fR. +\&\fBSSL_clear_options()\fR clears the options set via bitmask in \fBoptions\fR to \fBssl\fR. .PP -\&\fISSL_CTX_get_options()\fR returns the options set for \fBctx\fR. +\&\fBSSL_CTX_get_options()\fR returns the options set for \fBctx\fR. .PP -\&\fISSL_get_options()\fR returns the options set for \fBssl\fR. +\&\fBSSL_get_options()\fR returns the options set for \fBssl\fR. .PP -\&\fISSL_get_secure_renegotiation_support()\fR indicates whether the peer supports +\&\fBSSL_get_secure_renegotiation_support()\fR indicates whether the peer supports secure renegotiation. Note, this is implemented via a macro. .SH "NOTES" @@ -178,15 +182,15 @@ The behaviour of the \s-1SSL\s0 library can be changed by setting several option The options are coded as bitmasks and can be combined by a bitwise \fBor\fR operation (|). .PP -\&\fISSL_CTX_set_options()\fR and \fISSL_set_options()\fR affect the (external) +\&\fBSSL_CTX_set_options()\fR and \fBSSL_set_options()\fR affect the (external) protocol behaviour of the \s-1SSL\s0 library. The (internal) behaviour of the \s-1API\s0 can be changed by using the similar -\&\fISSL_CTX_set_mode\fR\|(3) and \fISSL_set_mode()\fR functions. +\&\fBSSL_CTX_set_mode\fR\|(3) and \fBSSL_set_mode()\fR functions. .PP During a handshake, the option settings of the \s-1SSL\s0 object are used. When -a new \s-1SSL\s0 object is created from a context using \fISSL_new()\fR, the current +a new \s-1SSL\s0 object is created from a context using \fBSSL_new()\fR, the current option setting is copied. Changes to \fBctx\fR do not affect already created -\&\s-1SSL\s0 objects. \fISSL_clear()\fR does not affect the settings. +\&\s-1SSL\s0 objects. \fBSSL_clear()\fR does not affect the settings. .PP The following \fBbug workaround\fR options are available: .IP "\s-1SSL_OP_SAFARI_ECDHE_ECDSA_BUG\s0" 4 @@ -237,8 +241,8 @@ These options turn off the SSLv3, TLSv1, TLSv1.1, TLSv1.2 or TLSv1.3 protocol versions with \s-1TLS\s0 or the DTLSv1, DTLSv1.2 versions with \s-1DTLS,\s0 respectively. As of OpenSSL 1.1.0, these options are deprecated, use -\&\fISSL_CTX_set_min_proto_version\fR\|(3) and -\&\fISSL_CTX_set_max_proto_version\fR\|(3) instead. +\&\fBSSL_CTX_set_min_proto_version\fR\|(3) and +\&\fBSSL_CTX_set_max_proto_version\fR\|(3) instead. .IP "\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0" 4 .IX Item "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION" When performing renegotiation as a server, always start a new session @@ -287,8 +291,8 @@ ticket gets sent to the client at all. In TLSv1.3 a stateful ticket will be sent. This is a server-side option only. .Sp In TLSv1.3 it is possible to suppress all tickets (stateful and stateless) from -being sent by calling \fISSL_CTX_set_num_tickets\fR\|(3) or -\&\fISSL_set_num_tickets\fR\|(3). +being sent by calling \fBSSL_CTX_set_num_tickets\fR\|(3) or +\&\fBSSL_set_num_tickets\fR\|(3). .IP "\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0" 4 .IX Item "SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION" Allow legacy insecure renegotiation between OpenSSL and unpatched clients or @@ -328,11 +332,11 @@ has the effect of making TLSv1.3 look more like TLSv1.2 so that middleboxes that do not understand TLSv1.3 will not drop the connection. Regardless of whether this option is set or not \s-1CCS\s0 messages received from the peer will always be ignored in TLSv1.3. This option is set by default. To switch it off use -\&\fISSL_clear_options()\fR. A future version of OpenSSL may not set this by default. +\&\fBSSL_clear_options()\fR. A future version of OpenSSL may not set this by default. .IP "\s-1SSL_OP_NO_ANTI_REPLAY\s0" 4 .IX Item "SSL_OP_NO_ANTI_REPLAY" By default, when a server is configured for early data (i.e., max_early_data > 0), -OpenSSL will switch on replay protection. See \fISSL_read_early_data\fR\|(3) for a +OpenSSL will switch on replay protection. See \fBSSL_read_early_data\fR\|(3) for a description of the replay protection feature. Anti-replay measures are required to comply with the TLSv1.3 specification. Some applications may be able to mitigate the replay risks in other ways and in such cases the built in OpenSSL @@ -423,8 +427,8 @@ servers should always \fBset\fR \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR .PP OpenSSL client applications that want to ensure they can \fBnot\fR connect to unpatched servers (and thus avoid any security issues) should always \fBclear\fR -\&\fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR using \fISSL_CTX_clear_options()\fR or -\&\fISSL_clear_options()\fR. +\&\fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR using \fBSSL_CTX_clear_options()\fR or +\&\fBSSL_clear_options()\fR. .PP The difference between the \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR and \&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR options is that @@ -434,29 +438,29 @@ renegotiation between OpenSSL clients and unpatched servers \fBonly\fR, while and renegotiation between OpenSSL and unpatched clients or servers. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_options()\fR and \fISSL_set_options()\fR return the new options bitmask +\&\fBSSL_CTX_set_options()\fR and \fBSSL_set_options()\fR return the new options bitmask after adding \fBoptions\fR. .PP -\&\fISSL_CTX_clear_options()\fR and \fISSL_clear_options()\fR return the new options bitmask +\&\fBSSL_CTX_clear_options()\fR and \fBSSL_clear_options()\fR return the new options bitmask after clearing \fBoptions\fR. .PP -\&\fISSL_CTX_get_options()\fR and \fISSL_get_options()\fR return the current bitmask. +\&\fBSSL_CTX_get_options()\fR and \fBSSL_get_options()\fR return the current bitmask. .PP -\&\fISSL_get_secure_renegotiation_support()\fR returns 1 is the peer supports +\&\fBSSL_get_secure_renegotiation_support()\fR returns 1 is the peer supports secure renegotiation and 0 if it does not. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_new\fR\|(3), \fISSL_clear\fR\|(3), -\&\fISSL_CTX_set_tmp_dh_callback\fR\|(3), -\&\fISSL_CTX_set_min_proto_version\fR\|(3), -\&\fIdhparam\fR\|(1) +\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3), \fBSSL_clear\fR\|(3), +\&\fBSSL_CTX_set_tmp_dh_callback\fR\|(3), +\&\fBSSL_CTX_set_min_proto_version\fR\|(3), +\&\fBdhparam\fR\|(1) .SH "HISTORY" .IX Header "HISTORY" The attempt to always try to use secure renegotiation was added in -Openssl 0.9.8m. +OpenSSL 0.9.8m. .PP -\&\fB\s-1SSL_OP_PRIORITIZE_CHACHA\s0\fR and \fB\s-1SSL_OP_NO_RENEGOTIATION\s0\fR were added in -OpenSSL 1.1.1. +The \fB\s-1SSL_OP_PRIORITIZE_CHACHA\s0\fR and \fB\s-1SSL_OP_NO_RENEGOTIATION\s0\fR options +were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_psk_client_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_psk_client_callback.3 index 94d8b538b645..d2d74297701c 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_psk_client_callback.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_psk_client_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_PSK_CLIENT_CALLBACK 3" -.TH SSL_CTX_SET_PSK_CLIENT_CALLBACK 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_PSK_CLIENT_CALLBACK 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -165,7 +169,7 @@ SSL_psk_client_cb_func, SSL_psk_use_session_cb_func, SSL_CTX_set_psk_client_call .SH "DESCRIPTION" .IX Header "DESCRIPTION" A client application wishing to use TLSv1.3 PSKs should use either -\&\fISSL_CTX_set_psk_use_session_callback()\fR or \fISSL_set_psk_use_session_callback()\fR as +\&\fBSSL_CTX_set_psk_use_session_callback()\fR or \fBSSL_set_psk_use_session_callback()\fR as appropriate. These functions cannot be used for TLSv1.2 and below PSKs. .PP The callback function is given a pointer to the \s-1SSL\s0 connection in \fBssl\fR. @@ -187,23 +191,23 @@ Additionally the callback should store a pointer to an \s-1SSL_SESSION\s0 object the following fields set: .IP "The master key" 4 .IX Item "The master key" -This can be set via a call to \fISSL_SESSION_set1_master_key\fR\|(3). +This can be set via a call to \fBSSL_SESSION_set1_master_key\fR\|(3). .IP "A ciphersuite" 4 .IX Item "A ciphersuite" Only the handshake digest associated with the ciphersuite is relevant for the \&\s-1PSK\s0 (the server may go on to negotiate any ciphersuite which is compatible with the digest). The application can use any TLSv1.3 ciphersuite. If \fBmd\fR is not \s-1NULL\s0 the handshake digest for the ciphersuite should be the same. -The ciphersuite can be set via a call to <\fISSL_SESSION_set_cipher\fR\|(3)>. The +The ciphersuite can be set via a call to <\fBSSL_SESSION_set_cipher\fR\|(3)>. The handshake digest of an \s-1SSL_CIPHER\s0 object can be checked using -<\fISSL_CIPHER_get_handshake_digest\fR\|(3)>. +<\fBSSL_CIPHER_get_handshake_digest\fR\|(3)>. .IP "The protocol version" 4 .IX Item "The protocol version" -This can be set via a call to \fISSL_SESSION_set_protocol_version\fR\|(3) and should +This can be set via a call to \fBSSL_SESSION_set_protocol_version\fR\|(3) and should be \s-1TLS1_3_VERSION.\s0 .PP Additionally the maximum early data value should be set via a call to -\&\fISSL_SESSION_set_max_early_data\fR\|(3) if the \s-1PSK\s0 will be used for sending early +\&\fBSSL_SESSION_set_max_early_data\fR\|(3) if the \s-1PSK\s0 will be used for sending early data. .PP Alternatively an \s-1SSL_SESSION\s0 created from a previous non-PSK handshake may also @@ -224,8 +228,8 @@ client is sending the ClientKeyExchange message to the server. The purpose of the callback function is to select the \s-1PSK\s0 identity and the pre-shared key to use during the connection setup phase. .PP -The callback is set using functions \fISSL_CTX_set_psk_client_callback()\fR -or \fISSL_set_psk_client_callback()\fR. The callback function is given the +The callback is set using functions \fBSSL_CTX_set_psk_client_callback()\fR +or \fBSSL_set_psk_client_callback()\fR. The callback function is given the connection in parameter \fBssl\fR, a \fB\s-1NULL\s0\fR\-terminated \s-1PSK\s0 identity hint sent by the server in parameter \fBhint\fR, a buffer \fBidentity\fR of length \fBmax_identity_len\fR bytes where the resulting @@ -234,13 +238,13 @@ length \fBmax_psk_len\fR bytes where the resulting pre-shared key is to be stored. .PP The callback for use in TLSv1.2 will also work in TLSv1.3 although it is -recommended to use \fISSL_CTX_set_psk_use_session_callback()\fR -or \fISSL_set_psk_use_session_callback()\fR for this purpose instead. If TLSv1.3 has +recommended to use \fBSSL_CTX_set_psk_use_session_callback()\fR +or \fBSSL_set_psk_use_session_callback()\fR for this purpose instead. If TLSv1.3 has been negotiated then OpenSSL will first check to see if a callback has been set -via \fISSL_CTX_set_psk_use_session_callback()\fR or \fISSL_set_psk_use_session_callback()\fR +via \fBSSL_CTX_set_psk_use_session_callback()\fR or \fBSSL_set_psk_use_session_callback()\fR and it will use that in preference. If no such callback is present then it will -check to see if a callback has been set via \fISSL_CTX_set_psk_client_callback()\fR or -\&\fISSL_set_psk_client_callback()\fR and use that. In this case the \fBhint\fR value will +check to see if a callback has been set via \fBSSL_CTX_set_psk_client_callback()\fR or +\&\fBSSL_set_psk_client_callback()\fR and use that. In this case the \fBhint\fR value will always be \s-1NULL\s0 and the handshake digest will default to \s-1SHA\-256\s0 for any returned \&\s-1PSK.\s0 .SH "NOTES" @@ -248,7 +252,7 @@ always be \s-1NULL\s0 and the handshake digest will default to \s-1SHA\-256\s0 f Note that parameter \fBhint\fR given to the callback may be \fB\s-1NULL\s0\fR. .PP A connection established via a TLSv1.3 \s-1PSK\s0 will appear as if session resumption -has occurred so that \fISSL_session_reused\fR\|(3) will return true. +has occurred so that \fBSSL_session_reused\fR\|(3) will return true. .PP There are no known security issues with sharing the same \s-1PSK\s0 between TLSv1.2 (or below) and TLSv1.3. However the \s-1RFC\s0 has this note of caution: @@ -272,11 +276,11 @@ The SSL_psk_use_session_cb_func callback should return 1 on success or 0 on failure. In the event of failure the connection setup fails. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_CTX_set_psk_find_session_callback\fR\|(3), -\&\fISSL_set_psk_find_session_callback\fR\|(3) +\&\fBSSL_CTX_set_psk_find_session_callback\fR\|(3), +\&\fBSSL_set_psk_find_session_callback\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fISSL_CTX_set_psk_use_session_callback()\fR and \fISSL_set_psk_use_session_callback()\fR +\&\fBSSL_CTX_set_psk_use_session_callback()\fR and \fBSSL_set_psk_use_session_callback()\fR were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3 b/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3 index ab6fa6a8b5b2..d1081186d168 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_QUIET_SHUTDOWN 3" -.TH SSL_CTX_SET_QUIET_SHUTDOWN 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_QUIET_SHUTDOWN 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,29 +153,29 @@ SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBctx\fR to be +\&\fBSSL_CTX_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBctx\fR to be \&\fBmode\fR. \s-1SSL\s0 objects created from \fBctx\fR inherit the \fBmode\fR valid at the time -\&\fISSL_new\fR\|(3) is called. \fBmode\fR may be 0 or 1. +\&\fBSSL_new\fR\|(3) is called. \fBmode\fR may be 0 or 1. .PP -\&\fISSL_CTX_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBctx\fR. +\&\fBSSL_CTX_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBctx\fR. .PP -\&\fISSL_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBssl\fR to be +\&\fBSSL_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBssl\fR to be \&\fBmode\fR. The setting stays valid until \fBssl\fR is removed with -\&\fISSL_free\fR\|(3) or \fISSL_set_quiet_shutdown()\fR is called again. -It is not changed when \fISSL_clear\fR\|(3) is called. +\&\fBSSL_free\fR\|(3) or \fBSSL_set_quiet_shutdown()\fR is called again. +It is not changed when \fBSSL_clear\fR\|(3) is called. \&\fBmode\fR may be 0 or 1. .PP -\&\fISSL_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBssl\fR. +\&\fBSSL_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBssl\fR. .SH "NOTES" .IX Header "NOTES" Normally when a \s-1SSL\s0 connection is finished, the parties must send out -close_notify alert messages using \fISSL_shutdown\fR\|(3) +close_notify alert messages using \fBSSL_shutdown\fR\|(3) for a clean shutdown. .PP -When setting the \*(L"quiet shutdown\*(R" flag to 1, \fISSL_shutdown\fR\|(3) +When setting the \*(L"quiet shutdown\*(R" flag to 1, \fBSSL_shutdown\fR\|(3) will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN. -(\fISSL_shutdown\fR\|(3) then behaves like -\&\fISSL_set_shutdown\fR\|(3) called with +(\fBSSL_shutdown\fR\|(3) then behaves like +\&\fBSSL_set_shutdown\fR\|(3) called with SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.) The session is thus considered to be shutdown, but no close_notify alert is sent to the peer. This behaviour violates the \s-1TLS\s0 standard. @@ -179,16 +183,16 @@ is sent to the peer. This behaviour violates the \s-1TLS\s0 standard. The default is normal shutdown behaviour as described by the \s-1TLS\s0 standard. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_quiet_shutdown()\fR and \fISSL_set_quiet_shutdown()\fR do not return +\&\fBSSL_CTX_set_quiet_shutdown()\fR and \fBSSL_set_quiet_shutdown()\fR do not return diagnostic information. .PP -\&\fISSL_CTX_get_quiet_shutdown()\fR and SSL_get_quiet_shutdown return the current +\&\fBSSL_CTX_get_quiet_shutdown()\fR and SSL_get_quiet_shutdown return the current setting. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_shutdown\fR\|(3), -\&\fISSL_set_shutdown\fR\|(3), \fISSL_new\fR\|(3), -\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_shutdown\fR\|(3), +\&\fBSSL_set_shutdown\fR\|(3), \fBSSL_new\fR\|(3), +\&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_read_ahead.3 b/secure/lib/libcrypto/man/SSL_CTX_set_read_ahead.3 index 53c5a3eca1fa..84435b27103a 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_read_ahead.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_read_ahead.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_READ_AHEAD 3" -.TH SSL_CTX_SET_READ_AHEAD 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_READ_AHEAD 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,7 +154,7 @@ SSL_CTX_set_read_ahead, SSL_CTX_get_read_ahead, SSL_set_read_ahead, SSL_get_read .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_read_ahead()\fR and \fISSL_set_read_ahead()\fR set whether we should read as +\&\fBSSL_CTX_set_read_ahead()\fR and \fBSSL_set_read_ahead()\fR set whether we should read as many input bytes as possible (for non-blocking reads) or not. For example if \&\fBx\fR bytes are currently required by OpenSSL, but \fBy\fR bytes are available from the underlying \s-1BIO\s0 (where \fBy\fR > \fBx\fR), then OpenSSL will read all \fBy\fR bytes @@ -158,36 +162,36 @@ into its buffer (providing that the buffer is large enough) if reading ahead is on, or \fBx\fR bytes otherwise. Setting the parameter \fByes\fR to 0 turns reading ahead is off, other values turn it on. -\&\fISSL_CTX_set_default_read_ahead()\fR is identical to \fISSL_CTX_set_read_ahead()\fR. +\&\fBSSL_CTX_set_default_read_ahead()\fR is identical to \fBSSL_CTX_set_read_ahead()\fR. .PP -\&\fISSL_CTX_get_read_ahead()\fR and \fISSL_get_read_ahead()\fR indicate whether reading +\&\fBSSL_CTX_get_read_ahead()\fR and \fBSSL_get_read_ahead()\fR indicate whether reading ahead has been set or not. -\&\fISSL_CTX_get_default_read_ahead()\fR is identical to \fISSL_CTX_get_read_ahead()\fR. +\&\fBSSL_CTX_get_default_read_ahead()\fR is identical to \fBSSL_CTX_get_read_ahead()\fR. .SH "NOTES" .IX Header "NOTES" These functions have no impact when used with \s-1DTLS.\s0 The return values for -\&\fISSL_CTX_get_read_head()\fR and \fISSL_get_read_ahead()\fR are undefined for \s-1DTLS.\s0 Setting -\&\fBread_ahead\fR can impact the behaviour of the \fISSL_pending()\fR function -(see \fISSL_pending\fR\|(3)). +\&\fBSSL_CTX_get_read_head()\fR and \fBSSL_get_read_ahead()\fR are undefined for \s-1DTLS.\s0 Setting +\&\fBread_ahead\fR can impact the behaviour of the \fBSSL_pending()\fR function +(see \fBSSL_pending\fR\|(3)). .PP -Since \fISSL_read()\fR can return \fB\s-1SSL_ERROR_WANT_READ\s0\fR for non-application data -records, and \fISSL_has_pending()\fR can't tell the difference between processed and +Since \fBSSL_read()\fR can return \fB\s-1SSL_ERROR_WANT_READ\s0\fR for non-application data +records, and \fBSSL_has_pending()\fR can't tell the difference between processed and unprocessed data, it's recommended that if read ahead is turned on that -\&\fB\s-1SSL_MODE_AUTO_RETRY\s0\fR is not turned off using \fISSL_CTX_clear_mode()\fR. +\&\fB\s-1SSL_MODE_AUTO_RETRY\s0\fR is not turned off using \fBSSL_CTX_clear_mode()\fR. That will prevent getting \fB\s-1SSL_ERROR_WANT_READ\s0\fR when there is still a complete record availale that hasn't been processed. .PP If the application wants to continue to use the underlying transport (e.g. \s-1TCP\s0 -connection) after the \s-1SSL\s0 connection is finished using \fISSL_shutdown()\fR reading +connection) after the \s-1SSL\s0 connection is finished using \fBSSL_shutdown()\fR reading ahead should be turned off. Otherwise the \s-1SSL\s0 structure might read data that it shouldn't. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_get_read_ahead()\fR and \fISSL_CTX_get_read_ahead()\fR return 0 if reading ahead is off, +\&\fBSSL_get_read_ahead()\fR and \fBSSL_CTX_get_read_ahead()\fR return 0 if reading ahead is off, and non zero otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_pending\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_pending\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_record_padding_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_record_padding_callback.3 index 3fb7c5f34321..5d5acc0be795 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_record_padding_callback.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_record_padding_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_RECORD_PADDING_CALLBACK 3" -.TH SSL_CTX_SET_RECORD_PADDING_CALLBACK 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_RECORD_PADDING_CALLBACK 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,28 +149,28 @@ SSL_CTX_set_record_padding_callback, SSL_set_record_padding_callback, SSL_CTX_se \& void SSL_set_record_padding_callback(SSL *ssl, size_t (*cb)(SSL *s, int type, size_t len, void *arg)); \& \& void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg); -\& void *SSL_CTX_get_record_padding_callback_arg(SSL_CTX *ctx); +\& void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx); \& \& void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg); -\& void *SSL_get_record_padding_callback_arg(SSL *ssl); +\& void *SSL_get_record_padding_callback_arg(const SSL *ssl); \& \& int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size); \& int SSL_set_block_padding(SSL *ssl, size_t block_size); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_record_padding_callback()\fR or \fISSL_set_record_padding_callback()\fR +\&\fBSSL_CTX_set_record_padding_callback()\fR or \fBSSL_set_record_padding_callback()\fR can be used to assign a callback function \fIcb\fR to specify the padding -for \s-1TLS 1.3\s0 records. The value set in \fBctx\fR is copied to a new \s-1SSL\s0 by \fISSL_new()\fR. +for \s-1TLS 1.3\s0 records. The value set in \fBctx\fR is copied to a new \s-1SSL\s0 by \fBSSL_new()\fR. .PP -\&\fISSL_CTX_set_record_padding_callback_arg()\fR and \fISSL_set_record_padding_callback_arg()\fR +\&\fBSSL_CTX_set_record_padding_callback_arg()\fR and \fBSSL_set_record_padding_callback_arg()\fR assign a value \fBarg\fR that is passed to the callback when it is invoked. The value -set in \fBctx\fR is copied to a new \s-1SSL\s0 by \fISSL_new()\fR. +set in \fBctx\fR is copied to a new \s-1SSL\s0 by \fBSSL_new()\fR. .PP -\&\fISSL_CTX_get_record_padding_callback_arg()\fR and \fISSL_get_record_padding_callback_arg()\fR +\&\fBSSL_CTX_get_record_padding_callback_arg()\fR and \fBSSL_get_record_padding_callback_arg()\fR retrieve the \fBarg\fR value that is passed to the callback. .PP -\&\fISSL_CTX_set_block_padding()\fR and \fISSL_set_block_padding()\fR pads the record to a multiple +\&\fBSSL_CTX_set_block_padding()\fR and \fBSSL_set_block_padding()\fR pads the record to a multiple of the \fBblock_size\fR. A \fBblock_size\fR of 0 or 1 disables block padding. The limit of \&\fBblock_size\fR is \s-1SSL3_RT_MAX_PLAIN_LENGTH.\s0 .PP @@ -174,14 +178,14 @@ The callback is invoked for every record before encryption. The \fBtype\fR parameter is the \s-1TLS\s0 record type that is being processed; may be one of \s-1SSL3_RT_APPLICATION_DATA, SSL3_RT_HANDSHAKE,\s0 or \s-1SSL3_RT_ALERT.\s0 The \fBlen\fR parameter is the current plaintext length of the record before encryption. -The \fBarg\fR parameter is the value set via \fISSL_CTX_set_record_padding_callback_arg()\fR -or \fISSL_set_record_padding_callback_arg()\fR. +The \fBarg\fR parameter is the value set via \fBSSL_CTX_set_record_padding_callback_arg()\fR +or \fBSSL_set_record_padding_callback_arg()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The \fISSL_CTX_get_record_padding_callback_arg()\fR and \fISSL_get_record_padding_callback_arg()\fR +The \fBSSL_CTX_get_record_padding_callback_arg()\fR and \fBSSL_get_record_padding_callback_arg()\fR functions return the \fBarg\fR value assigned in the corresponding set functions. .PP -The \fISSL_CTX_set_block_padding()\fR and \fISSL_set_block_padding()\fR functions return 1 on success +The \fBSSL_CTX_set_block_padding()\fR and \fBSSL_set_block_padding()\fR functions return 1 on success or 0 if \fBblock_size\fR is too large. .PP The \fBcb\fR returns the number of padding bytes to add to the record. A return of 0 @@ -193,7 +197,7 @@ maximum record size. The default behavior is to add no padding to the record. .PP A user-supplied padding callback function will override the behavior set by -\&\fISSL_set_block_padding()\fR or \fISSL_CTX_set_block_padding()\fR. Setting the user-supplied +\&\fBSSL_set_block_padding()\fR or \fBSSL_CTX_set_block_padding()\fR. Setting the user-supplied callback to \s-1NULL\s0 will restore the configured block padding behavior. .PP These functions only apply to \s-1TLS 1.3\s0 records being written. @@ -201,13 +205,13 @@ These functions only apply to \s-1TLS 1.3\s0 records being written. Padding bytes are not added in constant-time. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_new\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The record padding \s-1API\s0 was added for \s-1TLS 1.3\s0 support in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_security_level.3 b/secure/lib/libcrypto/man/SSL_CTX_set_security_level.3 index 4064897fbf8c..12e65a00b8d0 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_security_level.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_security_level.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_SECURITY_LEVEL 3" -.TH SSL_CTX_SET_SECURITY_LEVEL 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_SECURITY_LEVEL 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -171,21 +175,21 @@ SSL_CTX_set_security_level, SSL_set_security_level, SSL_CTX_get_security_level, .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The functions \fISSL_CTX_set_security_level()\fR and \fISSL_set_security_level()\fR set +The functions \fBSSL_CTX_set_security_level()\fR and \fBSSL_set_security_level()\fR set the security level to \fBlevel\fR. If not set the library default security level is used. .PP -The functions \fISSL_CTX_get_security_level()\fR and \fISSL_get_security_level()\fR +The functions \fBSSL_CTX_get_security_level()\fR and \fBSSL_get_security_level()\fR retrieve the current security level. .PP -\&\fISSL_CTX_set_security_callback()\fR, \fISSL_set_security_callback()\fR, -\&\fISSL_CTX_get_security_callback()\fR and \fISSL_get_security_callback()\fR get or set +\&\fBSSL_CTX_set_security_callback()\fR, \fBSSL_set_security_callback()\fR, +\&\fBSSL_CTX_get_security_callback()\fR and \fBSSL_get_security_callback()\fR get or set the security callback associated with \fBctx\fR or \fBs\fR. If not set a default security callback is used. The meaning of the parameters and the behaviour of the default callbacks is described below. .PP -\&\fISSL_CTX_set0_security_ex_data()\fR, \fISSL_set0_security_ex_data()\fR, -\&\fISSL_CTX_get0_security_ex_data()\fR and \fISSL_get0_security_ex_data()\fR set the +\&\fBSSL_CTX_set0_security_ex_data()\fR, \fBSSL_set0_security_ex_data()\fR, +\&\fBSSL_CTX_get0_security_ex_data()\fR and \fBSSL_get0_security_ex_data()\fR set the extra data pointer passed to the \fBex\fR parameter of the callback. This value is passed to the callback verbatim and can be set to any convenient application specific value. @@ -274,27 +278,27 @@ alert. .PP Attempts to set certificates or parameters with insufficient security are also blocked. For example trying to set a certificate using a 512 bit \s-1RSA\s0 -key using \fISSL_CTX_use_certificate()\fR at level 1. Applications which do not +key using \fBSSL_CTX_use_certificate()\fR at level 1. Applications which do not check the return values for errors will misbehave: for example it might appear that a certificate is not set at all because it had been rejected. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_security_level()\fR and \fISSL_set_security_level()\fR do not return values. +\&\fBSSL_CTX_set_security_level()\fR and \fBSSL_set_security_level()\fR do not return values. .PP -\&\fISSL_CTX_get_security_level()\fR and \fISSL_get_security_level()\fR return a integer that +\&\fBSSL_CTX_get_security_level()\fR and \fBSSL_get_security_level()\fR return a integer that represents the security level with \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR, respectively. .PP -\&\fISSL_CTX_set_security_callback()\fR and \fISSL_set_security_callback()\fR do not return +\&\fBSSL_CTX_set_security_callback()\fR and \fBSSL_set_security_callback()\fR do not return values. .PP -\&\fISSL_CTX_get_security_callback()\fR and \fISSL_get_security_callback()\fR return the pointer +\&\fBSSL_CTX_get_security_callback()\fR and \fBSSL_get_security_callback()\fR return the pointer to the security callback or \s-1NULL\s0 if the callback is not set. .PP -\&\fISSL_CTX_get0_security_ex_data()\fR and \fISSL_get0_security_ex_data()\fR return the extra +\&\fBSSL_CTX_get0_security_ex_data()\fR and \fBSSL_get0_security_ex_data()\fR return the extra data pointer or \s-1NULL\s0 if the ex data is not set. .SH "HISTORY" .IX Header "HISTORY" -These functions were first added to OpenSSL 1.1.0 +These functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2014\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3 b/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3 index 258f0e8d6446..a9c9c6321817 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_SESSION_CACHE_MODE 3" -.TH SSL_CTX_SET_SESSION_CACHE_MODE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_SESSION_CACHE_MODE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,10 +150,10 @@ SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode \- enable/disable .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_session_cache_mode()\fR enables/disables session caching +\&\fBSSL_CTX_set_session_cache_mode()\fR enables/disables session caching by setting the operational mode for \fBctx\fR to <mode>. .PP -\&\fISSL_CTX_get_session_cache_mode()\fR returns the currently used cache mode. +\&\fBSSL_CTX_get_session_cache_mode()\fR returns the currently used cache mode. .SH "NOTES" .IX Header "NOTES" The OpenSSL library can store/retrieve \s-1SSL/TLS\s0 sessions for later reuse. @@ -169,7 +173,7 @@ the external storage if available. .PP Since a client may try to reuse a session intended for use in a different context, the session id context must be set by the server (see -\&\fISSL_CTX_set_session_id_context\fR\|(3)). +\&\fBSSL_CTX_set_session_id_context\fR\|(3)). .PP The following session cache modes and modifiers are available: .IP "\s-1SSL_SESS_CACHE_OFF\s0" 4 @@ -181,7 +185,7 @@ Client sessions are added to the session cache. As there is no reliable way for the OpenSSL library to know whether a session should be reused or which session to choose (due to the abstract \s-1BIO\s0 layer the \s-1SSL\s0 engine does not have details about the connection), the application must select the session -to be reused by using the \fISSL_set_session\fR\|(3) +to be reused by using the \fBSSL_set_session\fR\|(3) function. This option is not activated by default. .IP "\s-1SSL_SESS_CACHE_SERVER\s0" 4 .IX Item "SSL_SESS_CACHE_SERVER" @@ -197,10 +201,10 @@ Enable both \s-1SSL_SESS_CACHE_CLIENT\s0 and \s-1SSL_SESS_CACHE_SERVER\s0 at the .IX Item "SSL_SESS_CACHE_NO_AUTO_CLEAR" Normally the session cache is checked for expired sessions every 255 connections using the -\&\fISSL_CTX_flush_sessions\fR\|(3) function. Since +\&\fBSSL_CTX_flush_sessions\fR\|(3) function. Since this may lead to a delay which cannot be controlled, the automatic flushing may be disabled and -\&\fISSL_CTX_flush_sessions\fR\|(3) can be called +\&\fBSSL_CTX_flush_sessions\fR\|(3) can be called explicitly by the application. .IP "\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0" 4 .IX Item "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" @@ -217,7 +221,7 @@ sessions negotiated in an \s-1SSL/TLS\s0 handshake may be cached for possible re Normally a new session is added to the internal cache as well as any external session caching (callback) that is configured for the \s-1SSL_CTX.\s0 This flag will prevent sessions being stored in the internal cache (though the application can -add them manually using \fISSL_CTX_add_session\fR\|(3)). Note: +add them manually using \fBSSL_CTX_add_session\fR\|(3)). Note: in any \s-1SSL/TLS\s0 servers where external caching is configured, any successful session lookups in the external cache (ie. for session-resume requests) would normally be copied into the local cache before processing continues \- this flag @@ -230,20 +234,20 @@ Enable both \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 and The default mode is \s-1SSL_SESS_CACHE_SERVER.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_session_cache_mode()\fR returns the previously set cache mode. +\&\fBSSL_CTX_set_session_cache_mode()\fR returns the previously set cache mode. .PP -\&\fISSL_CTX_get_session_cache_mode()\fR returns the currently set cache mode. +\&\fBSSL_CTX_get_session_cache_mode()\fR returns the currently set cache mode. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_set_session\fR\|(3), -\&\fISSL_session_reused\fR\|(3), -\&\fISSL_CTX_add_session\fR\|(3), -\&\fISSL_CTX_sess_number\fR\|(3), -\&\fISSL_CTX_sess_set_cache_size\fR\|(3), -\&\fISSL_CTX_sess_set_get_cb\fR\|(3), -\&\fISSL_CTX_set_session_id_context\fR\|(3), -\&\fISSL_CTX_set_timeout\fR\|(3), -\&\fISSL_CTX_flush_sessions\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_set_session\fR\|(3), +\&\fBSSL_session_reused\fR\|(3), +\&\fBSSL_CTX_add_session\fR\|(3), +\&\fBSSL_CTX_sess_number\fR\|(3), +\&\fBSSL_CTX_sess_set_cache_size\fR\|(3), +\&\fBSSL_CTX_sess_set_get_cb\fR\|(3), +\&\fBSSL_CTX_set_session_id_context\fR\|(3), +\&\fBSSL_CTX_set_timeout\fR\|(3), +\&\fBSSL_CTX_flush_sessions\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3 b/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3 index e2baae0bec7c..4ad5e3fcd281 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_SESSION_ID_CONTEXT 3" -.TH SSL_CTX_SET_SESSION_ID_CONTEXT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_SESSION_ID_CONTEXT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,10 +152,10 @@ SSL_CTX_set_session_id_context, SSL_set_session_id_context \- set context within .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length +\&\fBSSL_CTX_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length \&\fBsid_ctx_len\fR within which a session can be reused for the \fBctx\fR object. .PP -\&\fISSL_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length +\&\fBSSL_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length \&\fBsid_ctx_len\fR within which a session can be reused for the \fBssl\fR object. .SH "NOTES" .IX Header "NOTES" @@ -166,8 +170,8 @@ to use e.g. the name of the application and/or the hostname and/or service name ... .PP The session id context becomes part of the session. The session id context -is set by the \s-1SSL/TLS\s0 server. The \fISSL_CTX_set_session_id_context()\fR and -\&\fISSL_set_session_id_context()\fR functions are therefore only useful on the +is set by the \s-1SSL/TLS\s0 server. The \fBSSL_CTX_set_session_id_context()\fR and +\&\fBSSL_set_session_id_context()\fR functions are therefore only useful on the server side. .PP OpenSSL clients will check the session id context returned by the server @@ -189,7 +193,7 @@ as an OpenSSL server checks the session id context itself before reusing a session as described above. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_session_id_context()\fR and \fISSL_set_session_id_context()\fR +\&\fBSSL_CTX_set_session_id_context()\fR and \fBSSL_set_session_id_context()\fR return the following values: .IP "0" 4 The length \fBsid_ctx_len\fR of the session id context \fBsid_ctx\fR exceeded @@ -200,7 +204,7 @@ is logged to the error stack. The operation succeeded. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7) +\&\fBssl\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_session_ticket_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_session_ticket_cb.3 index b31566c3208f..4b48d0b138d9 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_session_ticket_cb.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_session_ticket_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_SESSION_TICKET_CB 3" -.TH SSL_CTX_SET_SESSION_TICKET_CB 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_SESSION_TICKET_CB 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,15 +160,15 @@ SSL_CTX_set_session_ticket_cb, SSL_SESSION_get0_ticket_appdata, SSL_SESSION_set1 .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_set_session_ticket_cb()\fR sets the application callbacks \fBgen_cb\fR +\&\fBSSL_CTX_set_set_session_ticket_cb()\fR sets the application callbacks \fBgen_cb\fR and \fBdec_cb\fR that are used by a server to set and get application data stored with a session, and placed into a session ticket. Either callback function may be set to \s-1NULL.\s0 The value of \fBarg\fR is passed to the callbacks. .PP \&\fBgen_cb\fR is the application defined callback invoked when a session ticket is -about to be created. The application can call \fISSL_SESSION_set1_ticket_appdata()\fR +about to be created. The application can call \fBSSL_SESSION_set1_ticket_appdata()\fR at this time to add application data to the session ticket. The value of \fBarg\fR -is the same as that given to \fISSL_CTX_set_session_ticket_cb()\fR. The \fBgen_cb\fR +is the same as that given to \fBSSL_CTX_set_session_ticket_cb()\fR. The \fBgen_cb\fR callback is defined as type \fBSSL_CTX_generate_session_ticket_fn\fR. .PP \&\fBdec_cb\fR is the application defined callback invoked after session ticket @@ -173,22 +177,22 @@ available. If ticket decryption was successful then the \fBss\fR argument contai the session data. The \fBkeyname\fR and \fBkeyname_len\fR arguments identify the key used to decrypt the session ticket. The \fBstatus\fR argument is the result of the ticket decryption. See the \s-1NOTES\s0 section below for further details. The value -of \fBarg\fR is the same as that given to \fISSL_CTX_set_session_ticket_cb()\fR. The +of \fBarg\fR is the same as that given to \fBSSL_CTX_set_session_ticket_cb()\fR. The \&\fBdec_cb\fR callback is defined as type \fBSSL_CTX_decrypt_session_ticket_fn\fR. .PP -\&\fISSL_SESSION_set1_ticket_appdata()\fR sets the application data specified by +\&\fBSSL_SESSION_set1_ticket_appdata()\fR sets the application data specified by \&\fBdata\fR and \fBlen\fR into \fBss\fR which is then placed into any generated session tickets. It can be called at any time before a session ticket is created to update the data placed into the session ticket. However, given that sessions and tickets are created by the handshake, the \fBgen_cb\fR is provided to notify the application that a session ticket is about to be generated. .PP -\&\fISSL_SESSION_get0_ticket_appdata()\fR assigns \fBdata\fR to the session ticket +\&\fBSSL_SESSION_get0_ticket_appdata()\fR assigns \fBdata\fR to the session ticket application data and assigns \fBlen\fR to the length of the session ticket application data from \fBss\fR. The application data can be set via -\&\fISSL_SESSION_set1_ticket_appdata()\fR or by a session ticket. \s-1NULL\s0 will be assigned +\&\fBSSL_SESSION_set1_ticket_appdata()\fR or by a session ticket. \s-1NULL\s0 will be assigned to \fBdata\fR and 0 will be assigned to \fBlen\fR if there is no session ticket -application data. \fISSL_SESSION_get0_ticket_appdata()\fR can be called any time +application data. \fBSSL_SESSION_get0_ticket_appdata()\fR can be called any time after a session has been created. The \fBdec_cb\fR is provided to notify the application that a session ticket has just been decrypted. .SH "NOTES" @@ -258,21 +262,21 @@ If \fBstatus\fR has the value \fB\s-1SSL_TICKET_EMPTY\s0\fR or \fB\s-1SSL_TICKET no session data will be available and the callback must not use the \fBss\fR argument. If \fBstatus\fR has the value \fB\s-1SSL_TICKET_SUCCESS\s0\fR or \&\fB\s-1SSL_TICKET_SUCCESS_RENEW\s0\fR then the application can call -\&\fISSL_SESSION_get0_ticket_appdata()\fR using the session provided in the \fBss\fR +\&\fBSSL_SESSION_get0_ticket_appdata()\fR using the session provided in the \fBss\fR argument to retrieve the application data. .PP -When the \fBgen_cb\fR callback is invoked, the \fISSL_get_session()\fR function can be -used to retrieve the \s-1SSL_SESSION\s0 for \fISSL_SESSION_set1_ticket_appdata()\fR. +When the \fBgen_cb\fR callback is invoked, the \fBSSL_get_session()\fR function can be +used to retrieve the \s-1SSL_SESSION\s0 for \fBSSL_SESSION_set1_ticket_appdata()\fR. .PP By default, in TLSv1.2 and below, a new session ticket is not issued on a successful resumption and therefore \fBgen_cb\fR will not be called. In TLSv1.3 the default behaviour is to always issue a new ticket on resumption. In both cases this behaviour can be changed if a ticket key callback is in use (see -\&\fISSL_CTX_set_tlsext_ticket_key_cb\fR\|(3)). +\&\fBSSL_CTX_set_tlsext_ticket_key_cb\fR\|(3)). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The \fISSL_CTX_set_session_ticket_cb()\fR, \fISSL_SESSION_set1_ticket_appdata()\fR and -\&\fISSL_SESSION_get0_ticket_appdata()\fR functions return 1 on success and 0 on +The \fBSSL_CTX_set_session_ticket_cb()\fR, \fBSSL_SESSION_set1_ticket_appdata()\fR and +\&\fBSSL_SESSION_get0_ticket_appdata()\fR functions return 1 on success and 0 on failure. .PP The \fBgen_cb\fR callback must return 1 to continue the connection. A return of 0 @@ -281,12 +285,12 @@ will terminate the connection with an \s-1INTERNAL_ERROR\s0 alert. The \fBdec_cb\fR callback must return a value as described in \s-1NOTES\s0 above. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), -\&\fISSL_get_session\fR\|(3) +\&\fBssl\fR\|(7), +\&\fBSSL_get_session\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fISSL_CTX_set_session_ticket_cb()\fR, \fISSSL_SESSION_set1_ticket_appdata()\fR and -\&\fISSL_SESSION_get_ticket_appdata()\fR were added to OpenSSL 1.1.1. +The \fBSSL_CTX_set_session_ticket_cb()\fR, \fBSSSL_SESSION_set1_ticket_appdata()\fR +and \fBSSL_SESSION_get_ticket_appdata()\fR functions were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_split_send_fragment.3 b/secure/lib/libcrypto/man/SSL_CTX_set_split_send_fragment.3 index 37184bfc026d..15d3a6dff5ed 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_split_send_fragment.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_split_send_fragment.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_SPLIT_SEND_FRAGMENT 3" -.TH SSL_CTX_SET_SPLIT_SEND_FRAGMENT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_SPLIT_SEND_FRAGMENT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -171,27 +175,27 @@ that provides ciphers that support this. The OpenSSL \*(L"dasync\*(R" engine pro \&\s-1AES128\-SHA\s0 based ciphers that have this capability. However these are for development and test purposes only. .PP -\&\fISSL_CTX_set_max_send_fragment()\fR and \fISSL_set_max_send_fragment()\fR set the +\&\fBSSL_CTX_set_max_send_fragment()\fR and \fBSSL_set_max_send_fragment()\fR set the \&\fBmax_send_fragment\fR parameter for \s-1SSL_CTX\s0 and \s-1SSL\s0 objects respectively. This value restricts the amount of plaintext bytes that will be sent in any one \&\s-1SSL/TLS\s0 record. By default its value is \s-1SSL3_RT_MAX_PLAIN_LENGTH\s0 (16384). These functions will only accept a value in the range 512 \- \s-1SSL3_RT_MAX_PLAIN_LENGTH.\s0 .PP -\&\fISSL_CTX_set_max_pipelines()\fR and \fISSL_set_max_pipelines()\fR set the maximum number +\&\fBSSL_CTX_set_max_pipelines()\fR and \fBSSL_set_max_pipelines()\fR set the maximum number of pipelines that will be used at any one time. This value applies to both \&\*(L"read\*(R" pipelining and \*(L"write\*(R" pipelining. By default only one pipeline will be used (i.e. normal non-parallel operation). The number of pipelines set must be in the range 1 \- \s-1SSL_MAX_PIPELINES\s0 (32). Setting this to a value > 1 will also -automatically turn on \*(L"read_ahead\*(R" (see \fISSL_CTX_set_read_ahead\fR\|(3)). This is +automatically turn on \*(L"read_ahead\*(R" (see \fBSSL_CTX_set_read_ahead\fR\|(3)). This is explained further below. OpenSSL will only every use more than one pipeline if a cipher suite is negotiated that uses a pipeline capable cipher provided by an engine. .PP Pipelining operates slightly differently for reading encrypted data compared to -writing encrypted data. \fISSL_CTX_set_split_send_fragment()\fR and -\&\fISSL_set_split_send_fragment()\fR define how data is split up into pipelines when +writing encrypted data. \fBSSL_CTX_set_split_send_fragment()\fR and +\&\fBSSL_set_split_send_fragment()\fR define how data is split up into pipelines when writing encrypted data. The number of pipelines used will be determined by the -amount of data provided to the \fISSL_write_ex()\fR or \fISSL_write()\fR call divided by +amount of data provided to the \fBSSL_write_ex()\fR or \fBSSL_write()\fR call divided by \&\fBsplit_send_fragment\fR. .PP For example if \fBsplit_send_fragment\fR is set to 2000 and \fBmax_pipelines\fR is 4 @@ -222,29 +226,29 @@ read as much data into the read buffer as the network can provide and will fit into the buffer. Without this set data is read into the read buffer one record at a time. The more data that can be read, the more opportunity there is for parallelising the processing at the cost of increased memory overhead per -connection. Setting \fBread_ahead\fR can impact the behaviour of the \fISSL_pending()\fR -function (see \fISSL_pending\fR\|(3)). +connection. Setting \fBread_ahead\fR can impact the behaviour of the \fBSSL_pending()\fR +function (see \fBSSL_pending\fR\|(3)). .PP -The \fISSL_CTX_set_default_read_buffer_len()\fR and \fISSL_set_default_read_buffer_len()\fR +The \fBSSL_CTX_set_default_read_buffer_len()\fR and \fBSSL_set_default_read_buffer_len()\fR functions control the size of the read buffer that will be used. The \fBlen\fR parameter sets the size of the buffer. The value will only be used if it is greater than the default that would have been used anyway. The normal default value depends on a number of factors but it will be at least \&\s-1SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_ENCRYPTED_OVERHEAD\s0 (16704) bytes. .PP -\&\fISSL_CTX_set_tlsext_max_fragment_length()\fR sets the default maximum fragment +\&\fBSSL_CTX_set_tlsext_max_fragment_length()\fR sets the default maximum fragment length negotiation mode via value \fBmode\fR to \fBctx\fR. This setting affects only \s-1SSL\s0 instances created after this function is called. It affects the client-side as only its side may initiate this extension use. .PP -\&\fISSL_set_tlsext_max_fragment_length()\fR sets the maximum fragment length +\&\fBSSL_set_tlsext_max_fragment_length()\fR sets the maximum fragment length negotiation mode via value \fBmode\fR to \fBssl\fR. This setting will be used during a handshake when extensions are exchanged between client and server. So it only affects \s-1SSL\s0 sessions created after this function is called. It affects the client-side as only its side may initiate this extension use. .PP -\&\fISSL_SESSION_get_max_fragment_length()\fR gets the maximum fragment length +\&\fBSSL_SESSION_get_max_fragment_length()\fR gets the maximum fragment length negotiated in \fBsession\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -253,7 +257,7 @@ All non-void functions return 1 on success and 0 on failure. .IX Header "NOTES" The Maximum Fragment Length extension support is optional on the server side. If the server does not support this extension then -\&\fISSL_SESSION_get_max_fragment_length()\fR will return: +\&\fBSSL_SESSION_get_max_fragment_length()\fR will return: TLSEXT_max_fragment_length_DISABLED. .PP The following modes are available: @@ -273,22 +277,22 @@ Sets Maximum Fragment Length to 2048. .IX Item "TLSEXT_max_fragment_length_4096" Sets Maximum Fragment Length to 4096. .PP -With the exception of \fISSL_CTX_set_default_read_buffer_len()\fR -\&\fISSL_set_default_read_buffer_len()\fR, \fISSL_CTX_set_tlsext_max_fragment_length()\fR, -\&\fISSL_set_tlsext_max_fragment_length()\fR and \fISSL_SESSION_get_max_fragment_length()\fR +With the exception of \fBSSL_CTX_set_default_read_buffer_len()\fR +\&\fBSSL_set_default_read_buffer_len()\fR, \fBSSL_CTX_set_tlsext_max_fragment_length()\fR, +\&\fBSSL_set_tlsext_max_fragment_length()\fR and \fBSSL_SESSION_get_max_fragment_length()\fR all these functions are implemented using macros. .SH "HISTORY" .IX Header "HISTORY" -The \fISSL_CTX_set_max_pipelines()\fR, \fISSL_set_max_pipelines()\fR, -\&\fISSL_CTX_set_split_send_fragment()\fR, \fISSL_set_split_send_fragment()\fR, -\&\fISSL_CTX_set_default_read_buffer_len()\fR and \fISSL_set_default_read_buffer_len()\fR +The \fBSSL_CTX_set_max_pipelines()\fR, \fBSSL_set_max_pipelines()\fR, +\&\fBSSL_CTX_set_split_send_fragment()\fR, \fBSSL_set_split_send_fragment()\fR, +\&\fBSSL_CTX_set_default_read_buffer_len()\fR and \fBSSL_set_default_read_buffer_len()\fR functions were added in OpenSSL 1.1.0. .PP -\&\fISSL_CTX_set_tlsext_max_fragment_length()\fR, \fISSL_set_tlsext_max_fragment_length()\fR -and \fISSL_SESSION_get_max_fragment_length()\fR were added in OpenSSL 1.1.1. +The \fBSSL_CTX_set_tlsext_max_fragment_length()\fR, \fBSSL_set_tlsext_max_fragment_length()\fR +and \fBSSL_SESSION_get_max_fragment_length()\fR functions were added in OpenSSL 1.1.1. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_CTX_set_read_ahead\fR\|(3), \fISSL_pending\fR\|(3) +\&\fBSSL_CTX_set_read_ahead\fR\|(3), \fBSSL_pending\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3 b/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3 index 0395f566801e..1304770132e9 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_SSL_VERSION 3" -.TH SSL_CTX_SET_SSL_VERSION 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_SSL_VERSION 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -143,32 +147,32 @@ SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method \&\- choose a ne \& \& int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *method); \& int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); -\& const SSL_METHOD *SSL_get_ssl_method(SSL *ssl); +\& const SSL_METHOD *SSL_get_ssl_method(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_ssl_version()\fR sets a new default \s-1TLS/SSL\s0 \fBmethod\fR for \s-1SSL\s0 objects +\&\fBSSL_CTX_set_ssl_version()\fR sets a new default \s-1TLS/SSL\s0 \fBmethod\fR for \s-1SSL\s0 objects newly created from this \fBctx\fR. \s-1SSL\s0 objects already created with -\&\fISSL_new\fR\|(3) are not affected, except when -\&\fISSL_clear\fR\|(3) is being called. +\&\fBSSL_new\fR\|(3) are not affected, except when +\&\fBSSL_clear\fR\|(3) is being called. .PP -\&\fISSL_set_ssl_method()\fR sets a new \s-1TLS/SSL\s0 \fBmethod\fR for a particular \fBssl\fR -object. It may be reset, when \fISSL_clear()\fR is called. +\&\fBSSL_set_ssl_method()\fR sets a new \s-1TLS/SSL\s0 \fBmethod\fR for a particular \fBssl\fR +object. It may be reset, when \fBSSL_clear()\fR is called. .PP -\&\fISSL_get_ssl_method()\fR returns a function pointer to the \s-1TLS/SSL\s0 method +\&\fBSSL_get_ssl_method()\fR returns a function pointer to the \s-1TLS/SSL\s0 method set in \fBssl\fR. .SH "NOTES" .IX Header "NOTES" The available \fBmethod\fR choices are described in -\&\fISSL_CTX_new\fR\|(3). +\&\fBSSL_CTX_new\fR\|(3). .PP -When \fISSL_clear\fR\|(3) is called and no session is connected to +When \fBSSL_clear\fR\|(3) is called and no session is connected to an \s-1SSL\s0 object, the method of the \s-1SSL\s0 object is reset to the method currently set in the corresponding \s-1SSL_CTX\s0 object. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The following return values can occur for \fISSL_CTX_set_ssl_version()\fR -and \fISSL_set_ssl_method()\fR: +The following return values can occur for \fBSSL_CTX_set_ssl_version()\fR +and \fBSSL_set_ssl_method()\fR: .IP "0" 4 The new choice failed, check the error stack to find out the reason. .IP "1" 4 @@ -176,12 +180,12 @@ The new choice failed, check the error stack to find out the reason. The operation succeeded. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_CTX_new\fR\|(3), \fISSL_new\fR\|(3), -\&\fISSL_clear\fR\|(3), \fIssl\fR\|(7), -\&\fISSL_set_connect_state\fR\|(3) +\&\fBSSL_CTX_new\fR\|(3), \fBSSL_new\fR\|(3), +\&\fBSSL_clear\fR\|(3), \fBssl\fR\|(7), +\&\fBSSL_set_connect_state\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_stateless_cookie_generate_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_stateless_cookie_generate_cb.3 index b6c96ba3e964..df7bb39ce5f7 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_stateless_cookie_generate_cb.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_stateless_cookie_generate_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_STATELESS_COOKIE_GENERATE_CB 3" -.TH SSL_CTX_SET_STATELESS_COOKIE_GENERATE_CB 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_STATELESS_COOKIE_GENERATE_CB 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -154,26 +158,26 @@ SSL_CTX_set_stateless_cookie_generate_cb, SSL_CTX_set_stateless_cookie_verify_cb .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_cookie_generate_cb()\fR sets the callback used by \fISSL_stateless\fR\|(3) +\&\fBSSL_CTX_set_cookie_generate_cb()\fR sets the callback used by \fBSSL_stateless\fR\|(3) to generate the application-controlled portion of the cookie provided to clients in the HelloRetryRequest transmitted as a response to a ClientHello with a -missing or invalid cookie. \fIgen_stateless_cookie_cb()\fR must write at most +missing or invalid cookie. \fBgen_stateless_cookie_cb()\fR must write at most \&\s-1SSL_COOKIE_LENGTH\s0 bytes into \fBcookie\fR, and must write the number of bytes written to \fBcookie_len\fR. If a cookie cannot be generated, a zero return value can be used to abort the handshake. .PP -\&\fISSL_CTX_set_cookie_verify_cb()\fR sets the callback used by \fISSL_stateless\fR\|(3) to +\&\fBSSL_CTX_set_cookie_verify_cb()\fR sets the callback used by \fBSSL_stateless\fR\|(3) to determine whether the application-controlled portion of a ClientHello cookie is -valid. A nonzero return value from \fIapp_verify_cookie_cb()\fR communicates that the +valid. A nonzero return value from \fBapp_verify_cookie_cb()\fR communicates that the cookie is valid. The integrity of the entire cookie, including the application-controlled portion, is automatically verified by \s-1HMAC\s0 before -\&\fIverify_stateless_cookie_cb()\fR is called. +\&\fBverify_stateless_cookie_cb()\fR is called. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Neither function returns a value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_stateless\fR\|(3) +\&\fBSSL_stateless\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3 b/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3 index 263dfb5aa860..22b18d8c2043 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_TIMEOUT 3" -.TH SSL_CTX_SET_TIMEOUT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_TIMEOUT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,10 +150,10 @@ SSL_CTX_set_timeout, SSL_CTX_get_timeout \- manipulate timeout values for sessio .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_timeout()\fR sets the timeout for newly created sessions for +\&\fBSSL_CTX_set_timeout()\fR sets the timeout for newly created sessions for \&\fBctx\fR to \fBt\fR. The timeout value \fBt\fR must be given in seconds. .PP -\&\fISSL_CTX_get_timeout()\fR returns the currently set timeout value for \fBctx\fR. +\&\fBSSL_CTX_get_timeout()\fR returns the currently set timeout value for \fBctx\fR. .SH "NOTES" .IX Header "NOTES" Whenever a new session is created, it is assigned a maximum lifetime. This @@ -162,29 +166,29 @@ valid at the time of the session negotiation. Changes of the timeout value do not affect already established sessions. .PP The expiration time of a single session can be modified using the -\&\fISSL_SESSION_get_time\fR\|(3) family of functions. +\&\fBSSL_SESSION_get_time\fR\|(3) family of functions. .PP Expired sessions are removed from the internal session cache, whenever -\&\fISSL_CTX_flush_sessions\fR\|(3) is called, either +\&\fBSSL_CTX_flush_sessions\fR\|(3) is called, either directly by the application or automatically (see -\&\fISSL_CTX_set_session_cache_mode\fR\|(3)) +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3)) .PP The default value for session timeout is decided on a per protocol -basis, see \fISSL_get_default_timeout\fR\|(3). +basis, see \fBSSL_get_default_timeout\fR\|(3). All currently supported protocols have the same default timeout value of 300 seconds. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_timeout()\fR returns the previously set timeout value. +\&\fBSSL_CTX_set_timeout()\fR returns the previously set timeout value. .PP -\&\fISSL_CTX_get_timeout()\fR returns the currently set timeout value. +\&\fBSSL_CTX_get_timeout()\fR returns the currently set timeout value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), -\&\fISSL_CTX_set_session_cache_mode\fR\|(3), -\&\fISSL_SESSION_get_time\fR\|(3), -\&\fISSL_CTX_flush_sessions\fR\|(3), -\&\fISSL_get_default_timeout\fR\|(3) +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_SESSION_get_time\fR\|(3), +\&\fBSSL_CTX_flush_sessions\fR\|(3), +\&\fBSSL_get_default_timeout\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_servername_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_servername_callback.3 index 72818fd0f1d1..f0c8c513282d 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_servername_callback.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_servername_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3" -.TH SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,26 +157,26 @@ SSL_CTX_set_tlsext_servername_callback, SSL_CTX_set_tlsext_servername_arg, SSL_g .SH "DESCRIPTION" .IX Header "DESCRIPTION" The functionality provided by the servername callback is superseded by the -ClientHello callback, which can be set using \fISSL_CTX_set_client_hello_cb()\fR. +ClientHello callback, which can be set using \fBSSL_CTX_set_client_hello_cb()\fR. The servername callback is retained for historical compatibility. .PP -\&\fISSL_CTX_set_tlsext_servername_callback()\fR sets the application callback \fBcb\fR +\&\fBSSL_CTX_set_tlsext_servername_callback()\fR sets the application callback \fBcb\fR used by a server to perform any actions or configuration required based on the servername extension received in the incoming connection. When \fBcb\fR is \s-1NULL, SNI\s0 is not used. The \fBarg\fR value is a pointer which is passed to the application callback. .PP -\&\fISSL_CTX_set_tlsext_servername_arg()\fR sets a context-specific argument to be +\&\fBSSL_CTX_set_tlsext_servername_arg()\fR sets a context-specific argument to be passed into the callback for this \fB\s-1SSL_CTX\s0\fR. .PP -\&\fISSL_get_servername()\fR returns a servername extension value of the specified +\&\fBSSL_get_servername()\fR returns a servername extension value of the specified type if provided in the Client Hello or \s-1NULL.\s0 .PP -\&\fISSL_get_servername_type()\fR returns the servername type or \-1 if no servername +\&\fBSSL_get_servername_type()\fR returns the servername type or \-1 if no servername is present. Currently the only supported type (defined in \s-1RFC3546\s0) is \&\fBTLSEXT_NAMETYPE_host_name\fR. .PP -\&\fISSL_set_tlsext_host_name()\fR sets the server name indication ClientHello extension +\&\fBSSL_set_tlsext_host_name()\fR sets the server name indication ClientHello extension to contain the value \fBname\fR. The type of server name indication extension is set to \fBTLSEXT_NAMETYPE_host_name\fR (defined in \s-1RFC3546\s0). .SH "NOTES" @@ -181,17 +185,17 @@ Several callbacks are executed during ClientHello processing, including the ClientHello, \s-1ALPN,\s0 and servername callbacks. The ClientHello callback is executed first, then the servername callback, followed by the \s-1ALPN\s0 callback. .PP -The \fISSL_set_tlsext_host_name()\fR function should only be called on \s-1SSL\s0 objects +The \fBSSL_set_tlsext_host_name()\fR function should only be called on \s-1SSL\s0 objects that will act as clients; otherwise the configured \fBname\fR will be ignored. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_tlsext_servername_callback()\fR and -\&\fISSL_CTX_set_tlsext_servername_arg()\fR both always return 1 indicating success. -\&\fISSL_set_tlsext_host_name()\fR returns 1 on success, 0 in case of error. +\&\fBSSL_CTX_set_tlsext_servername_callback()\fR and +\&\fBSSL_CTX_set_tlsext_servername_arg()\fR both always return 1 indicating success. +\&\fBSSL_set_tlsext_host_name()\fR returns 1 on success, 0 in case of error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_CTX_set_alpn_select_cb\fR\|(3), -\&\fISSL_get0_alpn_selected\fR\|(3), \fISSL_CTX_set_client_hello_cb\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_CTX_set_alpn_select_cb\fR\|(3), +\&\fBSSL_get0_alpn_selected\fR\|(3), \fBSSL_CTX_set_client_hello_cb\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_status_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_status_cb.3 index 112071245e8b..8bbc513e0582 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_status_cb.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_status_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_TLSEXT_STATUS_CB 3" -.TH SSL_CTX_SET_TLSEXT_STATUS_CB 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_TLSEXT_STATUS_CB 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -160,46 +164,46 @@ SSL_CTX_set_tlsext_status_cb, SSL_CTX_get_tlsext_status_cb, SSL_CTX_set_tlsext_s .IX Header "DESCRIPTION" A client application may request that a server send back an \s-1OCSP\s0 status response (also known as \s-1OCSP\s0 stapling). To do so the client should call the -\&\fISSL_CTX_set_tlsext_status_type()\fR function prior to the creation of any \s-1SSL\s0 -objects. Alternatively an application can call the \fISSL_set_tlsext_status_type()\fR +\&\fBSSL_CTX_set_tlsext_status_type()\fR function prior to the creation of any \s-1SSL\s0 +objects. Alternatively an application can call the \fBSSL_set_tlsext_status_type()\fR function on an individual \s-1SSL\s0 object prior to the start of the handshake. Currently the only supported type is \fBTLSEXT_STATUSTYPE_ocsp\fR. This value should be passed in the \fBtype\fR argument. Calling -\&\fISSL_CTX_get_tlsext_status_type()\fR will return the type \fBTLSEXT_STATUSTYPE_ocsp\fR -previously set via \fISSL_CTX_set_tlsext_status_type()\fR or \-1 if not set. +\&\fBSSL_CTX_get_tlsext_status_type()\fR will return the type \fBTLSEXT_STATUSTYPE_ocsp\fR +previously set via \fBSSL_CTX_set_tlsext_status_type()\fR or \-1 if not set. .PP The client should additionally provide a callback function to decide what to do -with the returned \s-1OCSP\s0 response by calling \fISSL_CTX_set_tlsext_status_cb()\fR. The +with the returned \s-1OCSP\s0 response by calling \fBSSL_CTX_set_tlsext_status_cb()\fR. The callback function should determine whether the returned \s-1OCSP\s0 response is acceptable or not. The callback will be passed as an argument the value -previously set via a call to \fISSL_CTX_set_tlsext_status_arg()\fR. Note that the +previously set via a call to \fBSSL_CTX_set_tlsext_status_arg()\fR. Note that the callback will not be called in the event of a handshake where session resumption occurs (because there are no Certificates exchanged in such a handshake). -The callback previously set via \fISSL_CTX_set_tlsext_status_cb()\fR can be retrieved -by calling \fISSL_CTX_get_tlsext_status_cb()\fR, and the argument by calling -\&\fISSL_CTX_get_tlsext_status_arg()\fR. +The callback previously set via \fBSSL_CTX_set_tlsext_status_cb()\fR can be retrieved +by calling \fBSSL_CTX_get_tlsext_status_cb()\fR, and the argument by calling +\&\fBSSL_CTX_get_tlsext_status_arg()\fR. .PP -On the client side \fISSL_get_tlsext_status_type()\fR can be used to determine whether -the client has previously called \fISSL_set_tlsext_status_type()\fR. It will return +On the client side \fBSSL_get_tlsext_status_type()\fR can be used to determine whether +the client has previously called \fBSSL_set_tlsext_status_type()\fR. It will return \&\fBTLSEXT_STATUSTYPE_ocsp\fR if it has been called or \-1 otherwise. On the server -side \fISSL_get_tlsext_status_type()\fR can be used to determine whether the client +side \fBSSL_get_tlsext_status_type()\fR can be used to determine whether the client requested \s-1OCSP\s0 stapling. If the client requested it then this function will return \fBTLSEXT_STATUSTYPE_ocsp\fR, or \-1 otherwise. .PP The response returned by the server can be obtained via a call to -\&\fISSL_get_tlsext_status_ocsp_resp()\fR. The value \fB*resp\fR will be updated to point +\&\fBSSL_get_tlsext_status_ocsp_resp()\fR. The value \fB*resp\fR will be updated to point to the \s-1OCSP\s0 response data and the return value will be the length of that data. Typically a callback would obtain an \s-1OCSP_RESPONSE\s0 object from this data via a -call to the \fId2i_OCSP_RESPONSE()\fR function. If the server has not provided any +call to the \fBd2i_OCSP_RESPONSE()\fR function. If the server has not provided any response data then \fB*resp\fR will be \s-1NULL\s0 and the return value from -\&\fISSL_get_tlsext_status_ocsp_resp()\fR will be \-1. +\&\fBSSL_get_tlsext_status_ocsp_resp()\fR will be \-1. .PP -A server application must also call the \fISSL_CTX_set_tlsext_status_cb()\fR function +A server application must also call the \fBSSL_CTX_set_tlsext_status_cb()\fR function if it wants to be able to provide clients with \s-1OCSP\s0 Certificate Status responses. Typically the server callback would obtain the server certificate -that is being sent back to the client via a call to \fISSL_get_certificate()\fR; +that is being sent back to the client via a call to \fBSSL_get_certificate()\fR; obtain the \s-1OCSP\s0 response to be sent back; and then set that response data by -calling \fISSL_set_tlsext_status_ocsp_resp()\fR. A pointer to the response data should +calling \fBSSL_set_tlsext_status_ocsp_resp()\fR. A pointer to the response data should be provided in the \fBresp\fR argument, and the length of that data should be in the \fBlen\fR argument. .SH "RETURN VALUES" @@ -214,23 +218,23 @@ returned), \s-1SSL_TLSEXT_ERR_NOACK\s0 (meaning that an \s-1OCSP\s0 response sho returned) or \s-1SSL_TLSEXT_ERR_ALERT_FATAL\s0 (meaning that a fatal error has occurred). .PP -\&\fISSL_CTX_set_tlsext_status_cb()\fR, \fISSL_CTX_set_tlsext_status_arg()\fR, -\&\fISSL_CTX_set_tlsext_status_type()\fR, \fISSL_set_tlsext_status_type()\fR and -\&\fISSL_set_tlsext_status_ocsp_resp()\fR return 0 on error or 1 on success. +\&\fBSSL_CTX_set_tlsext_status_cb()\fR, \fBSSL_CTX_set_tlsext_status_arg()\fR, +\&\fBSSL_CTX_set_tlsext_status_type()\fR, \fBSSL_set_tlsext_status_type()\fR and +\&\fBSSL_set_tlsext_status_ocsp_resp()\fR return 0 on error or 1 on success. .PP -\&\fISSL_CTX_get_tlsext_status_type()\fR returns the value previously set by -\&\fISSL_CTX_set_tlsext_status_type()\fR, or \-1 if not set. +\&\fBSSL_CTX_get_tlsext_status_type()\fR returns the value previously set by +\&\fBSSL_CTX_set_tlsext_status_type()\fR, or \-1 if not set. .PP -\&\fISSL_get_tlsext_status_ocsp_resp()\fR returns the length of the \s-1OCSP\s0 response data +\&\fBSSL_get_tlsext_status_ocsp_resp()\fR returns the length of the \s-1OCSP\s0 response data or \-1 if there is no \s-1OCSP\s0 response data. .PP -\&\fISSL_get_tlsext_status_type()\fR returns \fBTLSEXT_STATUSTYPE_ocsp\fR on the client -side if \fISSL_set_tlsext_status_type()\fR was previously called, or on the server +\&\fBSSL_get_tlsext_status_type()\fR returns \fBTLSEXT_STATUSTYPE_ocsp\fR on the client +side if \fBSSL_set_tlsext_status_type()\fR was previously called, or on the server side if the client requested \s-1OCSP\s0 stapling. Otherwise \-1 is returned. .SH "HISTORY" .IX Header "HISTORY" -\&\fISSL_get_tlsext_status_type()\fR, \fISSL_CTX_get_tlsext_status_type()\fR and -\&\fISSL_CTX_set_tlsext_status_type()\fR were added in OpenSSL 1.1.0. +The \fBSSL_get_tlsext_status_type()\fR, \fBSSL_CTX_get_tlsext_status_type()\fR +and \fBSSL_CTX_set_tlsext_status_type()\fR functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_ticket_key_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_ticket_key_cb.3 index be751a3b0d9b..f25f15421d2a 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_ticket_key_cb.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_ticket_key_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3" -.TH SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,7 +152,7 @@ SSL_CTX_set_tlsext_ticket_key_cb \- set a callback for session ticket processing .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_tlsext_ticket_key_cb()\fR sets a callback function \fIcb\fR for handling +\&\fBSSL_CTX_set_tlsext_ticket_key_cb()\fR sets a callback function \fIcb\fR for handling session tickets for the ssl context \fIsslctx\fR. Session tickets, defined in \&\s-1RFC5077\s0 provide an enhanced session resumption capability where the server implementation is not required to maintain per session state. It only applies @@ -171,7 +175,7 @@ ticket information or it starts a full \s-1TLS\s0 handshake to create a new sess ticket. .PP Before the callback function is started \fIctx\fR and \fIhctx\fR have been -initialised with EVP_CIPHER_CTX_init and HMAC_CTX_init respectively. +initialised with \fBEVP_CIPHER_CTX_reset\fR\|(3) and \fBHMAC_CTX_reset\fR\|(3) respectively. .PP For new sessions tickets, when the client doesn't present a session ticket, or an attempted retrieval of the ticket failed, or a renew option was indicated, @@ -186,8 +190,8 @@ maximum \s-1IV\s0 length is \fB\s-1EVP_MAX_IV_LENGTH\s0\fR bytes defined in \fBe .PP The initialization vector \fIiv\fR should be a random value. The cipher context \&\fIctx\fR should use the initialisation vector \fIiv\fR. The cipher context can be -set using \fIEVP_EncryptInit_ex\fR\|(3). The hmac context can be set using -\&\fIHMAC_Init_ex\fR\|(3). +set using \fBEVP_EncryptInit_ex\fR\|(3). The hmac context can be set using +\&\fBHMAC_Init_ex\fR\|(3). .PP When the client presents a session ticket, the callback function with be called with \fIenc\fR set to 0 indicating that the \fIcb\fR function should retrieve a set @@ -195,8 +199,8 @@ of parameters. In this case \fIname\fR and \fIiv\fR have already been parsed out the session ticket. The OpenSSL library expects that the \fIname\fR will be used to retrieve a cryptographic parameters and that the cryptographic context \&\fIctx\fR will be set with the retrieved parameters and the initialization vector -\&\fIiv\fR. using a function like \fIEVP_DecryptInit_ex\fR\|(3). The \fIhctx\fR needs to be -set using \fIHMAC_Init_ex\fR\|(3). +\&\fIiv\fR. using a function like \fBEVP_DecryptInit_ex\fR\|(3). The \fIhctx\fR needs to be +set using \fBHMAC_Init_ex\fR\|(3). .PP If the \fIname\fR is still valid but a renewal of the ticket is required the callback function should return 2. The library will call the callback again @@ -303,12 +307,12 @@ Reference Implementation: returns 0 to indicate the callback function was set. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_set_session\fR\|(3), -\&\fISSL_session_reused\fR\|(3), -\&\fISSL_CTX_add_session\fR\|(3), -\&\fISSL_CTX_sess_number\fR\|(3), -\&\fISSL_CTX_sess_set_get_cb\fR\|(3), -\&\fISSL_CTX_set_session_id_context\fR\|(3), +\&\fBssl\fR\|(7), \fBSSL_set_session\fR\|(3), +\&\fBSSL_session_reused\fR\|(3), +\&\fBSSL_CTX_add_session\fR\|(3), +\&\fBSSL_CTX_sess_number\fR\|(3), +\&\fBSSL_CTX_sess_set_get_cb\fR\|(3), +\&\fBSSL_CTX_set_session_id_context\fR\|(3), .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2014\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_use_srtp.3 b/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_use_srtp.3 index c4b996593968..e736ce0c1114 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_use_srtp.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_use_srtp.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_TLSEXT_USE_SRTP 3" -.TH SSL_CTX_SET_TLSEXT_USE_SRTP 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_TLSEXT_USE_SRTP 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -159,9 +163,9 @@ extension is only supported in \s-1DTLS.\s0 Any \s-1SRTP\s0 configuration will b \&\s-1TLS\s0 connection is attempted. .PP An OpenSSL client wishing to send the \*(L"use_srtp\*(R" extension should call -\&\fISSL_CTX_set_tlsext_use_srtp()\fR to set its use for all \s-1SSL\s0 objects subsequently +\&\fBSSL_CTX_set_tlsext_use_srtp()\fR to set its use for all \s-1SSL\s0 objects subsequently created from an \s-1SSL_CTX.\s0 Alternatively a client may call -\&\fISSL_set_tlsext_use_srtp()\fR to set its use for an individual \s-1SSL\s0 object. The +\&\fBSSL_set_tlsext_use_srtp()\fR to set its use for an individual \s-1SSL\s0 object. The \&\fBprofiles\fR parameters should point to a NUL-terminated, colon delimited list of \&\s-1SRTP\s0 protection profile names. .PP @@ -182,23 +186,23 @@ This corresponds to the profile of the same name defined in \s-1RFC7714.\s0 Supplying an unrecognised protection profile name will result in an error. .PP An OpenSSL server wishing to support the \*(L"use_srtp\*(R" extension should also call -\&\fISSL_CTX_set_tlsext_use_srtp()\fR or \fISSL_set_tlsext_use_srtp()\fR to indicate the +\&\fBSSL_CTX_set_tlsext_use_srtp()\fR or \fBSSL_set_tlsext_use_srtp()\fR to indicate the protection profiles that it is willing to negotiate. .PP The currently configured list of protection profiles for either a client or a -server can be obtained by calling \fISSL_get_srtp_profiles()\fR. This returns a stack +server can be obtained by calling \fBSSL_get_srtp_profiles()\fR. This returns a stack of \s-1SRTP_PROTECTION_PROFILE\s0 objects. The memory pointed to in the return value of this function should not be freed by the caller. .PP After a handshake has been completed the negotiated \s-1SRTP\s0 protection profile (if any) can be obtained (on the client or the server) by calling -\&\fISSL_get_selected_srtp_profile()\fR. This function will return \s-1NULL\s0 if no \s-1SRTP\s0 +\&\fBSSL_get_selected_srtp_profile()\fR. This function will return \s-1NULL\s0 if no \s-1SRTP\s0 protection profile was negotiated. The memory returned from this function should not be freed by the caller. .PP If an \s-1SRTP\s0 protection profile has been successfully negotiated then the \s-1SRTP\s0 keying material (on both the client and server) should be obtained via a call to -\&\fISSL_export_keying_material\fR\|(3). This call should provide a label value of +\&\fBSSL_export_keying_material\fR\|(3). This call should provide a label value of \&\*(L"EXTRACTOR\-dtls_srtp\*(R" and a \s-1NULL\s0 context value (use_context is 0). The total length of keying material obtained should be equal to two times the sum of the master key length and the salt length as defined for the protection profile in @@ -206,17 +210,17 @@ use. This provides the client write master key, the server write master key, the client write master salt and the server write master salt in that order. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_tlsext_use_srtp()\fR and \fISSL_set_tlsext_use_srtp()\fR return 0 on success +\&\fBSSL_CTX_set_tlsext_use_srtp()\fR and \fBSSL_set_tlsext_use_srtp()\fR return 0 on success or 1 on error. .PP -\&\fISSL_get_srtp_profiles()\fR returns a stack of \s-1SRTP_PROTECTION_PROFILE\s0 objects on +\&\fBSSL_get_srtp_profiles()\fR returns a stack of \s-1SRTP_PROTECTION_PROFILE\s0 objects on success or \s-1NULL\s0 on error or if no protection profiles have been configured. .PP -\&\fISSL_get_selected_srtp_profile()\fR returns a pointer to an \s-1SRTP_PROTECTION_PROFILE\s0 +\&\fBSSL_get_selected_srtp_profile()\fR returns a pointer to an \s-1SRTP_PROTECTION_PROFILE\s0 object if one has been negotiated or \s-1NULL\s0 otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_export_keying_material\fR\|(3) +\&\fBSSL_export_keying_material\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 index aeead48d763c..80ec6b6ff938 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_TMP_DH_CALLBACK 3" -.TH SSL_CTX_SET_TMP_DH_CALLBACK 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_TMP_DH_CALLBACK 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,16 +157,16 @@ SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_se .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_tmp_dh_callback()\fR sets the callback function for \fBctx\fR to be +\&\fBSSL_CTX_set_tmp_dh_callback()\fR sets the callback function for \fBctx\fR to be used when a \s-1DH\s0 parameters are required to \fBtmp_dh_callback\fR. The callback is inherited by all \fBssl\fR objects created from \fBctx\fR. .PP -\&\fISSL_CTX_set_tmp_dh()\fR sets \s-1DH\s0 parameters to be used to be \fBdh\fR. +\&\fBSSL_CTX_set_tmp_dh()\fR sets \s-1DH\s0 parameters to be used to be \fBdh\fR. The key is inherited by all \fBssl\fR objects created from \fBctx\fR. .PP -\&\fISSL_set_tmp_dh_callback()\fR sets the callback only for \fBssl\fR. +\&\fBSSL_set_tmp_dh_callback()\fR sets the callback only for \fBssl\fR. .PP -\&\fISSL_set_tmp_dh()\fR sets the parameters only for \fBssl\fR. +\&\fBSSL_set_tmp_dh()\fR sets the parameters only for \fBssl\fR. .PP These functions apply to \s-1SSL/TLS\s0 servers only. .SH "NOTES" @@ -191,14 +195,14 @@ should not generate the parameters on the fly but supply the parameters. the negotiation. The risk in reusing \s-1DH\s0 parameters is that an attacker may specialize on a very often used \s-1DH\s0 group. Applications should therefore generate their own \s-1DH\s0 parameters during the installation process using the -openssl \fIdhparam\fR\|(1) application. This application +openssl \fBdhparam\fR\|(1) application. This application guarantees that \*(L"strong\*(R" primes are used. .PP Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current version of the OpenSSL distribution contain the '\s-1SKIP\s0' \s-1DH\s0 parameters, which use safe primes and were generated verifiably pseudo-randomly. These files can be converted into C code using the \fB\-C\fR option of the -\&\fIdhparam\fR\|(1) application. Generation of custom \s-1DH\s0 +\&\fBdhparam\fR\|(1) application. Generation of custom \s-1DH\s0 parameters during installation should still be preferred to stop an attacker from specializing on a commonly used group. File dh1024.pem contains old parameters that must not be used by applications. @@ -209,7 +213,7 @@ can supply the \s-1DH\s0 parameters via a callback function. Previous versions of the callback used \fBis_export\fR and \fBkeylength\fR parameters to control parameter generation for export and non-export cipher suites. Modern servers that do not support export cipher suites -are advised to either use \fISSL_CTX_set_tmp_dh()\fR or alternatively, use +are advised to either use \fBSSL_CTX_set_tmp_dh()\fR or alternatively, use the callback but ignore \fBkeylength\fR and \fBis_export\fR and simply supply at least 2048\-bit parameters in the callback. .SH "EXAMPLES" @@ -245,16 +249,16 @@ Code for setting up parameters during server initialization: .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_tmp_dh_callback()\fR and \fISSL_set_tmp_dh_callback()\fR do not return +\&\fBSSL_CTX_set_tmp_dh_callback()\fR and \fBSSL_set_tmp_dh_callback()\fR do not return diagnostic output. .PP -\&\fISSL_CTX_set_tmp_dh()\fR and \fISSL_set_tmp_dh()\fR do return 1 on success and 0 +\&\fBSSL_CTX_set_tmp_dh()\fR and \fBSSL_set_tmp_dh()\fR do return 1 on success and 0 on failure. Check the error queue to find out the reason of failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_CTX_set_cipher_list\fR\|(3), -\&\fISSL_CTX_set_options\fR\|(3), -\&\fIciphers\fR\|(1), \fIdhparam\fR\|(1) +\&\fBssl\fR\|(7), \fBSSL_CTX_set_cipher_list\fR\|(3), +\&\fBSSL_CTX_set_options\fR\|(3), +\&\fBciphers\fR\|(1), \fBdhparam\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_verify.3 b/secure/lib/libcrypto/man/SSL_CTX_set_verify.3 index 487592294d9a..480b992b5261 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_verify.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_verify.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_VERIFY 3" -.TH SSL_CTX_SET_VERIFY 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_VERIFY 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,34 +160,34 @@ SSL_get_ex_data_X509_STORE_CTX_idx, SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_ .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_verify()\fR sets the verification flags for \fBctx\fR to be \fBmode\fR and +\&\fBSSL_CTX_set_verify()\fR sets the verification flags for \fBctx\fR to be \fBmode\fR and specifies the \fBverify_callback\fR function to be used. If no callback function shall be specified, the \s-1NULL\s0 pointer can be used for \fBverify_callback\fR. .PP -\&\fISSL_set_verify()\fR sets the verification flags for \fBssl\fR to be \fBmode\fR and +\&\fBSSL_set_verify()\fR sets the verification flags for \fBssl\fR to be \fBmode\fR and specifies the \fBverify_callback\fR function to be used. If no callback function shall be specified, the \s-1NULL\s0 pointer can be used for \fBverify_callback\fR. In this case last \fBverify_callback\fR set specifically for this \fBssl\fR remains. If no special \fBcallback\fR was set before, the default callback for the underlying \&\fBctx\fR is used, that was valid at the time \fBssl\fR was created with -\&\fISSL_new\fR\|(3). Within the callback function, +\&\fBSSL_new\fR\|(3). Within the callback function, \&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR can be called to get the data index of the current \s-1SSL\s0 object that is doing the verification. .PP -\&\fISSL_CTX_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain +\&\fBSSL_CTX_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain verification that shall be allowed for \fBctx\fR. .PP -\&\fISSL_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain +\&\fBSSL_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain verification that shall be allowed for \fBssl\fR. .PP -\&\fISSL_CTX_set_post_handshake_auth()\fR and \fISSL_set_post_handshake_auth()\fR enable the +\&\fBSSL_CTX_set_post_handshake_auth()\fR and \fBSSL_set_post_handshake_auth()\fR enable the Post-Handshake Authentication extension to be added to the ClientHello such that post-handshake authentication can be requested by the server. If \fBval\fR is 0 then the extension is not sent, otherwise it is. By default the extension is not sent. A certificate callback will need to be set via -\&\fISSL_CTX_set_client_cert_cb()\fR if no certificate is provided at initialization. +\&\fBSSL_CTX_set_client_cert_cb()\fR if no certificate is provided at initialization. .PP -\&\fISSL_verify_client_post_handshake()\fR causes a CertificateRequest message to be +\&\fBSSL_verify_client_post_handshake()\fR causes a CertificateRequest message to be sent by a server on the given \fBssl\fR connection. The \s-1SSL_VERIFY_PEER\s0 flag must be set; the \s-1SSL_VERIFY_POST_HANDSHAKE\s0 flag is optional. .SH "NOTES" @@ -198,7 +202,7 @@ client, so the client will not send a certificate. \&\fBClient mode:\fR if not using an anonymous cipher (by default disabled), the server will send a certificate which will be checked. The result of the certificate verification process can be checked after the \s-1TLS/SSL\s0 handshake -using the \fISSL_get_verify_result\fR\|(3) function. +using the \fBSSL_get_verify_result\fR\|(3) function. The handshake will be continued regardless of the verification result. .IP "\s-1SSL_VERIFY_PEER\s0" 4 .IX Item "SSL_VERIFY_PEER" @@ -236,7 +240,7 @@ during the initial handshake. This flag must be used together with .IX Item "SSL_VERIFY_POST_HANDSHAKE" \&\fBServer mode:\fR the server will not send a client certificate request during the initial handshake, but will send the request via -\&\fISSL_verify_client_post_handshake()\fR. This allows the \s-1SSL_CTX\s0 or \s-1SSL\s0 +\&\fBSSL_verify_client_post_handshake()\fR. This allows the \s-1SSL_CTX\s0 or \s-1SSL\s0 to be configured for post-handshake peer verification before the handshake occurs. This flag must be used together with \&\s-1SSL_VERIFY_PEER.\s0 TLSv1.3 only; no effect on pre\-TLSv1.3 connections. @@ -248,13 +252,13 @@ If the \fBmode\fR is \s-1SSL_VERIFY_NONE\s0 none of the other flags may be set. The actual verification procedure is performed either using the built-in verification procedure or using another application provided verification function set with -\&\fISSL_CTX_set_cert_verify_callback\fR\|(3). +\&\fBSSL_CTX_set_cert_verify_callback\fR\|(3). The following descriptions apply in the case of the built-in procedure. An application provided procedure also has access to the verify depth information -and the \fIverify_callback()\fR function, but the way this information is used +and the \fBverify_callback()\fR function, but the way this information is used may be different. .PP -\&\fISSL_CTX_set_verify_depth()\fR and \fISSL_set_verify_depth()\fR set a limit on the +\&\fBSSL_CTX_set_verify_depth()\fR and \fBSSL_set_verify_depth()\fR set a limit on the number of certificates between the end-entity and trust-anchor certificates. Neither the end-entity nor the trust-anchor certificates count against \fBdepth\fR. If the @@ -294,7 +298,7 @@ the verification process is continued. If \fBverify_callback\fR always returns 1, the \s-1TLS/SSL\s0 handshake will not be terminated with respect to verification failures and the connection will be established. The calling process can however retrieve the error code of the last verification error using -\&\fISSL_get_verify_result\fR\|(3) or by maintaining its +\&\fBSSL_get_verify_result\fR\|(3) or by maintaining its own error storage managed by \fBverify_callback\fR. .PP If no \fBverify_callback\fR is specified, the default callback will be used. @@ -302,15 +306,15 @@ Its return value is identical to \fBpreverify_ok\fR, so that any verification failure will lead to a termination of the \s-1TLS/SSL\s0 handshake with an alert message, if \s-1SSL_VERIFY_PEER\s0 is set. .PP -After calling \fISSL_set_post_handshake_auth()\fR, the client will need to add a +After calling \fBSSL_set_post_handshake_auth()\fR, the client will need to add a certificate or certificate callback to its configuration before it can -successfully authenticate. This must be called before \fISSL_connect()\fR. +successfully authenticate. This must be called before \fBSSL_connect()\fR. .PP -\&\fISSL_verify_client_post_handshake()\fR requires that verify flags have been +\&\fBSSL_verify_client_post_handshake()\fR requires that verify flags have been previously set, and that a client sent the post-handshake authentication extension. When the client returns a certificate the verify callback will be invoked. A write operation must take place for the Certificate Request to be -sent to the client, this can be done with \fISSL_do_handshake()\fR or \fISSL_write_ex()\fR. +sent to the client, this can be done with \fBSSL_do_handshake()\fR or \fBSSL_write_ex()\fR. Only one certificate request may be outstanding at any time. .PP When post-handshake authentication occurs, a refreshed NewSessionTicket @@ -325,7 +329,7 @@ required. .IX Header "RETURN VALUES" The SSL*_set_verify*() functions do not provide diagnostic information. .PP -The \fISSL_verify_client_post_handshake()\fR function returns 1 if the request +The \fBSSL_verify_client_post_handshake()\fR function returns 1 if the request succeeded, and 0 if the request failed. The error stack can be examined to determine the failure reason. .SH "EXAMPLES" @@ -342,8 +346,8 @@ certificates. .PP The example makes use of the ex_data technique to store application data into/retrieve application data from the \s-1SSL\s0 structure -(see \fICRYPTO_get_ex_new_index\fR\|(3), -\&\fISSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3)). +(see \fBCRYPTO_get_ex_new_index\fR\|(3), +\&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3)). .PP .Vb 7 \& ... @@ -445,19 +449,19 @@ into/retrieve application data from the \s-1SSL\s0 structure .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_new\fR\|(3), -\&\fISSL_CTX_get_verify_mode\fR\|(3), -\&\fISSL_get_verify_result\fR\|(3), -\&\fISSL_CTX_load_verify_locations\fR\|(3), -\&\fISSL_get_peer_certificate\fR\|(3), -\&\fISSL_CTX_set_cert_verify_callback\fR\|(3), -\&\fISSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3), -\&\fISSL_CTX_set_client_cert_cb\fR\|(3), -\&\fICRYPTO_get_ex_new_index\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3), +\&\fBSSL_CTX_get_verify_mode\fR\|(3), +\&\fBSSL_get_verify_result\fR\|(3), +\&\fBSSL_CTX_load_verify_locations\fR\|(3), +\&\fBSSL_get_peer_certificate\fR\|(3), +\&\fBSSL_CTX_set_cert_verify_callback\fR\|(3), +\&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3), +\&\fBSSL_CTX_set_client_cert_cb\fR\|(3), +\&\fBCRYPTO_get_ex_new_index\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -The \s-1SSL_VERIFY_POST_HANDSHAKE\s0 option, and the \fISSL_verify_client_post_handshake()\fR -and \fISSL_set_post_handshake_auth()\fR functions were added in OpenSSL 1.1.1. +The \s-1SSL_VERIFY_POST_HANDSHAKE\s0 option, and the \fBSSL_verify_client_post_handshake()\fR +and \fBSSL_set_post_handshake_auth()\fR functions were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3 b/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3 index 862eca97053e..1369d9db0022 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_USE_CERTIFICATE 3" -.TH SSL_CTX_USE_CERTIFICATE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_USE_CERTIFICATE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -178,49 +182,49 @@ or \s-1SSL\s0 object, respectively. .PP The SSL_CTX_* class of functions loads the certificates and keys into the \&\s-1SSL_CTX\s0 object \fBctx\fR. The information is passed to \s-1SSL\s0 objects \fBssl\fR -created from \fBctx\fR with \fISSL_new\fR\|(3) by copying, so that +created from \fBctx\fR with \fBSSL_new\fR\|(3) by copying, so that changes applied to \fBctx\fR do not propagate to already existing \s-1SSL\s0 objects. .PP The SSL_* class of functions only loads certificates and keys into a specific \s-1SSL\s0 object. The specific information is kept, when -\&\fISSL_clear\fR\|(3) is called for this \s-1SSL\s0 object. +\&\fBSSL_clear\fR\|(3) is called for this \s-1SSL\s0 object. .PP -\&\fISSL_CTX_use_certificate()\fR loads the certificate \fBx\fR into \fBctx\fR, -\&\fISSL_use_certificate()\fR loads \fBx\fR into \fBssl\fR. The rest of the +\&\fBSSL_CTX_use_certificate()\fR loads the certificate \fBx\fR into \fBctx\fR, +\&\fBSSL_use_certificate()\fR loads \fBx\fR into \fBssl\fR. The rest of the certificates needed to form the complete certificate chain can be specified using the -\&\fISSL_CTX_add_extra_chain_cert\fR\|(3) +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) function. .PP -\&\fISSL_CTX_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate from +\&\fBSSL_CTX_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate from the memory location \fBd\fR (with length \fBlen\fR) into \fBctx\fR, -\&\fISSL_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate into \fBssl\fR. +\&\fBSSL_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate into \fBssl\fR. .PP -\&\fISSL_CTX_use_certificate_file()\fR loads the first certificate stored in \fBfile\fR +\&\fBSSL_CTX_use_certificate_file()\fR loads the first certificate stored in \fBfile\fR into \fBctx\fR. The formatting \fBtype\fR of the certificate must be specified from the known types \s-1SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.\s0 -\&\fISSL_use_certificate_file()\fR loads the certificate from \fBfile\fR into \fBssl\fR. -See the \s-1NOTES\s0 section on why \fISSL_CTX_use_certificate_chain_file()\fR +\&\fBSSL_use_certificate_file()\fR loads the certificate from \fBfile\fR into \fBssl\fR. +See the \s-1NOTES\s0 section on why \fBSSL_CTX_use_certificate_chain_file()\fR should be preferred. .PP -\&\fISSL_CTX_use_certificate_chain_file()\fR loads a certificate chain from +\&\fBSSL_CTX_use_certificate_chain_file()\fR loads a certificate chain from \&\fBfile\fR into \fBctx\fR. The certificates must be in \s-1PEM\s0 format and must be sorted starting with the subject's certificate (actual client or server certificate), followed by intermediate \s-1CA\s0 certificates if applicable, and -ending at the highest level (root) \s-1CA.\s0 \fISSL_use_certificate_chain_file()\fR is +ending at the highest level (root) \s-1CA.\s0 \fBSSL_use_certificate_chain_file()\fR is similar except it loads the certificate chain into \fBssl\fR. .PP -\&\fISSL_CTX_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBctx\fR. -\&\fISSL_CTX_use_RSAPrivateKey()\fR adds the private key \fBrsa\fR of type \s-1RSA\s0 -to \fBctx\fR. \fISSL_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBssl\fR; -\&\fISSL_use_RSAPrivateKey()\fR adds \fBrsa\fR as private key of type \s-1RSA\s0 to \fBssl\fR. +\&\fBSSL_CTX_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBctx\fR. +\&\fBSSL_CTX_use_RSAPrivateKey()\fR adds the private key \fBrsa\fR of type \s-1RSA\s0 +to \fBctx\fR. \fBSSL_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBssl\fR; +\&\fBSSL_use_RSAPrivateKey()\fR adds \fBrsa\fR as private key of type \s-1RSA\s0 to \fBssl\fR. If a certificate has already been set and the private does not belong to the certificate an error is returned. To change a certificate, private -key pair the new certificate needs to be set with \fISSL_use_certificate()\fR -or \fISSL_CTX_use_certificate()\fR before setting the private key with -\&\fISSL_CTX_use_PrivateKey()\fR or \fISSL_use_PrivateKey()\fR. +key pair the new certificate needs to be set with \fBSSL_use_certificate()\fR +or \fBSSL_CTX_use_certificate()\fR before setting the private key with +\&\fBSSL_CTX_use_PrivateKey()\fR or \fBSSL_use_PrivateKey()\fR. .PP -\&\fISSL_CTX_use_cert_and_key()\fR and \fISSL_use_cert_and_key()\fR assign the X.509 +\&\fBSSL_CTX_use_cert_and_key()\fR and \fBSSL_use_cert_and_key()\fR assign the X.509 certificate \fBx\fR, private key \fBkey\fR, and certificate \fBchain\fR onto the corresponding \fBssl\fR or \fBctx\fR. The \fBpkey\fR argument must be the private key of the X.509 certificate \fBx\fR. If the \fBoverride\fR argument is 0, then @@ -232,48 +236,48 @@ interface) that stores the private key securely, such that it cannot be accessed by OpenSSL. The reference count of the public key is incremented (twice if there is no private key); it is not copied nor duplicated. This allows all private key validations checks to succeed without an actual -private key being assigned via \fISSL_CTX_use_PrivateKey()\fR, etc. +private key being assigned via \fBSSL_CTX_use_PrivateKey()\fR, etc. .PP -\&\fISSL_CTX_use_PrivateKey_ASN1()\fR adds the private key of type \fBpk\fR +\&\fBSSL_CTX_use_PrivateKey_ASN1()\fR adds the private key of type \fBpk\fR stored at memory location \fBd\fR (length \fBlen\fR) to \fBctx\fR. -\&\fISSL_CTX_use_RSAPrivateKey_ASN1()\fR adds the private key of type \s-1RSA\s0 +\&\fBSSL_CTX_use_RSAPrivateKey_ASN1()\fR adds the private key of type \s-1RSA\s0 stored at memory location \fBd\fR (length \fBlen\fR) to \fBctx\fR. -\&\fISSL_use_PrivateKey_ASN1()\fR and \fISSL_use_RSAPrivateKey_ASN1()\fR add the private +\&\fBSSL_use_PrivateKey_ASN1()\fR and \fBSSL_use_RSAPrivateKey_ASN1()\fR add the private key to \fBssl\fR. .PP -\&\fISSL_CTX_use_PrivateKey_file()\fR adds the first private key found in +\&\fBSSL_CTX_use_PrivateKey_file()\fR adds the first private key found in \&\fBfile\fR to \fBctx\fR. The formatting \fBtype\fR of the private key must be specified from the known types \s-1SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.\s0 -\&\fISSL_CTX_use_RSAPrivateKey_file()\fR adds the first private \s-1RSA\s0 key found in -\&\fBfile\fR to \fBctx\fR. \fISSL_use_PrivateKey_file()\fR adds the first private key found -in \fBfile\fR to \fBssl\fR; \fISSL_use_RSAPrivateKey_file()\fR adds the first private +\&\fBSSL_CTX_use_RSAPrivateKey_file()\fR adds the first private \s-1RSA\s0 key found in +\&\fBfile\fR to \fBctx\fR. \fBSSL_use_PrivateKey_file()\fR adds the first private key found +in \fBfile\fR to \fBssl\fR; \fBSSL_use_RSAPrivateKey_file()\fR adds the first private \&\s-1RSA\s0 key found to \fBssl\fR. .PP -\&\fISSL_CTX_check_private_key()\fR checks the consistency of a private key with +\&\fBSSL_CTX_check_private_key()\fR checks the consistency of a private key with the corresponding certificate loaded into \fBctx\fR. If more than one key/certificate pair (\s-1RSA/DSA\s0) is installed, the last item installed will be checked. If e.g. the last item was a \s-1RSA\s0 certificate or key, the \s-1RSA\s0 -key/certificate pair will be checked. \fISSL_check_private_key()\fR performs +key/certificate pair will be checked. \fBSSL_check_private_key()\fR performs the same check for \fBssl\fR. If no key/certificate was explicitly added for this \fBssl\fR, the last item added into \fBctx\fR will be checked. .SH "NOTES" .IX Header "NOTES" The internal certificate store of OpenSSL can hold several private key/certificate pairs at a time. The certificate used depends on the -cipher selected, see also \fISSL_CTX_set_cipher_list\fR\|(3). +cipher selected, see also \fBSSL_CTX_set_cipher_list\fR\|(3). .PP When reading certificates and private keys from file, files of type \&\s-1SSL_FILETYPE_ASN1\s0 (also known as \fB\s-1DER\s0\fR, binary encoding) can only contain one certificate or private key, consequently -\&\fISSL_CTX_use_certificate_chain_file()\fR is only applicable to \s-1PEM\s0 formatting. +\&\fBSSL_CTX_use_certificate_chain_file()\fR is only applicable to \s-1PEM\s0 formatting. Files of type \s-1SSL_FILETYPE_PEM\s0 can contain more than one item. .PP -\&\fISSL_CTX_use_certificate_chain_file()\fR adds the first certificate found +\&\fBSSL_CTX_use_certificate_chain_file()\fR adds the first certificate found in the file to the certificate store. The other certificates are added -to the store of chain certificates using \fISSL_CTX_add1_chain_cert\fR\|(3). Note: versions of OpenSSL before 1.0.2 only had a single +to the store of chain certificates using \fBSSL_CTX_add1_chain_cert\fR\|(3). Note: versions of OpenSSL before 1.0.2 only had a single certificate chain store for all certificate types, OpenSSL 1.0.2 and later -have a separate chain store for each type. \fISSL_CTX_use_certificate_chain_file()\fR -should be used instead of the \fISSL_CTX_use_certificate_file()\fR function in order +have a separate chain store for each type. \fBSSL_CTX_use_certificate_chain_file()\fR +should be used instead of the \fBSSL_CTX_use_certificate_file()\fR function in order to allow the use of complete certificate chains even when no trusted \s-1CA\s0 storage is used or when the \s-1CA\s0 issuing the certificate shall not be added to the trusted \s-1CA\s0 storage. @@ -281,12 +285,12 @@ the trusted \s-1CA\s0 storage. If additional certificates are needed to complete the chain during the \&\s-1TLS\s0 negotiation, \s-1CA\s0 certificates are additionally looked up in the locations of trusted \s-1CA\s0 certificates, see -\&\fISSL_CTX_load_verify_locations\fR\|(3). +\&\fBSSL_CTX_load_verify_locations\fR\|(3). .PP The private keys loaded from file can be encrypted. In order to successfully load encrypted keys, a function returning the passphrase must have been supplied, see -\&\fISSL_CTX_set_default_passwd_cb\fR\|(3). +\&\fBSSL_CTX_set_default_passwd_cb\fR\|(3). (Certificate files might be encrypted as well from the technical point of view, it however does not make sense as the data in the certificate is considered public anyway.) @@ -294,8 +298,8 @@ is considered public anyway.) All of the functions to set a new certificate will replace any existing certificate of the same type that has already been set. Similarly all of the functions to set a new private key will replace any private key that has already -been set. Applications should call \fISSL_CTX_check_private_key\fR\|(3) or -\&\fISSL_check_private_key\fR\|(3) as appropriate after loading a new certificate and +been set. Applications should call \fBSSL_CTX_check_private_key\fR\|(3) or +\&\fBSSL_check_private_key\fR\|(3) as appropriate after loading a new certificate and private key to confirm that the certificate and key match. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -303,13 +307,13 @@ On success, the functions return 1. Otherwise check out the error stack to find out the reason. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_new\fR\|(3), \fISSL_clear\fR\|(3), -\&\fISSL_CTX_load_verify_locations\fR\|(3), -\&\fISSL_CTX_set_default_passwd_cb\fR\|(3), -\&\fISSL_CTX_set_cipher_list\fR\|(3), -\&\fISSL_CTX_set_client_CA_list\fR\|(3), -\&\fISSL_CTX_set_client_cert_cb\fR\|(3), -\&\fISSL_CTX_add_extra_chain_cert\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3), \fBSSL_clear\fR\|(3), +\&\fBSSL_CTX_load_verify_locations\fR\|(3), +\&\fBSSL_CTX_set_default_passwd_cb\fR\|(3), +\&\fBSSL_CTX_set_cipher_list\fR\|(3), +\&\fBSSL_CTX_set_client_CA_list\fR\|(3), +\&\fBSSL_CTX_set_client_cert_cb\fR\|(3), +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3 b/secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3 index 1b9cf02b8ca4..3fa1aaf8e747 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_USE_PSK_IDENTITY_HINT 3" -.TH SSL_CTX_USE_PSK_IDENTITY_HINT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_USE_PSK_IDENTITY_HINT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -165,15 +169,15 @@ SSL_psk_server_cb_func, SSL_psk_find_session_cb_func, SSL_CTX_use_psk_identity_h .SH "DESCRIPTION" .IX Header "DESCRIPTION" A client application wishing to use TLSv1.3 PSKs should set a callback -using either \fISSL_CTX_set_psk_use_session_callback()\fR or -\&\fISSL_set_psk_use_session_callback()\fR as appropriate. +using either \fBSSL_CTX_set_psk_use_session_callback()\fR or +\&\fBSSL_set_psk_use_session_callback()\fR as appropriate. .PP The callback function is given a pointer to the \s-1SSL\s0 connection in \fBssl\fR and an identity in \fBidentity\fR of length \fBidentity_len\fR. The callback function should identify an \s-1SSL_SESSION\s0 object that provides the \s-1PSK\s0 details and store it in \fB*sess\fR. The \s-1SSL_SESSION\s0 object should, as a minimum, set the master key, the ciphersuite and the protocol version. See -\&\fISSL_CTX_set_psk_use_session_callback\fR\|(3) for details. +\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3) for details. .PP It is also possible for the callback to succeed but not supply a \s-1PSK.\s0 In this case no \s-1PSK\s0 will be used but the handshake will continue. To do this the @@ -181,9 +185,9 @@ callback should return successfully and ensure that \fB*sess\fR is \&\s-1NULL.\s0 .PP Identity hints are not relevant for TLSv1.3. A server application wishing to use -\&\s-1PSK\s0 ciphersuites for TLSv1.2 and below may call \fISSL_CTX_use_psk_identity_hint()\fR +\&\s-1PSK\s0 ciphersuites for TLSv1.2 and below may call \fBSSL_CTX_use_psk_identity_hint()\fR to set the given \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 identity hint \fBhint\fR for \s-1SSL\s0 context -object \fBctx\fR. \fISSL_use_psk_identity_hint()\fR sets the given \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 +object \fBctx\fR. \fBSSL_use_psk_identity_hint()\fR sets the given \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 identity hint \fBhint\fR for the \s-1SSL\s0 connection object \fBssl\fR. If \fBhint\fR is \&\fB\s-1NULL\s0\fR the current hint from \fBctx\fR or \fBssl\fR is deleted. .PP @@ -195,27 +199,27 @@ callback function which is called when the server receives the ClientKeyExchange message from the client. The purpose of the callback function is to validate the received \s-1PSK\s0 identity and to fetch the pre-shared key used during the connection setup phase. The callback is set using the functions -\&\fISSL_CTX_set_psk_server_callback()\fR or \fISSL_set_psk_server_callback()\fR. The callback +\&\fBSSL_CTX_set_psk_server_callback()\fR or \fBSSL_set_psk_server_callback()\fR. The callback function is given the connection in parameter \fBssl\fR, \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 identity sent by the client in parameter \fBidentity\fR, and a buffer \fBpsk\fR of length \fBmax_psk_len\fR bytes where the pre-shared key is to be stored. .PP The callback for use in TLSv1.2 will also work in TLSv1.3 although it is -recommended to use \fISSL_CTX_set_psk_find_session_callback()\fR -or \fISSL_set_psk_find_session_callback()\fR for this purpose instead. If TLSv1.3 has +recommended to use \fBSSL_CTX_set_psk_find_session_callback()\fR +or \fBSSL_set_psk_find_session_callback()\fR for this purpose instead. If TLSv1.3 has been negotiated then OpenSSL will first check to see if a callback has been set -via \fISSL_CTX_set_psk_find_session_callback()\fR or \fISSL_set_psk_find_session_callback()\fR +via \fBSSL_CTX_set_psk_find_session_callback()\fR or \fBSSL_set_psk_find_session_callback()\fR and it will use that in preference. If no such callback is present then it will -check to see if a callback has been set via \fISSL_CTX_set_psk_server_callback()\fR or -\&\fISSL_set_psk_server_callback()\fR and use that. In this case the handshake digest +check to see if a callback has been set via \fBSSL_CTX_set_psk_server_callback()\fR or +\&\fBSSL_set_psk_server_callback()\fR and use that. In this case the handshake digest will default to \s-1SHA\-256\s0 for any returned \s-1PSK.\s0 .SH "NOTES" .IX Header "NOTES" A connection established via a TLSv1.3 \s-1PSK\s0 will appear as if session resumption -has occurred so that \fISSL_session_reused\fR\|(3) will return true. +has occurred so that \fBSSL_session_reused\fR\|(3) will return true. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fB\f(BISSL_CTX_use_psk_identity_hint()\fB\fR and \fB\f(BISSL_use_psk_identity_hint()\fB\fR return +\&\fB\fBSSL_CTX_use_psk_identity_hint()\fB\fR and \fB\fBSSL_use_psk_identity_hint()\fB\fR return 1 on success, 0 otherwise. .PP Return values from the TLSv1.2 and below server callback are interpreted as @@ -249,11 +253,11 @@ ensure safety from cross-protocol related output by not reusing PSKs between \&\s-1TLS 1.3\s0 and \s-1TLS 1.2.\*(R"\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_CTX_set_psk_use_session_callback\fR\|(3), -\&\fISSL_set_psk_use_session_callback\fR\|(3) +\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3), +\&\fBSSL_set_psk_use_session_callback\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fISSL_CTX_set_psk_find_session_callback()\fR and \fISSL_set_psk_find_session_callback()\fR +\&\fBSSL_CTX_set_psk_find_session_callback()\fR and \fBSSL_set_psk_find_session_callback()\fR were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" diff --git a/secure/lib/libcrypto/man/SSL_CTX_use_serverinfo.3 b/secure/lib/libcrypto/man/SSL_CTX_use_serverinfo.3 index bcc2cb52b312..f1d37260ca24 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_use_serverinfo.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_use_serverinfo.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_USE_SERVERINFO 3" -.TH SSL_CTX_USE_SERVERINFO 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_USE_SERVERINFO 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,14 +160,14 @@ These functions load \*(L"serverinfo\*(R" \s-1TLS\s0 extensions into the \s-1SSL \&\*(L"serverinfo\*(R" extension is returned in response to an empty ClientHello Extension. .PP -\&\fISSL_CTX_use_serverinfo_ex()\fR loads one or more serverinfo extensions from +\&\fBSSL_CTX_use_serverinfo_ex()\fR loads one or more serverinfo extensions from a byte array into \fBctx\fR. The \fBversion\fR parameter specifies the format of the byte array provided in \fB*serverinfo\fR which is of length \fBserverinfo_length\fR. .PP If \fBversion\fR is \fB\s-1SSL_SERVERINFOV2\s0\fR then the extensions in the array must consist of a 4\-byte context, a 2\-byte Extension Type, a 2\-byte length, and then length bytes of extension_data. The context and type values have the same -meaning as for \fISSL_CTX_add_custom_ext\fR\|(3). If serverinfo is being loaded for +meaning as for \fBSSL_CTX_add_custom_ext\fR\|(3). If serverinfo is being loaded for extensions to be added to a Certificate message, then the extension will only be added for the first certificate in the message (which is always the end-entity certificate). @@ -171,7 +175,7 @@ end-entity certificate). If \fBversion\fR is \fB\s-1SSL_SERVERINFOV1\s0\fR then the extensions in the array must consist of a 2\-byte Extension Type, a 2\-byte length, and then length bytes of extension_data. The type value has the same meaning as for -\&\fISSL_CTX_add_custom_ext\fR\|(3). The following default context value will be used +\&\fBSSL_CTX_add_custom_ext\fR\|(3). The following default context value will be used in this case: .PP .Vb 2 @@ -179,23 +183,23 @@ in this case: \& | SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_IGNORE_ON_RESUMPTION .Ve .PP -\&\fISSL_CTX_use_serverinfo()\fR does the same thing as \fISSL_CTX_use_serverinfo_ex()\fR +\&\fBSSL_CTX_use_serverinfo()\fR does the same thing as \fBSSL_CTX_use_serverinfo_ex()\fR except that there is no \fBversion\fR parameter so a default version of \&\s-1SSL_SERVERINFOV1\s0 is used instead. .PP -\&\fISSL_CTX_use_serverinfo_file()\fR loads one or more serverinfo extensions from +\&\fBSSL_CTX_use_serverinfo_file()\fR loads one or more serverinfo extensions from \&\fBfile\fR into \fBctx\fR. The extensions must be in \s-1PEM\s0 format. Each extension -must be in a format as described above for \fISSL_CTX_use_serverinfo_ex()\fR. Each +must be in a format as described above for \fBSSL_CTX_use_serverinfo_ex()\fR. Each \&\s-1PEM\s0 extension name must begin with the phrase \*(L"\s-1BEGIN SERVERINFOV2 FOR \*(R"\s0 for \&\s-1SSL_SERVERINFOV2\s0 data or \*(L"\s-1BEGIN SERVERINFO FOR \*(R"\s0 for \s-1SSL_SERVERINFOV1\s0 data. .PP If more than one certificate (\s-1RSA/DSA\s0) is installed using -\&\fISSL_CTX_use_certificate()\fR, the serverinfo extension will be loaded into the +\&\fBSSL_CTX_use_certificate()\fR, the serverinfo extension will be loaded into the last certificate installed. If e.g. the last item was a \s-1RSA\s0 certificate, the loaded serverinfo extension data will be loaded for that certificate. To use the serverinfo extension for multiple certificates, -\&\fISSL_CTX_use_serverinfo()\fR needs to be called multiple times, once \fBafter\fR -each time a certificate is loaded via a call to \fISSL_CTX_use_certificate()\fR. +\&\fBSSL_CTX_use_serverinfo()\fR needs to be called multiple times, once \fBafter\fR +each time a certificate is loaded via a call to \fBSSL_CTX_use_certificate()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" On success, the functions return 1. diff --git a/secure/lib/libcrypto/man/SSL_SESSION_free.3 b/secure/lib/libcrypto/man/SSL_SESSION_free.3 index 31597ad8ac19..b69b24a970da 100644 --- a/secure/lib/libcrypto/man/SSL_SESSION_free.3 +++ b/secure/lib/libcrypto/man/SSL_SESSION_free.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_FREE 3" -.TH SSL_SESSION_FREE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_SESSION_FREE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,16 +152,16 @@ SSL_SESSION_new, SSL_SESSION_dup, SSL_SESSION_up_ref, SSL_SESSION_free \- create .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_SESSION_new()\fR creates a new \s-1SSL_SESSION\s0 structure and returns a pointer to +\&\fBSSL_SESSION_new()\fR creates a new \s-1SSL_SESSION\s0 structure and returns a pointer to it. .PP -\&\fISSL_SESSION_dup()\fR copies the contents of the \s-1SSL_SESSION\s0 structure in \fBsrc\fR +\&\fBSSL_SESSION_dup()\fR copies the contents of the \s-1SSL_SESSION\s0 structure in \fBsrc\fR and returns a pointer to it. .PP -\&\fISSL_SESSION_up_ref()\fR increments the reference count on the given \s-1SSL_SESSION\s0 +\&\fBSSL_SESSION_up_ref()\fR increments the reference count on the given \s-1SSL_SESSION\s0 structure. .PP -\&\fISSL_SESSION_free()\fR decrements the reference count of \fBsession\fR and removes +\&\fBSSL_SESSION_free()\fR decrements the reference count of \fBsession\fR and removes the \fB\s-1SSL_SESSION\s0\fR structure pointed to by \fBsession\fR and frees up the allocated memory, if the reference count has reached 0. If \fBsession\fR is \s-1NULL\s0 nothing is done. @@ -165,7 +169,7 @@ If \fBsession\fR is \s-1NULL\s0 nothing is done. .IX Header "NOTES" \&\s-1SSL_SESSION\s0 objects are allocated, when a \s-1TLS/SSL\s0 handshake operation is successfully completed. Depending on the settings, see -\&\fISSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), the \s-1SSL_SESSION\s0 objects are internally referenced by the \s-1SSL_CTX\s0 and linked into its session cache. \s-1SSL\s0 objects may be using the \s-1SSL_SESSION\s0 object; as a session may be reused, several \s-1SSL\s0 objects may be using one \s-1SSL_SESSION\s0 @@ -176,13 +180,13 @@ dangling pointers. These failures may also appear delayed, e.g. when an \s-1SSL_SESSION\s0 object was completely freed as the reference count incorrectly became 0, but it is still referenced in the internal session cache and the cache list is processed during a -\&\fISSL_CTX_flush_sessions\fR\|(3) operation. +\&\fBSSL_CTX_flush_sessions\fR\|(3) operation. .PP -\&\fISSL_SESSION_free()\fR must only be called for \s-1SSL_SESSION\s0 objects, for +\&\fBSSL_SESSION_free()\fR must only be called for \s-1SSL_SESSION\s0 objects, for which the reference count was explicitly incremented (e.g. -by calling \fISSL_get1_session()\fR, see \fISSL_get_session\fR\|(3)) +by calling \fBSSL_get1_session()\fR, see \fBSSL_get_session\fR\|(3)) or when the \s-1SSL_SESSION\s0 object was generated outside a \s-1TLS\s0 handshake -operation, e.g. by using \fId2i_SSL_SESSION\fR\|(3). +operation, e.g. by using \fBd2i_SSL_SESSION\fR\|(3). It must not be called on other \s-1SSL_SESSION\s0 objects, as this would cause incorrect reference counts and therefore program failures. .SH "RETURN VALUES" @@ -193,13 +197,13 @@ or \s-1NULL\s0 on error. SSL_SESSION_up_ref returns 1 on success or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_get_session\fR\|(3), -\&\fISSL_CTX_set_session_cache_mode\fR\|(3), -\&\fISSL_CTX_flush_sessions\fR\|(3), -\&\fId2i_SSL_SESSION\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_get_session\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_CTX_flush_sessions\fR\|(3), +\&\fBd2i_SSL_SESSION\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fISSL_SESSION_dup()\fR was added in OpenSSL 1.1.1. +The \fBSSL_SESSION_dup()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get0_cipher.3 b/secure/lib/libcrypto/man/SSL_SESSION_get0_cipher.3 index 9d797c91cd91..08a826053340 100644 --- a/secure/lib/libcrypto/man/SSL_SESSION_get0_cipher.3 +++ b/secure/lib/libcrypto/man/SSL_SESSION_get0_cipher.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET0_CIPHER 3" -.TH SSL_SESSION_GET0_CIPHER 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_SESSION_GET0_CIPHER 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,33 +150,33 @@ SSL_SESSION_get0_cipher, SSL_SESSION_set_cipher \&\- set and retrieve the SSL ci .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_SESSION_get0_cipher()\fR retrieves the cipher that was used by the +\&\fBSSL_SESSION_get0_cipher()\fR retrieves the cipher that was used by the connection when the session was created, or \s-1NULL\s0 if it cannot be determined. .PP The value returned is a pointer to an object maintained within \fBs\fR and should not be released. .PP -\&\fISSL_SESSION_set_cipher()\fR can be used to set the ciphersuite associated with the +\&\fBSSL_SESSION_set_cipher()\fR can be used to set the ciphersuite associated with the \&\s-1SSL_SESSION\s0 \fBs\fR to \fBcipher\fR. For example, this could be used to set up a -session based \s-1PSK\s0 (see \fISSL_CTX_set_psk_use_session_callback\fR\|(3)). +session based \s-1PSK\s0 (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_SESSION_get0_cipher()\fR returns the \s-1SSL_CIPHER\s0 associated with the \s-1SSL_SESSION\s0 +\&\fBSSL_SESSION_get0_cipher()\fR returns the \s-1SSL_CIPHER\s0 associated with the \s-1SSL_SESSION\s0 or \s-1NULL\s0 if it cannot be determined. .PP -\&\fISSL_SESSION_set_cipher()\fR returns 1 on success or 0 on failure. +\&\fBSSL_SESSION_set_cipher()\fR returns 1 on success or 0 on failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), -\&\fId2i_SSL_SESSION\fR\|(3), -\&\fISSL_SESSION_get_time\fR\|(3), -\&\fISSL_SESSION_get0_hostname\fR\|(3), -\&\fISSL_SESSION_free\fR\|(3), -\&\fISSL_CTX_set_psk_use_session_callback\fR\|(3) +\&\fBssl\fR\|(7), +\&\fBd2i_SSL_SESSION\fR\|(3), +\&\fBSSL_SESSION_get_time\fR\|(3), +\&\fBSSL_SESSION_get0_hostname\fR\|(3), +\&\fBSSL_SESSION_free\fR\|(3), +\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fISSL_SESSION_get0_cipher()\fR was first added to OpenSSL 1.1.0. -\&\fISSL_SESSION_set_cipher()\fR was first added to OpenSSL 1.1.1. +The \fBSSL_SESSION_get0_cipher()\fR function was added in OpenSSL 1.1.0. +The \fBSSL_SESSION_set_cipher()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get0_hostname.3 b/secure/lib/libcrypto/man/SSL_SESSION_get0_hostname.3 index a0bbae80a3ff..e6a70c264d36 100644 --- a/secure/lib/libcrypto/man/SSL_SESSION_get0_hostname.3 +++ b/secure/lib/libcrypto/man/SSL_SESSION_get0_hostname.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET0_HOSTNAME 3" -.TH SSL_SESSION_GET0_HOSTNAME 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_SESSION_GET0_HOSTNAME 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -152,41 +156,41 @@ SSL_SESSION_get0_hostname, SSL_SESSION_set1_hostname, SSL_SESSION_get0_alpn_sele .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_SESSION_get0_hostname()\fR retrieves the \s-1SNI\s0 value that was sent by the +\&\fBSSL_SESSION_get0_hostname()\fR retrieves the \s-1SNI\s0 value that was sent by the client when the session was created, or \s-1NULL\s0 if no value was sent. .PP The value returned is a pointer to memory maintained within \fBs\fR and should not be free'd. .PP -\&\fISSL_SESSION_set1_hostname()\fR sets the \s-1SNI\s0 value for the hostname to a copy of +\&\fBSSL_SESSION_set1_hostname()\fR sets the \s-1SNI\s0 value for the hostname to a copy of the string provided in hostname. .PP -\&\fISSL_SESSION_get0_alpn_selected()\fR retrieves the selected \s-1ALPN\s0 protocol for this +\&\fBSSL_SESSION_get0_alpn_selected()\fR retrieves the selected \s-1ALPN\s0 protocol for this session and its associated length in bytes. The returned value of \fB*alpn\fR is a pointer to memory maintained within \fBs\fR and should not be free'd. .PP -\&\fISSL_SESSION_set1_alpn_selected()\fR sets the \s-1ALPN\s0 protocol for this session to the +\&\fBSSL_SESSION_set1_alpn_selected()\fR sets the \s-1ALPN\s0 protocol for this session to the value in \fBalpn\fR which should be of length \fBlen\fR bytes. A copy of the input value is made, and the caller retains ownership of the memory pointed to by \&\fBalpn\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_SESSION_get0_hostname()\fR returns either a string or \s-1NULL\s0 based on if there +\&\fBSSL_SESSION_get0_hostname()\fR returns either a string or \s-1NULL\s0 based on if there is the \s-1SNI\s0 value sent by client. .PP -\&\fISSL_SESSION_set1_hostname()\fR returns 1 on success or 0 on error. +\&\fBSSL_SESSION_set1_hostname()\fR returns 1 on success or 0 on error. .PP -\&\fISSL_SESSION_set1_alpn_selected()\fR returns 1 on success or 0 on error. +\&\fBSSL_SESSION_set1_alpn_selected()\fR returns 1 on success or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), -\&\fId2i_SSL_SESSION\fR\|(3), -\&\fISSL_SESSION_get_time\fR\|(3), -\&\fISSL_SESSION_free\fR\|(3) +\&\fBssl\fR\|(7), +\&\fBd2i_SSL_SESSION\fR\|(3), +\&\fBSSL_SESSION_get_time\fR\|(3), +\&\fBSSL_SESSION_free\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fISSL_SESSION_set1_hostname()\fR, \fISSL_SESSION_get0_alpn_selected()\fR and -\&\fISSL_SESSION_set1_alpn_selected()\fR were added in OpenSSL 1.1.1. +The \fBSSL_SESSION_set1_hostname()\fR, \fBSSL_SESSION_get0_alpn_selected()\fR and +\&\fBSSL_SESSION_set1_alpn_selected()\fR functions were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get0_id_context.3 b/secure/lib/libcrypto/man/SSL_SESSION_get0_id_context.3 index debcc119b3c5..8ca89c610611 100644 --- a/secure/lib/libcrypto/man/SSL_SESSION_get0_id_context.3 +++ b/secure/lib/libcrypto/man/SSL_SESSION_get0_id_context.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET0_ID_CONTEXT 3" -.TH SSL_SESSION_GET0_ID_CONTEXT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_SESSION_GET0_ID_CONTEXT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,29 +152,29 @@ SSL_SESSION_get0_id_context, SSL_SESSION_set1_id_context \&\- get and set the SS .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -See \fISSL_CTX_set_session_id_context\fR\|(3) for further details on session \s-1ID\s0 +See \fBSSL_CTX_set_session_id_context\fR\|(3) for further details on session \s-1ID\s0 contexts. .PP -\&\fISSL_SESSION_get0_id_context()\fR returns the \s-1ID\s0 context associated with +\&\fBSSL_SESSION_get0_id_context()\fR returns the \s-1ID\s0 context associated with the \s-1SSL/TLS\s0 session \fBs\fR. The length of the \s-1ID\s0 context is written to \&\fB*len\fR if \fBlen\fR is not \s-1NULL.\s0 .PP The value returned is a pointer to an object maintained within \fBs\fR and should not be released. .PP -\&\fISSL_SESSION_set1_id_context()\fR takes a copy of the provided \s-1ID\s0 context given in +\&\fBSSL_SESSION_set1_id_context()\fR takes a copy of the provided \s-1ID\s0 context given in \&\fBsid_ctx\fR and associates it with the session \fBs\fR. The length of the \s-1ID\s0 context is given by \fBsid_ctx_len\fR which must not exceed \s-1SSL_MAX_SID_CTX_LENGTH\s0 bytes. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_SESSION_set1_id_context()\fR returns 1 on success or 0 on error. +\&\fBSSL_SESSION_set1_id_context()\fR returns 1 on success or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), -\&\fISSL_set_session_id_context\fR\|(3) +\&\fBssl\fR\|(7), +\&\fBSSL_set_session_id_context\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fISSL_SESSION_get0_id_context()\fR was first added to OpenSSL 1.1.0 +The \fBSSL_SESSION_get0_id_context()\fR function was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get0_peer.3 b/secure/lib/libcrypto/man/SSL_SESSION_get0_peer.3 index c65ad11e6c48..e7c049180783 100644 --- a/secure/lib/libcrypto/man/SSL_SESSION_get0_peer.3 +++ b/secure/lib/libcrypto/man/SSL_SESSION_get0_peer.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET0_PEER 3" -.TH SSL_SESSION_GET0_PEER 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_SESSION_GET0_PEER 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,16 +149,16 @@ SSL_SESSION_get0_peer \&\- get details about peer's certificate for a session .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_SESSION_get0_peer()\fR returns the peer certificate associated with the session +\&\fBSSL_SESSION_get0_peer()\fR returns the peer certificate associated with the session \&\fBs\fR or \s-1NULL\s0 if no peer certificate is available. The caller should not free the -returned value (unless \fIX509_up_ref\fR\|(3) has also been called). +returned value (unless \fBX509_up_ref\fR\|(3) has also been called). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_SESSION_get0_peer()\fR returns a pointer to the peer certificate or \s-1NULL\s0 if +\&\fBSSL_SESSION_get0_peer()\fR returns a pointer to the peer certificate or \s-1NULL\s0 if no peer certificate is available. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7) +\&\fBssl\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get_compress_id.3 b/secure/lib/libcrypto/man/SSL_SESSION_get_compress_id.3 index b64c4ca3d6b9..fdec54672259 100644 --- a/secure/lib/libcrypto/man/SSL_SESSION_get_compress_id.3 +++ b/secure/lib/libcrypto/man/SSL_SESSION_get_compress_id.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET_COMPRESS_ID 3" -.TH SSL_SESSION_GET_COMPRESS_ID 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_SESSION_GET_COMPRESS_ID 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,16 +150,16 @@ SSL_SESSION_get_compress_id \&\- get details about the compression associated wi .SH "DESCRIPTION" .IX Header "DESCRIPTION" If compression has been negotiated for an ssl session then -\&\fISSL_SESSION_get_compress_id()\fR will return the id for the compression method or +\&\fBSSL_SESSION_get_compress_id()\fR will return the id for the compression method or 0 otherwise. The only built-in supported compression method is zlib which has an id of 1. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_SESSION_get_compress_id()\fR returns the id of the compression method or 0 if +\&\fBSSL_SESSION_get_compress_id()\fR returns the id of the compression method or 0 if none. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7) +\&\fBssl\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get_ex_data.3 b/secure/lib/libcrypto/man/SSL_SESSION_get_ex_data.3 index 1096d9a4d220..92ef07ebd271 100644 --- a/secure/lib/libcrypto/man/SSL_SESSION_get_ex_data.3 +++ b/secure/lib/libcrypto/man/SSL_SESSION_get_ex_data.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET_EX_DATA 3" -.TH SSL_SESSION_GET_EX_DATA 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_SESSION_GET_EX_DATA 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,23 +150,23 @@ SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data \&\- get and set application sp .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_SESSION_set_ex_data()\fR enables an application to store arbitrary application +\&\fBSSL_SESSION_set_ex_data()\fR enables an application to store arbitrary application specific data \fBdata\fR in an \s-1SSL_SESSION\s0 structure \fBss\fR. The index \fBidx\fR should -be a value previously returned from a call to \fICRYPTO_get_ex_new_index\fR\|(3). +be a value previously returned from a call to \fBCRYPTO_get_ex_new_index\fR\|(3). .PP -\&\fISSL_SESSION_get_ex_data()\fR retrieves application specific data previously stored +\&\fBSSL_SESSION_get_ex_data()\fR retrieves application specific data previously stored in an \s-1SSL_SESSION\s0 structure \fBs\fR. The \fBidx\fR value should be the same as that used when originally storing the data. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_SESSION_set_ex_data()\fR returns 1 for success or 0 for failure. +\&\fBSSL_SESSION_set_ex_data()\fR returns 1 for success or 0 for failure. .PP -\&\fISSL_SESSION_get_ex_data()\fR returns the previously stored value or \s-1NULL\s0 on +\&\fBSSL_SESSION_get_ex_data()\fR returns the previously stored value or \s-1NULL\s0 on failure. \s-1NULL\s0 may also be a valid value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), -\&\fICRYPTO_get_ex_new_index\fR\|(3) +\&\fBssl\fR\|(7), +\&\fBCRYPTO_get_ex_new_index\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get_protocol_version.3 b/secure/lib/libcrypto/man/SSL_SESSION_get_protocol_version.3 index 91f24a1cd651..9af52188a15e 100644 --- a/secure/lib/libcrypto/man/SSL_SESSION_get_protocol_version.3 +++ b/secure/lib/libcrypto/man/SSL_SESSION_get_protocol_version.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET_PROTOCOL_VERSION 3" -.TH SSL_SESSION_GET_PROTOCOL_VERSION 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_SESSION_GET_PROTOCOL_VERSION 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,31 +150,31 @@ SSL_SESSION_get_protocol_version, SSL_SESSION_set_protocol_version \&\- get and .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_SESSION_get_protocol_version()\fR returns the protocol version number used +\&\fBSSL_SESSION_get_protocol_version()\fR returns the protocol version number used by session \fBs\fR. .PP -\&\fISSL_SESSION_set_protocol_version()\fR sets the protocol version associated with the +\&\fBSSL_SESSION_set_protocol_version()\fR sets the protocol version associated with the \&\s-1SSL_SESSION\s0 object \fBs\fR to the value \fBversion\fR. This value should be a version constant such as \fB\s-1TLS1_3_VERSION\s0\fR etc. For example, this could be used to set -up a session based \s-1PSK\s0 (see \fISSL_CTX_set_psk_use_session_callback\fR\|(3)). +up a session based \s-1PSK\s0 (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_SESSION_get_protocol_version()\fR returns a number indicating the protocol +\&\fBSSL_SESSION_get_protocol_version()\fR returns a number indicating the protocol version used for the session; this number matches the constants \fIe.g.\fR \&\fB\s-1TLS1_VERSION\s0\fR, \fB\s-1TLS1_2_VERSION\s0\fR or \fB\s-1TLS1_3_VERSION\s0\fR. .PP -Note that the \fISSL_SESSION_get_protocol_version()\fR function +Note that the \fBSSL_SESSION_get_protocol_version()\fR function does \fBnot\fR perform a null check on the provided session \fBs\fR pointer. .PP -\&\fISSL_SESSION_set_protocol_version()\fR returns 1 on success or 0 on failure. +\&\fBSSL_SESSION_set_protocol_version()\fR returns 1 on success or 0 on failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), -\&\fISSL_CTX_set_psk_use_session_callback\fR\|(3) +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fISSL_SESSION_get_protocol_version()\fR was first added to OpenSSL 1.1.0. -\&\fISSL_SESSION_set_protocol_version()\fR was first added to OpenSSL 1.1.1. +The \fBSSL_SESSION_get_protocol_version()\fR function was added in OpenSSL 1.1.0. +The \fBSSL_SESSION_set_protocol_version()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get_time.3 b/secure/lib/libcrypto/man/SSL_SESSION_get_time.3 index 945efdf26ae9..4fc9bd4478f9 100644 --- a/secure/lib/libcrypto/man/SSL_SESSION_get_time.3 +++ b/secure/lib/libcrypto/man/SSL_SESSION_get_time.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET_TIME 3" -.TH SSL_SESSION_GET_TIME 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_SESSION_GET_TIME 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,43 +157,43 @@ SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_SESSION_get_time()\fR returns the time at which the session \fBs\fR was +\&\fBSSL_SESSION_get_time()\fR returns the time at which the session \fBs\fR was established. The time is given in seconds since the Epoch and therefore -compatible to the time delivered by the \fItime()\fR call. +compatible to the time delivered by the \fBtime()\fR call. .PP -\&\fISSL_SESSION_set_time()\fR replaces the creation time of the session \fBs\fR with +\&\fBSSL_SESSION_set_time()\fR replaces the creation time of the session \fBs\fR with the chosen value \fBtm\fR. .PP -\&\fISSL_SESSION_get_timeout()\fR returns the timeout value set for session \fBs\fR +\&\fBSSL_SESSION_get_timeout()\fR returns the timeout value set for session \fBs\fR in seconds. .PP -\&\fISSL_SESSION_set_timeout()\fR sets the timeout value for session \fBs\fR in seconds +\&\fBSSL_SESSION_set_timeout()\fR sets the timeout value for session \fBs\fR in seconds to \fBtm\fR. .PP -The \fISSL_get_time()\fR, \fISSL_set_time()\fR, \fISSL_get_timeout()\fR, and \fISSL_set_timeout()\fR +The \fBSSL_get_time()\fR, \fBSSL_set_time()\fR, \fBSSL_get_timeout()\fR, and \fBSSL_set_timeout()\fR functions are synonyms for the SSL_SESSION_*() counterparts. .SH "NOTES" .IX Header "NOTES" Sessions are expired by examining the creation time and the timeout value. Both are set at creation time of the session to the actual time and the default timeout value at creation, respectively, as set by -\&\fISSL_CTX_set_timeout\fR\|(3). +\&\fBSSL_CTX_set_timeout\fR\|(3). Using these functions it is possible to extend or shorten the lifetime of the session. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_SESSION_get_time()\fR and \fISSL_SESSION_get_timeout()\fR return the currently +\&\fBSSL_SESSION_get_time()\fR and \fBSSL_SESSION_get_timeout()\fR return the currently valid values. .PP -\&\fISSL_SESSION_set_time()\fR and \fISSL_SESSION_set_timeout()\fR return 1 on success. +\&\fBSSL_SESSION_set_time()\fR and \fBSSL_SESSION_set_timeout()\fR return 1 on success. .PP If any of the function is passed the \s-1NULL\s0 pointer for the session \fBs\fR, 0 is returned. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), -\&\fISSL_CTX_set_timeout\fR\|(3), -\&\fISSL_get_default_timeout\fR\|(3) +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_timeout\fR\|(3), +\&\fBSSL_get_default_timeout\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_SESSION_has_ticket.3 b/secure/lib/libcrypto/man/SSL_SESSION_has_ticket.3 index 43c4eb014ab2..cb1d930e1219 100644 --- a/secure/lib/libcrypto/man/SSL_SESSION_has_ticket.3 +++ b/secure/lib/libcrypto/man/SSL_SESSION_has_ticket.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_HAS_TICKET 3" -.TH SSL_SESSION_HAS_TICKET 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_SESSION_HAS_TICKET 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,7 +152,7 @@ SSL_SESSION_get0_ticket, SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_SESSION_has_ticket()\fR returns 1 if there is a Session Ticket associated with +\&\fBSSL_SESSION_has_ticket()\fR returns 1 if there is a Session Ticket associated with this session, and 0 otherwise. .PP SSL_SESSION_get_ticket_lifetime_hint returns the lifetime hint in seconds @@ -158,22 +162,22 @@ SSL_SESSION_get0_ticket obtains a pointer to the ticket associated with a session. The length of the ticket is written to \fB*len\fR. If \fBtick\fR is non \&\s-1NULL\s0 then a pointer to the ticket is written to \fB*tick\fR. The pointer is only valid while the connection is in use. The session (and hence the ticket pointer) -may also become invalid as a result of a call to \fISSL_CTX_flush_sessions()\fR. +may also become invalid as a result of a call to \fBSSL_CTX_flush_sessions()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_SESSION_has_ticket()\fR returns 1 if session ticket exists or 0 otherwise. +\&\fBSSL_SESSION_has_ticket()\fR returns 1 if session ticket exists or 0 otherwise. .PP -\&\fISSL_SESSION_get_ticket_lifetime_hint()\fR returns the number of seconds. +\&\fBSSL_SESSION_get_ticket_lifetime_hint()\fR returns the number of seconds. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), -\&\fId2i_SSL_SESSION\fR\|(3), -\&\fISSL_SESSION_get_time\fR\|(3), -\&\fISSL_SESSION_free\fR\|(3) +\&\fBssl\fR\|(7), +\&\fBd2i_SSL_SESSION\fR\|(3), +\&\fBSSL_SESSION_get_time\fR\|(3), +\&\fBSSL_SESSION_free\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint and -SSL_SESSION_get0_ticket were added in OpenSSL 1.1.0. +The \fBSSL_SESSION_has_ticket()\fR, \fBSSL_SESSION_get_ticket_lifetime_hint()\fR +and \fBSSL_SESSION_get0_ticket()\fR functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_SESSION_is_resumable.3 b/secure/lib/libcrypto/man/SSL_SESSION_is_resumable.3 index 73b1b705cd33..4d85589567ee 100644 --- a/secure/lib/libcrypto/man/SSL_SESSION_is_resumable.3 +++ b/secure/lib/libcrypto/man/SSL_SESSION_is_resumable.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_IS_RESUMABLE 3" -.TH SSL_SESSION_IS_RESUMABLE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_SESSION_IS_RESUMABLE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,21 +149,21 @@ SSL_SESSION_is_resumable \&\- determine whether an SSL_SESSION object can be use .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_SESSION_is_resumable()\fR determines whether an \s-1SSL_SESSION\s0 object can be used +\&\fBSSL_SESSION_is_resumable()\fR determines whether an \s-1SSL_SESSION\s0 object can be used to resume a session or not. Returns 1 if it can or 0 if not. Note that attempting to resume with a non-resumable session will result in a full handshake. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_SESSION_is_resumable()\fR returns 1 if the session is resumable or 0 otherwise. +\&\fBSSL_SESSION_is_resumable()\fR returns 1 if the session is resumable or 0 otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), -\&\fISSL_get_session\fR\|(3), -\&\fISSL_CTX_sess_set_new_cb\fR\|(3) +\&\fBssl\fR\|(7), +\&\fBSSL_get_session\fR\|(3), +\&\fBSSL_CTX_sess_set_new_cb\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fISSL_SESSION_is_resumable()\fR was first added to OpenSSL 1.1.1 +The \fBSSL_SESSION_is_resumable()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_SESSION_print.3 b/secure/lib/libcrypto/man/SSL_SESSION_print.3 index 86b328b5db2f..3f4d69ca0279 100644 --- a/secure/lib/libcrypto/man/SSL_SESSION_print.3 +++ b/secure/lib/libcrypto/man/SSL_SESSION_print.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_PRINT 3" -.TH SSL_SESSION_PRINT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_SESSION_PRINT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,21 +151,21 @@ SSL_SESSION_print, SSL_SESSION_print_fp, SSL_SESSION_print_keylog \&\- printf in .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_SESSION_print()\fR prints summary information about the session provided in +\&\fBSSL_SESSION_print()\fR prints summary information about the session provided in \&\fBses\fR to the \s-1BIO\s0 \fBfp\fR. .PP -\&\fISSL_SESSION_print_fp()\fR does the same as \fISSL_SESSION_print()\fR except it prints it +\&\fBSSL_SESSION_print_fp()\fR does the same as \fBSSL_SESSION_print()\fR except it prints it to the \s-1FILE\s0 \fBfp\fR. .PP -\&\fISSL_SESSION_print_keylog()\fR prints session information to the provided \s-1BIO\s0 <bp> +\&\fBSSL_SESSION_print_keylog()\fR prints session information to the provided \s-1BIO\s0 <bp> in \s-1NSS\s0 keylog format. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_SESSION_print()\fR, \fISSL_SESSION_print_fp()\fR and SSL_SESSION_print_keylog return +\&\fBSSL_SESSION_print()\fR, \fBSSL_SESSION_print_fp()\fR and SSL_SESSION_print_keylog return 1 on success or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7) +\&\fBssl\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_SESSION_set1_id.3 b/secure/lib/libcrypto/man/SSL_SESSION_set1_id.3 index 48ea91dd9b3f..8bff5855022a 100644 --- a/secure/lib/libcrypto/man/SSL_SESSION_set1_id.3 +++ b/secure/lib/libcrypto/man/SSL_SESSION_set1_id.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_SET1_ID 3" -.TH SSL_SESSION_SET1_ID 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_SESSION_SET1_ID 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,23 +152,23 @@ SSL_SESSION_get_id, SSL_SESSION_set1_id \&\- get and set the SSL session ID .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_SESSION_get_id()\fR returns a pointer to the internal session id value for the +\&\fBSSL_SESSION_get_id()\fR returns a pointer to the internal session id value for the session \fBs\fR. The length of the id in bytes is stored in \fB*len\fR. The length may be 0. The caller should not free the returned pointer directly. .PP -\&\fISSL_SESSION_set1_id()\fR sets the session \s-1ID\s0 for the \fBssl\fR \s-1SSL/TLS\s0 session +\&\fBSSL_SESSION_set1_id()\fR sets the session \s-1ID\s0 for the \fBssl\fR \s-1SSL/TLS\s0 session to \fBsid\fR of length \fBsid_len\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_SESSION_get_id()\fR returns a pointer to the session id value. -\&\fISSL_SESSION_set1_id()\fR returns 1 for success and 0 for failure, for example +\&\fBSSL_SESSION_get_id()\fR returns a pointer to the session id value. +\&\fBSSL_SESSION_set1_id()\fR returns 1 for success and 0 for failure, for example if the supplied session \s-1ID\s0 length exceeds \fB\s-1SSL_MAX_SSL_SESSION_ID_LENGTH\s0\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7) +\&\fBssl\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" -\&\fISSL_SESSION_set1_id()\fR was first added to OpenSSL 1.1.0 +The \fBSSL_SESSION_set1_id()\fR function was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_accept.3 b/secure/lib/libcrypto/man/SSL_accept.3 index eba67d00b4cd..b867aaa5c845 100644 --- a/secure/lib/libcrypto/man/SSL_accept.3 +++ b/secure/lib/libcrypto/man/SSL_accept.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_ACCEPT 3" -.TH SSL_ACCEPT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_ACCEPT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,25 +149,25 @@ SSL_accept \- wait for a TLS/SSL client to initiate a TLS/SSL handshake .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_accept()\fR waits for a \s-1TLS/SSL\s0 client to initiate the \s-1TLS/SSL\s0 handshake. +\&\fBSSL_accept()\fR waits for a \s-1TLS/SSL\s0 client to initiate the \s-1TLS/SSL\s0 handshake. The communication channel must already have been set and assigned to the \&\fBssl\fR by setting an underlying \fB\s-1BIO\s0\fR. .SH "NOTES" .IX Header "NOTES" -The behaviour of \fISSL_accept()\fR depends on the underlying \s-1BIO.\s0 +The behaviour of \fBSSL_accept()\fR depends on the underlying \s-1BIO.\s0 .PP -If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_accept()\fR will only return once the +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_accept()\fR will only return once the handshake has been finished or an error occurred. .PP -If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_accept()\fR will also return -when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_accept()\fR +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fBSSL_accept()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_accept()\fR to continue the handshake, indicating the problem by the return value \-1. -In this case a call to \fISSL_get_error()\fR with the -return value of \fISSL_accept()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +In this case a call to \fBSSL_get_error()\fR with the +return value of \fBSSL_accept()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after -taking appropriate action to satisfy the needs of \fISSL_accept()\fR. +taking appropriate action to satisfy the needs of \fBSSL_accept()\fR. The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, -nothing is to be done, but \fIselect()\fR can be used to check for the required +nothing is to be done, but \fBselect()\fR can be used to check for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. .SH "RETURN VALUES" @@ -171,7 +175,7 @@ into or retrieved out of the \s-1BIO\s0 before being able to continue. The following return values can occur: .IP "0" 4 The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and -by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fISSL_get_error()\fR with the +by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fBSSL_get_error()\fR with the return value \fBret\fR to find out the reason. .IP "1" 4 .IX Item "1" @@ -182,15 +186,15 @@ established. The \s-1TLS/SSL\s0 handshake was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was not clean. It can also occur of action is need to continue the operation -for non-blocking BIOs. Call \fISSL_get_error()\fR with the return value \fBret\fR +for non-blocking BIOs. Call \fBSSL_get_error()\fR with the return value \fBret\fR to find out the reason. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_get_error\fR\|(3), \fISSL_connect\fR\|(3), -\&\fISSL_shutdown\fR\|(3), \fIssl\fR\|(7), \fIbio\fR\|(7), -\&\fISSL_set_connect_state\fR\|(3), -\&\fISSL_do_handshake\fR\|(3), -\&\fISSL_CTX_new\fR\|(3) +\&\fBSSL_get_error\fR\|(3), \fBSSL_connect\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7), +\&\fBSSL_set_connect_state\fR\|(3), +\&\fBSSL_do_handshake\fR\|(3), +\&\fBSSL_CTX_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_alert_type_string.3 b/secure/lib/libcrypto/man/SSL_alert_type_string.3 index 044ebedbe7fb..195b0a52005e 100644 --- a/secure/lib/libcrypto/man/SSL_alert_type_string.3 +++ b/secure/lib/libcrypto/man/SSL_alert_type_string.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_ALERT_TYPE_STRING 3" -.TH SSL_ALERT_TYPE_STRING 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_ALERT_TYPE_STRING 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,16 +153,16 @@ SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_al .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_alert_type_string()\fR returns a one letter string indicating the +\&\fBSSL_alert_type_string()\fR returns a one letter string indicating the type of the alert specified by \fBvalue\fR. .PP -\&\fISSL_alert_type_string_long()\fR returns a string indicating the type of the alert +\&\fBSSL_alert_type_string_long()\fR returns a string indicating the type of the alert specified by \fBvalue\fR. .PP -\&\fISSL_alert_desc_string()\fR returns a two letter string as a short form +\&\fBSSL_alert_desc_string()\fR returns a two letter string as a short form describing the reason of the alert specified by \fBvalue\fR. .PP -\&\fISSL_alert_desc_string_long()\fR returns a string describing the reason +\&\fBSSL_alert_desc_string_long()\fR returns a string describing the reason of the alert specified by \fBvalue\fR. .SH "NOTES" .IX Header "NOTES" @@ -179,8 +183,8 @@ Several alert messages must be sent as fatal alert messages as specified by the \s-1TLS RFC. A\s0 fatal alert always leads to a connection abort. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The following strings can occur for \fISSL_alert_type_string()\fR or -\&\fISSL_alert_type_string_long()\fR: +The following strings can occur for \fBSSL_alert_type_string()\fR or +\&\fBSSL_alert_type_string_long()\fR: .ie n .IP """W""/""warning""" 4 .el .IP "``W''/``warning''" 4 .IX Item "W/warning" @@ -195,8 +199,8 @@ The following strings can occur for \fISSL_alert_type_string()\fR or This indicates that no support is available for this alert type. Probably \fBvalue\fR does not contain a correct alert message. .PP -The following strings can occur for \fISSL_alert_desc_string()\fR or -\&\fISSL_alert_desc_string_long()\fR: +The following strings can occur for \fBSSL_alert_desc_string()\fR or +\&\fBSSL_alert_desc_string_long()\fR: .ie n .IP """\s-1CN""/\s0""close notify""" 4 .el .IP "``\s-1CN''/\s0``close notify''" 4 .IX Item "CN/close notify" @@ -354,7 +358,7 @@ This indicates that no description is available for this alert type. Probably \fBvalue\fR does not contain a correct alert message. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_CTX_set_info_callback\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_CTX_set_info_callback\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_alloc_buffers.3 b/secure/lib/libcrypto/man/SSL_alloc_buffers.3 index ba739434c2f8..bcd5f1ac5d34 100644 --- a/secure/lib/libcrypto/man/SSL_alloc_buffers.3 +++ b/secure/lib/libcrypto/man/SSL_alloc_buffers.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_ALLOC_BUFFERS 3" -.TH SSL_ALLOC_BUFFERS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_ALLOC_BUFFERS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,38 +150,38 @@ SSL_free_buffers, SSL_alloc_buffers \- manage SSL structure buffers .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_free_buffers()\fR frees the read and write buffers of the given \fBssl\fR. -\&\fISSL_alloc_buffers()\fR allocates the read and write buffers of the given \fBssl\fR. +\&\fBSSL_free_buffers()\fR frees the read and write buffers of the given \fBssl\fR. +\&\fBSSL_alloc_buffers()\fR allocates the read and write buffers of the given \fBssl\fR. .PP The \fB\s-1SSL_MODE_RELEASE_BUFFERS\s0\fR mode releases read or write buffers whenever the buffers have been drained. These functions allow applications to manually control when buffers are freed and allocated. .PP After freeing the buffers, the buffers are automatically reallocated upon a -new read or write. The \fISSL_alloc_buffers()\fR does not need to be called, but +new read or write. The \fBSSL_alloc_buffers()\fR does not need to be called, but can be used to make sure the buffers are pre-allocated. This can be used to -avoid allocation during data processing or with \fICRYPTO_set_mem_functions()\fR +avoid allocation during data processing or with \fBCRYPTO_set_mem_functions()\fR to control where and how buffers are allocated. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: .IP "0 (Failure)" 4 .IX Item "0 (Failure)" -The \fISSL_free_buffers()\fR function returns 0 when there is pending data to be -read or written. The \fISSL_alloc_buffers()\fR function returns 0 when there is +The \fBSSL_free_buffers()\fR function returns 0 when there is pending data to be +read or written. The \fBSSL_alloc_buffers()\fR function returns 0 when there is an allocation failure. .IP "1 (Success)" 4 .IX Item "1 (Success)" -The \fISSL_free_buffers()\fR function returns 1 if the buffers have been freed. This +The \fBSSL_free_buffers()\fR function returns 1 if the buffers have been freed. This value is also returned if the buffers had been freed before calling -\&\fISSL_free_buffers()\fR. -The \fISSL_alloc_buffers()\fR function returns 1 if the buffers have been allocated. +\&\fBSSL_free_buffers()\fR. +The \fBSSL_alloc_buffers()\fR function returns 1 if the buffers have been allocated. This value is also returned if the buffers had been allocated before calling -\&\fISSL_alloc_buffers()\fR. +\&\fBSSL_alloc_buffers()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_free\fR\|(3), \fISSL_clear\fR\|(3), -\&\fISSL_new\fR\|(3), \fISSL_CTX_set_mode\fR\|(3), +\&\fBSSL_free\fR\|(3), \fBSSL_clear\fR\|(3), +\&\fBSSL_new\fR\|(3), \fBSSL_CTX_set_mode\fR\|(3), CRYPTO_set_mem_functions .SH "COPYRIGHT" .IX Header "COPYRIGHT" diff --git a/secure/lib/libcrypto/man/SSL_check_chain.3 b/secure/lib/libcrypto/man/SSL_check_chain.3 index 7af0e5fe2275..ed1a4ac26d95 100644 --- a/secure/lib/libcrypto/man/SSL_check_chain.3 +++ b/secure/lib/libcrypto/man/SSL_check_chain.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CHECK_CHAIN 3" -.TH SSL_CHECK_CHAIN 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CHECK_CHAIN 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,12 +149,12 @@ SSL_check_chain \- check certificate chain suitability .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_check_chain()\fR checks whether certificate \fBx\fR, private key \fBpk\fR and +\&\fBSSL_check_chain()\fR checks whether certificate \fBx\fR, private key \fBpk\fR and certificate chain \fBchain\fR is suitable for use with the current session \&\fBs\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_check_chain()\fR returns a bitmap of flags indicating the validity of the +\&\fBSSL_check_chain()\fR returns a bitmap of flags indicating the validity of the chain. .PP \&\fB\s-1CERT_PKEY_VALID\s0\fR: the chain can be used with the current session. @@ -184,7 +188,7 @@ for client authentication. \&\fB\s-1CERT_PKEY_SUITEB\s0\fR: chain is suitable for Suite B use. .SH "NOTES" .IX Header "NOTES" -\&\fISSL_check_chain()\fR must be called in servers after a client hello message or in +\&\fBSSL_check_chain()\fR must be called in servers after a client hello message or in clients after a certificate request message. It will typically be called in the certificate callback. .PP @@ -209,8 +213,8 @@ be very useful. Applications may wish to specify a different \*(L"legacy\*(R" ch for earlier versions of \s-1TLS\s0 or \s-1DTLS.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_CTX_set_cert_cb\fR\|(3), -\&\fIssl\fR\|(7) +\&\fBSSL_CTX_set_cert_cb\fR\|(3), +\&\fBssl\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_clear.3 b/secure/lib/libcrypto/man/SSL_clear.3 index 20490576a99b..48e69a902e3c 100644 --- a/secure/lib/libcrypto/man/SSL_clear.3 +++ b/secure/lib/libcrypto/man/SSL_clear.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CLEAR 3" -.TH SSL_CLEAR 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CLEAR 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,8 +157,8 @@ SSL_clear is used to prepare an \s-1SSL\s0 object for a new connection. While al settings are kept, a side effect is the handling of the current \s-1SSL\s0 session. If a session is still \fBopen\fR, it is considered bad and will be removed from the session cache, as required by \s-1RFC2246. A\s0 session is considered open, -if \fISSL_shutdown\fR\|(3) was not called for the connection -or at least \fISSL_set_shutdown\fR\|(3) was used to +if \fBSSL_shutdown\fR\|(3) was not called for the connection +or at least \fBSSL_set_shutdown\fR\|(3) was used to set the \s-1SSL_SENT_SHUTDOWN\s0 state. .PP If a session was closed cleanly, the session object will be kept and all @@ -163,37 +167,37 @@ used during the session will be kept for the next handshake. So if the session was a TLSv1 session, a \s-1SSL\s0 client object will use a TLSv1 client method for the next handshake and a \s-1SSL\s0 server object will use a TLSv1 server method, even if TLS_*_methods were chosen on startup. This -will might lead to connection failures (see \fISSL_new\fR\|(3)) +will might lead to connection failures (see \fBSSL_new\fR\|(3)) for a description of the method's properties. .SH "WARNINGS" .IX Header "WARNINGS" -\&\fISSL_clear()\fR resets the \s-1SSL\s0 object to allow for another connection. The +\&\fBSSL_clear()\fR resets the \s-1SSL\s0 object to allow for another connection. The reset operation however keeps several settings of the last sessions (some of these settings were made automatically during the last handshake). It only makes sense for a new connection with the exact same peer that shares these settings, and may fail if that peer changes its settings between connections. Use the sequence -\&\fISSL_get_session\fR\|(3); -\&\fISSL_new\fR\|(3); -\&\fISSL_set_session\fR\|(3); -\&\fISSL_free\fR\|(3) +\&\fBSSL_get_session\fR\|(3); +\&\fBSSL_new\fR\|(3); +\&\fBSSL_set_session\fR\|(3); +\&\fBSSL_free\fR\|(3) instead to avoid such failures -(or simply \fISSL_free\fR\|(3); \fISSL_new\fR\|(3) +(or simply \fBSSL_free\fR\|(3); \fBSSL_new\fR\|(3) if session reuse is not desired). .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: .IP "0" 4 -The \fISSL_clear()\fR operation could not be performed. Check the error stack to +The \fBSSL_clear()\fR operation could not be performed. Check the error stack to find out the reason. .IP "1" 4 .IX Item "1" -The \fISSL_clear()\fR operation was successful. +The \fBSSL_clear()\fR operation was successful. .PP -\&\fISSL_new\fR\|(3), \fISSL_free\fR\|(3), -\&\fISSL_shutdown\fR\|(3), \fISSL_set_shutdown\fR\|(3), -\&\fISSL_CTX_set_options\fR\|(3), \fIssl\fR\|(7), -\&\fISSL_CTX_set_client_cert_cb\fR\|(3) +\&\fBSSL_new\fR\|(3), \fBSSL_free\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), \fBSSL_set_shutdown\fR\|(3), +\&\fBSSL_CTX_set_options\fR\|(3), \fBssl\fR\|(7), +\&\fBSSL_CTX_set_client_cert_cb\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_connect.3 b/secure/lib/libcrypto/man/SSL_connect.3 index e195b15c2333..355b6f56000b 100644 --- a/secure/lib/libcrypto/man/SSL_connect.3 +++ b/secure/lib/libcrypto/man/SSL_connect.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CONNECT 3" -.TH SSL_CONNECT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CONNECT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,25 +149,25 @@ SSL_connect \- initiate the TLS/SSL handshake with an TLS/SSL server .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_connect()\fR initiates the \s-1TLS/SSL\s0 handshake with a server. The communication +\&\fBSSL_connect()\fR initiates the \s-1TLS/SSL\s0 handshake with a server. The communication channel must already have been set and assigned to the \fBssl\fR by setting an underlying \fB\s-1BIO\s0\fR. .SH "NOTES" .IX Header "NOTES" -The behaviour of \fISSL_connect()\fR depends on the underlying \s-1BIO.\s0 +The behaviour of \fBSSL_connect()\fR depends on the underlying \s-1BIO.\s0 .PP -If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_connect()\fR will only return once the +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_connect()\fR will only return once the handshake has been finished or an error occurred. .PP -If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_connect()\fR will also return -when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_connect()\fR +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fBSSL_connect()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_connect()\fR to continue the handshake, indicating the problem by the return value \-1. -In this case a call to \fISSL_get_error()\fR with the -return value of \fISSL_connect()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +In this case a call to \fBSSL_get_error()\fR with the +return value of \fBSSL_connect()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after -taking appropriate action to satisfy the needs of \fISSL_connect()\fR. +taking appropriate action to satisfy the needs of \fBSSL_connect()\fR. The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, -nothing is to be done, but \fIselect()\fR can be used to check for the required +nothing is to be done, but \fBselect()\fR can be used to check for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. .PP @@ -179,14 +183,14 @@ been received for the final handshake message. The \fB\s-1TCP_NODELAY\s0\fR socket option is often available to disable Nagle's algorithm. If an application opts to disable Nagle's algorithm consideration should be given to turning it back on again later if appropriate. The helper -function \fIBIO_set_tcp_ndelay()\fR can be used to turn on or off the \fB\s-1TCP_NODELAY\s0\fR +function \fBBIO_set_tcp_ndelay()\fR can be used to turn on or off the \fB\s-1TCP_NODELAY\s0\fR option. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: .IP "0" 4 The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and -by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fISSL_get_error()\fR with the +by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fBSSL_get_error()\fR with the return value \fBret\fR to find out the reason. .IP "1" 4 .IX Item "1" @@ -197,15 +201,15 @@ established. The \s-1TLS/SSL\s0 handshake was not successful, because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was not clean. It can also occur of action is need to continue the operation -for non-blocking BIOs. Call \fISSL_get_error()\fR with the return value \fBret\fR +for non-blocking BIOs. Call \fBSSL_get_error()\fR with the return value \fBret\fR to find out the reason. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_get_error\fR\|(3), \fISSL_accept\fR\|(3), -\&\fISSL_shutdown\fR\|(3), \fIssl\fR\|(7), \fIbio\fR\|(7), -\&\fISSL_set_connect_state\fR\|(3), -\&\fISSL_do_handshake\fR\|(3), -\&\fISSL_CTX_new\fR\|(3) +\&\fBSSL_get_error\fR\|(3), \fBSSL_accept\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7), +\&\fBSSL_set_connect_state\fR\|(3), +\&\fBSSL_do_handshake\fR\|(3), +\&\fBSSL_CTX_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_do_handshake.3 b/secure/lib/libcrypto/man/SSL_do_handshake.3 index 7a33c1b866ee..21d3c1a16bdf 100644 --- a/secure/lib/libcrypto/man/SSL_do_handshake.3 +++ b/secure/lib/libcrypto/man/SSL_do_handshake.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_DO_HANDSHAKE 3" -.TH SSL_DO_HANDSHAKE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_DO_HANDSHAKE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,26 +149,26 @@ SSL_do_handshake \- perform a TLS/SSL handshake .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_do_handshake()\fR will wait for a \s-1SSL/TLS\s0 handshake to take place. If the +\&\fBSSL_do_handshake()\fR will wait for a \s-1SSL/TLS\s0 handshake to take place. If the connection is in client mode, the handshake will be started. The handshake routines may have to be explicitly set in advance using either -\&\fISSL_set_connect_state\fR\|(3) or -\&\fISSL_set_accept_state\fR\|(3). +\&\fBSSL_set_connect_state\fR\|(3) or +\&\fBSSL_set_accept_state\fR\|(3). .SH "NOTES" .IX Header "NOTES" -The behaviour of \fISSL_do_handshake()\fR depends on the underlying \s-1BIO.\s0 +The behaviour of \fBSSL_do_handshake()\fR depends on the underlying \s-1BIO.\s0 .PP -If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_do_handshake()\fR will only return +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_do_handshake()\fR will only return once the handshake has been finished or an error occurred. .PP -If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_do_handshake()\fR will also return -when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_do_handshake()\fR -to continue the handshake. In this case a call to \fISSL_get_error()\fR with the -return value of \fISSL_do_handshake()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fBSSL_do_handshake()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_do_handshake()\fR +to continue the handshake. In this case a call to \fBSSL_get_error()\fR with the +return value of \fBSSL_do_handshake()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after -taking appropriate action to satisfy the needs of \fISSL_do_handshake()\fR. +taking appropriate action to satisfy the needs of \fBSSL_do_handshake()\fR. The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, -nothing is to be done, but \fIselect()\fR can be used to check for the required +nothing is to be done, but \fBselect()\fR can be used to check for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. .SH "RETURN VALUES" @@ -172,7 +176,7 @@ into or retrieved out of the \s-1BIO\s0 before being able to continue. The following return values can occur: .IP "0" 4 The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and -by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fISSL_get_error()\fR with the +by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fBSSL_get_error()\fR with the return value \fBret\fR to find out the reason. .IP "1" 4 .IX Item "1" @@ -183,13 +187,13 @@ established. The \s-1TLS/SSL\s0 handshake was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was not clean. It can also occur of action is need to continue the operation -for non-blocking BIOs. Call \fISSL_get_error()\fR with the return value \fBret\fR +for non-blocking BIOs. Call \fBSSL_get_error()\fR with the return value \fBret\fR to find out the reason. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_get_error\fR\|(3), \fISSL_connect\fR\|(3), -\&\fISSL_accept\fR\|(3), \fIssl\fR\|(7), \fIbio\fR\|(7), -\&\fISSL_set_connect_state\fR\|(3) +\&\fBSSL_get_error\fR\|(3), \fBSSL_connect\fR\|(3), +\&\fBSSL_accept\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7), +\&\fBSSL_set_connect_state\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_export_keying_material.3 b/secure/lib/libcrypto/man/SSL_export_keying_material.3 index c6735b133b47..1a544d0861b5 100644 --- a/secure/lib/libcrypto/man/SSL_export_keying_material.3 +++ b/secure/lib/libcrypto/man/SSL_export_keying_material.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_EXPORT_KEYING_MATERIAL 3" -.TH SSL_EXPORT_KEYING_MATERIAL 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_EXPORT_KEYING_MATERIAL 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,14 +159,14 @@ SSL_export_keying_material, SSL_export_keying_material_early \&\- obtain keying .IX Header "DESCRIPTION" During the creation of a \s-1TLS\s0 or \s-1DTLS\s0 connection shared keying material is established between the two endpoints. The functions -\&\fISSL_export_keying_material()\fR and \fISSL_export_keying_material_early()\fR enable an +\&\fBSSL_export_keying_material()\fR and \fBSSL_export_keying_material_early()\fR enable an application to use some of this keying material for its own purposes in accordance with \s-1RFC5705\s0 (for TLSv1.2 and below) or \s-1RFC8446\s0 (for TLSv1.3). .PP -\&\fISSL_export_keying_material()\fR derives keying material using +\&\fBSSL_export_keying_material()\fR derives keying material using the \fIexporter_master_secret\fR established in the handshake. .PP -\&\fISSL_export_keying_material_early()\fR is only usable with TLSv1.3, and derives +\&\fBSSL_export_keying_material_early()\fR is only usable with TLSv1.3, and derives keying material using the \fIearly_exporter_master_secret\fR (as defined in the \&\s-1TLS 1.3 RFC\s0). For the client, the \fIearly_exporter_master_secret\fR is only available when the client attempts to send 0\-RTT data. For the server, it is @@ -190,18 +194,19 @@ An application specific label should be provided in the location pointed to by the \s-1IANA\s0 Exporter Label Registry (<https://www.iana.org/assignments/tls\-parameters/tls\-parameters.xhtml#exporter\-labels>). Alternatively labels beginning with \*(L"\s-1EXPERIMENTAL\*(R"\s0 are permitted by the standard -to be used without registration. +to be used without registration. TLSv1.3 imposes a maximum label length of +249 bytes. .PP Note that this function is only defined for TLSv1.0 and above, and DTLSv1.0 and above. Attempting to use it in SSLv3 will result in an error. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_export_keying_material()\fR returns 0 or \-1 on failure or 1 on success. +\&\fBSSL_export_keying_material()\fR returns 0 or \-1 on failure or 1 on success. .PP -\&\fISSL_export_keying_material_early()\fR returns 0 on failure or 1 on success. +\&\fBSSL_export_keying_material_early()\fR returns 0 on failure or 1 on success. .SH "HISTORY" .IX Header "HISTORY" -\&\fISSL_export_keying_material_early()\fR was first added in OpenSSL 1.1.1. +The \fBSSL_export_keying_material_early()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_extension_supported.3 b/secure/lib/libcrypto/man/SSL_extension_supported.3 index d9c24bee5880..dd0e53fcb619 100644 --- a/secure/lib/libcrypto/man/SSL_extension_supported.3 +++ b/secure/lib/libcrypto/man/SSL_extension_supported.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_EXTENSION_SUPPORTED 3" -.TH SSL_EXTENSION_SUPPORTED 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_EXTENSION_SUPPORTED 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -198,16 +202,16 @@ SSL_extension_supported, SSL_CTX_add_custom_ext, SSL_CTX_add_client_custom_ext, .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_add_custom_ext()\fR adds a custom extension for a \s-1TLS/DTLS\s0 client or server +\&\fBSSL_CTX_add_custom_ext()\fR adds a custom extension for a \s-1TLS/DTLS\s0 client or server for all supported protocol versions with extension type \fBext_type\fR and callbacks \fBadd_cb\fR, \fBfree_cb\fR and \fBparse_cb\fR (see the \&\*(L"\s-1EXTENSION CALLBACKS\*(R"\s0 section below). The \fBcontext\fR value determines which messages and under what conditions the extension will be added/parsed (see the \*(L"\s-1EXTENSION CONTEXTS\*(R"\s0 section below). .PP -\&\fISSL_CTX_add_client_custom_ext()\fR adds a custom extension for a \s-1TLS/DTLS\s0 client +\&\fBSSL_CTX_add_client_custom_ext()\fR adds a custom extension for a \s-1TLS/DTLS\s0 client with extension type \fBext_type\fR and callbacks \fBadd_cb\fR, \fBfree_cb\fR and -\&\fBparse_cb\fR. This function is similar to \fISSL_CTX_add_custom_ext()\fR except it only +\&\fBparse_cb\fR. This function is similar to \fBSSL_CTX_add_custom_ext()\fR except it only applies to clients, uses the older style of callbacks, and implicitly sets the \&\fBcontext\fR value to: .PP @@ -216,17 +220,17 @@ applies to clients, uses the older style of callbacks, and implicitly sets the \& | SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_IGNORE_ON_RESUMPTION .Ve .PP -\&\fISSL_CTX_add_server_custom_ext()\fR adds a custom extension for a \s-1TLS/DTLS\s0 server +\&\fBSSL_CTX_add_server_custom_ext()\fR adds a custom extension for a \s-1TLS/DTLS\s0 server with extension type \fBext_type\fR and callbacks \fBadd_cb\fR, \fBfree_cb\fR and -\&\fBparse_cb\fR. This function is similar to \fISSL_CTX_add_custom_ext()\fR except it +\&\fBparse_cb\fR. This function is similar to \fBSSL_CTX_add_custom_ext()\fR except it only applies to servers, uses the older style of callbacks, and implicitly sets -the \fBcontext\fR value to the same as for \fISSL_CTX_add_client_custom_ext()\fR above. +the \fBcontext\fR value to the same as for \fBSSL_CTX_add_client_custom_ext()\fR above. .PP The \fBext_type\fR parameter corresponds to the \fBextension_type\fR field of \&\s-1RFC5246\s0 et al. It is \fBnot\fR a \s-1NID.\s0 In all cases the extension type must not be handled by OpenSSL internally or an error occurs. .PP -\&\fISSL_extension_supported()\fR returns 1 if the extension \fBext_type\fR is handled +\&\fBSSL_extension_supported()\fR returns 1 if the extension \fBext_type\fR is handled internally by OpenSSL and 0 otherwise. .SH "EXTENSION CALLBACKS" .IX Header "EXTENSION CALLBACKS" @@ -373,18 +377,18 @@ callback is called at most once and that an application can never send unsolicited extensions. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_add_custom_ext()\fR, \fISSL_CTX_add_client_custom_ext()\fR and -\&\fISSL_CTX_add_server_custom_ext()\fR return 1 for success and 0 for failure. A +\&\fBSSL_CTX_add_custom_ext()\fR, \fBSSL_CTX_add_client_custom_ext()\fR and +\&\fBSSL_CTX_add_server_custom_ext()\fR return 1 for success and 0 for failure. A failure can occur if an attempt is made to add the same \fBext_type\fR more than once, if an attempt is made to use an extension type handled internally by OpenSSL or if an internal error occurs (for example a memory allocation failure). .PP -\&\fISSL_extension_supported()\fR returns 1 if the extension \fBext_type\fR is handled +\&\fBSSL_extension_supported()\fR returns 1 if the extension \fBext_type\fR is handled internally by OpenSSL and 0 otherwise. .SH "HISTORY" .IX Header "HISTORY" -The function \fISSL_CTX_add_custom_ext()\fR was added in OpenSSL 1.1.1. +The \fBSSL_CTX_add_custom_ext()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2014\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_free.3 b/secure/lib/libcrypto/man/SSL_free.3 index 8daddfba3af2..cf75d95e899a 100644 --- a/secure/lib/libcrypto/man/SSL_free.3 +++ b/secure/lib/libcrypto/man/SSL_free.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_FREE 3" -.TH SSL_FREE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_FREE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,33 +149,33 @@ SSL_free \- free an allocated SSL structure .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_free()\fR decrements the reference count of \fBssl\fR, and removes the \s-1SSL\s0 +\&\fBSSL_free()\fR decrements the reference count of \fBssl\fR, and removes the \s-1SSL\s0 structure pointed to by \fBssl\fR and frees up the allocated memory if the reference count has reached 0. If \fBssl\fR is \s-1NULL\s0 nothing is done. .SH "NOTES" .IX Header "NOTES" -\&\fISSL_free()\fR also calls the \fIfree()\fRing procedures for indirectly affected items, if +\&\fBSSL_free()\fR also calls the \fBfree()\fRing procedures for indirectly affected items, if applicable: the buffering \s-1BIO,\s0 the read and write BIOs, cipher lists specially created for this \fBssl\fR, the \fB\s-1SSL_SESSION\s0\fR. Do not explicitly free these indirectly freed up items before or after -calling \fISSL_free()\fR, as trying to free things twice may lead to program +calling \fBSSL_free()\fR, as trying to free things twice may lead to program failure. .PP The ssl session has reference counts from two users: the \s-1SSL\s0 object, for -which the reference count is removed by \fISSL_free()\fR and the internal +which the reference count is removed by \fBSSL_free()\fR and the internal session cache. If the session is considered bad, because -\&\fISSL_shutdown\fR\|(3) was not called for the connection -and \fISSL_set_shutdown\fR\|(3) was not used to set the +\&\fBSSL_shutdown\fR\|(3) was not called for the connection +and \fBSSL_set_shutdown\fR\|(3) was not used to set the \&\s-1SSL_SENT_SHUTDOWN\s0 state, the session will also be removed from the session cache as required by \s-1RFC2246.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_free()\fR does not provide diagnostic information. +\&\fBSSL_free()\fR does not provide diagnostic information. .PP -\&\fISSL_new\fR\|(3), \fISSL_clear\fR\|(3), -\&\fISSL_shutdown\fR\|(3), \fISSL_set_shutdown\fR\|(3), -\&\fIssl\fR\|(7) +\&\fBSSL_new\fR\|(3), \fBSSL_clear\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), \fBSSL_set_shutdown\fR\|(3), +\&\fBssl\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_get0_peer_scts.3 b/secure/lib/libcrypto/man/SSL_get0_peer_scts.3 index 7b41dfc59295..db93cbae7714 100644 --- a/secure/lib/libcrypto/man/SSL_get0_peer_scts.3 +++ b/secure/lib/libcrypto/man/SSL_get0_peer_scts.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET0_PEER_SCTS 3" -.TH SSL_GET0_PEER_SCTS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_GET0_PEER_SCTS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,7 +149,7 @@ SSL_get0_peer_scts \- get SCTs received .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get0_peer_scts()\fR returns the signed certificate timestamps (SCTs) that have +\&\fBSSL_get0_peer_scts()\fR returns the signed certificate timestamps (SCTs) that have been received. If this is the first time that this function has been called for a given \fB\s-1SSL\s0\fR instance, it will examine the \s-1TLS\s0 extensions, \s-1OCSP\s0 response and the peer's certificate for SCTs. Future calls will return the same SCTs. @@ -157,11 +161,11 @@ this function is not guaranteed to return all of the SCTs that the peer is capable of sending. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_get0_peer_scts()\fR returns a list of SCTs found, or \s-1NULL\s0 if an error occurs. +\&\fBSSL_get0_peer_scts()\fR returns a list of SCTs found, or \s-1NULL\s0 if an error occurs. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), -\&\fISSL_CTX_set_ct_validation_callback\fR\|(3) +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_ct_validation_callback\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3 b/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3 index 9f1c2caff40e..7673a90a8888 100644 --- a/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3 +++ b/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_SSL_CTX 3" -.TH SSL_GET_SSL_CTX 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_GET_SSL_CTX 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,14 +149,14 @@ SSL_get_SSL_CTX \- get the SSL_CTX from which an SSL is created .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_SSL_CTX()\fR returns a pointer to the \s-1SSL_CTX\s0 object, from which -\&\fBssl\fR was created with \fISSL_new\fR\|(3). +\&\fBSSL_get_SSL_CTX()\fR returns a pointer to the \s-1SSL_CTX\s0 object, from which +\&\fBssl\fR was created with \fBSSL_new\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" The pointer to the \s-1SSL_CTX\s0 object is returned. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_new\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_get_all_async_fds.3 b/secure/lib/libcrypto/man/SSL_get_all_async_fds.3 index 97851f7d9d3d..9e6c70f69326 100644 --- a/secure/lib/libcrypto/man/SSL_get_all_async_fds.3 +++ b/secure/lib/libcrypto/man/SSL_get_all_async_fds.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_ALL_ASYNC_FDS 3" -.TH SSL_GET_ALL_ASYNC_FDS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_GET_ALL_ASYNC_FDS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,17 +153,17 @@ SSL_waiting_for_async, SSL_get_all_async_fds, SSL_get_changed_async_fds \&\- man .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_waiting_for_async()\fR determines whether an \s-1SSL\s0 connection is currently +\&\fBSSL_waiting_for_async()\fR determines whether an \s-1SSL\s0 connection is currently waiting for asynchronous operations to complete (see the \s-1SSL_MODE_ASYNC\s0 mode in -\&\fISSL_CTX_set_mode\fR\|(3)). +\&\fBSSL_CTX_set_mode\fR\|(3)). .PP -\&\fISSL_get_all_async_fds()\fR returns a list of file descriptor which can be used in a -call to \fIselect()\fR or \fIpoll()\fR to determine whether the current asynchronous +\&\fBSSL_get_all_async_fds()\fR returns a list of file descriptor which can be used in a +call to \fBselect()\fR or \fBpoll()\fR to determine whether the current asynchronous operation has completed or not. A completed operation will result in data appearing as \*(L"read ready\*(R" on the file descriptor (no actual data should be read from the file descriptor). This function should only be called if the \s-1SSL\s0 object is currently waiting for asynchronous work to complete (i.e. -\&\s-1SSL_ERROR_WANT_ASYNC\s0 has been received \- see \fISSL_get_error\fR\|(3)). Typically the +\&\s-1SSL_ERROR_WANT_ASYNC\s0 has been received \- see \fBSSL_get_error\fR\|(3)). Typically the list will only contain one file descriptor. However if multiple asynchronous capable engines are in use then more than one is possible. The number of file descriptors returned is stored in \fB*numfds\fR and the file descriptors themselves @@ -169,20 +173,20 @@ responsibility to ensure sufficient memory is allocated at \fB*fds\fR so typical this function is called twice (once with a \s-1NULL\s0 \fBfds\fR parameter and once without). .PP -\&\fISSL_get_changed_async_fds()\fR returns a list of the asynchronous file descriptors +\&\fBSSL_get_changed_async_fds()\fR returns a list of the asynchronous file descriptors that have been added and a list that have been deleted since the last \&\s-1SSL_ERROR_WANT_ASYNC\s0 was received (or since the \s-1SSL\s0 object was created if no -\&\s-1SSL_ERROR_WANT_ASYNC\s0 has been received). Similar to \fISSL_get_all_async_fds()\fR it +\&\s-1SSL_ERROR_WANT_ASYNC\s0 has been received). Similar to \fBSSL_get_all_async_fds()\fR it is the callers responsibility to ensure that \fB*addfd\fR and \fB*delfd\fR have sufficient memory allocated, although they may be \s-1NULL.\s0 The number of added fds and the number of deleted fds are stored in \fB*numaddfds\fR and \fB*numdelfds\fR respectively. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_waiting_for_async()\fR will return 1 if the current \s-1SSL\s0 operation is waiting +\&\fBSSL_waiting_for_async()\fR will return 1 if the current \s-1SSL\s0 operation is waiting for an async operation to complete and 0 otherwise. .PP -\&\fISSL_get_all_async_fds()\fR and \fISSL_get_changed_async_fds()\fR return 1 on success or +\&\fBSSL_get_all_async_fds()\fR and \fBSSL_get_changed_async_fds()\fR return 1 on success or 0 on error. .SH "NOTES" .IX Header "NOTES" @@ -194,11 +198,11 @@ it is defined as an application developer's responsibility to include windows.h prior to async.h. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_get_error\fR\|(3), \fISSL_CTX_set_mode\fR\|(3) +\&\fBSSL_get_error\fR\|(3), \fBSSL_CTX_set_mode\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fISSL_waiting_for_async()\fR, \fISSL_get_all_async_fds()\fR and \fISSL_get_changed_async_fds()\fR -were first added to OpenSSL 1.1.0. +The \fBSSL_waiting_for_async()\fR, \fBSSL_get_all_async_fds()\fR +and \fBSSL_get_changed_async_fds()\fR functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_get_ciphers.3 b/secure/lib/libcrypto/man/SSL_get_ciphers.3 index 6d2d782ad078..4f1d6d2a292a 100644 --- a/secure/lib/libcrypto/man/SSL_get_ciphers.3 +++ b/secure/lib/libcrypto/man/SSL_get_ciphers.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_CIPHERS 3" -.TH SSL_GET_CIPHERS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_GET_CIPHERS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,13 +157,13 @@ SSL_get1_supported_ciphers, SSL_get_client_ciphers, SSL_get_ciphers, SSL_CTX_get .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_ciphers()\fR returns the stack of available SSL_CIPHERs for \fBssl\fR, +\&\fBSSL_get_ciphers()\fR returns the stack of available SSL_CIPHERs for \fBssl\fR, sorted by preference. If \fBssl\fR is \s-1NULL\s0 or no ciphers are available, \s-1NULL\s0 is returned. .PP -\&\fISSL_CTX_get_ciphers()\fR returns the stack of available SSL_CIPHERs for \fBctx\fR. +\&\fBSSL_CTX_get_ciphers()\fR returns the stack of available SSL_CIPHERs for \fBctx\fR. .PP -\&\fISSL_get1_supported_ciphers()\fR returns the stack of enabled SSL_CIPHERs for +\&\fBSSL_get1_supported_ciphers()\fR returns the stack of enabled SSL_CIPHERs for \&\fBssl\fR as would be sent in a ClientHello (that is, sorted by preference). The list depends on settings like the cipher list, the supported protocol versions, the security level, and the enabled signature algorithms. @@ -172,11 +176,11 @@ a gap in the list of supported protocols, and some ciphers may not be usable by a server if there is not a suitable certificate configured. If \fBssl\fR is \s-1NULL\s0 or no ciphers are available, \s-1NULL\s0 is returned. .PP -\&\fISSL_get_client_ciphers()\fR returns the stack of available SSL_CIPHERs matching the +\&\fBSSL_get_client_ciphers()\fR returns the stack of available SSL_CIPHERs matching the list received from the client on \fBssl\fR. If \fBssl\fR is \s-1NULL,\s0 no ciphers are available, or \fBssl\fR is not operating in server mode, \s-1NULL\s0 is returned. .PP -\&\fISSL_bytes_to_cipher_list()\fR treats the supplied \fBlen\fR octets in \fBbytes\fR +\&\fBSSL_bytes_to_cipher_list()\fR treats the supplied \fBlen\fR octets in \fBbytes\fR as a wire-protocol cipher suite specification (in the three-octet-per-cipher SSLv2 wire format if \fBisv2format\fR is nonzero; otherwise the two-octet SSLv3/TLS wire format), and parses the cipher suites supported by the library @@ -184,12 +188,12 @@ into the returned stacks of \s-1SSL_CIPHER\s0 objects sk and Signalling Cipher-S Values scsvs. Unsupported cipher suites are ignored. Returns 1 on success and 0 on failure. .PP -\&\fISSL_get_cipher_list()\fR returns a pointer to the name of the \s-1SSL_CIPHER\s0 +\&\fBSSL_get_cipher_list()\fR returns a pointer to the name of the \s-1SSL_CIPHER\s0 listed for \fBssl\fR with \fBpriority\fR. If \fBssl\fR is \s-1NULL,\s0 no ciphers are available, or there are less ciphers than \fBpriority\fR available, \s-1NULL\s0 is returned. .PP -\&\fISSL_get_shared_ciphers()\fR creates a colon separated and \s-1NUL\s0 terminated list of +\&\fBSSL_get_shared_ciphers()\fR creates a colon separated and \s-1NUL\s0 terminated list of \&\s-1SSL_CIPHER\s0 names that are available in both the client and the server. \fBbuf\fR is the buffer that should be populated with the list of names and \fBsize\fR is the size of that buffer. A pointer to \fBbuf\fR is returned on success or \s-1NULL\s0 on @@ -197,36 +201,36 @@ error. If the supplied buffer is not large enough to contain the complete list of names then a truncated list of names will be returned. Note that just because a ciphersuite is available (i.e. it is configured in the cipher list) and shared by both the client and the server it does not mean that it is enabled (see the -description of \fISSL_get1_supported_ciphers()\fR above). This function will return +description of \fBSSL_get1_supported_ciphers()\fR above). This function will return available shared ciphersuites whether or not they are enabled. This is a server side function only and must only be called after the completion of the initial handshake. .SH "NOTES" .IX Header "NOTES" -The details of the ciphers obtained by \fISSL_get_ciphers()\fR, \fISSL_CTX_get_ciphers()\fR -\&\fISSL_get1_supported_ciphers()\fR and \fISSL_get_client_ciphers()\fR can be obtained using -the \fISSL_CIPHER_get_name\fR\|(3) family of functions. +The details of the ciphers obtained by \fBSSL_get_ciphers()\fR, \fBSSL_CTX_get_ciphers()\fR +\&\fBSSL_get1_supported_ciphers()\fR and \fBSSL_get_client_ciphers()\fR can be obtained using +the \fBSSL_CIPHER_get_name\fR\|(3) family of functions. .PP -Call \fISSL_get_cipher_list()\fR with \fBpriority\fR starting from 0 to obtain the +Call \fBSSL_get_cipher_list()\fR with \fBpriority\fR starting from 0 to obtain the sorted list of available ciphers, until \s-1NULL\s0 is returned. .PP -Note: \fISSL_get_ciphers()\fR, \fISSL_CTX_get_ciphers()\fR and \fISSL_get_client_ciphers()\fR +Note: \fBSSL_get_ciphers()\fR, \fBSSL_CTX_get_ciphers()\fR and \fBSSL_get_client_ciphers()\fR return a pointer to an internal cipher stack, which will be freed later on when the \s-1SSL\s0 or \s-1SSL_SESSION\s0 object is freed. Therefore, the calling code \fB\s-1MUST NOT\s0\fR free the return value itself. .PP -The stack returned by \fISSL_get1_supported_ciphers()\fR should be freed using -\&\fIsk_SSL_CIPHER_free()\fR. +The stack returned by \fBSSL_get1_supported_ciphers()\fR should be freed using +\&\fBsk_SSL_CIPHER_free()\fR. .PP -The stacks returned by \fISSL_bytes_to_cipher_list()\fR should be freed using -\&\fIsk_SSL_CIPHER_free()\fR. +The stacks returned by \fBSSL_bytes_to_cipher_list()\fR should be freed using +\&\fBsk_SSL_CIPHER_free()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" See \s-1DESCRIPTION\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_CTX_set_cipher_list\fR\|(3), -\&\fISSL_CIPHER_get_name\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_CTX_set_cipher_list\fR\|(3), +\&\fBSSL_CIPHER_get_name\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_get_client_random.3 b/secure/lib/libcrypto/man/SSL_get_client_random.3 index df66be4a6925..b6ca1a949eca 100644 --- a/secure/lib/libcrypto/man/SSL_get_client_random.3 +++ b/secure/lib/libcrypto/man/SSL_get_client_random.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_CLIENT_RANDOM 3" -.TH SSL_GET_CLIENT_RANDOM 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_GET_CLIENT_RANDOM 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,24 +154,24 @@ SSL_get_client_random, SSL_get_server_random, SSL_SESSION_get_master_key, SSL_SE .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_client_random()\fR extracts the random value sent from the client +\&\fBSSL_get_client_random()\fR extracts the random value sent from the client to the server during the initial \s-1SSL/TLS\s0 handshake. It copies as many bytes as it can of this value into the buffer provided in \fBout\fR, which must have at least \fBoutlen\fR bytes available. It returns the total number of bytes that were actually copied. If \fBoutlen\fR is -zero, \fISSL_get_client_random()\fR copies nothing, and returns the +zero, \fBSSL_get_client_random()\fR copies nothing, and returns the total size of the client_random value. .PP -\&\fISSL_get_server_random()\fR behaves the same, but extracts the random value +\&\fBSSL_get_server_random()\fR behaves the same, but extracts the random value sent from the server to the client during the initial \s-1SSL/TLS\s0 handshake. .PP -\&\fISSL_SESSION_get_master_key()\fR behaves the same, but extracts the master +\&\fBSSL_SESSION_get_master_key()\fR behaves the same, but extracts the master secret used to guarantee the security of the \s-1SSL/TLS\s0 session. This one can be dangerous if misused; see \s-1NOTES\s0 below. .PP -\&\fISSL_SESSION_set1_master_key()\fR sets the master key value associated with the +\&\fBSSL_SESSION_set1_master_key()\fR sets the master key value associated with the \&\s-1SSL_SESSION\s0 \fBsess\fR. For example, this could be used to set up a session based -\&\s-1PSK\s0 (see \fISSL_CTX_set_psk_use_session_callback\fR\|(3)). The master key of length +\&\s-1PSK\s0 (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)). The master key of length \&\fBlen\fR should be provided at \fBin\fR. The supplied master key is copied by the function, so the caller is responsible for freeing and cleaning any memory associated with \fBin\fR. The caller must ensure that the length of the key is @@ -181,20 +185,20 @@ use in low-level protocols. You probably should not use them, unless you are implementing something that needs access to the internal protocol details. .PP -Despite the names of \fISSL_get_client_random()\fR and \fISSL_get_server_random()\fR, they +Despite the names of \fBSSL_get_client_random()\fR and \fBSSL_get_server_random()\fR, they \&\s-1ARE NOT\s0 random number generators. Instead, they return the mostly-random values that were already generated and used in the \s-1TLS\s0 protocol. Using them -in place of \fIRAND_bytes()\fR would be grossly foolish. +in place of \fBRAND_bytes()\fR would be grossly foolish. .PP The security of your \s-1TLS\s0 session depends on keeping the master key secret: do not expose it, or any information about it, to anybody. If you need to calculate another secret value that depends on the master -secret, you should probably use \fISSL_export_keying_material()\fR instead, and +secret, you should probably use \fBSSL_export_keying_material()\fR instead, and forget that you ever saw these functions. .PP In current versions of the \s-1TLS\s0 protocols, the length of client_random (and also server_random) is always \s-1SSL3_RANDOM_SIZE\s0 bytes. Support for -other outlen arguments to the SSL_get_*\fI_random()\fR functions is provided +other outlen arguments to the SSL_get_*\fB_random()\fR functions is provided in case of the unlikely event that a future version or variant of \s-1TLS\s0 uses some other length there. .PP @@ -203,7 +207,7 @@ Finally, though the \*(L"client_random\*(R" and \*(L"server_random\*(R" values a values based on their view of the current time. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_SESSION_set1_master_key()\fR returns 1 on success or 0 on failure. +\&\fBSSL_SESSION_set1_master_key()\fR returns 1 on success or 0 on failure. .PP For the other functions, if \fBoutlen\fR is greater than 0 then these functions return the number of bytes actually copied, which will be less than or equal to @@ -211,10 +215,10 @@ return the number of bytes actually copied, which will be less than or equal to of bytes they would copy \*(-- that is, the length of the underlying field. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), -\&\fIRAND_bytes\fR\|(3), -\&\fISSL_export_keying_material\fR\|(3), -\&\fISSL_CTX_set_psk_use_session_callback\fR\|(3) +\&\fBssl\fR\|(7), +\&\fBRAND_bytes\fR\|(3), +\&\fBSSL_export_keying_material\fR\|(3), +\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_get_current_cipher.3 b/secure/lib/libcrypto/man/SSL_get_current_cipher.3 index 0ff62b8e0306..d9b4d1502893 100644 --- a/secure/lib/libcrypto/man/SSL_get_current_cipher.3 +++ b/secure/lib/libcrypto/man/SSL_get_current_cipher.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_CURRENT_CIPHER 3" -.TH SSL_GET_CURRENT_CIPHER 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_GET_CURRENT_CIPHER 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,33 +155,33 @@ SSL_get_current_cipher, SSL_get_cipher_name, SSL_get_cipher, SSL_get_cipher_bits .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_current_cipher()\fR returns a pointer to an \s-1SSL_CIPHER\s0 object containing +\&\fBSSL_get_current_cipher()\fR returns a pointer to an \s-1SSL_CIPHER\s0 object containing the description of the actually used cipher of a connection established with the \fBssl\fR object. -See \fISSL_CIPHER_get_name\fR\|(3) for more details. +See \fBSSL_CIPHER_get_name\fR\|(3) for more details. .PP -\&\fISSL_get_cipher_name()\fR obtains the +\&\fBSSL_get_cipher_name()\fR obtains the name of the currently used cipher. -\&\fISSL_get_cipher()\fR is identical to \fISSL_get_cipher_name()\fR. -\&\fISSL_get_cipher_bits()\fR is a +\&\fBSSL_get_cipher()\fR is identical to \fBSSL_get_cipher_name()\fR. +\&\fBSSL_get_cipher_bits()\fR is a macro to obtain the number of secret/algorithm bits used and -\&\fISSL_get_cipher_version()\fR returns the protocol name. +\&\fBSSL_get_cipher_version()\fR returns the protocol name. .PP -\&\fISSL_get_pending_cipher()\fR returns a pointer to an \s-1SSL_CIPHER\s0 object containing +\&\fBSSL_get_pending_cipher()\fR returns a pointer to an \s-1SSL_CIPHER\s0 object containing the description of the cipher (if any) that has been negotiated for future use on the connection established with the \fBssl\fR object, but is not yet in use. This may be the case during handshake processing, when control flow can be returned to the application via any of several callback methods. The internal sequencing of handshake processing and callback invocation is not guaranteed to be stable from release to release, and at present only the callback set -by \fISSL_CTX_set_alpn_select_cb()\fR is guaranteed to have a non-NULL return value. +by \fBSSL_CTX_set_alpn_select_cb()\fR is guaranteed to have a non-NULL return value. Other callbacks may be added to this list over time. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_get_current_cipher()\fR returns the cipher actually used, or \s-1NULL\s0 if +\&\fBSSL_get_current_cipher()\fR returns the cipher actually used, or \s-1NULL\s0 if no session has been established. .PP -\&\fISSL_get_pending_cipher()\fR returns the cipher to be used at the next change +\&\fBSSL_get_pending_cipher()\fR returns the cipher to be used at the next change of cipher suite, or \s-1NULL\s0 if no such cipher is known. .SH "NOTES" .IX Header "NOTES" @@ -185,7 +189,7 @@ SSL_get_cipher, SSL_get_cipher_bits, SSL_get_cipher_version, and SSL_get_cipher_name are implemented as macros. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_CIPHER_get_name\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_CIPHER_get_name\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_get_default_timeout.3 b/secure/lib/libcrypto/man/SSL_get_default_timeout.3 index 490139ab856b..0a0cc0938bd1 100644 --- a/secure/lib/libcrypto/man/SSL_get_default_timeout.3 +++ b/secure/lib/libcrypto/man/SSL_get_default_timeout.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_DEFAULT_TIMEOUT 3" -.TH SSL_GET_DEFAULT_TIMEOUT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_GET_DEFAULT_TIMEOUT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,28 +149,28 @@ SSL_get_default_timeout \- get default session timeout value .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_default_timeout()\fR returns the default timeout value assigned to +\&\fBSSL_get_default_timeout()\fR returns the default timeout value assigned to \&\s-1SSL_SESSION\s0 objects negotiated for the protocol valid for \fBssl\fR. .SH "NOTES" .IX Header "NOTES" Whenever a new session is negotiated, it is assigned a timeout value, after which it will not be accepted for session reuse. If the timeout value was not explicitly set using -\&\fISSL_CTX_set_timeout\fR\|(3), the hardcoded default +\&\fBSSL_CTX_set_timeout\fR\|(3), the hardcoded default timeout for the protocol will be used. .PP -\&\fISSL_get_default_timeout()\fR return this hardcoded value, which is 300 seconds +\&\fBSSL_get_default_timeout()\fR return this hardcoded value, which is 300 seconds for all currently supported protocols. .SH "RETURN VALUES" .IX Header "RETURN VALUES" See description. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), -\&\fISSL_CTX_set_session_cache_mode\fR\|(3), -\&\fISSL_SESSION_get_time\fR\|(3), -\&\fISSL_CTX_flush_sessions\fR\|(3), -\&\fISSL_get_default_timeout\fR\|(3) +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_SESSION_get_time\fR\|(3), +\&\fBSSL_CTX_flush_sessions\fR\|(3), +\&\fBSSL_get_default_timeout\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_get_error.3 b/secure/lib/libcrypto/man/SSL_get_error.3 index 5a2d20158004..aa56b83544a4 100644 --- a/secure/lib/libcrypto/man/SSL_get_error.3 +++ b/secure/lib/libcrypto/man/SSL_get_error.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_ERROR 3" -.TH SSL_GET_ERROR 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_GET_ERROR 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,18 +149,18 @@ SSL_get_error \- obtain result code for TLS/SSL I/O operation .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_error()\fR returns a result code (suitable for the C \*(L"switch\*(R" -statement) for a preceding call to \fISSL_connect()\fR, \fISSL_accept()\fR, \fISSL_do_handshake()\fR, -\&\fISSL_read_ex()\fR, \fISSL_read()\fR, \fISSL_peek_ex()\fR, \fISSL_peek()\fR, \fISSL_write_ex()\fR or -\&\fISSL_write()\fR on \fBssl\fR. The value returned by that \s-1TLS/SSL I/O\s0 function must be -passed to \fISSL_get_error()\fR in parameter \fBret\fR. +\&\fBSSL_get_error()\fR returns a result code (suitable for the C \*(L"switch\*(R" +statement) for a preceding call to \fBSSL_connect()\fR, \fBSSL_accept()\fR, \fBSSL_do_handshake()\fR, +\&\fBSSL_read_ex()\fR, \fBSSL_read()\fR, \fBSSL_peek_ex()\fR, \fBSSL_peek()\fR, \fBSSL_write_ex()\fR or +\&\fBSSL_write()\fR on \fBssl\fR. The value returned by that \s-1TLS/SSL I/O\s0 function must be +passed to \fBSSL_get_error()\fR in parameter \fBret\fR. .PP -In addition to \fBssl\fR and \fBret\fR, \fISSL_get_error()\fR inspects the -current thread's OpenSSL error queue. Thus, \fISSL_get_error()\fR must be +In addition to \fBssl\fR and \fBret\fR, \fBSSL_get_error()\fR inspects the +current thread's OpenSSL error queue. Thus, \fBSSL_get_error()\fR must be used in the same thread that performed the \s-1TLS/SSL I/O\s0 operation, and no other OpenSSL function calls should appear in between. The current thread's error queue must be empty before the \s-1TLS/SSL I/O\s0 operation is -attempted, or \fISSL_get_error()\fR will not work reliably. +attempted, or \fBSSL_get_error()\fR will not work reliably. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can currently occur: @@ -182,10 +186,10 @@ operation. If at a later time the underlying \fB\s-1BIO\s0\fR has data available for reading the same function can be called again. .Sp -\&\fISSL_read()\fR and \fISSL_read_ex()\fR can also set \fB\s-1SSL_ERROR_WANT_READ\s0\fR when there is +\&\fBSSL_read()\fR and \fBSSL_read_ex()\fR can also set \fB\s-1SSL_ERROR_WANT_READ\s0\fR when there is still unprocessed data available at either the \fB\s-1SSL\s0\fR or the \fB\s-1BIO\s0\fR layer, even for a blocking \fB\s-1BIO\s0\fR. -See \fISSL_read\fR\|(3) for more information. +See \fBSSL_read\fR\|(3) for more information. .Sp \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR is returned when the last operation was a write to a non-blocking \fB\s-1BIO\s0\fR and it was unable to sent all data to the \fB\s-1BIO\s0\fR. @@ -197,85 +201,88 @@ There is no fixed upper limit for the number of iterations that may be necessary until progress becomes visible at application protocol level. .Sp -It is safe to call \fISSL_read()\fR or \fISSL_read_ex()\fR when more data is available -even when the call that set this error was an \fISSL_write()\fR or \fISSL_write_ex()\fR. -However if the call was an \fISSL_write()\fR or \fISSL_write_ex()\fR, it should be called +It is safe to call \fBSSL_read()\fR or \fBSSL_read_ex()\fR when more data is available +even when the call that set this error was an \fBSSL_write()\fR or \fBSSL_write_ex()\fR. +However if the call was an \fBSSL_write()\fR or \fBSSL_write_ex()\fR, it should be called again to continue sending the application data. .Sp -For socket \fB\s-1BIO\s0\fRs (e.g. when \fISSL_set_fd()\fR was used), \fIselect()\fR or -\&\fIpoll()\fR on the underlying socket can be used to find out when the +For socket \fB\s-1BIO\s0\fRs (e.g. when \fBSSL_set_fd()\fR was used), \fBselect()\fR or +\&\fBpoll()\fR on the underlying socket can be used to find out when the \&\s-1TLS/SSL I/O\s0 function should be retried. .Sp Caveat: Any \s-1TLS/SSL I/O\s0 function can lead to either of \&\fB\s-1SSL_ERROR_WANT_READ\s0\fR and \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. In particular, -\&\fISSL_read_ex()\fR, \fISSL_read()\fR, \fISSL_peek_ex()\fR, or \fISSL_peek()\fR may want to write data -and \fISSL_write()\fR or \fISSL_write_ex()\fR may want to read data. +\&\fBSSL_read_ex()\fR, \fBSSL_read()\fR, \fBSSL_peek_ex()\fR, or \fBSSL_peek()\fR may want to write data +and \fBSSL_write()\fR or \fBSSL_write_ex()\fR may want to read data. This is mainly because \&\s-1TLS/SSL\s0 handshakes may occur at any time during the protocol (initiated by -either the client or the server); \fISSL_read_ex()\fR, \fISSL_read()\fR, \fISSL_peek_ex()\fR, -\&\fISSL_peek()\fR, \fISSL_write_ex()\fR, and \fISSL_write()\fR will handle any pending handshakes. +either the client or the server); \fBSSL_read_ex()\fR, \fBSSL_read()\fR, \fBSSL_peek_ex()\fR, +\&\fBSSL_peek()\fR, \fBSSL_write_ex()\fR, and \fBSSL_write()\fR will handle any pending handshakes. .IP "\s-1SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT\s0" 4 .IX Item "SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT" The operation did not complete; the same \s-1TLS/SSL I/O\s0 function should be called again later. The underlying \s-1BIO\s0 was not connected yet to the peer -and the call would block in \fIconnect()\fR/\fIaccept()\fR. The \s-1SSL\s0 function should be +and the call would block in \fBconnect()\fR/\fBaccept()\fR. The \s-1SSL\s0 function should be called again when the connection is established. These messages can only -appear with a \fIBIO_s_connect()\fR or \fIBIO_s_accept()\fR \s-1BIO,\s0 respectively. +appear with a \fBBIO_s_connect()\fR or \fBBIO_s_accept()\fR \s-1BIO,\s0 respectively. In order to find out, when the connection has been successfully established, -on many platforms \fIselect()\fR or \fIpoll()\fR for writing on the socket file descriptor +on many platforms \fBselect()\fR or \fBpoll()\fR for writing on the socket file descriptor can be used. .IP "\s-1SSL_ERROR_WANT_X509_LOOKUP\s0" 4 .IX Item "SSL_ERROR_WANT_X509_LOOKUP" The operation did not complete because an application callback set by -\&\fISSL_CTX_set_client_cert_cb()\fR has asked to be called again. +\&\fBSSL_CTX_set_client_cert_cb()\fR has asked to be called again. The \s-1TLS/SSL I/O\s0 function should be called again later. Details depend on the application. .IP "\s-1SSL_ERROR_WANT_ASYNC\s0" 4 .IX Item "SSL_ERROR_WANT_ASYNC" The operation did not complete because an asynchronous engine is still processing data. This will only occur if the mode has been set to \s-1SSL_MODE_ASYNC\s0 -using \fISSL_CTX_set_mode\fR\|(3) or \fISSL_set_mode\fR\|(3) and an asynchronous capable +using \fBSSL_CTX_set_mode\fR\|(3) or \fBSSL_set_mode\fR\|(3) and an asynchronous capable engine is being used. An application can determine whether the engine has -completed its processing using \fIselect()\fR or \fIpoll()\fR on the asynchronous wait file +completed its processing using \fBselect()\fR or \fBpoll()\fR on the asynchronous wait file descriptor. This file descriptor is available by calling -\&\fISSL_get_all_async_fds\fR\|(3) or \fISSL_get_changed_async_fds\fR\|(3). The \s-1TLS/SSL I/O\s0 +\&\fBSSL_get_all_async_fds\fR\|(3) or \fBSSL_get_changed_async_fds\fR\|(3). The \s-1TLS/SSL I/O\s0 function should be called again later. The function \fBmust\fR be called from the same thread that the original call was made from. .IP "\s-1SSL_ERROR_WANT_ASYNC_JOB\s0" 4 .IX Item "SSL_ERROR_WANT_ASYNC_JOB" The asynchronous job could not be started because there were no async jobs -available in the pool (see \fIASYNC_init_thread\fR\|(3)). This will only occur if the -mode has been set to \s-1SSL_MODE_ASYNC\s0 using \fISSL_CTX_set_mode\fR\|(3) or -\&\fISSL_set_mode\fR\|(3) and a maximum limit has been set on the async job pool -through a call to \fIASYNC_init_thread\fR\|(3). The application should retry the +available in the pool (see \fBASYNC_init_thread\fR\|(3)). This will only occur if the +mode has been set to \s-1SSL_MODE_ASYNC\s0 using \fBSSL_CTX_set_mode\fR\|(3) or +\&\fBSSL_set_mode\fR\|(3) and a maximum limit has been set on the async job pool +through a call to \fBASYNC_init_thread\fR\|(3). The application should retry the operation after a currently executing asynchronous operation for the current thread has completed. .IP "\s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0" 4 .IX Item "SSL_ERROR_WANT_CLIENT_HELLO_CB" The operation did not complete because an application callback set by -\&\fISSL_CTX_set_client_hello_cb()\fR has asked to be called again. +\&\fBSSL_CTX_set_client_hello_cb()\fR has asked to be called again. The \s-1TLS/SSL I/O\s0 function should be called again later. Details depend on the application. .IP "\s-1SSL_ERROR_SYSCALL\s0" 4 .IX Item "SSL_ERROR_SYSCALL" -Some non-recoverable I/O error occurred. -The OpenSSL error queue may contain more information on the error. -For socket I/O on Unix systems, consult \fBerrno\fR for details. +Some non-recoverable, fatal I/O error occurred. The OpenSSL error queue may +contain more information on the error. For socket I/O on Unix systems, consult +\&\fBerrno\fR for details. If this error occurs then no further I/O operations should +be performed on the connection and \fBSSL_shutdown()\fR must not be called. .Sp This value can also be returned for other errors, check the error queue for details. .IP "\s-1SSL_ERROR_SSL\s0" 4 .IX Item "SSL_ERROR_SSL" -A failure in the \s-1SSL\s0 library occurred, usually a protocol error. The -OpenSSL error queue contains more information on the error. +A non-recoverable, fatal error in the \s-1SSL\s0 library occurred, usually a protocol +error. The OpenSSL error queue contains more information on the error. If this +error occurs then no further I/O operations should be performed on the +connection and \fBSSL_shutdown()\fR must not be called. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7) +\&\fBssl\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" -\&\s-1SSL_ERROR_WANT_ASYNC\s0 was added in OpenSSL 1.1.0. -\&\s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0 was added in OpenSSL 1.1.1. +The \s-1SSL_ERROR_WANT_ASYNC\s0 error code was added in OpenSSL 1.1.0. +The \s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0 error code was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_get_extms_support.3 b/secure/lib/libcrypto/man/SSL_get_extms_support.3 index c0e53e25db3b..8911e370c159 100644 --- a/secure/lib/libcrypto/man/SSL_get_extms_support.3 +++ b/secure/lib/libcrypto/man/SSL_get_extms_support.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_EXTMS_SUPPORT 3" -.TH SSL_GET_EXTMS_SUPPORT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_GET_EXTMS_SUPPORT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,19 +149,19 @@ SSL_get_extms_support \- extended master secret support .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_extms_support()\fR indicates whether the current session used extended +\&\fBSSL_get_extms_support()\fR indicates whether the current session used extended master secret. .PP This function is implemented as a macro. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_get_extms_support()\fR returns 1 if the current session used extended +\&\fBSSL_get_extms_support()\fR returns 1 if the current session used extended master secret, 0 if it did not and \-1 if a handshake is currently in progress i.e. it is not possible to determine if extended master secret was used. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7) +\&\fBssl\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_get_fd.3 b/secure/lib/libcrypto/man/SSL_get_fd.3 index 16e4c219006b..d5fed0f01122 100644 --- a/secure/lib/libcrypto/man/SSL_get_fd.3 +++ b/secure/lib/libcrypto/man/SSL_get_fd.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_FD 3" -.TH SSL_GET_FD 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_GET_FD 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,10 +151,10 @@ SSL_get_fd, SSL_get_rfd, SSL_get_wfd \- get file descriptor linked to an SSL obj .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_fd()\fR returns the file descriptor which is linked to \fBssl\fR. -\&\fISSL_get_rfd()\fR and \fISSL_get_wfd()\fR return the file descriptors for the +\&\fBSSL_get_fd()\fR returns the file descriptor which is linked to \fBssl\fR. +\&\fBSSL_get_rfd()\fR and \fBSSL_get_wfd()\fR return the file descriptors for the read or the write channel, which can be different. If the read and the -write channel are different, \fISSL_get_fd()\fR will return the file descriptor +write channel are different, \fBSSL_get_fd()\fR will return the file descriptor of the read channel. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -164,7 +168,7 @@ The operation failed, because the underlying \s-1BIO\s0 is not of the correct ty The file descriptor linked to \fBssl\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_set_fd\fR\|(3), \fIssl\fR\|(7) , \fIbio\fR\|(7) +\&\fBSSL_set_fd\fR\|(3), \fBssl\fR\|(7) , \fBbio\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3 b/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3 index eeab7f35c673..d73ec897ea24 100644 --- a/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3 +++ b/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_PEER_CERT_CHAIN 3" -.TH SSL_GET_PEER_CERT_CHAIN 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_GET_PEER_CERT_CHAIN 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,33 +150,33 @@ SSL_get_peer_cert_chain, SSL_get0_verified_chain \- get the X509 certificate cha .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_peer_cert_chain()\fR returns a pointer to \s-1STACK_OF\s0(X509) certificates +\&\fBSSL_get_peer_cert_chain()\fR returns a pointer to \s-1STACK_OF\s0(X509) certificates forming the certificate chain sent by the peer. If called on the client side, the stack also contains the peer's certificate; if called on the server side, the peer's certificate must be obtained separately using -\&\fISSL_get_peer_certificate\fR\|(3). +\&\fBSSL_get_peer_certificate\fR\|(3). If the peer did not present a certificate, \s-1NULL\s0 is returned. .PP -\&\s-1NB:\s0 \fISSL_get_peer_cert_chain()\fR returns the peer chain as sent by the peer: it +\&\s-1NB:\s0 \fBSSL_get_peer_cert_chain()\fR returns the peer chain as sent by the peer: it only consists of certificates the peer has sent (in the order the peer has sent them) it is \fBnot\fR a verified chain. .PP -\&\fISSL_get0_verified_chain()\fR returns the \fBverified\fR certificate chain +\&\fBSSL_get0_verified_chain()\fR returns the \fBverified\fR certificate chain of the peer including the peer's end entity certificate. It must be called after a session has been successfully established. If peer verification was -not successful (as indicated by \fISSL_get_verify_result()\fR not returning +not successful (as indicated by \fBSSL_get_verify_result()\fR not returning X509_V_OK) the chain may be incomplete or invalid. .SH "NOTES" .IX Header "NOTES" If the session is resumed peers do not send certificates so a \s-1NULL\s0 pointer -is returned by these functions. Applications can call \fISSL_session_reused()\fR +is returned by these functions. Applications can call \fBSSL_session_reused()\fR to determine whether a session is resumed. .PP The reference count of each certificate in the returned \s-1STACK_OF\s0(X509) object is not incremented and the returned stack may be invalidated by renegotiation. If applications wish to use any certificates in the returned chain -indefinitely they must increase the reference counts using \fIX509_up_ref()\fR or -obtain a copy of the whole chain with \fIX509_chain_up_ref()\fR. +indefinitely they must increase the reference counts using \fBX509_up_ref()\fR or +obtain a copy of the whole chain with \fBX509_chain_up_ref()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: @@ -185,8 +189,8 @@ or the certificate chain is no longer available when a session is reused. The return value points to the certificate chain presented by the peer. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_get_peer_certificate\fR\|(3), \fIX509_up_ref\fR\|(3), -\&\fIX509_chain_up_ref\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_get_peer_certificate\fR\|(3), \fBX509_up_ref\fR\|(3), +\&\fBX509_chain_up_ref\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_get_peer_certificate.3 b/secure/lib/libcrypto/man/SSL_get_peer_certificate.3 index 4a2576d4ef7d..aa75adec57c2 100644 --- a/secure/lib/libcrypto/man/SSL_get_peer_certificate.3 +++ b/secure/lib/libcrypto/man/SSL_get_peer_certificate.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_PEER_CERTIFICATE 3" -.TH SSL_GET_PEER_CERTIFICATE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_GET_PEER_CERTIFICATE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,23 +149,23 @@ SSL_get_peer_certificate \- get the X509 certificate of the peer .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_peer_certificate()\fR returns a pointer to the X509 certificate the +\&\fBSSL_get_peer_certificate()\fR returns a pointer to the X509 certificate the peer presented. If the peer did not present a certificate, \s-1NULL\s0 is returned. .SH "NOTES" .IX Header "NOTES" Due to the protocol definition, a \s-1TLS/SSL\s0 server will always send a certificate, if present. A client will only send a certificate when explicitly requested to do so by the server (see -\&\fISSL_CTX_set_verify\fR\|(3)). If an anonymous cipher +\&\fBSSL_CTX_set_verify\fR\|(3)). If an anonymous cipher is used, no certificates are sent. .PP That a certificate is returned does not indicate information about the -verification state, use \fISSL_get_verify_result\fR\|(3) +verification state, use \fBSSL_get_verify_result\fR\|(3) to check the verification state. .PP The reference count of the X509 object is incremented by one, so that it will not be destroyed when the session containing the peer certificate is -freed. The X509 object must be explicitly freed using \fIX509_free()\fR. +freed. The X509 object must be explicitly freed using \fBX509_free()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: @@ -173,8 +177,8 @@ No certificate was presented by the peer or no connection was established. The return value points to the certificate presented by the peer. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_get_verify_result\fR\|(3), -\&\fISSL_CTX_set_verify\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_get_verify_result\fR\|(3), +\&\fBSSL_CTX_set_verify\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_get_peer_signature_nid.3 b/secure/lib/libcrypto/man/SSL_get_peer_signature_nid.3 index 647da8388b2f..2e11c5645cc3 100644 --- a/secure/lib/libcrypto/man/SSL_get_peer_signature_nid.3 +++ b/secure/lib/libcrypto/man/SSL_get_peer_signature_nid.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_PEER_SIGNATURE_NID 3" -.TH SSL_GET_PEER_SIGNATURE_NID 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_GET_PEER_SIGNATURE_NID 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,17 +152,17 @@ SSL_get_peer_signature_nid, SSL_get_peer_signature_type_nid, SSL_get_signature_n .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_peer_signature_nid()\fR sets \fB*psig_nid\fR to the \s-1NID\s0 of the digest used +\&\fBSSL_get_peer_signature_nid()\fR sets \fB*psig_nid\fR to the \s-1NID\s0 of the digest used by the peer to sign \s-1TLS\s0 messages. It is implemented as a macro. .PP -\&\fISSL_get_peer_signature_type_nid()\fR sets \fB*psigtype_nid\fR to the signature +\&\fBSSL_get_peer_signature_type_nid()\fR sets \fB*psigtype_nid\fR to the signature type used by the peer to sign \s-1TLS\s0 messages. Currently the signature type is the \s-1NID\s0 of the public key type used for signing except for \s-1PSS\s0 signing where it is \fB\s-1EVP_PKEY_RSA_PSS\s0\fR. To differentiate between \&\fBrsa_pss_rsae_*\fR and \fBrsa_pss_pss_*\fR signatures, it's necessary to check the type of public key in the peer's certificate. .PP -\&\fISSL_get_signature_nid()\fR and \fISSL_get_signature_type_nid()\fR return the equivalent +\&\fBSSL_get_signature_nid()\fR and \fBSSL_get_signature_type_nid()\fR return the equivalent information for the local end of the connection. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -168,7 +172,7 @@ uses \s-1RSA\s0 key exchange or is anonymous), the \s-1TLS\s0 version is below 1 the functions were called too early, e.g. before the peer signed a message. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_get_peer_certificate\fR\|(3), +\&\fBssl\fR\|(7), \fBSSL_get_peer_certificate\fR\|(3), .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_get_peer_tmp_key.3 b/secure/lib/libcrypto/man/SSL_get_peer_tmp_key.3 index 0c05d2c7cb93..0d1fc6a478eb 100644 --- a/secure/lib/libcrypto/man/SSL_get_peer_tmp_key.3 +++ b/secure/lib/libcrypto/man/SSL_get_peer_tmp_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_PEER_TMP_KEY 3" -.TH SSL_GET_PEER_TMP_KEY 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_GET_PEER_TMP_KEY 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,18 +151,18 @@ SSL_get_peer_tmp_key, SSL_get_server_tmp_key, SSL_get_tmp_key \- get information .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_peer_tmp_key()\fR returns the temporary key provided by the peer and +\&\fBSSL_get_peer_tmp_key()\fR returns the temporary key provided by the peer and used during key exchange. For example, if \s-1ECDHE\s0 is in use, then this represents the peer's public \s-1ECDHE\s0 key. On success a pointer to the key is stored in \&\fB*key\fR. It is the caller's responsibility to free this key after use using -\&\fIEVP_PKEY_free\fR\|(3). +\&\fBEVP_PKEY_free\fR\|(3). .PP -\&\fISSL_get_server_tmp_key()\fR is a backwards compatibility alias for -\&\fISSL_get_peer_tmp_key()\fR. +\&\fBSSL_get_server_tmp_key()\fR is a backwards compatibility alias for +\&\fBSSL_get_peer_tmp_key()\fR. Under that name it worked just on the client side of the connection, its behaviour on the server end is release-dependent. .PP -\&\fISSL_get_tmp_key()\fR returns the equivalent information for the local +\&\fBSSL_get_tmp_key()\fR returns the equivalent information for the local end of the connection. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -168,7 +172,7 @@ All these functions return 1 on success and 0 otherwise. This function is implemented as a macro. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fIEVP_PKEY_free\fR\|(3) +\&\fBssl\fR\|(7), \fBEVP_PKEY_free\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_get_psk_identity.3 b/secure/lib/libcrypto/man/SSL_get_psk_identity.3 index ac0d3e383901..da16dcc6b2de 100644 --- a/secure/lib/libcrypto/man/SSL_get_psk_identity.3 +++ b/secure/lib/libcrypto/man/SSL_get_psk_identity.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_PSK_IDENTITY 3" -.TH SSL_GET_PSK_IDENTITY 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_GET_PSK_IDENTITY 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,15 +150,15 @@ SSL_get_psk_identity, SSL_get_psk_identity_hint \- get PSK client identity and h .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_psk_identity_hint()\fR is used to retrieve the \s-1PSK\s0 identity hint +\&\fBSSL_get_psk_identity_hint()\fR is used to retrieve the \s-1PSK\s0 identity hint used during the connection setup related to \s-1SSL\s0 object -\&\fBssl\fR. Similarly, \fISSL_get_psk_identity()\fR is used to retrieve the \s-1PSK\s0 +\&\fBssl\fR. Similarly, \fBSSL_get_psk_identity()\fR is used to retrieve the \s-1PSK\s0 identity used during the connection setup. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -If non\-\fB\s-1NULL\s0\fR, \fISSL_get_psk_identity_hint()\fR returns the \s-1PSK\s0 identity -hint and \fISSL_get_psk_identity()\fR returns the \s-1PSK\s0 identity. Both are -\&\fB\s-1NULL\s0\fR\-terminated. \fISSL_get_psk_identity_hint()\fR may return \fB\s-1NULL\s0\fR if +If non\-\fB\s-1NULL\s0\fR, \fBSSL_get_psk_identity_hint()\fR returns the \s-1PSK\s0 identity +hint and \fBSSL_get_psk_identity()\fR returns the \s-1PSK\s0 identity. Both are +\&\fB\s-1NULL\s0\fR\-terminated. \fBSSL_get_psk_identity_hint()\fR may return \fB\s-1NULL\s0\fR if no \s-1PSK\s0 identity hint was used during the connection setup. .PP Note that the return value is valid only during the lifetime of the diff --git a/secure/lib/libcrypto/man/SSL_get_rbio.3 b/secure/lib/libcrypto/man/SSL_get_rbio.3 index e30d0173321d..de6daed4dfb8 100644 --- a/secure/lib/libcrypto/man/SSL_get_rbio.3 +++ b/secure/lib/libcrypto/man/SSL_get_rbio.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_RBIO 3" -.TH SSL_GET_RBIO 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_GET_RBIO 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,7 +150,7 @@ SSL_get_rbio, SSL_get_wbio \- get BIO linked to an SSL object .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_rbio()\fR and \fISSL_get_wbio()\fR return pointers to the BIOs for the +\&\fBSSL_get_rbio()\fR and \fBSSL_get_wbio()\fR return pointers to the BIOs for the read or the write channel, which can be different. The reference count of the \s-1BIO\s0 is not incremented. .SH "RETURN VALUES" @@ -160,7 +164,7 @@ No \s-1BIO\s0 was connected to the \s-1SSL\s0 object The \s-1BIO\s0 linked to \fBssl\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_set_bio\fR\|(3), \fIssl\fR\|(7) , \fIbio\fR\|(7) +\&\fBSSL_set_bio\fR\|(3), \fBssl\fR\|(7) , \fBbio\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_get_session.3 b/secure/lib/libcrypto/man/SSL_get_session.3 index a78792cf21ae..bf36ccd06ede 100644 --- a/secure/lib/libcrypto/man/SSL_get_session.3 +++ b/secure/lib/libcrypto/man/SSL_get_session.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_SESSION 3" -.TH SSL_GET_SESSION 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_GET_SESSION 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,13 +151,13 @@ SSL_get_session, SSL_get0_session, SSL_get1_session \- retrieve TLS/SSL session .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_session()\fR returns a pointer to the \fB\s-1SSL_SESSION\s0\fR actually used in +\&\fBSSL_get_session()\fR returns a pointer to the \fB\s-1SSL_SESSION\s0\fR actually used in \&\fBssl\fR. The reference count of the \fB\s-1SSL_SESSION\s0\fR is not incremented, so that the pointer can become invalid by other operations. .PP -\&\fISSL_get0_session()\fR is the same as \fISSL_get_session()\fR. +\&\fBSSL_get0_session()\fR is the same as \fBSSL_get_session()\fR. .PP -\&\fISSL_get1_session()\fR is the same as \fISSL_get_session()\fR, but the reference +\&\fBSSL_get1_session()\fR is the same as \fBSSL_get_session()\fR, but the reference count of the \fB\s-1SSL_SESSION\s0\fR is incremented by one. .SH "NOTES" .IX Header "NOTES" @@ -165,7 +169,7 @@ client at a time of its choosing, which may be some while after the initial connection is established (or never). Calling these functions on the client side in TLSv1.3 before the session has been established will still return an \&\s-1SSL_SESSION\s0 object but that object cannot be used for resuming the session. See -\&\fISSL_SESSION_is_resumable\fR\|(3) for information on how to determine whether an +\&\fBSSL_SESSION_is_resumable\fR\|(3) for information on how to determine whether an \&\s-1SSL_SESSION\s0 object can be used for resumption or not. .PP Additionally, in TLSv1.3, a server can send multiple messages that establish a @@ -173,7 +177,7 @@ session for a single connection. In that case the above functions will only return information on the last session that was received. .PP The preferred way for applications to obtain a resumable \s-1SSL_SESSION\s0 object is -to use a new session callback as described in \fISSL_CTX_sess_set_new_cb\fR\|(3). +to use a new session callback as described in \fBSSL_CTX_sess_set_new_cb\fR\|(3). The new session callback is only invoked when a session is actually established, so this avoids the problem described above where an application obtains an \&\s-1SSL_SESSION\s0 object that cannot be used for resumption in TLSv1.3. It also @@ -182,24 +186,24 @@ server. .PP A session will be automatically removed from the session cache and marked as non-resumable if the connection is not closed down cleanly, e.g. if a fatal -error occurs on the connection or \fISSL_shutdown\fR\|(3) is not called prior to -\&\fISSL_free\fR\|(3). +error occurs on the connection or \fBSSL_shutdown\fR\|(3) is not called prior to +\&\fBSSL_free\fR\|(3). .PP In TLSv1.3 it is recommended that each \s-1SSL_SESSION\s0 object is only used for resumption once. .PP -\&\fISSL_get0_session()\fR returns a pointer to the actual session. As the +\&\fBSSL_get0_session()\fR returns a pointer to the actual session. As the reference counter is not incremented, the pointer is only valid while -the connection is in use. If \fISSL_clear\fR\|(3) or -\&\fISSL_free\fR\|(3) is called, the session may be removed completely +the connection is in use. If \fBSSL_clear\fR\|(3) or +\&\fBSSL_free\fR\|(3) is called, the session may be removed completely (if considered bad), and the pointer obtained will become invalid. Even if the session is valid, it can be removed at any time due to timeout -during \fISSL_CTX_flush_sessions\fR\|(3). +during \fBSSL_CTX_flush_sessions\fR\|(3). .PP -If the data is to be kept, \fISSL_get1_session()\fR will increment the reference +If the data is to be kept, \fBSSL_get1_session()\fR will increment the reference count, so that the session will not be implicitly removed by other operations but stays in memory. In order to remove the session -\&\fISSL_SESSION_free\fR\|(3) must be explicitly called once +\&\fBSSL_SESSION_free\fR\|(3) must be explicitly called once to decrement the reference count again. .PP \&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache @@ -218,9 +222,9 @@ There is no session available in \fBssl\fR. The return value points to the data of an \s-1SSL\s0 session. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_free\fR\|(3), -\&\fISSL_clear\fR\|(3), -\&\fISSL_SESSION_free\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_free\fR\|(3), +\&\fBSSL_clear\fR\|(3), +\&\fBSSL_SESSION_free\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_get_shared_sigalgs.3 b/secure/lib/libcrypto/man/SSL_get_shared_sigalgs.3 index a44b8c89a8a6..05c2baeff429 100644 --- a/secure/lib/libcrypto/man/SSL_get_shared_sigalgs.3 +++ b/secure/lib/libcrypto/man/SSL_get_shared_sigalgs.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_SHARED_SIGALGS 3" -.TH SSL_GET_SHARED_SIGALGS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_GET_SHARED_SIGALGS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,19 +155,19 @@ SSL_get_shared_sigalgs, SSL_get_sigalgs \- get supported signature algorithms .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_shared_sigalgs()\fR returns information about the shared signature +\&\fBSSL_get_shared_sigalgs()\fR returns information about the shared signature algorithms supported by peer \fBs\fR. The parameter \fBidx\fR indicates the index of the shared signature algorithm to return starting from zero. The signature algorithm \s-1NID\s0 is written to \fB*psign\fR, the hash \s-1NID\s0 to \fB*phash\fR and the sign and hash \s-1NID\s0 to \fB*psignhash\fR. The raw signature and hash values are written to \fB*rsig\fR and \fB*rhash\fR. .PP -\&\fISSL_get_sigalgs()\fR is similar to \fISSL_get_shared_sigalgs()\fR except it returns +\&\fBSSL_get_sigalgs()\fR is similar to \fBSSL_get_shared_sigalgs()\fR except it returns information about all signature algorithms supported by \fBs\fR in the order they were sent by the peer. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_get_shared_sigalgs()\fR and \fISSL_get_sigalgs()\fR return the number of +\&\fBSSL_get_shared_sigalgs()\fR and \fBSSL_get_sigalgs()\fR return the number of signature algorithms or \fB0\fR if the \fBidx\fR parameter is out of range. .SH "NOTES" .IX Header "NOTES" @@ -189,12 +193,12 @@ Only \s-1TLS 1.2, TLS 1.3\s0 and \s-1DTLS 1.2\s0 currently support signature alg If these functions are called on an earlier version of \s-1TLS\s0 or \s-1DTLS\s0 zero is returned. .PP -The shared signature algorithms returned by \fISSL_get_shared_sigalgs()\fR are +The shared signature algorithms returned by \fBSSL_get_shared_sigalgs()\fR are ordered according to configuration and peer preferences. .PP The raw values correspond to the on the wire form as defined by \s-1RFC5246\s0 et al. -The NIDs are OpenSSL equivalents. For example if the peer sent \fIsha256\fR\|(4) and -\&\fIrsa\fR\|(1) then \fB*rhash\fR would be 4, \fB*rsign\fR 1, \fB*phash\fR NID_sha256, \fB*psig\fR +The NIDs are OpenSSL equivalents. For example if the peer sent \fBsha256\fR\|(4) and +\&\fBrsa\fR\|(1) then \fB*rhash\fR would be 4, \fB*rsign\fR 1, \fB*phash\fR NID_sha256, \fB*psig\fR NID_rsaEncryption and \fB*psighash\fR NID_sha256WithRSAEncryption. .PP If a signature algorithm is not recognised the corresponding NIDs @@ -203,8 +207,8 @@ is not an appropriate combination (for example \s-1MD5\s0 and \s-1DSA\s0) or the signature algorithm does not use a hash (for example Ed25519). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_CTX_set_cert_cb\fR\|(3), -\&\fIssl\fR\|(7) +\&\fBSSL_CTX_set_cert_cb\fR\|(3), +\&\fBssl\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_get_verify_result.3 b/secure/lib/libcrypto/man/SSL_get_verify_result.3 index 076f71eb8523..d9b7e6128575 100644 --- a/secure/lib/libcrypto/man/SSL_get_verify_result.3 +++ b/secure/lib/libcrypto/man/SSL_get_verify_result.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_VERIFY_RESULT 3" -.TH SSL_GET_VERIFY_RESULT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_GET_VERIFY_RESULT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,14 +149,14 @@ SSL_get_verify_result \- get result of peer certificate verification .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_verify_result()\fR returns the result of the verification of the +\&\fBSSL_get_verify_result()\fR returns the result of the verification of the X509 certificate presented by the peer, if any. .SH "NOTES" .IX Header "NOTES" -\&\fISSL_get_verify_result()\fR can only return one error code while the verification +\&\fBSSL_get_verify_result()\fR can only return one error code while the verification of a certificate can fail because of many reasons at the same time. Only the last verification error that occurred during the processing is available -from \fISSL_get_verify_result()\fR. +from \fBSSL_get_verify_result()\fR. .PP The verification result is part of the established session and is restored when a session is reused. @@ -160,8 +164,8 @@ when a session is reused. .IX Header "BUGS" If no peer certificate was presented, the returned result code is X509_V_OK. This is because no verification error occurred, it does however -not indicate success. \fISSL_get_verify_result()\fR is only useful in connection -with \fISSL_get_peer_certificate\fR\|(3). +not indicate success. \fBSSL_get_verify_result()\fR is only useful in connection +with \fBSSL_get_peer_certificate\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can currently occur: @@ -170,12 +174,12 @@ The following return values can currently occur: The verification succeeded or no peer certificate was presented. .IP "Any other value" 4 .IX Item "Any other value" -Documented in \fIverify\fR\|(1). +Documented in \fBverify\fR\|(1). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_set_verify_result\fR\|(3), -\&\fISSL_get_peer_certificate\fR\|(3), -\&\fIverify\fR\|(1) +\&\fBssl\fR\|(7), \fBSSL_set_verify_result\fR\|(3), +\&\fBSSL_get_peer_certificate\fR\|(3), +\&\fBverify\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_get_version.3 b/secure/lib/libcrypto/man/SSL_get_version.3 index ca4a26ae7c6f..09011339e7b6 100644 --- a/secure/lib/libcrypto/man/SSL_get_version.3 +++ b/secure/lib/libcrypto/man/SSL_get_version.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_VERSION 3" -.TH SSL_GET_VERSION 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_GET_VERSION 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,19 +155,19 @@ SSL_client_version, SSL_get_version, SSL_is_dtls, SSL_version \- get the protoco .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_client_version()\fR returns the numeric protocol version advertised by the +\&\fBSSL_client_version()\fR returns the numeric protocol version advertised by the client in the legacy_version field of the ClientHello when initiating the connection. Note that, for \s-1TLS,\s0 this value will never indicate a version greater -than TLSv1.2 even if TLSv1.3 is subsequently negotiated. \fISSL_get_version()\fR -returns the name of the protocol used for the connection. \fISSL_version()\fR returns +than TLSv1.2 even if TLSv1.3 is subsequently negotiated. \fBSSL_get_version()\fR +returns the name of the protocol used for the connection. \fBSSL_version()\fR returns the numeric protocol version used for the connection. They should only be called after the initial handshake has been completed. Prior to that the results returned from these functions may be unreliable. .PP -\&\fISSL_is_dtls()\fR returns one if the connection is using \s-1DTLS,\s0 zero if not. +\&\fBSSL_is_dtls()\fR returns one if the connection is using \s-1DTLS,\s0 zero if not. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_get_version()\fR returns one of the following strings: +\&\fBSSL_get_version()\fR returns one of the following strings: .IP "SSLv3" 4 .IX Item "SSLv3" The connection uses the SSLv3 protocol. @@ -183,7 +187,7 @@ The connection uses the TLSv1.3 protocol. .IX Item "unknown" This indicates an unknown protocol version. .PP -\&\fISSL_version()\fR and \fISSL_client_version()\fR return an integer which could include any +\&\fBSSL_version()\fR and \fBSSL_client_version()\fR return an integer which could include any of the following: .IP "\s-1SSL3_VERSION\s0" 4 .IX Item "SSL3_VERSION" @@ -200,13 +204,13 @@ The connection uses the TLSv1.2 protocol. .IP "\s-1TLS1_3_VERSION\s0" 4 .IX Item "TLS1_3_VERSION" The connection uses the TLSv1.3 protocol (never returned for -\&\fISSL_client_version()\fR). +\&\fBSSL_client_version()\fR). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7) +\&\fBssl\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" -\&\fISSL_is_dtls()\fR was added in OpenSSL 1.1.0. +The \fBSSL_is_dtls()\fR function was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_in_init.3 b/secure/lib/libcrypto/man/SSL_in_init.3 index 2dc410d38a87..98c72c8cfe8a 100644 --- a/secure/lib/libcrypto/man/SSL_in_init.3 +++ b/secure/lib/libcrypto/man/SSL_in_init.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_IN_INIT 3" -.TH SSL_IN_INIT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_IN_INIT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -152,27 +156,27 @@ SSL_in_before, SSL_in_init, SSL_is_init_finished, SSL_in_connect_init, SSL_in_ac .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_in_init()\fR returns 1 if the \s-1SSL/TLS\s0 state machine is currently processing or +\&\fBSSL_in_init()\fR returns 1 if the \s-1SSL/TLS\s0 state machine is currently processing or awaiting handshake messages, or 0 otherwise. .PP -\&\fISSL_in_before()\fR returns 1 if no \s-1SSL/TLS\s0 handshake has yet been initiated, or 0 +\&\fBSSL_in_before()\fR returns 1 if no \s-1SSL/TLS\s0 handshake has yet been initiated, or 0 otherwise. .PP -\&\fISSL_is_init_finished()\fR returns 1 if the \s-1SSL/TLS\s0 connection is in a state where +\&\fBSSL_is_init_finished()\fR returns 1 if the \s-1SSL/TLS\s0 connection is in a state where fully protected application data can be transferred or 0 otherwise. .PP Note that in some circumstances (such as when early data is being transferred) -\&\fISSL_in_init()\fR, \fISSL_in_before()\fR and \fISSL_is_init_finished()\fR can all return 0. +\&\fBSSL_in_init()\fR, \fBSSL_in_before()\fR and \fBSSL_is_init_finished()\fR can all return 0. .PP -\&\fISSL_in_connect_init()\fR returns 1 if \fBs\fR is acting as a client and \fISSL_in_init()\fR +\&\fBSSL_in_connect_init()\fR returns 1 if \fBs\fR is acting as a client and \fBSSL_in_init()\fR would return 1, or 0 otherwise. .PP -\&\fISSL_in_accept_init()\fR returns 1 if \fBs\fR is acting as a server and \fISSL_in_init()\fR +\&\fBSSL_in_accept_init()\fR returns 1 if \fBs\fR is acting as a server and \fBSSL_in_init()\fR would return 1, or 0 otherwise. .PP -\&\fISSL_in_connect_init()\fR and \fISSL_in_accept_init()\fR are implemented as macros. +\&\fBSSL_in_connect_init()\fR and \fBSSL_in_accept_init()\fR are implemented as macros. .PP -\&\fISSL_get_state()\fR returns a value indicating the current state of the handshake +\&\fBSSL_get_state()\fR returns a value indicating the current state of the handshake state machine. \s-1OSSL_HANDSHAKE_STATE\s0 is an enumerated type where each value indicates a discrete state machine state. Note that future versions of OpenSSL may define more states so applications should expect to receive unrecognised @@ -205,14 +209,14 @@ Early data is being processed Awaiting the end of early data processing .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_in_init()\fR, \fISSL_in_before()\fR, \fISSL_is_init_finished()\fR, \fISSL_in_connect_init()\fR -and \fISSL_in_accept_init()\fR return values as indicated above. +\&\fBSSL_in_init()\fR, \fBSSL_in_before()\fR, \fBSSL_is_init_finished()\fR, \fBSSL_in_connect_init()\fR +and \fBSSL_in_accept_init()\fR return values as indicated above. .PP -\&\fISSL_get_state()\fR returns the current handshake state. +\&\fBSSL_get_state()\fR returns the current handshake state. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), -\&\fISSL_read_early_data\fR\|(3) +\&\fBssl\fR\|(7), +\&\fBSSL_read_early_data\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_key_update.3 b/secure/lib/libcrypto/man/SSL_key_update.3 index 415beb9b38b0..72c751c0e1d5 100644 --- a/secure/lib/libcrypto/man/SSL_key_update.3 +++ b/secure/lib/libcrypto/man/SSL_key_update.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_KEY_UPDATE 3" -.TH SSL_KEY_UPDATE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_KEY_UPDATE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -142,15 +146,15 @@ SSL_key_update, SSL_get_key_update_type, SSL_renegotiate, SSL_renegotiate_abbrev \& #include <openssl/ssl.h> \& \& int SSL_key_update(SSL *s, int updatetype); -\& int SSL_get_key_update_type(SSL *s); +\& int SSL_get_key_update_type(const SSL *s); \& \& int SSL_renegotiate(SSL *s); \& int SSL_renegotiate_abbreviated(SSL *s); -\& int SSL_renegotiate_pending(SSL *s); +\& int SSL_renegotiate_pending(const SSL *s); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_key_update()\fR schedules an update of the keys for the current \s-1TLS\s0 connection. +\&\fBSSL_key_update()\fR schedules an update of the keys for the current \s-1TLS\s0 connection. If the \fBupdatetype\fR parameter is set to \fB\s-1SSL_KEY_UPDATE_NOT_REQUESTED\s0\fR then the sending keys for this connection will be updated and the peer will be informed of the change. If the \fBupdatetype\fR parameter is set to @@ -159,35 +163,35 @@ updated and the peer will be informed of the change along with a request for the peer to additionally update its sending keys. It is an error if \fBupdatetype\fR is set to \fB\s-1SSL_KEY_UPDATE_NONE\s0\fR. .PP -\&\fISSL_key_update()\fR must only be called after the initial handshake has been +\&\fBSSL_key_update()\fR must only be called after the initial handshake has been completed and TLSv1.3 has been negotiated. The key update will not take place -until the next time an \s-1IO\s0 operation such as \fISSL_read_ex()\fR or \fISSL_write_ex()\fR -takes place on the connection. Alternatively \fISSL_do_handshake()\fR can be called to +until the next time an \s-1IO\s0 operation such as \fBSSL_read_ex()\fR or \fBSSL_write_ex()\fR +takes place on the connection. Alternatively \fBSSL_do_handshake()\fR can be called to force the update to take place immediately. .PP -\&\fISSL_get_key_update_type()\fR can be used to determine whether a key update +\&\fBSSL_get_key_update_type()\fR can be used to determine whether a key update operation has been scheduled but not yet performed. The type of the pending key update operation will be returned if there is one, or \s-1SSL_KEY_UPDATE_NONE\s0 otherwise. .PP -\&\fISSL_renegotiate()\fR and \fISSL_renegotiate_abbreviated()\fR should only be called for +\&\fBSSL_renegotiate()\fR and \fBSSL_renegotiate_abbreviated()\fR should only be called for connections that have negotiated TLSv1.2 or less. Calling them on any other connection will result in an error. .PP -When called from the client side, \fISSL_renegotiate()\fR schedules a completely new +When called from the client side, \fBSSL_renegotiate()\fR schedules a completely new handshake over an existing \s-1SSL/TLS\s0 connection. The next time an \s-1IO\s0 operation -such as \fISSL_read_ex()\fR or \fISSL_write_ex()\fR takes place on the connection a check +such as \fBSSL_read_ex()\fR or \fBSSL_write_ex()\fR takes place on the connection a check will be performed to confirm that it is a suitable time to start a renegotiation. If so, then it will be initiated immediately. OpenSSL will not attempt to resume any session associated with the connection in the new handshake. .PP -When called from the client side, \fISSL_renegotiate_abbreviated()\fR works in the -same was as \fISSL_renegotiate()\fR except that OpenSSL will attempt to resume the +When called from the client side, \fBSSL_renegotiate_abbreviated()\fR works in the +same was as \fBSSL_renegotiate()\fR except that OpenSSL will attempt to resume the session associated with the current connection in the new handshake. .PP -When called from the server side, \fISSL_renegotiate()\fR and -\&\fISSL_renegotiate_abbreviated()\fR behave identically. They both schedule a request +When called from the server side, \fBSSL_renegotiate()\fR and +\&\fBSSL_renegotiate_abbreviated()\fR behave identically. They both schedule a request for a new handshake to be sent to the client. The next time an \s-1IO\s0 operation is performed then the same checks as on the client side are performed and then, if appropriate, the request is sent. The client may or may not respond with a new @@ -201,30 +205,30 @@ a \s-1TLS\s0 connection the client will attempt to resume the current session in new handshake. For historical reasons, \s-1DTLS\s0 clients will not attempt to resume the session in the new handshake. .PP -The \fISSL_renegotiate_pending()\fR function returns 1 if a renegotiation or +The \fBSSL_renegotiate_pending()\fR function returns 1 if a renegotiation or renegotiation request has been scheduled but not yet acted on, or 0 otherwise. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_key_update()\fR, \fISSL_renegotiate()\fR and \fISSL_renegotiate_abbreviated()\fR return 1 +\&\fBSSL_key_update()\fR, \fBSSL_renegotiate()\fR and \fBSSL_renegotiate_abbreviated()\fR return 1 on success or 0 on error. .PP -\&\fISSL_get_key_update_type()\fR returns the update type of the pending key update +\&\fBSSL_get_key_update_type()\fR returns the update type of the pending key update operation or \s-1SSL_KEY_UPDATE_NONE\s0 if there is none. .PP -\&\fISSL_renegotiate_pending()\fR returns 1 if a renegotiation or renegotiation request +\&\fBSSL_renegotiate_pending()\fR returns 1 if a renegotiation or renegotiation request has been scheduled but not yet acted on, or 0 otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_read_ex\fR\|(3), -\&\fISSL_write_ex\fR\|(3), -\&\fISSL_do_handshake\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_read_ex\fR\|(3), +\&\fBSSL_write_ex\fR\|(3), +\&\fBSSL_do_handshake\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -The \fISSL_key_update()\fR and \fISSL_get_key_update_type()\fR functions were added in +The \fBSSL_key_update()\fR and \fBSSL_get_key_update_type()\fR functions were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/SSL_library_init.3 b/secure/lib/libcrypto/man/SSL_library_init.3 index 2d64ec1ddccb..d0937002ced4 100644 --- a/secure/lib/libcrypto/man/SSL_library_init.3 +++ b/secure/lib/libcrypto/man/SSL_library_init.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_LIBRARY_INIT 3" -.TH SSL_LIBRARY_INIT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_LIBRARY_INIT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,30 +151,30 @@ SSL_library_init, OpenSSL_add_ssl_algorithms \&\- initialize SSL library by regi .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_library_init()\fR registers the available \s-1SSL/TLS\s0 ciphers and digests. +\&\fBSSL_library_init()\fR registers the available \s-1SSL/TLS\s0 ciphers and digests. .PP -\&\fIOpenSSL_add_ssl_algorithms()\fR is a synonym for \fISSL_library_init()\fR and is +\&\fBOpenSSL_add_ssl_algorithms()\fR is a synonym for \fBSSL_library_init()\fR and is implemented as a macro. .SH "NOTES" .IX Header "NOTES" -\&\fISSL_library_init()\fR must be called before any other action takes place. -\&\fISSL_library_init()\fR is not reentrant. +\&\fBSSL_library_init()\fR must be called before any other action takes place. +\&\fBSSL_library_init()\fR is not reentrant. .SH "WARNING" .IX Header "WARNING" -\&\fISSL_library_init()\fR adds ciphers and digests used directly and indirectly by +\&\fBSSL_library_init()\fR adds ciphers and digests used directly and indirectly by \&\s-1SSL/TLS.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_library_init()\fR always returns \*(L"1\*(R", so it is safe to discard the return +\&\fBSSL_library_init()\fR always returns \*(L"1\*(R", so it is safe to discard the return value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), -\&\fIRAND_add\fR\|(3) +\&\fBssl\fR\|(7), +\&\fBRAND_add\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -The \fISSL_library_init()\fR and \fIOpenSSL_add_ssl_algorithms()\fR functions were -deprecated in OpenSSL 1.1.0 by \fIOPENSSL_init_ssl()\fR. +The \fBSSL_library_init()\fR and \fBOpenSSL_add_ssl_algorithms()\fR functions were +deprecated in OpenSSL 1.1.0 by \fBOPENSSL_init_ssl()\fR. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_load_client_CA_file.3 b/secure/lib/libcrypto/man/SSL_load_client_CA_file.3 index 22dd86b01868..b1e1b5186c05 100644 --- a/secure/lib/libcrypto/man/SSL_load_client_CA_file.3 +++ b/secure/lib/libcrypto/man/SSL_load_client_CA_file.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_LOAD_CLIENT_CA_FILE 3" -.TH SSL_LOAD_CLIENT_CA_FILE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_LOAD_CLIENT_CA_FILE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,14 +149,14 @@ SSL_load_client_CA_file \- load certificate names from file .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_load_client_CA_file()\fR reads certificates from \fBfile\fR and returns +\&\fBSSL_load_client_CA_file()\fR reads certificates from \fBfile\fR and returns a \s-1STACK_OF\s0(X509_NAME) with the subject names found. .SH "NOTES" .IX Header "NOTES" -\&\fISSL_load_client_CA_file()\fR reads a file of \s-1PEM\s0 formatted certificates and +\&\fBSSL_load_client_CA_file()\fR reads a file of \s-1PEM\s0 formatted certificates and extracts the X509_NAMES of the certificates found. While the name suggests the specific usage as support function for -\&\fISSL_CTX_set_client_CA_list\fR\|(3), +\&\fBSSL_CTX_set_client_CA_list\fR\|(3), it is not limited to \s-1CA\s0 certificates. .SH "EXAMPLES" .IX Header "EXAMPLES" @@ -181,8 +185,8 @@ The operation failed, check out the error stack for the reason. Pointer to the subject names of the successfully read certificates. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), -\&\fISSL_CTX_set_client_CA_list\fR\|(3) +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_client_CA_list\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_new.3 b/secure/lib/libcrypto/man/SSL_new.3 index c326a43deea9..92f380559549 100644 --- a/secure/lib/libcrypto/man/SSL_new.3 +++ b/secure/lib/libcrypto/man/SSL_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_NEW 3" -.TH SSL_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,7 +151,7 @@ SSL_dup, SSL_new, SSL_up_ref \- create an SSL structure for a connection .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_new()\fR creates a new \fB\s-1SSL\s0\fR structure which is needed to hold the +\&\fBSSL_new()\fR creates a new \fB\s-1SSL\s0\fR structure which is needed to hold the data for a \s-1TLS/SSL\s0 connection. The new structure inherits the settings of the underlying context \fBctx\fR: connection method, options, verification settings, timeout settings. An \fB\s-1SSL\s0\fR structure is @@ -156,10 +160,10 @@ the reference count. Freeing it (using SSL_free) decrements it. When the reference count drops to zero, any memory or resources allocated to the \fB\s-1SSL\s0\fR structure are freed. .PP -\&\fISSL_up_ref()\fR increments the reference count for an +\&\fBSSL_up_ref()\fR increments the reference count for an existing \fB\s-1SSL\s0\fR structure. .PP -\&\fISSL_dup()\fR duplicates an existing \fB\s-1SSL\s0\fR structure into a new allocated one. All +\&\fBSSL_dup()\fR duplicates an existing \fB\s-1SSL\s0\fR structure into a new allocated one. All settings are inherited from the original \fB\s-1SSL\s0\fR structure. Dynamic data (i.e. existing connection details) are not copied, the new \fB\s-1SSL\s0\fR is set into an initial accept (server) or connect (client) state. @@ -174,13 +178,13 @@ find out the reason. .IX Item "Pointer to an SSL structure" The return value points to an allocated \s-1SSL\s0 structure. .Sp -\&\fISSL_up_ref()\fR returns 1 for success and 0 for failure. +\&\fBSSL_up_ref()\fR returns 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_free\fR\|(3), \fISSL_clear\fR\|(3), -\&\fISSL_CTX_set_options\fR\|(3), -\&\fISSL_get_SSL_CTX\fR\|(3), -\&\fIssl\fR\|(7) +\&\fBSSL_free\fR\|(3), \fBSSL_clear\fR\|(3), +\&\fBSSL_CTX_set_options\fR\|(3), +\&\fBSSL_get_SSL_CTX\fR\|(3), +\&\fBssl\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_pending.3 b/secure/lib/libcrypto/man/SSL_pending.3 index 619057c01b05..10984ac7a6e5 100644 --- a/secure/lib/libcrypto/man/SSL_pending.3 +++ b/secure/lib/libcrypto/man/SSL_pending.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_PENDING 3" -.TH SSL_PENDING 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_PENDING 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,43 +152,43 @@ SSL_pending, SSL_has_pending \- check for readable bytes buffered in an SSL obje .IX Header "DESCRIPTION" Data is received in whole blocks known as records from the peer. A whole record is processed (e.g. decrypted) in one go and is buffered by OpenSSL until it is -read by the application via a call to \fISSL_read_ex\fR\|(3) or \fISSL_read\fR\|(3). +read by the application via a call to \fBSSL_read_ex\fR\|(3) or \fBSSL_read\fR\|(3). .PP -\&\fISSL_pending()\fR returns the number of bytes which have been processed, buffered +\&\fBSSL_pending()\fR returns the number of bytes which have been processed, buffered and are available inside \fBssl\fR for immediate read. .PP If the \fB\s-1SSL\s0\fR object's \fIread_ahead\fR flag is set (see -\&\fISSL_CTX_set_read_ahead\fR\|(3)), additional protocol bytes (beyond the current +\&\fBSSL_CTX_set_read_ahead\fR\|(3)), additional protocol bytes (beyond the current record) may have been read containing more \s-1TLS/SSL\s0 records. This also applies to -\&\s-1DTLS\s0 and pipelining (see \fISSL_CTX_set_split_send_fragment\fR\|(3)). These +\&\s-1DTLS\s0 and pipelining (see \fBSSL_CTX_set_split_send_fragment\fR\|(3)). These additional bytes will be buffered by OpenSSL but will remain unprocessed until -they are needed. As these bytes are still in an unprocessed state \fISSL_pending()\fR +they are needed. As these bytes are still in an unprocessed state \fBSSL_pending()\fR will ignore them. Therefore it is possible for no more bytes to be readable from -the underlying \s-1BIO\s0 (because OpenSSL has already read them) and for \fISSL_pending()\fR +the underlying \s-1BIO\s0 (because OpenSSL has already read them) and for \fBSSL_pending()\fR to return 0, even though readable application data bytes are available (because the data is in unprocessed buffered records). .PP -\&\fISSL_has_pending()\fR returns 1 if \fBs\fR has buffered data (whether processed or -unprocessed) and 0 otherwise. Note that it is possible for \fISSL_has_pending()\fR to -return 1, and then a subsequent call to \fISSL_read_ex()\fR or \fISSL_read()\fR to return no +\&\fBSSL_has_pending()\fR returns 1 if \fBs\fR has buffered data (whether processed or +unprocessed) and 0 otherwise. Note that it is possible for \fBSSL_has_pending()\fR to +return 1, and then a subsequent call to \fBSSL_read_ex()\fR or \fBSSL_read()\fR to return no data because the unprocessed buffered data when processed yielded no application data (for example this can happen during renegotiation). It is also possible in -this scenario for \fISSL_has_pending()\fR to continue to return 1 even after an -\&\fISSL_read_ex()\fR or \fISSL_read()\fR call because the buffered and unprocessed data is +this scenario for \fBSSL_has_pending()\fR to continue to return 1 even after an +\&\fBSSL_read_ex()\fR or \fBSSL_read()\fR call because the buffered and unprocessed data is not yet processable (e.g. because OpenSSL has only received a partial record so far). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_pending()\fR returns the number of buffered and processed application data -bytes that are pending and are available for immediate read. \fISSL_has_pending()\fR +\&\fBSSL_pending()\fR returns the number of buffered and processed application data +bytes that are pending and are available for immediate read. \fBSSL_has_pending()\fR returns 1 if there is buffered record data in the \s-1SSL\s0 object and 0 otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_read_ex\fR\|(3), \fISSL_read\fR\|(3), \fISSL_CTX_set_read_ahead\fR\|(3), -\&\fISSL_CTX_set_split_send_fragment\fR\|(3), \fIssl\fR\|(7) +\&\fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), \fBSSL_CTX_set_read_ahead\fR\|(3), +\&\fBSSL_CTX_set_split_send_fragment\fR\|(3), \fBssl\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" -The \fISSL_has_pending()\fR function was added in OpenSSL 1.1.0. +The \fBSSL_has_pending()\fR function was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_read.3 b/secure/lib/libcrypto/man/SSL_read.3 index 6d024c6fab9f..2a93f4be70f8 100644 --- a/secure/lib/libcrypto/man/SSL_read.3 +++ b/secure/lib/libcrypto/man/SSL_read.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_READ 3" -.TH SSL_READ 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_READ 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,28 +153,28 @@ SSL_read_ex, SSL_read, SSL_peek_ex, SSL_peek \&\- read bytes from a TLS/SSL conn .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_read_ex()\fR and \fISSL_read()\fR try to read \fBnum\fR bytes from the specified \fBssl\fR -into the buffer \fBbuf\fR. On success \fISSL_read_ex()\fR will store the number of bytes +\&\fBSSL_read_ex()\fR and \fBSSL_read()\fR try to read \fBnum\fR bytes from the specified \fBssl\fR +into the buffer \fBbuf\fR. On success \fBSSL_read_ex()\fR will store the number of bytes actually read in \fB*readbytes\fR. .PP -\&\fISSL_peek_ex()\fR and \fISSL_peek()\fR are identical to \fISSL_read_ex()\fR and \fISSL_read()\fR +\&\fBSSL_peek_ex()\fR and \fBSSL_peek()\fR are identical to \fBSSL_read_ex()\fR and \fBSSL_read()\fR respectively except no bytes are actually removed from the underlying \s-1BIO\s0 during -the read, so that a subsequent call to \fISSL_read_ex()\fR or \fISSL_read()\fR will yield +the read, so that a subsequent call to \fBSSL_read_ex()\fR or \fBSSL_read()\fR will yield at least the same bytes. .SH "NOTES" .IX Header "NOTES" -In the paragraphs below a \*(L"read function\*(R" is defined as one of \fISSL_read_ex()\fR, -\&\fISSL_read()\fR, \fISSL_peek_ex()\fR or \fISSL_peek()\fR. +In the paragraphs below a \*(L"read function\*(R" is defined as one of \fBSSL_read_ex()\fR, +\&\fBSSL_read()\fR, \fBSSL_peek_ex()\fR or \fBSSL_peek()\fR. .PP If necessary, a read function will negotiate a \s-1TLS/SSL\s0 session, if not already -explicitly performed by \fISSL_connect\fR\|(3) or \fISSL_accept\fR\|(3). If the +explicitly performed by \fBSSL_connect\fR\|(3) or \fBSSL_accept\fR\|(3). If the peer requests a re-negotiation, it will be performed transparently during the read function operation. The behaviour of the read functions depends on the underlying \s-1BIO.\s0 .PP For the transparent negotiation to succeed, the \fBssl\fR must have been initialized to client or server mode. This is being done by calling -\&\fISSL_set_connect_state\fR\|(3) or \fISSL_set_accept_state()\fR before the first +\&\fBSSL_set_connect_state\fR\|(3) or \fBSSL_set_accept_state()\fR before the first invocation of a read function. .PP The read functions work based on the \s-1SSL/TLS\s0 records. The data are received in @@ -192,9 +196,9 @@ If \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR has been switched off and a non-application record has been processed, the read function can return and set the error to \&\fB\s-1SSL_ERROR_WANT_READ\s0\fR. In this case there might still be unprocessed data available in the \fB\s-1BIO\s0\fR. -If read ahead was set using \fISSL_CTX_set_read_ahead\fR\|(3), there might also still +If read ahead was set using \fBSSL_CTX_set_read_ahead\fR\|(3), there might also still be unprocessed data available in the \fB\s-1SSL\s0\fR. -This behaviour can be controlled using the \fISSL_CTX_set_mode\fR\|(3) call. +This behaviour can be controlled using the \fBSSL_CTX_set_mode\fR\|(3) call. .PP If the underlying \s-1BIO\s0 is \fBblocking\fR, a read function will only return once the read operation has been finished or an error occurred, except when a @@ -206,7 +210,7 @@ available the call will hang. If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, a read function will also return when the underlying \s-1BIO\s0 could not satisfy the needs of the function to continue the operation. -In this case a call to \fISSL_get_error\fR\|(3) with the +In this case a call to \fBSSL_get_error\fR\|(3) with the return value of the read function will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. As at any time it's possible that non-application data needs to be sent, @@ -214,27 +218,27 @@ a read function can also cause write operations. The calling process then must repeat the call after taking appropriate action to satisfy the needs of the read function. The action depends on the underlying \s-1BIO.\s0 -When using a non-blocking socket, nothing is to be done, but \fIselect()\fR can be +When using a non-blocking socket, nothing is to be done, but \fBselect()\fR can be used to check for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. .PP -\&\fISSL_pending\fR\|(3) can be used to find out whether there +\&\fBSSL_pending\fR\|(3) can be used to find out whether there are buffered bytes available for immediate retrieval. In this case the read function can be called without blocking or actually receiving new data from the underlying socket. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_read_ex()\fR and \fISSL_peek_ex()\fR will return 1 for success or 0 for failure. +\&\fBSSL_read_ex()\fR and \fBSSL_peek_ex()\fR will return 1 for success or 0 for failure. Success means that 1 or more application data bytes have been read from the \s-1SSL\s0 connection. Failure means that no bytes could be read from the \s-1SSL\s0 connection. Failures can be retryable (e.g. we are waiting for more bytes to be delivered by the network) or non-retryable (e.g. a fatal network error). -In the event of a failure call \fISSL_get_error\fR\|(3) to find out the reason which +In the event of a failure call \fBSSL_get_error\fR\|(3) to find out the reason which indicates whether the call is retryable or not. .PP -For \fISSL_read()\fR and \fISSL_peek()\fR the following return values can occur: +For \fBSSL_read()\fR and \fBSSL_peek()\fR the following return values can occur: .IP "> 0" 4 .IX Item "> 0" The read operation was successful. @@ -244,23 +248,23 @@ connection. .IX Item "<= 0" The read operation was not successful, because either the connection was closed, an error occurred or action must be taken by the calling process. -Call \fISSL_get_error\fR\|(3) with the return value \fBret\fR to find out the reason. +Call \fBSSL_get_error\fR\|(3) with the return value \fBret\fR to find out the reason. .Sp Old documentation indicated a difference between 0 and \-1, and that \-1 was retryable. -You should instead call \fISSL_get_error()\fR to find out if it's retryable. +You should instead call \fBSSL_get_error()\fR to find out if it's retryable. .SH "HISTORY" .IX Header "HISTORY" -\&\fISSL_read_ex()\fR and \fISSL_peek_ex()\fR were added in OpenSSL 1.1.1. +The \fBSSL_read_ex()\fR and \fBSSL_peek_ex()\fR functions were added in OpenSSL 1.1.1. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_get_error\fR\|(3), \fISSL_write_ex\fR\|(3), -\&\fISSL_CTX_set_mode\fR\|(3), \fISSL_CTX_new\fR\|(3), -\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3) -\&\fISSL_set_connect_state\fR\|(3), -\&\fISSL_pending\fR\|(3), -\&\fISSL_shutdown\fR\|(3), \fISSL_set_shutdown\fR\|(3), -\&\fIssl\fR\|(7), \fIbio\fR\|(7) +\&\fBSSL_get_error\fR\|(3), \fBSSL_write_ex\fR\|(3), +\&\fBSSL_CTX_set_mode\fR\|(3), \fBSSL_CTX_new\fR\|(3), +\&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3) +\&\fBSSL_set_connect_state\fR\|(3), +\&\fBSSL_pending\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), \fBSSL_set_shutdown\fR\|(3), +\&\fBssl\fR\|(7), \fBbio\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_read_early_data.3 b/secure/lib/libcrypto/man/SSL_read_early_data.3 index 042583e3dc23..c98a4f5ad91f 100644 --- a/secure/lib/libcrypto/man/SSL_read_early_data.3 +++ b/secure/lib/libcrypto/man/SSL_read_early_data.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_READ_EARLY_DATA 3" -.TH SSL_READ_EARLY_DATA 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_READ_EARLY_DATA 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -194,123 +198,123 @@ unauthenticated at this point and care should be taken when using this capability. .PP A server or client can determine whether the full handshake has been completed -or not by calling \fISSL_is_init_finished\fR\|(3). +or not by calling \fBSSL_is_init_finished\fR\|(3). .PP -On the client side, the function \fISSL_SESSION_get_max_early_data()\fR can be used to +On the client side, the function \fBSSL_SESSION_get_max_early_data()\fR can be used to determine if a session established with a server can be used to send early data. If the session cannot be used then this function will return 0. Otherwise it will return the maximum number of early data bytes that can be sent. .PP -The function \fISSL_SESSION_set_max_early_data()\fR sets the maximum number of early +The function \fBSSL_SESSION_set_max_early_data()\fR sets the maximum number of early data bytes that can be sent for a session. This would typically be used when -creating a \s-1PSK\s0 session file (see \fISSL_CTX_set_psk_use_session_callback\fR\|(3)). If +creating a \s-1PSK\s0 session file (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)). If using a ticket based \s-1PSK\s0 then this is set automatically to the value provided by the server. .PP -A client uses the function \fISSL_write_early_data()\fR to send early data. This -function is similar to the \fISSL_write_ex\fR\|(3) function, but with the following -differences. See \fISSL_write_ex\fR\|(3) for information on how to write bytes to -the underlying connection, and how to handle any errors that may arise. This -page describes the differences between \fISSL_write_early_data()\fR and -\&\fISSL_write_ex\fR\|(3). +A client uses the function \fBSSL_write_early_data()\fR to send early data. This +function is similar to the \fBSSL_write_ex\fR\|(3) function, but with the following +differences. See \fBSSL_write_ex\fR\|(3) for information on how to write bytes to +the underlying connection, and how to handle any errors that may arise. This +page describes the differences between \fBSSL_write_early_data()\fR and +\&\fBSSL_write_ex\fR\|(3). .PP -When called by a client, \fISSL_write_early_data()\fR must be the first \s-1IO\s0 function +When called by a client, \fBSSL_write_early_data()\fR must be the first \s-1IO\s0 function called on a new connection, i.e. it must occur before any calls to -\&\fISSL_write_ex\fR\|(3), \fISSL_read_ex\fR\|(3), \fISSL_connect\fR\|(3), \fISSL_do_handshake\fR\|(3) +\&\fBSSL_write_ex\fR\|(3), \fBSSL_read_ex\fR\|(3), \fBSSL_connect\fR\|(3), \fBSSL_do_handshake\fR\|(3) or other similar functions. It may be called multiple times to stream data to the server, but the total number of bytes written must not exceed the value -returned from \fISSL_SESSION_get_max_early_data()\fR. Once the initial -\&\fISSL_write_early_data()\fR call has completed successfully the client may interleave -calls to \fISSL_read_ex\fR\|(3) and \fISSL_read\fR\|(3) with calls to -\&\fISSL_write_early_data()\fR as required. +returned from \fBSSL_SESSION_get_max_early_data()\fR. Once the initial +\&\fBSSL_write_early_data()\fR call has completed successfully the client may interleave +calls to \fBSSL_read_ex\fR\|(3) and \fBSSL_read\fR\|(3) with calls to +\&\fBSSL_write_early_data()\fR as required. .PP -If \fISSL_write_early_data()\fR fails you should call \fISSL_get_error\fR\|(3) to determine -the correct course of action, as for \fISSL_write_ex\fR\|(3). +If \fBSSL_write_early_data()\fR fails you should call \fBSSL_get_error\fR\|(3) to determine +the correct course of action, as for \fBSSL_write_ex\fR\|(3). .PP When the client no longer wishes to send any more early data then it should -complete the handshake by calling a function such as \fISSL_connect\fR\|(3) or -\&\fISSL_do_handshake\fR\|(3). Alternatively you can call a standard write function -such as \fISSL_write_ex\fR\|(3), which will transparently complete the connection and +complete the handshake by calling a function such as \fBSSL_connect\fR\|(3) or +\&\fBSSL_do_handshake\fR\|(3). Alternatively you can call a standard write function +such as \fBSSL_write_ex\fR\|(3), which will transparently complete the connection and write the requested data. .PP A server may choose to ignore early data that has been sent to it. Once the connection has been completed you can determine whether the server accepted or -rejected the early data by calling \fISSL_get_early_data_status()\fR. This will return +rejected the early data by calling \fBSSL_get_early_data_status()\fR. This will return \&\s-1SSL_EARLY_DATA_ACCEPTED\s0 if the data was accepted, \s-1SSL_EARLY_DATA_REJECTED\s0 if it was rejected or \s-1SSL_EARLY_DATA_NOT_SENT\s0 if no early data was sent. This function may be called by either the client or the server. .PP -A server uses the \fISSL_read_early_data()\fR function to receive early data on a +A server uses the \fBSSL_read_early_data()\fR function to receive early data on a connection for which early data has been enabled using -\&\fISSL_CTX_set_max_early_data()\fR or \fISSL_set_max_early_data()\fR. As for -\&\fISSL_write_early_data()\fR, this must be the first \s-1IO\s0 function +\&\fBSSL_CTX_set_max_early_data()\fR or \fBSSL_set_max_early_data()\fR. As for +\&\fBSSL_write_early_data()\fR, this must be the first \s-1IO\s0 function called on a connection, i.e. it must occur before any calls to -\&\fISSL_write_ex\fR\|(3), \fISSL_read_ex\fR\|(3), \fISSL_accept\fR\|(3), \fISSL_do_handshake\fR\|(3), +\&\fBSSL_write_ex\fR\|(3), \fBSSL_read_ex\fR\|(3), \fBSSL_accept\fR\|(3), \fBSSL_do_handshake\fR\|(3), or other similar functions. .PP -\&\fISSL_read_early_data()\fR is similar to \fISSL_read_ex\fR\|(3) with the following -differences. Refer to \fISSL_read_ex\fR\|(3) for full details. +\&\fBSSL_read_early_data()\fR is similar to \fBSSL_read_ex\fR\|(3) with the following +differences. Refer to \fBSSL_read_ex\fR\|(3) for full details. .PP -\&\fISSL_read_early_data()\fR may return 3 possible values: +\&\fBSSL_read_early_data()\fR may return 3 possible values: .IP "\s-1SSL_READ_EARLY_DATA_ERROR\s0" 4 .IX Item "SSL_READ_EARLY_DATA_ERROR" This indicates an \s-1IO\s0 or some other error occurred. This should be treated in the -same way as a 0 return value from \fISSL_read_ex\fR\|(3). +same way as a 0 return value from \fBSSL_read_ex\fR\|(3). .IP "\s-1SSL_READ_EARLY_DATA_SUCCESS\s0" 4 .IX Item "SSL_READ_EARLY_DATA_SUCCESS" This indicates that early data was successfully read. This should be treated in -the same way as a 1 return value from \fISSL_read_ex\fR\|(3). You should continue to -call \fISSL_read_early_data()\fR to read more data. +the same way as a 1 return value from \fBSSL_read_ex\fR\|(3). You should continue to +call \fBSSL_read_early_data()\fR to read more data. .IP "\s-1SSL_READ_EARLY_DATA_FINISH\s0" 4 .IX Item "SSL_READ_EARLY_DATA_FINISH" This indicates that no more early data can be read. It may be returned on the -first call to \fISSL_read_early_data()\fR if the client has not sent any early data, +first call to \fBSSL_read_early_data()\fR if the client has not sent any early data, or if the early data was rejected. .PP -Once the initial \fISSL_read_early_data()\fR call has completed successfully (i.e. it +Once the initial \fBSSL_read_early_data()\fR call has completed successfully (i.e. it has returned \s-1SSL_READ_EARLY_DATA_SUCCESS\s0 or \s-1SSL_READ_EARLY_DATA_FINISH\s0) then the server may choose to write data immediately to the unauthenticated client using -\&\fISSL_write_early_data()\fR. If \fISSL_read_early_data()\fR returned +\&\fBSSL_write_early_data()\fR. If \fBSSL_read_early_data()\fR returned \&\s-1SSL_READ_EARLY_DATA_FINISH\s0 then in some situations (e.g. if the client only supports TLSv1.2) the handshake may have already been completed and calls -to \fISSL_write_early_data()\fR are not allowed. Call \fISSL_is_init_finished\fR\|(3) to +to \fBSSL_write_early_data()\fR are not allowed. Call \fBSSL_is_init_finished\fR\|(3) to determine whether the handshake has completed or not. If the handshake is still -in progress then the server may interleave calls to \fISSL_write_early_data()\fR with -calls to \fISSL_read_early_data()\fR as required. +in progress then the server may interleave calls to \fBSSL_write_early_data()\fR with +calls to \fBSSL_read_early_data()\fR as required. .PP -Servers must not call \fISSL_read_ex\fR\|(3), \fISSL_read\fR\|(3), \fISSL_write_ex\fR\|(3) or -\&\fISSL_write\fR\|(3) until \fISSL_read_early_data()\fR has returned with +Servers must not call \fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), \fBSSL_write_ex\fR\|(3) or +\&\fBSSL_write\fR\|(3) until \fBSSL_read_early_data()\fR has returned with \&\s-1SSL_READ_EARLY_DATA_FINISH.\s0 Once it has done so the connection to the client still needs to be completed. Complete the connection by calling a function such -as \fISSL_accept\fR\|(3) or \fISSL_do_handshake\fR\|(3). Alternatively you can call a -standard read function such as \fISSL_read_ex\fR\|(3), which will transparently +as \fBSSL_accept\fR\|(3) or \fBSSL_do_handshake\fR\|(3). Alternatively you can call a +standard read function such as \fBSSL_read_ex\fR\|(3), which will transparently complete the connection and read the requested data. Note that it is an error to -attempt to complete the connection before \fISSL_read_early_data()\fR has returned +attempt to complete the connection before \fBSSL_read_early_data()\fR has returned \&\s-1SSL_READ_EARLY_DATA_FINISH.\s0 .PP -Only servers may call \fISSL_read_early_data()\fR. +Only servers may call \fBSSL_read_early_data()\fR. .PP -Calls to \fISSL_read_early_data()\fR may, in certain circumstances, complete the +Calls to \fBSSL_read_early_data()\fR may, in certain circumstances, complete the connection immediately without further need to call a function such as -\&\fISSL_accept\fR\|(3). This can happen if the client is using a protocol version less +\&\fBSSL_accept\fR\|(3). This can happen if the client is using a protocol version less than TLSv1.3. Applications can test for this by calling -\&\fISSL_is_init_finished\fR\|(3). Alternatively, applications may choose to call -\&\fISSL_accept\fR\|(3) anyway. Such a call will successfully return immediately with no +\&\fBSSL_is_init_finished\fR\|(3). Alternatively, applications may choose to call +\&\fBSSL_accept\fR\|(3) anyway. Such a call will successfully return immediately with no further action taken. .PP When a session is created between a server and a client the server will specify the maximum amount of any early data that it will accept on any future connection attempt. By default the server does not accept early data; a server may indicate support for early data by calling -\&\fISSL_CTX_set_max_early_data()\fR or -\&\fISSL_set_max_early_data()\fR to set it for the whole \s-1SSL_CTX\s0 or an individual \s-1SSL\s0 +\&\fBSSL_CTX_set_max_early_data()\fR or +\&\fBSSL_set_max_early_data()\fR to set it for the whole \s-1SSL_CTX\s0 or an individual \s-1SSL\s0 object respectively. The \fBmax_early_data\fR parameter specifies the maximum amount of early data in bytes that is permitted to be sent on a single -connection. Similarly the \fISSL_CTX_get_max_early_data()\fR and -\&\fISSL_get_max_early_data()\fR functions can be used to obtain the current maximum +connection. Similarly the \fBSSL_CTX_get_max_early_data()\fR and +\&\fBSSL_get_max_early_data()\fR functions can be used to obtain the current maximum early data settings for the \s-1SSL_CTX\s0 and \s-1SSL\s0 objects respectively. Generally a -server application will either use both of \fISSL_read_early_data()\fR and -\&\fISSL_CTX_set_max_early_data()\fR (or \fISSL_set_max_early_data()\fR), or neither of them, +server application will either use both of \fBSSL_read_early_data()\fR and +\&\fBSSL_CTX_set_max_early_data()\fR (or \fBSSL_set_max_early_data()\fR), or neither of them, since there is no practical benefit from using only one of them. If the maximum early data setting for a server is non-zero then replay protection is automatically enabled (see \*(L"\s-1REPLAY PROTECTION\*(R"\s0 below). @@ -319,9 +323,9 @@ If the server rejects the early data sent by a client then it will skip over the data that is sent. The maximum amount of received early data that is skipped is controlled by the recv_max_early_data setting. If a client sends more than this then the connection will abort. This value can be set by calling -\&\fISSL_CTX_set_recv_max_early_data()\fR or \fISSL_set_recv_max_early_data()\fR. The current +\&\fBSSL_CTX_set_recv_max_early_data()\fR or \fBSSL_set_recv_max_early_data()\fR. The current value for this setting can be obtained by calling -\&\fISSL_CTX_get_recv_max_early_data()\fR or \fISSL_get_recv_max_early_data()\fR. The default +\&\fBSSL_CTX_get_recv_max_early_data()\fR or \fBSSL_get_recv_max_early_data()\fR. The default value for this setting is 16,384 bytes. .PP The recv_max_early_data value also has an impact on early data that is accepted. @@ -339,7 +343,7 @@ the current configured max_early_data value. Some server applications may wish to have more control over whether early data is accepted or not, for example to mitigate replay risks (see \*(L"\s-1REPLAY PROTECTION\*(R"\s0 below) or to decline early_data when the server is heavily loaded. The functions -\&\fISSL_CTX_set_allow_early_data_cb()\fR and \fISSL_set_allow_early_data_cb()\fR set a +\&\fBSSL_CTX_set_allow_early_data_cb()\fR and \fBSSL_set_allow_early_data_cb()\fR set a callback which is called at a point in the handshake immediately before a decision is made to accept or reject early data. The callback is provided with a pointer to the user data argument that was provided when the callback was first @@ -363,8 +367,8 @@ yet received an \s-1ACK\s0 for from the peer. The buffered data will only be transmitted if enough data to fill an entire \s-1TCP\s0 packet is accumulated, or if the \s-1ACK\s0 is received from the peer. The initial ClientHello will be sent in the first \s-1TCP\s0 packet along with any data from the first call to -\&\fISSL_write_early_data()\fR. If the amount of data written will exceed the size of a -single \s-1TCP\s0 packet, or if there are more calls to \fISSL_write_early_data()\fR then +\&\fBSSL_write_early_data()\fR. If the amount of data written will exceed the size of a +single \s-1TCP\s0 packet, or if there are more calls to \fBSSL_write_early_data()\fR then that additional data will be sent in subsequent \s-1TCP\s0 packets which will be buffered by the \s-1OS\s0 and not sent until an \s-1ACK\s0 is received for the first packet containing the ClientHello. This means the early data is not actually @@ -380,7 +384,7 @@ In rare circumstances, it may be possible for a client to have a session that reports a max early data value greater than 0, but where the server does not support this. For example, this can occur if a server has had its configuration changed to accept a lower max early data value such as by calling -\&\fISSL_CTX_set_recv_max_early_data()\fR. Another example is if a server used to +\&\fBSSL_CTX_set_recv_max_early_data()\fR. Another example is if a server used to support TLSv1.3 but was later downgraded to TLSv1.2. Sending early data to such a server will cause the connection to abort. Clients that encounter an aborted connection while sending early data may want to retry the connection without @@ -401,9 +405,9 @@ was submitted will be ignored). Note that single use tickets are enforced even if a client does not send any early data. .PP The replay protection mechanism relies on the internal OpenSSL server session -cache (see \fISSL_CTX_set_session_cache_mode\fR\|(3)). When replay protection is +cache (see \fBSSL_CTX_set_session_cache_mode\fR\|(3)). When replay protection is being used the server will operate as if the \s-1SSL_OP_NO_TICKET\s0 option had been -selected (see \fISSL_CTX_set_options\fR\|(3)). Sessions will be added to the cache +selected (see \fBSSL_CTX_set_options\fR\|(3)). Sessions will be added to the cache whenever a session ticket is issued. When a client attempts to resume the session, OpenSSL will check for its presence in the internal cache. If it exists then the resumption is allowed and the session is removed from the cache. If it @@ -411,64 +415,64 @@ does not exist then the resumption is not allowed and a full handshake will occur. .PP Note that some applications may maintain an external cache of sessions (see -\&\fISSL_CTX_sess_set_new_cb\fR\|(3) and similar functions). It is the application's +\&\fBSSL_CTX_sess_set_new_cb\fR\|(3) and similar functions). It is the application's responsibility to ensure that any sessions in the external cache are also populated in the internal cache and that once removed from the internal cache they are similarly removed from the external cache. Failing to do this could result in an application becoming vulnerable to replay attacks. Note that OpenSSL will lock the internal cache while a session is removed but that lock is -not held when the remove session callback (see \fISSL_CTX_sess_set_remove_cb\fR\|(3)) +not held when the remove session callback (see \fBSSL_CTX_sess_set_remove_cb\fR\|(3)) is called. This could result in a small amount of time where the session has been removed from the internal cache but is still available in the external cache. Applications should be designed with this in mind in order to minimise the possibility of replay attacks. .PP The OpenSSL replay protection does not apply to external Pre Shared Keys (PSKs) -(e.g. see \fISSL_CTX_set_psk_find_session_callback\fR\|(3)). Therefore extreme caution +(e.g. see \fBSSL_CTX_set_psk_find_session_callback\fR\|(3)). Therefore extreme caution should be applied when combining external PSKs with early data. .PP Some applications may mitigate the replay risks in other ways. For those applications it is possible to turn off the built-in replay protection feature -using the \fB\s-1SSL_OP_NO_ANTI_REPLAY\s0\fR option. See \fISSL_CTX_set_options\fR\|(3) for +using the \fB\s-1SSL_OP_NO_ANTI_REPLAY\s0\fR option. See \fBSSL_CTX_set_options\fR\|(3) for details. Applications can also set a callback to make decisions about accepting -early data or not. See \fISSL_CTX_set_allow_early_data_cb()\fR above for details. +early data or not. See \fBSSL_CTX_set_allow_early_data_cb()\fR above for details. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_write_early_data()\fR returns 1 for success or 0 for failure. In the event of a -failure call \fISSL_get_error\fR\|(3) to determine the correct course of action. +\&\fBSSL_write_early_data()\fR returns 1 for success or 0 for failure. In the event of a +failure call \fBSSL_get_error\fR\|(3) to determine the correct course of action. .PP -\&\fISSL_read_early_data()\fR returns \s-1SSL_READ_EARLY_DATA_ERROR\s0 for failure, +\&\fBSSL_read_early_data()\fR returns \s-1SSL_READ_EARLY_DATA_ERROR\s0 for failure, \&\s-1SSL_READ_EARLY_DATA_SUCCESS\s0 for success with more data to read and \&\s-1SSL_READ_EARLY_DATA_FINISH\s0 for success with no more to data be read. In the -event of a failure call \fISSL_get_error\fR\|(3) to determine the correct course of +event of a failure call \fBSSL_get_error\fR\|(3) to determine the correct course of action. .PP -\&\fISSL_get_max_early_data()\fR, \fISSL_CTX_get_max_early_data()\fR and -\&\fISSL_SESSION_get_max_early_data()\fR return the maximum number of early data bytes +\&\fBSSL_get_max_early_data()\fR, \fBSSL_CTX_get_max_early_data()\fR and +\&\fBSSL_SESSION_get_max_early_data()\fR return the maximum number of early data bytes that may be sent. .PP -\&\fISSL_set_max_early_data()\fR, \fISSL_CTX_set_max_early_data()\fR and -\&\fISSL_SESSION_set_max_early_data()\fR return 1 for success or 0 for failure. +\&\fBSSL_set_max_early_data()\fR, \fBSSL_CTX_set_max_early_data()\fR and +\&\fBSSL_SESSION_set_max_early_data()\fR return 1 for success or 0 for failure. .PP -\&\fISSL_get_early_data_status()\fR returns \s-1SSL_EARLY_DATA_ACCEPTED\s0 if early data was +\&\fBSSL_get_early_data_status()\fR returns \s-1SSL_EARLY_DATA_ACCEPTED\s0 if early data was accepted by the server, \s-1SSL_EARLY_DATA_REJECTED\s0 if early data was rejected by the server, or \s-1SSL_EARLY_DATA_NOT_SENT\s0 if no early data was sent. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_get_error\fR\|(3), -\&\fISSL_write_ex\fR\|(3), -\&\fISSL_read_ex\fR\|(3), -\&\fISSL_connect\fR\|(3), -\&\fISSL_accept\fR\|(3), -\&\fISSL_do_handshake\fR\|(3), -\&\fISSL_CTX_set_psk_use_session_callback\fR\|(3), -\&\fIssl\fR\|(7) +\&\fBSSL_get_error\fR\|(3), +\&\fBSSL_write_ex\fR\|(3), +\&\fBSSL_read_ex\fR\|(3), +\&\fBSSL_connect\fR\|(3), +\&\fBSSL_accept\fR\|(3), +\&\fBSSL_do_handshake\fR\|(3), +\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3), +\&\fBssl\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" All of the functions described above were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/SSL_rstate_string.3 b/secure/lib/libcrypto/man/SSL_rstate_string.3 index 11c4f8543d04..daec70ee8fdc 100644 --- a/secure/lib/libcrypto/man/SSL_rstate_string.3 +++ b/secure/lib/libcrypto/man/SSL_rstate_string.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_RSTATE_STRING 3" -.TH SSL_RSTATE_STRING 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_RSTATE_STRING 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,10 +150,10 @@ SSL_rstate_string, SSL_rstate_string_long \- get textual description of state of .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_rstate_string()\fR returns a 2 letter string indicating the current read state +\&\fBSSL_rstate_string()\fR returns a 2 letter string indicating the current read state of the \s-1SSL\s0 object \fBssl\fR. .PP -\&\fISSL_rstate_string_long()\fR returns a string indicating the current read state of +\&\fBSSL_rstate_string_long()\fR returns a string indicating the current read state of the \s-1SSL\s0 object \fBssl\fR. .SH "NOTES" .IX Header "NOTES" @@ -160,7 +164,7 @@ SSL_rstate_string[_long]() should always return \*(L"\s-1RD\*(R"/\s0\*(L"read do This function should only seldom be needed in applications. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_rstate_string()\fR and \fISSL_rstate_string_long()\fR can return the following +\&\fBSSL_rstate_string()\fR and \fBSSL_rstate_string_long()\fR can return the following values: .ie n .IP """\s-1RH""/\s0""read header""" 4 .el .IP "``\s-1RH''/\s0``read header''" 4 @@ -180,7 +184,7 @@ The record has been completely processed. The read state is unknown. This should never happen. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7) +\&\fBssl\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_session_reused.3 b/secure/lib/libcrypto/man/SSL_session_reused.3 index a7e58b3e2a34..9303ef8e5664 100644 --- a/secure/lib/libcrypto/man/SSL_session_reused.3 +++ b/secure/lib/libcrypto/man/SSL_session_reused.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_REUSED 3" -.TH SSL_SESSION_REUSED 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_SESSION_REUSED 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -162,8 +166,8 @@ A new session was negotiated. A session was reused. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_set_session\fR\|(3), -\&\fISSL_CTX_set_session_cache_mode\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_set_session\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_set1_host.3 b/secure/lib/libcrypto/man/SSL_set1_host.3 index 6889f0e918e2..a91b66018624 100644 --- a/secure/lib/libcrypto/man/SSL_set1_host.3 +++ b/secure/lib/libcrypto/man/SSL_set1_host.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SET1_HOST 3" -.TH SSL_SET1_HOST 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_SET1_HOST 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,37 +154,37 @@ SSL_set1_host, SSL_add1_host, SSL_set_hostflags, SSL_get0_peername \- SSL server .IX Header "DESCRIPTION" These functions configure server hostname checks in the \s-1SSL\s0 client. .PP -\&\fISSL_set1_host()\fR sets the expected \s-1DNS\s0 hostname to \fBname\fR clearing +\&\fBSSL_set1_host()\fR sets the expected \s-1DNS\s0 hostname to \fBname\fR clearing any previously specified host name or names. If \fBname\fR is \s-1NULL,\s0 or the empty string the list of hostnames is cleared, and name checks are not performed on the peer certificate. When a non-empty \&\fBname\fR is specified, certificate verification automatically checks -the peer hostname via \fIX509_check_host\fR\|(3) with \fBflags\fR as specified -via \fISSL_set_hostflags()\fR. Clients that enable \s-1DANE TLSA\s0 authentication -via \fISSL_dane_enable\fR\|(3) should leave it to that function to set +the peer hostname via \fBX509_check_host\fR\|(3) with \fBflags\fR as specified +via \fBSSL_set_hostflags()\fR. Clients that enable \s-1DANE TLSA\s0 authentication +via \fBSSL_dane_enable\fR\|(3) should leave it to that function to set the primary reference identifier of the peer, and should not call -\&\fISSL_set1_host()\fR. +\&\fBSSL_set1_host()\fR. .PP -\&\fISSL_add1_host()\fR adds \fBname\fR as an additional reference identifier +\&\fBSSL_add1_host()\fR adds \fBname\fR as an additional reference identifier that can match the peer's certificate. Any previous names set via -\&\fISSL_set1_host()\fR or \fISSL_add1_host()\fR are retained, no change is made +\&\fBSSL_set1_host()\fR or \fBSSL_add1_host()\fR are retained, no change is made if \fBname\fR is \s-1NULL\s0 or empty. When multiple names are configured, the peer is considered verified when any name matches. This function is required for \s-1DANE TLSA\s0 in the presence of service name indirection via \s-1CNAME, MX\s0 or \s-1SRV\s0 records as specified in \s-1RFC7671, RFC7672\s0 or \&\s-1RFC7673.\s0 .PP -\&\fISSL_set_hostflags()\fR sets the \fBflags\fR that will be passed to -\&\fIX509_check_host\fR\|(3) when name checks are applicable, by default -the \fBflags\fR value is 0. See \fIX509_check_host\fR\|(3) for the list +\&\fBSSL_set_hostflags()\fR sets the \fBflags\fR that will be passed to +\&\fBX509_check_host\fR\|(3) when name checks are applicable, by default +the \fBflags\fR value is 0. See \fBX509_check_host\fR\|(3) for the list of available flags and their meaning. .PP -\&\fISSL_get0_peername()\fR returns the \s-1DNS\s0 hostname or subject CommonName +\&\fBSSL_get0_peername()\fR returns the \s-1DNS\s0 hostname or subject CommonName from the peer certificate that matched one of the reference identifiers. When wildcard matching is not disabled, the name matched in the peer certificate may be a wildcard name. When one -of the reference identifiers configured via \fISSL_set1_host()\fR or -\&\fISSL_add1_host()\fR starts with \*(L".\*(R", which indicates a parent domain prefix +of the reference identifiers configured via \fBSSL_set1_host()\fR or +\&\fBSSL_add1_host()\fR starts with \*(L".\*(R", which indicates a parent domain prefix rather than a fixed name, the matched peer name may be a sub-domain of the reference identifier. The returned string is allocated by the library and is no longer valid once the associated \fBssl\fR handle @@ -188,19 +192,19 @@ is cleared or freed, or a renegotiation takes place. Applications must not free the return value. .PP \&\s-1SSL\s0 clients are advised to use these functions in preference to -explicitly calling \fIX509_check_host\fR\|(3). Hostname checks may be out -of scope with the \s-1RFC7671 \fIDANE\-EE\s0\fR\|(3) certificate usage, and the +explicitly calling \fBX509_check_host\fR\|(3). Hostname checks may be out +of scope with the \s-1RFC7671 \fBDANE\-EE\s0\fR\|(3) certificate usage, and the internal check will be suppressed as appropriate when \s-1DANE\s0 is enabled. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_set1_host()\fR and \fISSL_add1_host()\fR return 1 for success and 0 for +\&\fBSSL_set1_host()\fR and \fBSSL_add1_host()\fR return 1 for success and 0 for failure. .PP -\&\fISSL_get0_peername()\fR returns \s-1NULL\s0 if peername verification is not -applicable (as with \s-1RFC7671 \fIDANE\-EE\s0\fR\|(3)), or no trusted peername was +\&\fBSSL_get0_peername()\fR returns \s-1NULL\s0 if peername verification is not +applicable (as with \s-1RFC7671 \fBDANE\-EE\s0\fR\|(3)), or no trusted peername was matched. Otherwise, it returns the matched peername. To determine -whether verification succeeded call \fISSL_get_verify_result\fR\|(3). +whether verification succeeded call \fBSSL_get_verify_result\fR\|(3). .SH "EXAMPLE" .IX Header "EXAMPLE" Suppose \*(L"smtp.example.com\*(R" is the \s-1MX\s0 host of the domain \*(L"example.com\*(R". @@ -229,12 +233,12 @@ the lifetime of the \s-1SSL\s0 connection. .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIX509_check_host\fR\|(3), -\&\fISSL_get_verify_result\fR\|(3). -\&\fISSL_dane_enable\fR\|(3). +\&\fBX509_check_host\fR\|(3), +\&\fBSSL_get_verify_result\fR\|(3). +\&\fBSSL_dane_enable\fR\|(3). .SH "HISTORY" .IX Header "HISTORY" -These functions were first added to OpenSSL 1.1.0. +These functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_set_bio.3 b/secure/lib/libcrypto/man/SSL_set_bio.3 index 3804259974a2..55832fae8832 100644 --- a/secure/lib/libcrypto/man/SSL_set_bio.3 +++ b/secure/lib/libcrypto/man/SSL_set_bio.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SET_BIO 3" -.TH SSL_SET_BIO 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_SET_BIO 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,23 +151,23 @@ SSL_set_bio, SSL_set0_rbio, SSL_set0_wbio \- connect the SSL object with a BIO .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_set0_rbio()\fR connects the \s-1BIO\s0 \fBrbio\fR for the read operations of the \fBssl\fR +\&\fBSSL_set0_rbio()\fR connects the \s-1BIO\s0 \fBrbio\fR for the read operations of the \fBssl\fR object. The \s-1SSL\s0 engine inherits the behaviour of \fBrbio\fR. If the \s-1BIO\s0 is non-blocking then the \fBssl\fR object will also have non-blocking behaviour. This function transfers ownership of \fBrbio\fR to \fBssl\fR. It will be automatically -freed using \fIBIO_free_all\fR\|(3) when the \fBssl\fR is freed. On calling this +freed using \fBBIO_free_all\fR\|(3) when the \fBssl\fR is freed. On calling this function, any existing \fBrbio\fR that was previously set will also be freed via a -call to \fIBIO_free_all\fR\|(3) (this includes the case where the \fBrbio\fR is set to +call to \fBBIO_free_all\fR\|(3) (this includes the case where the \fBrbio\fR is set to the same value as previously). .PP -\&\fISSL_set0_wbio()\fR works in the same as \fISSL_set0_rbio()\fR except that it connects +\&\fBSSL_set0_wbio()\fR works in the same as \fBSSL_set0_rbio()\fR except that it connects the \s-1BIO\s0 \fBwbio\fR for the write operations of the \fBssl\fR object. Note that if the -rbio and wbio are the same then \fISSL_set0_rbio()\fR and \fISSL_set0_wbio()\fR each take +rbio and wbio are the same then \fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR each take ownership of one reference. Therefore it may be necessary to increment the -number of references available using \fIBIO_up_ref\fR\|(3) before calling the set0 +number of references available using \fBBIO_up_ref\fR\|(3) before calling the set0 functions. .PP -\&\fISSL_set_bio()\fR is similar to \fISSL_set0_rbio()\fR and \fISSL_set0_wbio()\fR except +\&\fBSSL_set_bio()\fR is similar to \fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR except that it connects both the \fBrbio\fR and the \fBwbio\fR at the same time, and transfers the ownership of \fBrbio\fR and \fBwbio\fR to \fBssl\fR according to the following set of rules: @@ -201,18 +205,18 @@ is consumed for the \fBwbio\fR. .PP Because of this complexity, this function should be avoided; -use \fISSL_set0_rbio()\fR and \fISSL_set0_wbio()\fR instead. +use \fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR instead. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_set_bio()\fR, \fISSL_set0_rbio()\fR and \fISSL_set0_wbio()\fR cannot fail. +\&\fBSSL_set_bio()\fR, \fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR cannot fail. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_get_rbio\fR\|(3), -\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3), -\&\fISSL_shutdown\fR\|(3), \fIssl\fR\|(7), \fIbio\fR\|(7) +\&\fBSSL_get_rbio\fR\|(3), +\&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" -\&\fISSL_set0_rbio()\fR and \fISSL_set0_wbio()\fR were added in OpenSSL 1.1.0. +\&\fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_set_connect_state.3 b/secure/lib/libcrypto/man/SSL_set_connect_state.3 index fcf2e6222505..2878dbbaaa03 100644 --- a/secure/lib/libcrypto/man/SSL_set_connect_state.3 +++ b/secure/lib/libcrypto/man/SSL_set_connect_state.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SET_CONNECT_STATE 3" -.TH SSL_SET_CONNECT_STATE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_SET_CONNECT_STATE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,50 +153,50 @@ SSL_set_connect_state, SSL_set_accept_state, SSL_is_server \&\- functions for ma .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_set_connect_state()\fR sets \fBssl\fR to work in client mode. +\&\fBSSL_set_connect_state()\fR sets \fBssl\fR to work in client mode. .PP -\&\fISSL_set_accept_state()\fR sets \fBssl\fR to work in server mode. +\&\fBSSL_set_accept_state()\fR sets \fBssl\fR to work in server mode. .PP -\&\fISSL_is_server()\fR checks if \fBssl\fR is working in server mode. +\&\fBSSL_is_server()\fR checks if \fBssl\fR is working in server mode. .SH "NOTES" .IX Header "NOTES" -When the \s-1SSL_CTX\s0 object was created with \fISSL_CTX_new\fR\|(3), +When the \s-1SSL_CTX\s0 object was created with \fBSSL_CTX_new\fR\|(3), it was either assigned a dedicated client method, a dedicated server method, or a generic method, that can be used for both client and server connections. (The method might have been changed with -\&\fISSL_CTX_set_ssl_version\fR\|(3) or -\&\fISSL_set_ssl_method\fR\|(3).) +\&\fBSSL_CTX_set_ssl_version\fR\|(3) or +\&\fBSSL_set_ssl_method\fR\|(3).) .PP When beginning a new handshake, the \s-1SSL\s0 engine must know whether it must call the connect (client) or accept (server) routines. Even though it may be clear from the method chosen, whether client or server mode was requested, the handshake routines must be explicitly set. .PP -When using the \fISSL_connect\fR\|(3) or -\&\fISSL_accept\fR\|(3) routines, the correct handshake +When using the \fBSSL_connect\fR\|(3) or +\&\fBSSL_accept\fR\|(3) routines, the correct handshake routines are automatically set. When performing a transparent negotiation -using \fISSL_write_ex\fR\|(3), \fISSL_write\fR\|(3), \fISSL_read_ex\fR\|(3), or \fISSL_read\fR\|(3), +using \fBSSL_write_ex\fR\|(3), \fBSSL_write\fR\|(3), \fBSSL_read_ex\fR\|(3), or \fBSSL_read\fR\|(3), the handshake routines must be explicitly set in advance using either -\&\fISSL_set_connect_state()\fR or \fISSL_set_accept_state()\fR. +\&\fBSSL_set_connect_state()\fR or \fBSSL_set_accept_state()\fR. .PP -If \fISSL_is_server()\fR is called before \fISSL_set_connect_state()\fR or -\&\fISSL_set_accept_state()\fR is called (either automatically or explicitly), +If \fBSSL_is_server()\fR is called before \fBSSL_set_connect_state()\fR or +\&\fBSSL_set_accept_state()\fR is called (either automatically or explicitly), the result depends on what method was used when \s-1SSL_CTX\s0 was created with -\&\fISSL_CTX_new\fR\|(3). If a generic method or a dedicated server method was -passed to \fISSL_CTX_new\fR\|(3), \fISSL_is_server()\fR returns 1; otherwise, it returns 0. +\&\fBSSL_CTX_new\fR\|(3). If a generic method or a dedicated server method was +passed to \fBSSL_CTX_new\fR\|(3), \fBSSL_is_server()\fR returns 1; otherwise, it returns 0. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_set_connect_state()\fR and \fISSL_set_accept_state()\fR do not return diagnostic +\&\fBSSL_set_connect_state()\fR and \fBSSL_set_accept_state()\fR do not return diagnostic information. .PP -\&\fISSL_is_server()\fR returns 1 if \fBssl\fR is working in server mode or 0 for client mode. +\&\fBSSL_is_server()\fR returns 1 if \fBssl\fR is working in server mode or 0 for client mode. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_new\fR\|(3), \fISSL_CTX_new\fR\|(3), -\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3), -\&\fISSL_write_ex\fR\|(3), \fISSL_write\fR\|(3), \fISSL_read_ex\fR\|(3), \fISSL_read\fR\|(3), -\&\fISSL_do_handshake\fR\|(3), -\&\fISSL_CTX_set_ssl_version\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3), \fBSSL_CTX_new\fR\|(3), +\&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3), +\&\fBSSL_write_ex\fR\|(3), \fBSSL_write\fR\|(3), \fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), +\&\fBSSL_do_handshake\fR\|(3), +\&\fBSSL_CTX_set_ssl_version\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_set_fd.3 b/secure/lib/libcrypto/man/SSL_set_fd.3 index 00729d4d7c60..20ca2da2050c 100644 --- a/secure/lib/libcrypto/man/SSL_set_fd.3 +++ b/secure/lib/libcrypto/man/SSL_set_fd.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SET_FD 3" -.TH SSL_SET_FD 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_SET_FD 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,7 +151,7 @@ SSL_set_fd, SSL_set_rfd, SSL_set_wfd \- connect the SSL object with a file descr .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_set_fd()\fR sets the file descriptor \fBfd\fR as the input/output facility +\&\fBSSL_set_fd()\fR sets the file descriptor \fBfd\fR as the input/output facility for the \s-1TLS/SSL\s0 (encrypted) side of \fBssl\fR. \fBfd\fR will typically be the socket file descriptor of a network connection. .PP @@ -156,10 +160,10 @@ interface between the \fBssl\fR and \fBfd\fR. The \s-1BIO\s0 and hence the \s-1S inherit the behaviour of \fBfd\fR. If \fBfd\fR is non-blocking, the \fBssl\fR will also have non-blocking behaviour. .PP -If there was already a \s-1BIO\s0 connected to \fBssl\fR, \fIBIO_free()\fR will be called +If there was already a \s-1BIO\s0 connected to \fBssl\fR, \fBBIO_free()\fR will be called (for both the reading and writing side, if different). .PP -\&\fISSL_set_rfd()\fR and \fISSL_set_wfd()\fR perform the respective action, but only +\&\fBSSL_set_rfd()\fR and \fBSSL_set_wfd()\fR perform the respective action, but only for the read channel or the write channel, which can be set independently. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -171,9 +175,9 @@ The operation failed. Check the error stack to find out why. The operation succeeded. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_get_fd\fR\|(3), \fISSL_set_bio\fR\|(3), -\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3), -\&\fISSL_shutdown\fR\|(3), \fIssl\fR\|(7) , \fIbio\fR\|(7) +\&\fBSSL_get_fd\fR\|(3), \fBSSL_set_bio\fR\|(3), +\&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), \fBssl\fR\|(7) , \fBbio\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_set_session.3 b/secure/lib/libcrypto/man/SSL_set_session.3 index efb1e3880f43..4c5b9be7c1eb 100644 --- a/secure/lib/libcrypto/man/SSL_set_session.3 +++ b/secure/lib/libcrypto/man/SSL_set_session.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SET_SESSION 3" -.TH SSL_SET_SESSION 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_SET_SESSION 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,19 +149,19 @@ SSL_set_session \- set a TLS/SSL session to be used during TLS/SSL connect .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_set_session()\fR sets \fBsession\fR to be used when the \s-1TLS/SSL\s0 connection -is to be established. \fISSL_set_session()\fR is only useful for \s-1TLS/SSL\s0 clients. +\&\fBSSL_set_session()\fR sets \fBsession\fR to be used when the \s-1TLS/SSL\s0 connection +is to be established. \fBSSL_set_session()\fR is only useful for \s-1TLS/SSL\s0 clients. When the session is set, the reference count of \fBsession\fR is incremented by 1. If the session is not reused, the reference count is decremented -again during \fISSL_connect()\fR. Whether the session was reused can be queried -with the \fISSL_session_reused\fR\|(3) call. +again during \fBSSL_connect()\fR. Whether the session was reused can be queried +with the \fBSSL_session_reused\fR\|(3) call. .PP If there is already a session set inside \fBssl\fR (because it was set with -\&\fISSL_set_session()\fR before or because the same \fBssl\fR was already used for -a connection), \fISSL_SESSION_free()\fR will be called for that session. If that old +\&\fBSSL_set_session()\fR before or because the same \fBssl\fR was already used for +a connection), \fBSSL_SESSION_free()\fR will be called for that session. If that old session is still \fBopen\fR, it is considered bad and will be removed from the -session cache (if used). A session is considered open, if \fISSL_shutdown\fR\|(3) was -not called for the connection (or at least \fISSL_set_shutdown\fR\|(3) was used to +session cache (if used). A session is considered open, if \fBSSL_shutdown\fR\|(3) was +not called for the connection (or at least \fBSSL_set_shutdown\fR\|(3) was used to set the \s-1SSL_SENT_SHUTDOWN\s0 state). .SH "NOTES" .IX Header "NOTES" @@ -176,10 +180,10 @@ The operation failed; check the error stack to find out the reason. The operation succeeded. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_SESSION_free\fR\|(3), -\&\fISSL_get_session\fR\|(3), -\&\fISSL_session_reused\fR\|(3), -\&\fISSL_CTX_set_session_cache_mode\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_SESSION_free\fR\|(3), +\&\fBSSL_get_session\fR\|(3), +\&\fBSSL_session_reused\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_set_shutdown.3 b/secure/lib/libcrypto/man/SSL_set_shutdown.3 index c255dd93b81b..307dc948d1e7 100644 --- a/secure/lib/libcrypto/man/SSL_set_shutdown.3 +++ b/secure/lib/libcrypto/man/SSL_set_shutdown.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SET_SHUTDOWN 3" -.TH SSL_SET_SHUTDOWN 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_SET_SHUTDOWN 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,9 +151,9 @@ SSL_set_shutdown, SSL_get_shutdown \- manipulate shutdown state of an SSL connec .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_set_shutdown()\fR sets the shutdown state of \fBssl\fR to \fBmode\fR. +\&\fBSSL_set_shutdown()\fR sets the shutdown state of \fBssl\fR to \fBmode\fR. .PP -\&\fISSL_get_shutdown()\fR returns the shutdown mode of \fBssl\fR. +\&\fBSSL_get_shutdown()\fR returns the shutdown mode of \fBssl\fR. .SH "NOTES" .IX Header "NOTES" The shutdown state of an ssl connection is a bitmask of: @@ -168,28 +172,28 @@ or a fatal error. .PP The shutdown state of the connection is used to determine the state of the ssl session. If the session is still open, when -\&\fISSL_clear\fR\|(3) or \fISSL_free\fR\|(3) is called, +\&\fBSSL_clear\fR\|(3) or \fBSSL_free\fR\|(3) is called, it is considered bad and removed according to \s-1RFC2246.\s0 The actual condition for a correctly closed session is \s-1SSL_SENT_SHUTDOWN\s0 (according to the \s-1TLS RFC,\s0 it is acceptable to only send the close_notify alert but to not wait for the peer's answer, when the underlying connection is closed). -\&\fISSL_set_shutdown()\fR can be used to set this state without sending a -close alert to the peer (see \fISSL_shutdown\fR\|(3)). +\&\fBSSL_set_shutdown()\fR can be used to set this state without sending a +close alert to the peer (see \fBSSL_shutdown\fR\|(3)). .PP If a close_notify was received, \s-1SSL_RECEIVED_SHUTDOWN\s0 will be set, for setting \s-1SSL_SENT_SHUTDOWN\s0 the application must however still call -\&\fISSL_shutdown\fR\|(3) or \fISSL_set_shutdown()\fR itself. +\&\fBSSL_shutdown\fR\|(3) or \fBSSL_set_shutdown()\fR itself. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_set_shutdown()\fR does not return diagnostic information. +\&\fBSSL_set_shutdown()\fR does not return diagnostic information. .PP -\&\fISSL_get_shutdown()\fR returns the current setting. +\&\fBSSL_get_shutdown()\fR returns the current setting. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_shutdown\fR\|(3), -\&\fISSL_CTX_set_quiet_shutdown\fR\|(3), -\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_shutdown\fR\|(3), +\&\fBSSL_CTX_set_quiet_shutdown\fR\|(3), +\&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_set_verify_result.3 b/secure/lib/libcrypto/man/SSL_set_verify_result.3 index 2538fa8f6000..76804899ba3f 100644 --- a/secure/lib/libcrypto/man/SSL_set_verify_result.3 +++ b/secure/lib/libcrypto/man/SSL_set_verify_result.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SET_VERIFY_RESULT 3" -.TH SSL_SET_VERIFY_RESULT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_SET_VERIFY_RESULT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,25 +149,25 @@ SSL_set_verify_result \- override result of peer certificate verification .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_set_verify_result()\fR sets \fBverify_result\fR of the object \fBssl\fR to be the +\&\fBSSL_set_verify_result()\fR sets \fBverify_result\fR of the object \fBssl\fR to be the result of the verification of the X509 certificate presented by the peer, if any. .SH "NOTES" .IX Header "NOTES" -\&\fISSL_set_verify_result()\fR overrides the verification result. It only changes +\&\fBSSL_set_verify_result()\fR overrides the verification result. It only changes the verification result of the \fBssl\fR object. It does not become part of the established session, so if the session is to be reused later, the original value will reappear. .PP -The valid codes for \fBverify_result\fR are documented in \fIverify\fR\|(1). +The valid codes for \fBverify_result\fR are documented in \fBverify\fR\|(1). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_set_verify_result()\fR does not provide a return value. +\&\fBSSL_set_verify_result()\fR does not provide a return value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_get_verify_result\fR\|(3), -\&\fISSL_get_peer_certificate\fR\|(3), -\&\fIverify\fR\|(1) +\&\fBssl\fR\|(7), \fBSSL_get_verify_result\fR\|(3), +\&\fBSSL_get_peer_certificate\fR\|(3), +\&\fBverify\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_shutdown.3 b/secure/lib/libcrypto/man/SSL_shutdown.3 index 47c7477c7cbc..6160b111ebb9 100644 --- a/secure/lib/libcrypto/man/SSL_shutdown.3 +++ b/secure/lib/libcrypto/man/SSL_shutdown.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SHUTDOWN 3" -.TH SSL_SHUTDOWN 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_SHUTDOWN 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,15 +149,19 @@ SSL_shutdown \- shut down a TLS/SSL connection .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_shutdown()\fR shuts down an active \s-1TLS/SSL\s0 connection. It sends the +\&\fBSSL_shutdown()\fR shuts down an active \s-1TLS/SSL\s0 connection. It sends the close_notify shutdown alert to the peer. .SH "NOTES" .IX Header "NOTES" -\&\fISSL_shutdown()\fR tries to send the close_notify shutdown alert to the peer. +\&\fBSSL_shutdown()\fR tries to send the close_notify shutdown alert to the peer. Whether the operation succeeds or not, the \s-1SSL_SENT_SHUTDOWN\s0 flag is set and a currently open session is considered closed and good and will be kept in the session cache for further reuse. .PP +Note that \fBSSL_shutdown()\fR must not be called if a previous fatal error has +occurred on a connection i.e. if \fBSSL_get_error()\fR has returned \s-1SSL_ERROR_SYSCALL\s0 +or \s-1SSL_ERROR_SSL.\s0 +.PP The shutdown procedure consists of two steps: sending of the close_notify shutdown alert, and reception of the peer's close_notify shutdown alert. The order of those two steps depends on the application. @@ -176,19 +184,19 @@ When the underlying connection shall be used for more communications, the complete shutdown procedure must be performed, so that the peers stay synchronized. .PP -\&\fISSL_shutdown()\fR only closes the write direction. -It is not possible to call \fISSL_write()\fR after calling \fISSL_shutdown()\fR. +\&\fBSSL_shutdown()\fR only closes the write direction. +It is not possible to call \fBSSL_write()\fR after calling \fBSSL_shutdown()\fR. The read direction is closed by the peer. .SS "First to close the connection" .IX Subsection "First to close the connection" When the application is the first party to send the close_notify -alert, \fISSL_shutdown()\fR will only send the alert and then set the +alert, \fBSSL_shutdown()\fR will only send the alert and then set the \&\s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will be kept in the cache). -If successful, \fISSL_shutdown()\fR will return 0. +If successful, \fBSSL_shutdown()\fR will return 0. .PP If a unidirectional shutdown is enough (the underlying connection shall be -closed anyway), this first successful call to \fISSL_shutdown()\fR is sufficient. +closed anyway), this first successful call to \fBSSL_shutdown()\fR is sufficient. .PP In order to complete the bidirectional shutdown handshake, the peer needs to send back a close_notify alert. @@ -198,48 +206,48 @@ it. The peer is still allowed to send data after receiving the close_notify event. When it is done sending data, it will send the close_notify alert. -\&\fISSL_read()\fR should be called until all data is received. -\&\fISSL_read()\fR will indicate the end of the peer data by returning <= 0 -and \fISSL_get_error()\fR returning \s-1SSL_ERROR_ZERO_RETURN.\s0 +\&\fBSSL_read()\fR should be called until all data is received. +\&\fBSSL_read()\fR will indicate the end of the peer data by returning <= 0 +and \fBSSL_get_error()\fR returning \s-1SSL_ERROR_ZERO_RETURN.\s0 .SS "Peer closes the connection" .IX Subsection "Peer closes the connection" If the peer already sent the close_notify alert \fBand\fR it was already processed implicitly inside another function -(\fISSL_read\fR\|(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. -\&\fISSL_read()\fR will return <= 0 in that case, and \fISSL_get_error()\fR will return +(\fBSSL_read\fR\|(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. +\&\fBSSL_read()\fR will return <= 0 in that case, and \fBSSL_get_error()\fR will return \&\s-1SSL_ERROR_ZERO_RETURN.\s0 -\&\fISSL_shutdown()\fR will send the close_notify alert, set the \s-1SSL_SENT_SHUTDOWN\s0 +\&\fBSSL_shutdown()\fR will send the close_notify alert, set the \s-1SSL_SENT_SHUTDOWN\s0 flag. -If successful, \fISSL_shutdown()\fR will return 1. +If successful, \fBSSL_shutdown()\fR will return 1. .PP Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the -\&\fISSL_get_shutdown()\fR (see also \fISSL_set_shutdown\fR\|(3) call. +\&\fBSSL_get_shutdown()\fR (see also \fBSSL_set_shutdown\fR\|(3) call. .SH "NOTES" .IX Header "NOTES" -The behaviour of \fISSL_shutdown()\fR additionally depends on the underlying \s-1BIO.\s0 -If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_shutdown()\fR will only return once the +The behaviour of \fBSSL_shutdown()\fR additionally depends on the underlying \s-1BIO.\s0 +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_shutdown()\fR will only return once the handshake step has been finished or an error occurred. .PP -If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_shutdown()\fR will also return -when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_shutdown()\fR -to continue the handshake. In this case a call to \fISSL_get_error()\fR with the -return value of \fISSL_shutdown()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fBSSL_shutdown()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_shutdown()\fR +to continue the handshake. In this case a call to \fBSSL_get_error()\fR with the +return value of \fBSSL_shutdown()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after -taking appropriate action to satisfy the needs of \fISSL_shutdown()\fR. +taking appropriate action to satisfy the needs of \fBSSL_shutdown()\fR. The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, -nothing is to be done, but \fIselect()\fR can be used to check for the required +nothing is to be done, but \fBselect()\fR can be used to check for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. .PP -After \fISSL_shutdown()\fR returned 0, it is possible to call \fISSL_shutdown()\fR again +After \fBSSL_shutdown()\fR returned 0, it is possible to call \fBSSL_shutdown()\fR again to wait for the peer's close_notify alert. -\&\fISSL_shutdown()\fR will return 1 in that case. -However, it is recommended to wait for it using \fISSL_read()\fR instead. +\&\fBSSL_shutdown()\fR will return 1 in that case. +However, it is recommended to wait for it using \fBSSL_read()\fR instead. .PP -\&\fISSL_shutdown()\fR can be modified to only set the connection to \*(L"shutdown\*(R" +\&\fBSSL_shutdown()\fR can be modified to only set the connection to \*(L"shutdown\*(R" state but not actually send the close_notify alert messages, -see \fISSL_CTX_set_quiet_shutdown\fR\|(3). -When \*(L"quiet shutdown\*(R" is enabled, \fISSL_shutdown()\fR will always succeed +see \fBSSL_CTX_set_quiet_shutdown\fR\|(3). +When \*(L"quiet shutdown\*(R" is enabled, \fBSSL_shutdown()\fR will always succeed and return 1. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -247,8 +255,8 @@ The following return values can occur: .IP "0" 4 The shutdown is not yet finished: the close_notify was sent but the peer did not send it back yet. -Call \fISSL_read()\fR to do a bidirectional shutdown. -The output of \fISSL_get_error\fR\|(3) may be misleading, as an +Call \fBSSL_read()\fR to do a bidirectional shutdown. +The output of \fBSSL_get_error\fR\|(3) may be misleading, as an erroneous \s-1SSL_ERROR_SYSCALL\s0 may be flagged even though no error occurred. .IP "1" 4 .IX Item "1" @@ -257,18 +265,18 @@ and the peer's close_notify alert was received. .IP "<0" 4 .IX Item "<0" The shutdown was not successful. -Call \fISSL_get_error\fR\|(3) with the return value \fBret\fR to find out the reason. +Call \fBSSL_get_error\fR\|(3) with the return value \fBret\fR to find out the reason. It can occur if an action is needed to continue the operation for non-blocking BIOs. .Sp -It can also occur when not all data was read using \fISSL_read()\fR. +It can also occur when not all data was read using \fBSSL_read()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_get_error\fR\|(3), \fISSL_connect\fR\|(3), -\&\fISSL_accept\fR\|(3), \fISSL_set_shutdown\fR\|(3), -\&\fISSL_CTX_set_quiet_shutdown\fR\|(3), -\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3), -\&\fIssl\fR\|(7), \fIbio\fR\|(7) +\&\fBSSL_get_error\fR\|(3), \fBSSL_connect\fR\|(3), +\&\fBSSL_accept\fR\|(3), \fBSSL_set_shutdown\fR\|(3), +\&\fBSSL_CTX_set_quiet_shutdown\fR\|(3), +\&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3), +\&\fBssl\fR\|(7), \fBbio\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_state_string.3 b/secure/lib/libcrypto/man/SSL_state_string.3 index 4381287e781b..741bf0279df3 100644 --- a/secure/lib/libcrypto/man/SSL_state_string.3 +++ b/secure/lib/libcrypto/man/SSL_state_string.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_STATE_STRING 3" -.TH SSL_STATE_STRING 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_STATE_STRING 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,10 +150,10 @@ SSL_state_string, SSL_state_string_long \- get textual description of state of a .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_state_string()\fR returns a 6 letter string indicating the current state +\&\fBSSL_state_string()\fR returns a 6 letter string indicating the current state of the \s-1SSL\s0 object \fBssl\fR. .PP -\&\fISSL_state_string_long()\fR returns a string indicating the current state of +\&\fBSSL_state_string_long()\fR returns a string indicating the current state of the \s-1SSL\s0 object \fBssl\fR. .SH "NOTES" .IX Header "NOTES" @@ -164,13 +168,13 @@ so that SSL_state_string[_long]() may be called. .PP For both blocking or non-blocking sockets, the details state information can be used within the info_callback function set with the -\&\fISSL_set_info_callback()\fR call. +\&\fBSSL_set_info_callback()\fR call. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Detailed description of possible states to be included later. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_CTX_set_info_callback\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_CTX_set_info_callback\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_want.3 b/secure/lib/libcrypto/man/SSL_want.3 index 5a2e2ad29eaa..2ad45536bf2d 100644 --- a/secure/lib/libcrypto/man/SSL_want.3 +++ b/secure/lib/libcrypto/man/SSL_want.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_WANT 3" -.TH SSL_WANT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_WANT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -152,25 +156,25 @@ SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup, .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_want()\fR returns state information for the \s-1SSL\s0 object \fBssl\fR. +\&\fBSSL_want()\fR returns state information for the \s-1SSL\s0 object \fBssl\fR. .PP The other SSL_want_*() calls are shortcuts for the possible states returned -by \fISSL_want()\fR. +by \fBSSL_want()\fR. .SH "NOTES" .IX Header "NOTES" -\&\fISSL_want()\fR examines the internal state information of the \s-1SSL\s0 object. Its -return values are similar to that of \fISSL_get_error\fR\|(3). -Unlike \fISSL_get_error\fR\|(3), which also evaluates the +\&\fBSSL_want()\fR examines the internal state information of the \s-1SSL\s0 object. Its +return values are similar to that of \fBSSL_get_error\fR\|(3). +Unlike \fBSSL_get_error\fR\|(3), which also evaluates the error queue, the results are obtained by examining an internal state flag only. The information must therefore only be used for normal operation under non-blocking I/O. Error conditions are not handled and must be treated -using \fISSL_get_error\fR\|(3). +using \fBSSL_get_error\fR\|(3). .PP -The result returned by \fISSL_want()\fR should always be consistent with -the result of \fISSL_get_error\fR\|(3). +The result returned by \fBSSL_want()\fR should always be consistent with +the result of \fBSSL_get_error\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The following return values can currently occur for \fISSL_want()\fR: +The following return values can currently occur for \fBSSL_want()\fR: .IP "\s-1SSL_NOTHING\s0" 4 .IX Item "SSL_NOTHING" There is no data to be written or to be read. @@ -178,46 +182,47 @@ There is no data to be written or to be read. .IX Item "SSL_WRITING" There are data in the \s-1SSL\s0 buffer that must be written to the underlying \&\fB\s-1BIO\s0\fR layer in order to complete the actual SSL_*() operation. -A call to \fISSL_get_error\fR\|(3) should return +A call to \fBSSL_get_error\fR\|(3) should return \&\s-1SSL_ERROR_WANT_WRITE.\s0 .IP "\s-1SSL_READING\s0" 4 .IX Item "SSL_READING" More data must be read from the underlying \fB\s-1BIO\s0\fR layer in order to complete the actual SSL_*() operation. -A call to \fISSL_get_error\fR\|(3) should return +A call to \fBSSL_get_error\fR\|(3) should return \&\s-1SSL_ERROR_WANT_READ.\s0 .IP "\s-1SSL_X509_LOOKUP\s0" 4 .IX Item "SSL_X509_LOOKUP" The operation did not complete because an application callback set by -\&\fISSL_CTX_set_client_cert_cb()\fR has asked to be called again. -A call to \fISSL_get_error\fR\|(3) should return +\&\fBSSL_CTX_set_client_cert_cb()\fR has asked to be called again. +A call to \fBSSL_get_error\fR\|(3) should return \&\s-1SSL_ERROR_WANT_X509_LOOKUP.\s0 .IP "\s-1SSL_ASYNC_PAUSED\s0" 4 .IX Item "SSL_ASYNC_PAUSED" An asynchronous operation partially completed and was then paused. See -\&\fISSL_get_all_async_fds\fR\|(3). A call to \fISSL_get_error\fR\|(3) should return +\&\fBSSL_get_all_async_fds\fR\|(3). A call to \fBSSL_get_error\fR\|(3) should return \&\s-1SSL_ERROR_WANT_ASYNC.\s0 .IP "\s-1SSL_ASYNC_NO_JOBS\s0" 4 .IX Item "SSL_ASYNC_NO_JOBS" The asynchronous job could not be started because there were no async jobs -available in the pool (see \fIASYNC_init_thread\fR\|(3)). A call to \fISSL_get_error\fR\|(3) +available in the pool (see \fBASYNC_init_thread\fR\|(3)). A call to \fBSSL_get_error\fR\|(3) should return \s-1SSL_ERROR_WANT_ASYNC_JOB.\s0 .IP "\s-1SSL_CLIENT_HELLO_CB\s0" 4 .IX Item "SSL_CLIENT_HELLO_CB" The operation did not complete because an application callback set by -\&\fISSL_CTX_set_client_hello_cb()\fR has asked to be called again. -A call to \fISSL_get_error\fR\|(3) should return +\&\fBSSL_CTX_set_client_hello_cb()\fR has asked to be called again. +A call to \fBSSL_get_error\fR\|(3) should return \&\s-1SSL_ERROR_WANT_CLIENT_HELLO_CB.\s0 .PP -\&\fISSL_want_nothing()\fR, \fISSL_want_read()\fR, \fISSL_want_write()\fR, \fISSL_want_x509_lookup()\fR, -\&\fISSL_want_async()\fR, \fISSL_want_async_job()\fR, and \fISSL_want_client_hello_cb()\fR return +\&\fBSSL_want_nothing()\fR, \fBSSL_want_read()\fR, \fBSSL_want_write()\fR, \fBSSL_want_x509_lookup()\fR, +\&\fBSSL_want_async()\fR, \fBSSL_want_async_job()\fR, and \fBSSL_want_client_hello_cb()\fR return 1, when the corresponding condition is true or 0 otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_get_error\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_get_error\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fISSL_want_client_hello_cb()\fR and \s-1SSL_CLIENT_HELLO_CB\s0 were added in OpenSSL 1.1.1. +The \fBSSL_want_client_hello_cb()\fR function and the \s-1SSL_CLIENT_HELLO_CB\s0 return value +were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/SSL_write.3 b/secure/lib/libcrypto/man/SSL_write.3 index 95123e41c5ac..c68793c7bcd5 100644 --- a/secure/lib/libcrypto/man/SSL_write.3 +++ b/secure/lib/libcrypto/man/SSL_write.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_WRITE 3" -.TH SSL_WRITE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_WRITE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,23 +150,23 @@ SSL_write_ex, SSL_write \- write bytes to a TLS/SSL connection .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_write_ex()\fR and \fISSL_write()\fR write \fBnum\fR bytes from the buffer \fBbuf\fR into -the specified \fBssl\fR connection. On success \fISSL_write_ex()\fR will store the number +\&\fBSSL_write_ex()\fR and \fBSSL_write()\fR write \fBnum\fR bytes from the buffer \fBbuf\fR into +the specified \fBssl\fR connection. On success \fBSSL_write_ex()\fR will store the number of bytes written in \fB*written\fR. .SH "NOTES" .IX Header "NOTES" In the paragraphs below a \*(L"write function\*(R" is defined as one of either -\&\fISSL_write_ex()\fR, or \fISSL_write()\fR. +\&\fBSSL_write_ex()\fR, or \fBSSL_write()\fR. .PP If necessary, a write function will negotiate a \s-1TLS/SSL\s0 session, if not already -explicitly performed by \fISSL_connect\fR\|(3) or \fISSL_accept\fR\|(3). If the peer +explicitly performed by \fBSSL_connect\fR\|(3) or \fBSSL_accept\fR\|(3). If the peer requests a re-negotiation, it will be performed transparently during the write function operation. The behaviour of the write functions depends on the underlying \s-1BIO.\s0 .PP For the transparent negotiation to succeed, the \fBssl\fR must have been initialized to client or server mode. This is being done by calling -\&\fISSL_set_connect_state\fR\|(3) or \fISSL_set_accept_state()\fR +\&\fBSSL_set_connect_state\fR\|(3) or \fBSSL_set_accept_state()\fR before the first call to a write function. .PP If the underlying \s-1BIO\s0 is \fBblocking\fR, the write functions will only return, once @@ -170,19 +174,19 @@ the write operation has been finished or an error occurred. .PP If the underlying \s-1BIO\s0 is \fBnon-blocking\fR the write functions will also return when the underlying \s-1BIO\s0 could not satisfy the needs of the function to continue -the operation. In this case a call to \fISSL_get_error\fR\|(3) with the +the operation. In this case a call to \fBSSL_get_error\fR\|(3) with the return value of the write function will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. As at any time a re-negotiation is possible, a call to a write function can also cause read operations! The calling process then must repeat the call after taking appropriate action to satisfy the needs of the write function. The action depends on the underlying \s-1BIO.\s0 When using a -non-blocking socket, nothing is to be done, but \fIselect()\fR can be used to check +non-blocking socket, nothing is to be done, but \fBselect()\fR can be used to check for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. .PP The write functions will only return with success when the complete contents of \&\fBbuf\fR of length \fBnum\fR has been written. This default behaviour can be changed -with the \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 option of \fISSL_CTX_set_mode\fR\|(3). When +with the \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 option of \fBSSL_CTX_set_mode\fR\|(3). When this flag is set the write functions will also return with success when a partial write has been successfully completed. In this case the write function operation is considered completed. The bytes are sent and a new write call with @@ -190,19 +194,19 @@ a new buffer (with the already sent bytes removed) must be started. A partial write is performed with the size of a message block, which is 16kB. .SH "WARNING" .IX Header "WARNING" -When a write function call has to be repeated because \fISSL_get_error\fR\|(3) +When a write function call has to be repeated because \fBSSL_get_error\fR\|(3) returned \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR, it must be repeated with the same arguments. The data that was passed might have been partially processed. -When \fB\s-1SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\s0\fR was set using \fISSL_CTX_set_mode\fR\|(3) +When \fB\s-1SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\s0\fR was set using \fBSSL_CTX_set_mode\fR\|(3) the pointer can be different, but the data and length should still be the same. .PP -You should not call \fISSL_write()\fR with num=0, it will return an error. -\&\fISSL_write_ex()\fR can be called with num=0, but will not send application data to +You should not call \fBSSL_write()\fR with num=0, it will return an error. +\&\fBSSL_write_ex()\fR can be called with num=0, but will not send application data to the peer. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_write_ex()\fR will return 1 for success or 0 for failure. Success means that +\&\fBSSL_write_ex()\fR will return 1 for success or 0 for failure. Success means that all requested application data bytes have been written to the \s-1SSL\s0 connection or, if \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 is in use, at least 1 application data byte has been written to the \s-1SSL\s0 connection. Failure means that not all the requested @@ -210,10 +214,10 @@ bytes have been written yet (if \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 is not in u no bytes could be written to the \s-1SSL\s0 connection (if \&\s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 is in use). Failures can be retryable (e.g. the network write buffer has temporarily filled up) or non-retryable (e.g. a fatal -network error). In the event of a failure call \fISSL_get_error\fR\|(3) to find out +network error). In the event of a failure call \fBSSL_get_error\fR\|(3) to find out the reason which indicates whether the call is retryable or not. .PP -For \fISSL_write()\fR the following return values can occur: +For \fBSSL_write()\fR the following return values can occur: .IP "> 0" 4 .IX Item "> 0" The write operation was successful, the return value is the number of @@ -222,21 +226,21 @@ bytes actually written to the \s-1TLS/SSL\s0 connection. .IX Item "<= 0" The write operation was not successful, because either the connection was closed, an error occurred or action must be taken by the calling process. -Call \fISSL_get_error()\fR with the return value \fBret\fR to find out the reason. +Call \fBSSL_get_error()\fR with the return value \fBret\fR to find out the reason. .Sp Old documentation indicated a difference between 0 and \-1, and that \-1 was retryable. -You should instead call \fISSL_get_error()\fR to find out if it's retryable. +You should instead call \fBSSL_get_error()\fR to find out if it's retryable. .SH "HISTORY" .IX Header "HISTORY" -\&\fISSL_write_ex()\fR was added in OpenSSL 1.1.1. +The \fBSSL_write_ex()\fR function was added in OpenSSL 1.1.1. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_get_error\fR\|(3), \fISSL_read_ex\fR\|(3), \fISSL_read\fR\|(3) -\&\fISSL_CTX_set_mode\fR\|(3), \fISSL_CTX_new\fR\|(3), -\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3) -\&\fISSL_set_connect_state\fR\|(3), -\&\fIssl\fR\|(7), \fIbio\fR\|(7) +\&\fBSSL_get_error\fR\|(3), \fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3) +\&\fBSSL_CTX_set_mode\fR\|(3), \fBSSL_CTX_new\fR\|(3), +\&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3) +\&\fBSSL_set_connect_state\fR\|(3), +\&\fBssl\fR\|(7), \fBbio\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/UI_STRING.3 b/secure/lib/libcrypto/man/UI_STRING.3 index cd82ae8c7099..35564dbd626b 100644 --- a/secure/lib/libcrypto/man/UI_STRING.3 +++ b/secure/lib/libcrypto/man/UI_STRING.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "UI_STRING 3" -.TH UI_STRING 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH UI_STRING 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -167,99 +171,99 @@ UI_STRING, UI_string_types, UI_get_string_type, UI_get_input_flags, UI_get0_outp .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fB\s-1UI_STRING\s0\fR gets created internally and added to a \fB\s-1UI\s0\fR whenever -one of the functions \fIUI_add_input_string()\fR, \fIUI_dup_input_string()\fR, -\&\fIUI_add_verify_string()\fR, \fIUI_dup_verify_string()\fR, -\&\fIUI_add_input_boolean()\fR, \fIUI_dup_input_boolean()\fR, \fIUI_add_info_string()\fR, -\&\fIUI_dup_info_string()\fR, \fIUI_add_error_string()\fR or \fIUI_dup_error_string()\fR +one of the functions \fBUI_add_input_string()\fR, \fBUI_dup_input_string()\fR, +\&\fBUI_add_verify_string()\fR, \fBUI_dup_verify_string()\fR, +\&\fBUI_add_input_boolean()\fR, \fBUI_dup_input_boolean()\fR, \fBUI_add_info_string()\fR, +\&\fBUI_dup_info_string()\fR, \fBUI_add_error_string()\fR or \fBUI_dup_error_string()\fR is called. For a \fB\s-1UI_METHOD\s0\fR user, there's no need to know more. For a \fB\s-1UI_METHOD\s0\fR creator, it is of interest to fetch text from these \&\fB\s-1UI_STRING\s0\fR objects as well as adding results to some of them. .PP -\&\fIUI_get_string_type()\fR is used to retrieve the type of the given +\&\fBUI_get_string_type()\fR is used to retrieve the type of the given \&\fB\s-1UI_STRING\s0\fR. .PP -\&\fIUI_get_input_flags()\fR is used to retrieve the flags associated with the +\&\fBUI_get_input_flags()\fR is used to retrieve the flags associated with the given \fB\s-1UI_STRING\s0\fR. .PP -\&\fIUI_get0_output_string()\fR is used to retrieve the actual string to +\&\fBUI_get0_output_string()\fR is used to retrieve the actual string to output (prompt, info, error, ...). .PP -\&\fIUI_get0_action_string()\fR is used to retrieve the action description +\&\fBUI_get0_action_string()\fR is used to retrieve the action description associated with a \fB\s-1UIT_BOOLEAN\s0\fR type \fB\s-1UI_STRING\s0\fR. For all other \fB\s-1UI_STRING\s0\fR types, \s-1NULL\s0 is returned. -See \fIUI_add_input_boolean\fR\|(3). +See \fBUI_add_input_boolean\fR\|(3). .PP -\&\fIUI_get0_result_string()\fR and \fIUI_get_result_string_length()\fR are used to +\&\fBUI_get0_result_string()\fR and \fBUI_get_result_string_length()\fR are used to retrieve the result of a prompt and its length. This is only useful for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings. -For all other \fB\s-1UI_STRING\s0\fR types, \fIUI_get0_result_string()\fR returns \s-1NULL\s0 -and \fIUI_get_result_string_length()\fR returns \-1. +For all other \fB\s-1UI_STRING\s0\fR types, \fBUI_get0_result_string()\fR returns \s-1NULL\s0 +and \fBUI_get_result_string_length()\fR returns \-1. .PP -\&\fIUI_get0_test_string()\fR is used to retrieve the string to compare the +\&\fBUI_get0_test_string()\fR is used to retrieve the string to compare the prompt result with. This is only useful for \fB\s-1UIT_VERIFY\s0\fR type strings. For all other \fB\s-1UI_STRING\s0\fR types, \s-1NULL\s0 is returned. .PP -\&\fIUI_get_result_minsize()\fR and \fIUI_get_result_maxsize()\fR are used to +\&\fBUI_get_result_minsize()\fR and \fBUI_get_result_maxsize()\fR are used to retrieve the minimum and maximum required size of the result. This is only useful for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings. For all other \fB\s-1UI_STRING\s0\fR types, \-1 is returned. .PP -\&\fIUI_set_result_ex()\fR is used to set the result value of a prompt and its length. +\&\fBUI_set_result_ex()\fR is used to set the result value of a prompt and its length. For \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, this sets the -result retrievable with \fIUI_get0_result_string()\fR by copying the +result retrievable with \fBUI_get0_result_string()\fR by copying the contents of \fBresult\fR if its length fits the minimum and maximum size requirements. For \fB\s-1UIT_BOOLEAN\s0\fR type \s-1UI\s0 strings, this sets the first character of -the result retrievable with \fIUI_get0_result_string()\fR to the first -\&\fBok_char\fR given with \fIUI_add_input_boolean()\fR or \fIUI_dup_input_boolean()\fR +the result retrievable with \fBUI_get0_result_string()\fR to the first +\&\fBok_char\fR given with \fBUI_add_input_boolean()\fR or \fBUI_dup_input_boolean()\fR if the \fBresult\fR matched any of them, or the first of the \&\fBcancel_chars\fR if the \fBresult\fR matched any of them, otherwise it's set to the \s-1NUL\s0 char \f(CW\*(C`\e0\*(C'\fR. -See \fIUI_add_input_boolean\fR\|(3) for more information on \fBok_chars\fR and +See \fBUI_add_input_boolean\fR\|(3) for more information on \fBok_chars\fR and \&\fBcancel_chars\fR. .PP -\&\fIUI_set_result()\fR does the same thing as \fIUI_set_result_ex()\fR, but calculates +\&\fBUI_set_result()\fR does the same thing as \fBUI_set_result_ex()\fR, but calculates its length internally. It expects the string to be terminated with a \s-1NUL\s0 byte, and is therefore only useful with normal C strings. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIUI_get_string_type()\fR returns the \s-1UI\s0 string type. +\&\fBUI_get_string_type()\fR returns the \s-1UI\s0 string type. .PP -\&\fIUI_get_input_flags()\fR returns the \s-1UI\s0 string flags. +\&\fBUI_get_input_flags()\fR returns the \s-1UI\s0 string flags. .PP -\&\fIUI_get0_output_string()\fR returns the \s-1UI\s0 string output string. +\&\fBUI_get0_output_string()\fR returns the \s-1UI\s0 string output string. .PP -\&\fIUI_get0_action_string()\fR returns the \s-1UI\s0 string action description +\&\fBUI_get0_action_string()\fR returns the \s-1UI\s0 string action description string for \fB\s-1UIT_BOOLEAN\s0\fR type \s-1UI\s0 strings, \s-1NULL\s0 for any other type. .PP -\&\fIUI_get0_result_string()\fR returns the \s-1UI\s0 string result buffer for +\&\fBUI_get0_result_string()\fR returns the \s-1UI\s0 string result buffer for \&\fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, \s-1NULL\s0 for any other type. .PP -\&\fIUI_get_result_string_length()\fR returns the \s-1UI\s0 string result buffer's +\&\fBUI_get_result_string_length()\fR returns the \s-1UI\s0 string result buffer's content length for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, \&\-1 for any other type. .PP -\&\fIUI_get0_test_string()\fR returns the \s-1UI\s0 string action description +\&\fBUI_get0_test_string()\fR returns the \s-1UI\s0 string action description string for \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, \s-1NULL\s0 for any other type. .PP -\&\fIUI_get_result_minsize()\fR returns the minimum allowed result size for +\&\fBUI_get_result_minsize()\fR returns the minimum allowed result size for the \s-1UI\s0 string for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings, \&\-1 for any other type. .PP -\&\fIUI_get_result_maxsize()\fR returns the minimum allowed result size for +\&\fBUI_get_result_maxsize()\fR returns the minimum allowed result size for the \s-1UI\s0 string for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings, \&\-1 for any other type. .PP -\&\fIUI_set_result()\fR returns 0 on success or when the \s-1UI\s0 string is of any +\&\fBUI_set_result()\fR returns 0 on success or when the \s-1UI\s0 string is of any type other than \fB\s-1UIT_PROMPT\s0\fR, \fB\s-1UIT_VERIFY\s0\fR or \fB\s-1UIT_BOOLEAN\s0\fR, \-1 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fIUI\s0\fR\|(3) +\&\s-1\fBUI\s0\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/UI_UTIL_read_pw.3 b/secure/lib/libcrypto/man/UI_UTIL_read_pw.3 index cb29dea294c8..c53a04969224 100644 --- a/secure/lib/libcrypto/man/UI_UTIL_read_pw.3 +++ b/secure/lib/libcrypto/man/UI_UTIL_read_pw.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "UI_UTIL_READ_PW 3" -.TH UI_UTIL_READ_PW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH UI_UTIL_READ_PW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,45 +153,45 @@ UI_UTIL_read_pw_string, UI_UTIL_read_pw, UI_UTIL_wrap_read_pem_callback \- user .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIUI_UTIL_read_pw_string()\fR asks for a passphrase, using \fBprompt\fR as a +\&\fBUI_UTIL_read_pw_string()\fR asks for a passphrase, using \fBprompt\fR as a prompt, and stores it in \fBbuf\fR. The maximum allowed size is given with \fBlength\fR, including the terminating \s-1NUL\s0 byte. If \fBverify\fR is non-zero, the password will be verified as well. .PP -\&\fIUI_UTIL_read_pw()\fR does the same as \fIUI_UTIL_read_pw_string()\fR, the +\&\fBUI_UTIL_read_pw()\fR does the same as \fBUI_UTIL_read_pw_string()\fR, the difference is that you can give it an external buffer \fBbuff\fR for the verification passphrase. .PP -\&\fIUI_UTIL_wrap_read_pem_callback()\fR can be used to create a temporary +\&\fBUI_UTIL_wrap_read_pem_callback()\fR can be used to create a temporary \&\fB\s-1UI_METHOD\s0\fR that wraps a given \s-1PEM\s0 password callback \fBcb\fR. \&\fBrwflag\fR is used to specify if this method will be used for passphrase entry without (0) or with (1) verification. When not used any more, the returned method should be freed with -\&\fIUI_destroy_method()\fR. +\&\fBUI_destroy_method()\fR. .SH "NOTES" .IX Header "NOTES" -\&\fIUI_UTIL_read_pw_string()\fR and \fIUI_UTIL_read_pw()\fR use default +\&\fBUI_UTIL_read_pw_string()\fR and \fBUI_UTIL_read_pw()\fR use default \&\fB\s-1UI_METHOD\s0\fR. -See \fIUI_get_default_method\fR\|(3) and friends for more information. +See \fBUI_get_default_method\fR\|(3) and friends for more information. .PP The result from the \fB\s-1UI_METHOD\s0\fR created by -\&\fIUI_UTIL_wrap_read_pem_callback()\fR will generate password strings in the +\&\fBUI_UTIL_wrap_read_pem_callback()\fR will generate password strings in the encoding that the given password callback generates. The default password prompting functions (apart from -\&\fIUI_UTIL_read_pw_string()\fR and \fIUI_UTIL_read_pw()\fR, there is -\&\fIPEM_def_callback()\fR, \fIEVP_read_pw_string()\fR and \fIEVP_read_pw_string_min()\fR) +\&\fBUI_UTIL_read_pw_string()\fR and \fBUI_UTIL_read_pw()\fR, there is +\&\fBPEM_def_callback()\fR, \fBEVP_read_pw_string()\fR and \fBEVP_read_pw_string_min()\fR) all use the default \fB\s-1UI_METHOD\s0\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIUI_UTIL_read_pw_string()\fR and \fIUI_UTIL_read_pw()\fR return 0 on success or a negative +\&\fBUI_UTIL_read_pw_string()\fR and \fBUI_UTIL_read_pw()\fR return 0 on success or a negative value on error. .PP -\&\fIUI_UTIL_wrap_read_pem_callback()\fR returns a valid \fB\s-1UI_METHOD\s0\fR structure or \s-1NULL\s0 +\&\fBUI_UTIL_wrap_read_pem_callback()\fR returns a valid \fB\s-1UI_METHOD\s0\fR structure or \s-1NULL\s0 if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIUI_get_default_method\fR\|(3) +\&\fBUI_get_default_method\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/UI_create_method.3 b/secure/lib/libcrypto/man/UI_create_method.3 index 00214960f1c9..0851488d9a1e 100644 --- a/secure/lib/libcrypto/man/UI_create_method.3 +++ b/secure/lib/libcrypto/man/UI_create_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "UI_CREATE_METHOD 3" -.TH UI_CREATE_METHOD 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH UI_CREATE_METHOD 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -221,14 +225,14 @@ This depends on the needs of the method. For example, a typical tty reader wouldn't write the prompts in the write, but would rather do so in the reader, because of the sequential nature of prompting on a tty. -This is how the \fIUI_OpenSSL()\fR method does it. +This is how the \fBUI_OpenSSL()\fR method does it. .PP In contrast, a method that builds up a dialog box would add all prompt text in the writer, have all input read in the flusher and store the results in some temporary buffer, and finally have the reader just fetch those results. .PP -The central function that uses these method functions is \fIUI_process()\fR, +The central function that uses these method functions is \fBUI_process()\fR, and it does it in five steps: .IP "1." 4 Open the session using the opener function if that one's defined. @@ -247,65 +251,64 @@ If an error occurs, jump to 5. .IP "5." 4 Close the session using the closer function if that one's defined. .PP -\&\fIUI_create_method()\fR creates a new \s-1UI\s0 method with a given \fBname\fR. +\&\fBUI_create_method()\fR creates a new \s-1UI\s0 method with a given \fBname\fR. .PP -\&\fIUI_destroy_method()\fR destroys the given \s-1UI\s0 method \fBui_method\fR. +\&\fBUI_destroy_method()\fR destroys the given \s-1UI\s0 method \fBui_method\fR. .PP -\&\fIUI_method_set_opener()\fR, \fIUI_method_set_writer()\fR, -\&\fIUI_method_set_flusher()\fR, \fIUI_method_set_reader()\fR and -\&\fIUI_method_set_closer()\fR set the five main method function to the given +\&\fBUI_method_set_opener()\fR, \fBUI_method_set_writer()\fR, +\&\fBUI_method_set_flusher()\fR, \fBUI_method_set_reader()\fR and +\&\fBUI_method_set_closer()\fR set the five main method function to the given function pointer. .PP -\&\fIUI_method_set_data_duplicator()\fR sets the user data duplicator and destructor. -See \fIUI_dup_user_data\fR\|(3). +\&\fBUI_method_set_data_duplicator()\fR sets the user data duplicator and destructor. +See \fBUI_dup_user_data\fR\|(3). .PP -\&\fIUI_method_set_prompt_constructor()\fR sets the prompt constructor. -See \fIUI_construct_prompt\fR\|(3). +\&\fBUI_method_set_prompt_constructor()\fR sets the prompt constructor. +See \fBUI_construct_prompt\fR\|(3). .PP -\&\fIUI_method_set_ex_data()\fR sets application specific data with a given +\&\fBUI_method_set_ex_data()\fR sets application specific data with a given \&\s-1EX_DATA\s0 index. -See \fICRYPTO_get_ex_new_index\fR\|(3) for general information on how to +See \fBCRYPTO_get_ex_new_index\fR\|(3) for general information on how to get that index. .PP -\&\fIUI_method_get_opener()\fR, \fIUI_method_get_writer()\fR, -\&\fIUI_method_get_flusher()\fR, \fIUI_method_get_reader()\fR, -\&\fIUI_method_get_closer()\fR, \fIUI_method_get_data_duplicator()\fR, -\&\fIUI_method_get_data_destructor()\fR and \fIUI_method_get_prompt_constructor()\fR +\&\fBUI_method_get_opener()\fR, \fBUI_method_get_writer()\fR, +\&\fBUI_method_get_flusher()\fR, \fBUI_method_get_reader()\fR, +\&\fBUI_method_get_closer()\fR, \fBUI_method_get_data_duplicator()\fR, +\&\fBUI_method_get_data_destructor()\fR and \fBUI_method_get_prompt_constructor()\fR return the different method functions. .PP -\&\fIUI_method_get_ex_data()\fR returns the application data previously stored -with \fIUI_method_set_ex_data()\fR. +\&\fBUI_method_get_ex_data()\fR returns the application data previously stored +with \fBUI_method_set_ex_data()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIUI_create_method()\fR returns a \s-1UI_METHOD\s0 pointer on success, \s-1NULL\s0 on +\&\fBUI_create_method()\fR returns a \s-1UI_METHOD\s0 pointer on success, \s-1NULL\s0 on error. .PP -\&\fIUI_method_set_opener()\fR, \fIUI_method_set_writer()\fR, -\&\fIUI_method_set_flusher()\fR, \fIUI_method_set_reader()\fR, -\&\fIUI_method_set_closer()\fR, \fIUI_method_set_data_duplicator()\fR and -\&\fIUI_method_set_prompt_constructor()\fR +\&\fBUI_method_set_opener()\fR, \fBUI_method_set_writer()\fR, +\&\fBUI_method_set_flusher()\fR, \fBUI_method_set_reader()\fR, +\&\fBUI_method_set_closer()\fR, \fBUI_method_set_data_duplicator()\fR and +\&\fBUI_method_set_prompt_constructor()\fR return 0 on success, \-1 if the given \fBmethod\fR is \s-1NULL.\s0 .PP -\&\fIUI_method_set_ex_data()\fR returns 1 on success and 0 on error (because -\&\fICRYPTO_set_ex_data()\fR does so). +\&\fBUI_method_set_ex_data()\fR returns 1 on success and 0 on error (because +\&\fBCRYPTO_set_ex_data()\fR does so). .PP -\&\fIUI_method_get_opener()\fR, \fIUI_method_get_writer()\fR, -\&\fIUI_method_get_flusher()\fR, \fIUI_method_get_reader()\fR, -\&\fIUI_method_get_closer()\fR, \fIUI_method_get_data_duplicator()\fR, -\&\fIUI_method_get_data_destructor()\fR and \fIUI_method_get_prompt_constructor()\fR +\&\fBUI_method_get_opener()\fR, \fBUI_method_get_writer()\fR, +\&\fBUI_method_get_flusher()\fR, \fBUI_method_get_reader()\fR, +\&\fBUI_method_get_closer()\fR, \fBUI_method_get_data_duplicator()\fR, +\&\fBUI_method_get_data_destructor()\fR and \fBUI_method_get_prompt_constructor()\fR return the requested function pointer if it's set in the method, otherwise \s-1NULL.\s0 .PP -\&\fIUI_method_get_ex_data()\fR returns a pointer to the application specific +\&\fBUI_method_get_ex_data()\fR returns a pointer to the application specific data associated with the method. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fIUI\s0\fR\|(3), \fICRYPTO_get_ex_data\fR\|(3), \s-1\fIUI_STRING\s0\fR\|(3) +\&\s-1\fBUI\s0\fR\|(3), \fBCRYPTO_get_ex_data\fR\|(3), \s-1\fBUI_STRING\s0\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIUI_method_set_data_duplicator()\fR, \fIUI_method_get_data_duplicator()\fR and -\&\fIUI_method_get_data_destructor()\fR -were added in OpenSSL 1.1.1. +The \fBUI_method_set_data_duplicator()\fR, \fBUI_method_get_data_duplicator()\fR +and \fBUI_method_get_data_destructor()\fR functions were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/UI_new.3 b/secure/lib/libcrypto/man/UI_new.3 index e78220d10932..20945445cfe4 100644 --- a/secure/lib/libcrypto/man/UI_new.3 +++ b/secure/lib/libcrypto/man/UI_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "UI_NEW 3" -.TH UI_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH UI_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -194,7 +198,7 @@ UI, UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string, UI .IX Header "DESCRIPTION" \&\s-1UI\s0 stands for User Interface, and is general purpose set of routines to prompt the user for text-based information. Through user-written methods -(see \fIUI_create_method\fR\|(3)), prompting can be done in any way +(see \fBUI_create_method\fR\|(3)), prompting can be done in any way imaginable, be it plain text prompting, through dialog boxes or from a cell phone. .PP @@ -203,77 +207,77 @@ contains all the information needed to prompt correctly as well as a reference to a \s-1UI_METHOD,\s0 which is an ordered vector of functions that carry out the actual prompting. .PP -The first thing to do is to create a \s-1UI\s0 with \fIUI_new()\fR or \fIUI_new_method()\fR, +The first thing to do is to create a \s-1UI\s0 with \fBUI_new()\fR or \fBUI_new_method()\fR, then add information to it with the UI_add or UI_dup functions. Also, user-defined random data can be passed down to the underlying method -through calls to \fIUI_add_user_data()\fR or \fIUI_dup_user_data()\fR. The default +through calls to \fBUI_add_user_data()\fR or \fBUI_dup_user_data()\fR. The default \&\s-1UI\s0 method doesn't care about these data, but other methods might. Finally, -use \fIUI_process()\fR to actually perform the prompting and \fIUI_get0_result()\fR -and \fIUI_get_result_length()\fR to find the result to the prompt and its length. +use \fBUI_process()\fR to actually perform the prompting and \fBUI_get0_result()\fR +and \fBUI_get_result_length()\fR to find the result to the prompt and its length. .PP A \s-1UI\s0 can contain more than one prompt, which are performed in the given sequence. Each prompt gets an index number which is returned by the UI_add and UI_dup functions, and has to be used to get the corresponding -result with \fIUI_get0_result()\fR and \fIUI_get_result_length()\fR. +result with \fBUI_get0_result()\fR and \fBUI_get_result_length()\fR. .PP -\&\fIUI_process()\fR can be called more than once on the same \s-1UI,\s0 thereby allowing +\&\fBUI_process()\fR can be called more than once on the same \s-1UI,\s0 thereby allowing a \s-1UI\s0 to have a long lifetime, but can just as well have a short lifetime. .PP The functions are as follows: .PP -\&\fIUI_new()\fR creates a new \s-1UI\s0 using the default \s-1UI\s0 method. When done with -this \s-1UI,\s0 it should be freed using \fIUI_free()\fR. +\&\fBUI_new()\fR creates a new \s-1UI\s0 using the default \s-1UI\s0 method. When done with +this \s-1UI,\s0 it should be freed using \fBUI_free()\fR. .PP -\&\fIUI_new_method()\fR creates a new \s-1UI\s0 using the given \s-1UI\s0 method. When done with -this \s-1UI,\s0 it should be freed using \fIUI_free()\fR. +\&\fBUI_new_method()\fR creates a new \s-1UI\s0 using the given \s-1UI\s0 method. When done with +this \s-1UI,\s0 it should be freed using \fBUI_free()\fR. .PP -\&\fIUI_OpenSSL()\fR returns the built-in \s-1UI\s0 method (note: not necessarily the +\&\fBUI_OpenSSL()\fR returns the built-in \s-1UI\s0 method (note: not necessarily the default one, since the default can be changed. See further on). This method is the most machine/OS dependent part of OpenSSL and normally generates the most problems when porting. .PP -\&\fIUI_null()\fR returns a \s-1UI\s0 method that does nothing. Its use is to avoid +\&\fBUI_null()\fR returns a \s-1UI\s0 method that does nothing. Its use is to avoid getting internal defaults for passed \s-1UI_METHOD\s0 pointers. .PP -\&\fIUI_free()\fR removes a \s-1UI\s0 from memory, along with all other pieces of memory +\&\fBUI_free()\fR removes a \s-1UI\s0 from memory, along with all other pieces of memory that's connected to it, like duplicated input strings, results and others. If \fBui\fR is \s-1NULL\s0 nothing is done. .PP -\&\fIUI_add_input_string()\fR and \fIUI_add_verify_string()\fR add a prompt to the \s-1UI,\s0 +\&\fBUI_add_input_string()\fR and \fBUI_add_verify_string()\fR add a prompt to the \s-1UI,\s0 as well as flags and a result buffer and the desired minimum and maximum sizes of the result, not counting the final \s-1NUL\s0 character. The given information is used to prompt for information, for example a password, and to verify a password (i.e. having the user enter it twice and check -that the same string was entered twice). \fIUI_add_verify_string()\fR takes +that the same string was entered twice). \fBUI_add_verify_string()\fR takes and extra argument that should be a pointer to the result buffer of the input string that it's supposed to verify, or verification will fail. .PP -\&\fIUI_add_input_boolean()\fR adds a prompt to the \s-1UI\s0 that's supposed to be answered +\&\fBUI_add_input_boolean()\fR adds a prompt to the \s-1UI\s0 that's supposed to be answered in a boolean way, with a single character for yes and a different character for no. A set of characters that can be used to cancel the prompt is given as well. The prompt itself is divided in two, one part being the descriptive text (given through the \fIprompt\fR argument) and one describing the possible answers (given through the \fIaction_desc\fR argument). .PP -\&\fIUI_add_info_string()\fR and \fIUI_add_error_string()\fR add strings that are shown at +\&\fBUI_add_info_string()\fR and \fBUI_add_error_string()\fR add strings that are shown at the same time as the prompt for extra information or to show an error string. The difference between the two is only conceptual. With the builtin method, there's no technical difference between them. Other methods may make a difference between them, however. .PP The flags currently supported are \fB\s-1UI_INPUT_FLAG_ECHO\s0\fR, which is relevant for -\&\fIUI_add_input_string()\fR and will have the users response be echoed (when +\&\fBUI_add_input_string()\fR and will have the users response be echoed (when prompting for a password, this flag should obviously not be used, and \&\fB\s-1UI_INPUT_FLAG_DEFAULT_PWD\s0\fR, which means that a default password of some sort will be used (completely depending on the application and the \s-1UI\s0 method). .PP -\&\fIUI_dup_input_string()\fR, \fIUI_dup_verify_string()\fR, \fIUI_dup_input_boolean()\fR, -\&\fIUI_dup_info_string()\fR and \fIUI_dup_error_string()\fR are basically the same +\&\fBUI_dup_input_string()\fR, \fBUI_dup_verify_string()\fR, \fBUI_dup_input_boolean()\fR, +\&\fBUI_dup_info_string()\fR and \fBUI_dup_error_string()\fR are basically the same as their UI_add counterparts, except that they make their own copies of all strings. .PP -\&\fIUI_construct_prompt()\fR is a helper function that can be used to create +\&\fBUI_construct_prompt()\fR is a helper function that can be used to create a prompt from two pieces of information: an description and a name. The default constructor (if there is none provided by the method used) creates a string "Enter \fIdescription\fR for \fIname\fR:\*(L". With the @@ -282,87 +286,86 @@ description \*(R"pass phrase\*(L" and the file name \*(R"foo.key\*(L", that beco string and may include encodings that will be processed by the other method functions. .PP -\&\fIUI_add_user_data()\fR adds a user data pointer for the method to use at any +\&\fBUI_add_user_data()\fR adds a user data pointer for the method to use at any time. The builtin \s-1UI\s0 method doesn't care about this info. Note that several calls to this function doesn't add data, it replaces the previous blob with the one given as argument. .PP -\&\fIUI_dup_user_data()\fR duplicates the user data and works as an alternative -to \fIUI_add_user_data()\fR when the user data needs to be preserved for a longer +\&\fBUI_dup_user_data()\fR duplicates the user data and works as an alternative +to \fBUI_add_user_data()\fR when the user data needs to be preserved for a longer duration, perhaps even the lifetime of the application. The \s-1UI\s0 object takes ownership of this duplicate and will free it whenever it gets replaced or -the \s-1UI\s0 is destroyed. \fIUI_dup_user_data()\fR returns 0 on success, or \-1 on memory +the \s-1UI\s0 is destroyed. \fBUI_dup_user_data()\fR returns 0 on success, or \-1 on memory allocation failure or if the method doesn't have a duplicator function. .PP -\&\fIUI_get0_user_data()\fR retrieves the data that has last been given to the -\&\s-1UI\s0 with \fIUI_add_user_data()\fR or UI_dup_user_data. +\&\fBUI_get0_user_data()\fR retrieves the data that has last been given to the +\&\s-1UI\s0 with \fBUI_add_user_data()\fR or UI_dup_user_data. .PP -\&\fIUI_get0_result()\fR returns a pointer to the result buffer associated with +\&\fBUI_get0_result()\fR returns a pointer to the result buffer associated with the information indexed by \fIi\fR. .PP -\&\fIUI_get_result_length()\fR returns the length of the result buffer associated with +\&\fBUI_get_result_length()\fR returns the length of the result buffer associated with the information indexed by \fIi\fR. .PP -\&\fIUI_process()\fR goes through the information given so far, does all the printing +\&\fBUI_process()\fR goes through the information given so far, does all the printing and prompting and returns the final status, which is \-2 on out-of-band events (Interrupt, Cancel, ...), \-1 on error and 0 on success. .PP -\&\fIUI_ctrl()\fR adds extra control for the application author. For now, it -understands two commands: \fB\s-1UI_CTRL_PRINT_ERRORS\s0\fR, which makes \fIUI_process()\fR +\&\fBUI_ctrl()\fR adds extra control for the application author. For now, it +understands two commands: \fB\s-1UI_CTRL_PRINT_ERRORS\s0\fR, which makes \fBUI_process()\fR print the OpenSSL error stack as part of processing the \s-1UI,\s0 and \&\fB\s-1UI_CTRL_IS_REDOABLE\s0\fR, which returns a flag saying if the used \s-1UI\s0 can be used again or not. .PP -\&\fIUI_set_default_method()\fR changes the default \s-1UI\s0 method to the one given. +\&\fBUI_set_default_method()\fR changes the default \s-1UI\s0 method to the one given. This function is not thread-safe and should not be called at the same time as other OpenSSL functions. .PP -\&\fIUI_get_default_method()\fR returns a pointer to the current default \s-1UI\s0 method. +\&\fBUI_get_default_method()\fR returns a pointer to the current default \s-1UI\s0 method. .PP -\&\fIUI_get_method()\fR returns the \s-1UI\s0 method associated with a given \s-1UI.\s0 +\&\fBUI_get_method()\fR returns the \s-1UI\s0 method associated with a given \s-1UI.\s0 .PP -\&\fIUI_set_method()\fR changes the \s-1UI\s0 method associated with a given \s-1UI.\s0 +\&\fBUI_set_method()\fR changes the \s-1UI\s0 method associated with a given \s-1UI.\s0 .SH "NOTES" .IX Header "NOTES" -The resulting strings that the built in method \fIUI_OpenSSL()\fR generate +The resulting strings that the built in method \fBUI_OpenSSL()\fR generate are assumed to be encoded according to the current locale or (for Windows) code page. For applications having different demands, these strings need to be converted appropriately by the caller. For Windows, if the \s-1OPENSSL_WIN32_UTF8\s0 environment variable is set, -the built-in method \fIUI_OpenSSL()\fR will produce \s-1UTF\-8\s0 encoded strings +the built-in method \fBUI_OpenSSL()\fR will produce \s-1UTF\-8\s0 encoded strings instead. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIUI_new()\fR and \fIUI_new_method()\fR return a valid \fB\s-1UI\s0\fR structure or \s-1NULL\s0 if an error +\&\fBUI_new()\fR and \fBUI_new_method()\fR return a valid \fB\s-1UI\s0\fR structure or \s-1NULL\s0 if an error occurred. .PP -\&\fIUI_add_input_string()\fR, \fIUI_dup_input_string()\fR, \fIUI_add_verify_string()\fR, -\&\fIUI_dup_verify_string()\fR, \fIUI_add_input_boolean()\fR, \fIUI_dup_input_boolean()\fR, -\&\fIUI_add_info_string()\fR, \fIUI_dup_info_string()\fR, \fIUI_add_error_string()\fR -and \fIUI_dup_error_string()\fR return a positive number on success or a value which +\&\fBUI_add_input_string()\fR, \fBUI_dup_input_string()\fR, \fBUI_add_verify_string()\fR, +\&\fBUI_dup_verify_string()\fR, \fBUI_add_input_boolean()\fR, \fBUI_dup_input_boolean()\fR, +\&\fBUI_add_info_string()\fR, \fBUI_dup_info_string()\fR, \fBUI_add_error_string()\fR +and \fBUI_dup_error_string()\fR return a positive number on success or a value which is less than or equal to 0 otherwise. .PP -\&\fIUI_construct_prompt()\fR returns a string or \s-1NULL\s0 if an error occurred. +\&\fBUI_construct_prompt()\fR returns a string or \s-1NULL\s0 if an error occurred. .PP -\&\fIUI_dup_user_data()\fR returns 0 on success or \-1 on error. +\&\fBUI_dup_user_data()\fR returns 0 on success or \-1 on error. .PP -\&\fIUI_get0_result()\fR returns a string or \s-1NULL\s0 on error. +\&\fBUI_get0_result()\fR returns a string or \s-1NULL\s0 on error. .PP -\&\fIUI_get_result_length()\fR returns a positive integer or 0 on success; otherwise it +\&\fBUI_get_result_length()\fR returns a positive integer or 0 on success; otherwise it returns \-1 on error. .PP -\&\fIUI_process()\fR returns 0 on success or a negative value on error. +\&\fBUI_process()\fR returns 0 on success or a negative value on error. .PP -\&\fIUI_ctrl()\fR returns a mask on success or \-1 on error. +\&\fBUI_ctrl()\fR returns a mask on success or \-1 on error. .PP -\&\fIUI_get_default_method()\fR, \fIUI_get_method()\fR, \fIUI_Openssl()\fR, \fIUI_null()\fR and -\&\fIUI_set_method()\fR return either a valid \fB\s-1UI_METHOD\s0\fR structure or \s-1NULL\s0 +\&\fBUI_get_default_method()\fR, \fBUI_get_method()\fR, \fBUI_OpenSSL()\fR, \fBUI_null()\fR and +\&\fBUI_set_method()\fR return either a valid \fB\s-1UI_METHOD\s0\fR structure or \s-1NULL\s0 respectively. .SH "HISTORY" .IX Header "HISTORY" -\&\fIUI_dup_user_data()\fR -was added in OpenSSL 1.1.1. +The \fBUI_dup_user_data()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/X509V3_get_d2i.3 b/secure/lib/libcrypto/man/X509V3_get_d2i.3 index 8df3bb68d584..0fb9781c14e4 100644 --- a/secure/lib/libcrypto/man/X509V3_get_d2i.3 +++ b/secure/lib/libcrypto/man/X509V3_get_d2i.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509V3_GET_D2I 3" -.TH X509V3_GET_D2I 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509V3_GET_D2I 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -167,7 +171,7 @@ X509_get0_extensions, X509_CRL_get0_extensions, X509_REVOKED_get0_extensions, X5 .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIX509V3_get_ext_d2i()\fR looks for an extension with \s-1OID\s0 \fBnid\fR in the extensions +\&\fBX509V3_get_ext_d2i()\fR looks for an extension with \s-1OID\s0 \fBnid\fR in the extensions \&\fBx\fR and, if found, decodes it. If \fBidx\fR is \fB\s-1NULL\s0\fR then only one occurrence of an extension is permissible otherwise the first extension after index \fB*idx\fR is returned and \fB*idx\fR updated to the location of the extension. @@ -177,31 +181,31 @@ extension occurs multiple times (this is only returned if \fBidx\fR is \fB\s-1NU not critical and 1 if critical. A pointer to an extension specific structure or \fB\s-1NULL\s0\fR is returned. .PP -\&\fIX509V3_add1_i2d()\fR adds extension \fBvalue\fR to \s-1STACK\s0 \fB*x\fR (allocating a new +\&\fBX509V3_add1_i2d()\fR adds extension \fBvalue\fR to \s-1STACK\s0 \fB*x\fR (allocating a new \&\s-1STACK\s0 if necessary) using \s-1OID\s0 \fBnid\fR and criticality \fBcrit\fR according to \fBflags\fR. .PP -\&\fIX509V3_EXT_d2i()\fR attempts to decode the \s-1ASN.1\s0 data contained in extension +\&\fBX509V3_EXT_d2i()\fR attempts to decode the \s-1ASN.1\s0 data contained in extension \&\fBext\fR and returns a pointer to an extension specific structure or \fB\s-1NULL\s0\fR if the extension could not be decoded (invalid syntax or not supported). .PP -\&\fIX509V3_EXT_i2d()\fR encodes the extension specific structure \fBext\fR +\&\fBX509V3_EXT_i2d()\fR encodes the extension specific structure \fBext\fR with \s-1OID\s0 \fBext_nid\fR and criticality \fBcrit\fR. .PP -\&\fIX509_get_ext_d2i()\fR and \fIX509_add1_ext_i2d()\fR operate on the extensions of -certificate \fBx\fR, they are otherwise identical to \fIX509V3_get_d2i()\fR and -\&\fIX509V3_add_i2d()\fR. +\&\fBX509_get_ext_d2i()\fR and \fBX509_add1_ext_i2d()\fR operate on the extensions of +certificate \fBx\fR, they are otherwise identical to \fBX509V3_get_d2i()\fR and +\&\fBX509V3_add_i2d()\fR. .PP -\&\fIX509_CRL_get_ext_d2i()\fR and \fIX509_CRL_add1_ext_i2d()\fR operate on the extensions -of \s-1CRL\s0 \fBcrl\fR, they are otherwise identical to \fIX509V3_get_d2i()\fR and -\&\fIX509V3_add_i2d()\fR. +\&\fBX509_CRL_get_ext_d2i()\fR and \fBX509_CRL_add1_ext_i2d()\fR operate on the extensions +of \s-1CRL\s0 \fBcrl\fR, they are otherwise identical to \fBX509V3_get_d2i()\fR and +\&\fBX509V3_add_i2d()\fR. .PP -\&\fIX509_REVOKED_get_ext_d2i()\fR and \fIX509_REVOKED_add1_ext_i2d()\fR operate on the +\&\fBX509_REVOKED_get_ext_d2i()\fR and \fBX509_REVOKED_add1_ext_i2d()\fR operate on the extensions of \fBX509_REVOKED\fR structure \fBr\fR (i.e for \s-1CRL\s0 entry extensions), -they are otherwise identical to \fIX509V3_get_d2i()\fR and \fIX509V3_add_i2d()\fR. +they are otherwise identical to \fBX509V3_get_d2i()\fR and \fBX509V3_add_i2d()\fR. .PP -\&\fIX509_get0_extensions()\fR, \fIX509_CRL_get0_extensions()\fR and -\&\fIX509_REVOKED_get0_extensions()\fR return a stack of all the extensions +\&\fBX509_get0_extensions()\fR, \fBX509_CRL_get0_extensions()\fR and +\&\fBX509_REVOKED_get0_extensions()\fR return a stack of all the extensions of a certificate a \s-1CRL\s0 or a \s-1CRL\s0 entry respectively. .SH "NOTES" .IX Header "NOTES" @@ -232,7 +236,7 @@ exist. If \fBX509V3_ADD_SILENT\fR is ored with \fBflags\fR: any error returned will not be added to the error queue. .PP -The function \fIX509V3_get_d2i()\fR will return \fB\s-1NULL\s0\fR if the extension is not +The function \fBX509V3_get_d2i()\fR will return \fB\s-1NULL\s0\fR if the extension is not found, occurs multiple times or cannot be decoded. It is possible to determine the precise reason by checking the value of \fB*crit\fR. .SH "SUPPORTED EXTENSIONS" @@ -329,38 +333,38 @@ The following extensions are used by certificate transparency, \s-1RFC6962\s0 .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509V3_EXT_d2i()\fR and *\fIX509V3_get_d2i()\fR return a pointer to an extension +\&\fBX509V3_EXT_d2i()\fR and *\fBX509V3_get_d2i()\fR return a pointer to an extension specific structure of \fB\s-1NULL\s0\fR if an error occurs. .PP -\&\fIX509V3_EXT_i2d()\fR returns a pointer to an \fBX509_EXTENSION\fR structure +\&\fBX509V3_EXT_i2d()\fR returns a pointer to an \fBX509_EXTENSION\fR structure or \fB\s-1NULL\s0\fR if an error occurs. .PP -\&\fIX509V3_add1_i2d()\fR returns 1 if the operation is successful and 0 if it +\&\fBX509V3_add1_i2d()\fR returns 1 if the operation is successful and 0 if it fails due to a non-fatal error (extension not found, already exists, cannot be encoded) or \-1 due to a fatal error such as a memory allocation failure. .PP -\&\fIX509_get0_extensions()\fR, \fIX509_CRL_get0_extensions()\fR and -\&\fIX509_REVOKED_get0_extensions()\fR return a stack of extensions. They return +\&\fBX509_get0_extensions()\fR, \fBX509_CRL_get0_extensions()\fR and +\&\fBX509_REVOKED_get0_extensions()\fR return a stack of extensions. They return \&\s-1NULL\s0 if no extensions are present. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fId2i_X509\fR\|(3), -\&\fIERR_get_error\fR\|(3), -\&\fIX509_CRL_get0_by_serial\fR\|(3), -\&\fIX509_get0_signature\fR\|(3), -\&\fIX509_get_ext_d2i\fR\|(3), -\&\fIX509_get_extension_flags\fR\|(3), -\&\fIX509_get_pubkey\fR\|(3), -\&\fIX509_get_subject_name\fR\|(3), -\&\fIX509_get_version\fR\|(3), -\&\fIX509_NAME_add_entry_by_txt\fR\|(3), -\&\fIX509_NAME_ENTRY_get_object\fR\|(3), -\&\fIX509_NAME_get_index_by_NID\fR\|(3), -\&\fIX509_NAME_print_ex\fR\|(3), -\&\fIX509_new\fR\|(3), -\&\fIX509_sign\fR\|(3), -\&\fIX509_verify_cert\fR\|(3) +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_get_version\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/X509_ALGOR_dup.3 b/secure/lib/libcrypto/man/X509_ALGOR_dup.3 index fdfb0d4004d4..a822b8361376 100644 --- a/secure/lib/libcrypto/man/X509_ALGOR_dup.3 +++ b/secure/lib/libcrypto/man/X509_ALGOR_dup.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_ALGOR_DUP 3" -.TH X509_ALGOR_DUP 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_ALGOR_DUP 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,34 +154,34 @@ X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_ .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIX509_ALGOR_dup()\fR returns a copy of \fBalg\fR. +\&\fBX509_ALGOR_dup()\fR returns a copy of \fBalg\fR. .PP -\&\fIX509_ALGOR_set0()\fR sets the algorithm \s-1OID\s0 of \fBalg\fR to \fBaobj\fR and the +\&\fBX509_ALGOR_set0()\fR sets the algorithm \s-1OID\s0 of \fBalg\fR to \fBaobj\fR and the associated parameter type to \fBptype\fR with value \fBpval\fR. If \fBptype\fR is \&\fBV_ASN1_UNDEF\fR the parameter is omitted, otherwise \fBptype\fR and \fBpval\fR have -the same meaning as the \fBtype\fR and \fBvalue\fR parameters to \fIASN1_TYPE_set()\fR. +the same meaning as the \fBtype\fR and \fBvalue\fR parameters to \fBASN1_TYPE_set()\fR. All the supplied parameters are used internally so must \fB\s-1NOT\s0\fR be freed after this call. .PP -\&\fIX509_ALGOR_get0()\fR is the inverse of \fIX509_ALGOR_set0()\fR: it returns the +\&\fBX509_ALGOR_get0()\fR is the inverse of \fBX509_ALGOR_set0()\fR: it returns the algorithm \s-1OID\s0 in \fB*paobj\fR and the associated parameter in \fB*pptype\fR and \fB*ppval\fR from the \fBAlgorithmIdentifier\fR \fBalg\fR. .PP -\&\fIX509_ALGOR_set_md()\fR sets the \fBAlgorithmIdentifier\fR \fBalg\fR to appropriate +\&\fBX509_ALGOR_set_md()\fR sets the \fBAlgorithmIdentifier\fR \fBalg\fR to appropriate values for the message digest \fBmd\fR. .PP -\&\fIX509_ALGOR_cmp()\fR compares \fBa\fR and \fBb\fR and returns 0 if they have identical +\&\fBX509_ALGOR_cmp()\fR compares \fBa\fR and \fBb\fR and returns 0 if they have identical encodings and non-zero otherwise. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509_ALGOR_dup()\fR returns a valid \fBX509_ALGOR\fR structure or \s-1NULL\s0 if an error +\&\fBX509_ALGOR_dup()\fR returns a valid \fBX509_ALGOR\fR structure or \s-1NULL\s0 if an error occurred. .PP -\&\fIX509_ALGOR_set0()\fR returns 1 on success or 0 on error. +\&\fBX509_ALGOR_set0()\fR returns 1 on success or 0 on error. .PP -\&\fIX509_ALGOR_get0()\fR and \fIX509_ALGOR_set_md()\fR return no values. +\&\fBX509_ALGOR_get0()\fR and \fBX509_ALGOR_set_md()\fR return no values. .PP -\&\fIX509_ALGOR_cmp()\fR returns 0 if the two parameters have identical encodings and +\&\fBX509_ALGOR_cmp()\fR returns 0 if the two parameters have identical encodings and non-zero otherwise. .SH "COPYRIGHT" .IX Header "COPYRIGHT" diff --git a/secure/lib/libcrypto/man/X509_CRL_get0_by_serial.3 b/secure/lib/libcrypto/man/X509_CRL_get0_by_serial.3 index 98fee4b9d785..a432f0c6e1e9 100644 --- a/secure/lib/libcrypto/man/X509_CRL_get0_by_serial.3 +++ b/secure/lib/libcrypto/man/X509_CRL_get0_by_serial.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_CRL_GET0_BY_SERIAL 3" -.TH X509_CRL_GET0_BY_SERIAL 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_CRL_GET0_BY_SERIAL 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -159,75 +163,75 @@ X509_CRL_get0_by_serial, X509_CRL_get0_by_cert, X509_CRL_get_REVOKED, X509_REVOK .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIX509_CRL_get0_by_serial()\fR attempts to find a revoked entry in \fBcrl\fR for +\&\fBX509_CRL_get0_by_serial()\fR attempts to find a revoked entry in \fBcrl\fR for serial number \fBserial\fR. If it is successful it sets \fB*ret\fR to the internal pointer of the matching entry, as a result \fB*ret\fR must not be freed up after the call. .PP -\&\fIX509_CRL_get0_by_cert()\fR is similar to \fIX509_get0_by_serial()\fR except it +\&\fBX509_CRL_get0_by_cert()\fR is similar to \fBX509_get0_by_serial()\fR except it looks for a revoked entry using the serial number of certificate \fBx\fR. .PP -\&\fIX509_CRL_get_REVOKED()\fR returns an internal pointer to a stack of all +\&\fBX509_CRL_get_REVOKED()\fR returns an internal pointer to a stack of all revoked entries for \fBcrl\fR. .PP -\&\fIX509_REVOKED_get0_serialNumber()\fR returns an internal pointer to the +\&\fBX509_REVOKED_get0_serialNumber()\fR returns an internal pointer to the serial number of \fBr\fR. .PP -\&\fIX509_REVOKED_get0_revocationDate()\fR returns an internal pointer to the +\&\fBX509_REVOKED_get0_revocationDate()\fR returns an internal pointer to the revocation date of \fBr\fR. .PP -\&\fIX509_REVOKED_set_serialNumber()\fR sets the serial number of \fBr\fR to \fBserial\fR. +\&\fBX509_REVOKED_set_serialNumber()\fR sets the serial number of \fBr\fR to \fBserial\fR. The supplied \fBserial\fR pointer is not used internally so it should be freed up after use. .PP -\&\fIX509_REVOKED_set_revocationDate()\fR sets the revocation date of \fBr\fR to +\&\fBX509_REVOKED_set_revocationDate()\fR sets the revocation date of \fBr\fR to \&\fBtm\fR. The supplied \fBtm\fR pointer is not used internally so it should be freed up after use. .PP -\&\fIX509_CRL_add0_revoked()\fR appends revoked entry \fBrev\fR to \s-1CRL\s0 \fBcrl\fR. The +\&\fBX509_CRL_add0_revoked()\fR appends revoked entry \fBrev\fR to \s-1CRL\s0 \fBcrl\fR. The pointer \fBrev\fR is used internally so it must not be freed up after the call: it is freed when the parent \s-1CRL\s0 is freed. .PP -\&\fIX509_CRL_sort()\fR sorts the revoked entries of \fBcrl\fR into ascending serial +\&\fBX509_CRL_sort()\fR sorts the revoked entries of \fBcrl\fR into ascending serial number order. .SH "NOTES" .IX Header "NOTES" Applications can determine the number of revoked entries returned by -\&\fIX509_CRL_get_revoked()\fR using \fIsk_X509_REVOKED_num()\fR and examine each one -in turn using \fIsk_X509_REVOKED_value()\fR. +\&\fBX509_CRL_get_revoked()\fR using \fBsk_X509_REVOKED_num()\fR and examine each one +in turn using \fBsk_X509_REVOKED_value()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509_CRL_get0_by_serial()\fR and \fIX509_CRL_get0_by_cert()\fR return 0 for failure, +\&\fBX509_CRL_get0_by_serial()\fR and \fBX509_CRL_get0_by_cert()\fR return 0 for failure, 1 on success except if the revoked entry has the reason \f(CW\*(C`removeFromCRL\*(C'\fR (8), in which case 2 is returned. .PP -\&\fIX509_REVOKED_set_serialNumber()\fR, \fIX509_REVOKED_set_revocationDate()\fR, -\&\fIX509_CRL_add0_revoked()\fR and \fIX509_CRL_sort()\fR return 1 for success and 0 for +\&\fBX509_REVOKED_set_serialNumber()\fR, \fBX509_REVOKED_set_revocationDate()\fR, +\&\fBX509_CRL_add0_revoked()\fR and \fBX509_CRL_sort()\fR return 1 for success and 0 for failure. .PP -\&\fIX509_REVOKED_get0_serialNumber()\fR returns an \fB\s-1ASN1_INTEGER\s0\fR pointer. +\&\fBX509_REVOKED_get0_serialNumber()\fR returns an \fB\s-1ASN1_INTEGER\s0\fR pointer. .PP -\&\fIX509_REVOKED_get0_revocationDate()\fR returns an \fB\s-1ASN1_TIME\s0\fR value. +\&\fBX509_REVOKED_get0_revocationDate()\fR returns an \fB\s-1ASN1_TIME\s0\fR value. .PP -\&\fIX509_CRL_get_REVOKED()\fR returns a \s-1STACK\s0 of revoked entries. +\&\fBX509_CRL_get_REVOKED()\fR returns a \s-1STACK\s0 of revoked entries. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fId2i_X509\fR\|(3), -\&\fIERR_get_error\fR\|(3), -\&\fIX509_get0_signature\fR\|(3), -\&\fIX509_get_ext_d2i\fR\|(3), -\&\fIX509_get_extension_flags\fR\|(3), -\&\fIX509_get_pubkey\fR\|(3), -\&\fIX509_get_subject_name\fR\|(3), -\&\fIX509_get_version\fR\|(3), -\&\fIX509_NAME_add_entry_by_txt\fR\|(3), -\&\fIX509_NAME_ENTRY_get_object\fR\|(3), -\&\fIX509_NAME_get_index_by_NID\fR\|(3), -\&\fIX509_NAME_print_ex\fR\|(3), -\&\fIX509_new\fR\|(3), -\&\fIX509_sign\fR\|(3), -\&\fIX509V3_get_d2i\fR\|(3), -\&\fIX509_verify_cert\fR\|(3) +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_get_version\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/X509_EXTENSION_set_object.3 b/secure/lib/libcrypto/man/X509_EXTENSION_set_object.3 index 5bcdbbfbf396..828e58c2ff28 100644 --- a/secure/lib/libcrypto/man/X509_EXTENSION_set_object.3 +++ b/secure/lib/libcrypto/man/X509_EXTENSION_set_object.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_EXTENSION_SET_OBJECT 3" -.TH X509_EXTENSION_SET_OBJECT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_EXTENSION_SET_OBJECT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,59 +160,59 @@ X509_EXTENSION_set_object, X509_EXTENSION_set_critical, X509_EXTENSION_set_data, .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIX509_EXTENSION_set_object()\fR sets the extension type of \fBex\fR to \fBobj\fR. The +\&\fBX509_EXTENSION_set_object()\fR sets the extension type of \fBex\fR to \fBobj\fR. The \&\fBobj\fR pointer is duplicated internally so \fBobj\fR should be freed up after use. .PP -\&\fIX509_EXTENSION_set_critical()\fR sets the criticality of \fBex\fR to \fBcrit\fR. If +\&\fBX509_EXTENSION_set_critical()\fR sets the criticality of \fBex\fR to \fBcrit\fR. If \&\fBcrit\fR is zero the extension in non-critical otherwise it is critical. .PP -\&\fIX509_EXTENSION_set_data()\fR sets the data in extension \fBex\fR to \fBdata\fR. The +\&\fBX509_EXTENSION_set_data()\fR sets the data in extension \fBex\fR to \fBdata\fR. The \&\fBdata\fR pointer is duplicated internally. .PP -\&\fIX509_EXTENSION_create_by_NID()\fR creates an extension of type \fBnid\fR, +\&\fBX509_EXTENSION_create_by_NID()\fR creates an extension of type \fBnid\fR, criticality \fBcrit\fR using data \fBdata\fR. The created extension is returned and written to \fB*ex\fR reusing or allocating a new extension if necessary so \fB*ex\fR should either be \fB\s-1NULL\s0\fR or a valid \fBX509_EXTENSION\fR structure it must \&\fBnot\fR be an uninitialised pointer. .PP -\&\fIX509_EXTENSION_create_by_OBJ()\fR is identical to \fIX509_EXTENSION_create_by_NID()\fR +\&\fBX509_EXTENSION_create_by_OBJ()\fR is identical to \fBX509_EXTENSION_create_by_NID()\fR except it creates and extension using \fBobj\fR instead of a \s-1NID.\s0 .PP -\&\fIX509_EXTENSION_get_object()\fR returns the extension type of \fBex\fR as an +\&\fBX509_EXTENSION_get_object()\fR returns the extension type of \fBex\fR as an \&\fB\s-1ASN1_OBJECT\s0\fR pointer. The returned pointer is an internal value which must not be freed up. .PP -\&\fIX509_EXTENSION_get_critical()\fR returns the criticality of extension \fBex\fR it +\&\fBX509_EXTENSION_get_critical()\fR returns the criticality of extension \fBex\fR it returns \fB1\fR for critical and \fB0\fR for non-critical. .PP -\&\fIX509_EXTENSION_get_data()\fR returns the data of extension \fBex\fR. The returned +\&\fBX509_EXTENSION_get_data()\fR returns the data of extension \fBex\fR. The returned pointer is an internal value which must not be freed up. .SH "NOTES" .IX Header "NOTES" These functions manipulate the contents of an extension directly. Most applications will want to parse or encode and add an extension: they should use the extension encode and decode functions instead such as -\&\fIX509_add1_ext_i2d()\fR and \fIX509_get_ext_d2i()\fR. +\&\fBX509_add1_ext_i2d()\fR and \fBX509_get_ext_d2i()\fR. .PP The \fBdata\fR associated with an extension is the extension encoding in an \&\fB\s-1ASN1_OCTET_STRING\s0\fR structure. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509_EXTENSION_set_object()\fR \fIX509_EXTENSION_set_critical()\fR and -\&\fIX509_EXTENSION_set_data()\fR return \fB1\fR for success and \fB0\fR for failure. +\&\fBX509_EXTENSION_set_object()\fR \fBX509_EXTENSION_set_critical()\fR and +\&\fBX509_EXTENSION_set_data()\fR return \fB1\fR for success and \fB0\fR for failure. .PP -\&\fIX509_EXTENSION_create_by_NID()\fR and \fIX509_EXTENSION_create_by_OBJ()\fR return +\&\fBX509_EXTENSION_create_by_NID()\fR and \fBX509_EXTENSION_create_by_OBJ()\fR return an \fBX509_EXTENSION\fR pointer or \fB\s-1NULL\s0\fR if an error occurs. .PP -\&\fIX509_EXTENSION_get_object()\fR returns an \fB\s-1ASN1_OBJECT\s0\fR pointer. +\&\fBX509_EXTENSION_get_object()\fR returns an \fB\s-1ASN1_OBJECT\s0\fR pointer. .PP -\&\fIX509_EXTENSION_get_critical()\fR returns \fB0\fR for non-critical and \fB1\fR for +\&\fBX509_EXTENSION_get_critical()\fR returns \fB0\fR for non-critical and \fB1\fR for critical. .PP -\&\fIX509_EXTENSION_get_data()\fR returns an \fB\s-1ASN1_OCTET_STRING\s0\fR pointer. +\&\fBX509_EXTENSION_get_data()\fR returns an \fB\s-1ASN1_OCTET_STRING\s0\fR pointer. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIX509V3_get_d2i\fR\|(3) +\&\fBX509V3_get_d2i\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/X509_LOOKUP_hash_dir.3 b/secure/lib/libcrypto/man/X509_LOOKUP_hash_dir.3 index da5c068bd033..3100c782e1a8 100644 --- a/secure/lib/libcrypto/man/X509_LOOKUP_hash_dir.3 +++ b/secure/lib/libcrypto/man/X509_LOOKUP_hash_dir.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_LOOKUP_HASH_DIR 3" -.TH X509_LOOKUP_HASH_DIR 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_LOOKUP_HASH_DIR 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,8 +159,8 @@ lookup methods to use with \fBX509_STORE\fR, provided by OpenSSL library. .PP Users of the library typically do not need to create instances of these methods manually, they would be created automatically by -\&\fIX509_STORE_load_locations\fR\|(3) or -\&\fISSL_CTX_load_verify_locations\fR\|(3) +\&\fBX509_STORE_load_locations\fR\|(3) or +\&\fBSSL_CTX_load_verify_locations\fR\|(3) functions. .PP Internally loading of certificates and CRLs is implemented via functions @@ -176,7 +180,7 @@ or \s-1CRL\s0 object (while \s-1PEM\s0 can contain several concatenated \s-1PEM\ .PP Constant \fB\s-1FILETYPE_DEFAULT\s0\fR with \s-1NULL\s0 filename causes these functions to load default certificate store file (see -\&\fIX509_STORE_set_default_paths\fR\|(3). +\&\fBX509_STORE_set_default_paths\fR\|(3). .PP Functions return number of objects loaded from file or 0 in case of error. @@ -208,10 +212,10 @@ the directory. The directory should contain one certificate or \s-1CRL\s0 per file in \s-1PEM\s0 format, with a file name of the form \fIhash\fR.\fIN\fR for a certificate, or \&\fIhash\fR.\fBr\fR\fIN\fR for a \s-1CRL.\s0 -The \fIhash\fR is the value returned by the \fIX509_NAME_hash\fR\|(3) function applied +The \fIhash\fR is the value returned by the \fBX509_NAME_hash\fR\|(3) function applied to the subject name for certificates or issuer name for CRLs. -The hash can also be obtained via the \fB\-hash\fR option of the \fIx509\fR\|(1) or -\&\fIcrl\fR\|(1) commands. +The hash can also be obtained via the \fB\-hash\fR option of the \fBx509\fR\|(1) or +\&\fBcrl\fR\|(1) commands. .PP The .\fIN\fR or .\fBr\fR\fIN\fR suffix is a sequence number that starts at zero, and is incremented consecutively for each certificate or \s-1CRL\s0 with the same \fIhash\fR @@ -234,22 +238,22 @@ Note that the hash algorithm used for subject name hashing changed in OpenSSL 1.0.0, and all certificate stores have to be rehashed when moving from OpenSSL 0.9.8 to 1.0.0. .PP -OpenSSL includes a \fIrehash\fR\|(1) utility which creates symlinks with correct +OpenSSL includes a \fBrehash\fR\|(1) utility which creates symlinks with correct hashed names for all files with .pem suffix in a given directory. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509_LOOKUP_hash_dir()\fR and \fIX509_LOOKUP_file()\fR always return a valid +\&\fBX509_LOOKUP_hash_dir()\fR and \fBX509_LOOKUP_file()\fR always return a valid \&\fBX509_LOOKUP_METHOD\fR structure. .PP -\&\fIX509_load_cert_file()\fR, \fIX509_load_crl_file()\fR and \fIX509_load_cert_crl_file()\fR return +\&\fBX509_load_cert_file()\fR, \fBX509_load_crl_file()\fR and \fBX509_load_cert_crl_file()\fR return the number of loaded objects or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIPEM_read_PrivateKey\fR\|(3), -\&\fIX509_STORE_load_locations\fR\|(3), -\&\fIX509_store_add_lookup\fR\|(3), -\&\fISSL_CTX_load_verify_locations\fR\|(3), -\&\fIX509_LOOKUP_meth_new\fR\|(3), +\&\fBPEM_read_PrivateKey\fR\|(3), +\&\fBX509_STORE_load_locations\fR\|(3), +\&\fBX509_store_add_lookup\fR\|(3), +\&\fBSSL_CTX_load_verify_locations\fR\|(3), +\&\fBX509_LOOKUP_meth_new\fR\|(3), .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/X509_LOOKUP_meth_new.3 b/secure/lib/libcrypto/man/X509_LOOKUP_meth_new.3 index d77b70f06c08..5c38bb6fa7f3 100644 --- a/secure/lib/libcrypto/man/X509_LOOKUP_meth_new.3 +++ b/secure/lib/libcrypto/man/X509_LOOKUP_meth_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_LOOKUP_METH_NEW 3" -.TH X509_LOOKUP_METH_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_LOOKUP_METH_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -225,57 +229,57 @@ implementation of various X509 and X509_CRL lookup capabilities. One instance of an X509_LOOKUP_METHOD can be associated to many instantiations of an \&\fBX509_LOOKUP\fR structure. .PP -\&\fIX509_LOOKUP_meth_new()\fR creates a new \fBX509_LOOKUP_METHOD\fR structure. It should +\&\fBX509_LOOKUP_meth_new()\fR creates a new \fBX509_LOOKUP_METHOD\fR structure. It should be given a human-readable string containing a brief description of the lookup method. .PP -\&\fIX509_LOOKUP_meth_free()\fR destroys a \fBX509_LOOKUP_METHOD\fR structure. +\&\fBX509_LOOKUP_meth_free()\fR destroys a \fBX509_LOOKUP_METHOD\fR structure. .PP -\&\fIX509_LOOKUP_get_new_item()\fR and \fIX509_LOOKUP_set_new_item()\fR get and set the +\&\fBX509_LOOKUP_get_new_item()\fR and \fBX509_LOOKUP_set_new_item()\fR get and set the function that is called when an \fBX509_LOOKUP\fR object is created with -\&\fIX509_LOOKUP_new()\fR. If an X509_LOOKUP_METHOD requires any per\-X509_LOOKUP +\&\fBX509_LOOKUP_new()\fR. If an X509_LOOKUP_METHOD requires any per\-X509_LOOKUP specific data, the supplied new_item function should allocate this data and -invoke \fIX509_LOOKUP_set_method_data()\fR. +invoke \fBX509_LOOKUP_set_method_data()\fR. .PP -\&\fIX509_LOOKUP_get_free()\fR and \fIX509_LOOKUP_set_free()\fR get and set the function +\&\fBX509_LOOKUP_get_free()\fR and \fBX509_LOOKUP_set_free()\fR get and set the function that is used to free any method data that was allocated and set from within new_item function. .PP -\&\fIX509_LOOKUP_meth_get_init()\fR and \fIX509_LOOKUP_meth_set_init()\fR get and set the +\&\fBX509_LOOKUP_meth_get_init()\fR and \fBX509_LOOKUP_meth_set_init()\fR get and set the function that is used to initialize the method data that was set with -\&\fIX509_LOOKUP_set_method_data()\fR as part of the new_item routine. +\&\fBX509_LOOKUP_set_method_data()\fR as part of the new_item routine. .PP -\&\fIX509_LOOKUP_meth_get_shutdown()\fR and \fIX509_LOOKUP_meth_set_shutdown()\fR get and set +\&\fBX509_LOOKUP_meth_get_shutdown()\fR and \fBX509_LOOKUP_meth_set_shutdown()\fR get and set the function that is used to shut down the method data whose state was previously initialized in the init function. .PP -\&\fIX509_LOOKUP_meth_get_ctrl()\fR and \fIX509_LOOKUP_meth_set_ctrl()\fR get and set a +\&\fBX509_LOOKUP_meth_get_ctrl()\fR and \fBX509_LOOKUP_meth_set_ctrl()\fR get and set a function to be used to handle arbitrary control commands issued by -\&\fIX509_LOOKUP_ctrl()\fR. The control function is given the X509_LOOKUP +\&\fBX509_LOOKUP_ctrl()\fR. The control function is given the X509_LOOKUP \&\fBctx\fR, along with the arguments passed by X509_LOOKUP_ctrl. \fBcmd\fR is an arbitrary integer that defines some operation. \fBargc\fR is a pointer to an array of characters. \fBargl\fR is an integer. \fBret\fR, if set, points to a location where any return data should be written to. How \&\fBargc\fR and \fBargl\fR are used depends entirely on the control function. .PP -\&\fIX509_LOOKUP_set_get_by_subject()\fR, \fIX509_LOOKUP_set_get_by_issuer_serial()\fR, -\&\fIX509_LOOKUP_set_get_by_fingerprint()\fR, \fIX509_LOOKUP_set_get_by_alias()\fR set +\&\fBX509_LOOKUP_set_get_by_subject()\fR, \fBX509_LOOKUP_set_get_by_issuer_serial()\fR, +\&\fBX509_LOOKUP_set_get_by_fingerprint()\fR, \fBX509_LOOKUP_set_get_by_alias()\fR set the functions used to retrieve an X509 or X509_CRL object by the object's subject, issuer, fingerprint, and alias respectively. These functions are given the X509_LOOKUP context, the type of the X509_OBJECT being requested, parameters related to the lookup, and an X509_OBJECT that will receive the requested object. .PP -Implementations should use either \fIX509_OBJECT_set1_X509()\fR or -\&\fIX509_OBJECT_set1_X509_CRL()\fR to set the result. Any method data that was +Implementations should use either \fBX509_OBJECT_set1_X509()\fR or +\&\fBX509_OBJECT_set1_X509_CRL()\fR to set the result. Any method data that was created as a result of the new_item function set by -\&\fIX509_LOOKUP_meth_set_new_item()\fR can be accessed with -\&\fIX509_LOOKUP_get_method_data()\fR. The \fBX509_STORE\fR object that owns the -X509_LOOKUP may be accessed with \fIX509_LOOKUP_get_store()\fR. Successful lookups +\&\fBX509_LOOKUP_meth_set_new_item()\fR can be accessed with +\&\fBX509_LOOKUP_get_method_data()\fR. The \fBX509_STORE\fR object that owns the +X509_LOOKUP may be accessed with \fBX509_LOOKUP_get_store()\fR. Successful lookups should return 1, and unsuccessful lookups should return 0. .PP -\&\fIX509_LOOKUP_get_get_by_subject()\fR, \fIX509_LOOKUP_get_get_by_issuer_serial()\fR, -\&\fIX509_LOOKUP_get_get_by_fingerprint()\fR, \fIX509_LOOKUP_get_get_by_alias()\fR retrieve +\&\fBX509_LOOKUP_get_get_by_subject()\fR, \fBX509_LOOKUP_get_get_by_issuer_serial()\fR, +\&\fBX509_LOOKUP_get_get_by_fingerprint()\fR, \fBX509_LOOKUP_get_get_by_alias()\fR retrieve the function set by the corresponding setter. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -285,7 +289,7 @@ The \fBX509_LOOKUP_meth_get\fR functions return the corresponding function pointers. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIX509_STORE_new\fR\|(3), \fISSL_CTX_set_cert_store\fR\|(3) +\&\fBX509_STORE_new\fR\|(3), \fBSSL_CTX_set_cert_store\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The functions described here were added in OpenSSL 1.1.0i. diff --git a/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 index 5256605e6dfb..e29a93c6e421 100644 --- a/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 +++ b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_ENTRY_GET_OBJECT 3" -.TH X509_NAME_ENTRY_GET_OBJECT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_NAME_ENTRY_GET_OBJECT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -160,31 +164,28 @@ X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data, X509_NAME_ENTRY_set_object .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIX509_NAME_ENTRY_get_object()\fR retrieves the field name of \fBne\fR in +\&\fBX509_NAME_ENTRY_get_object()\fR retrieves the field name of \fBne\fR in and \fB\s-1ASN1_OBJECT\s0\fR structure. .PP -\&\fIX509_NAME_ENTRY_get_data()\fR retrieves the field value of \fBne\fR in +\&\fBX509_NAME_ENTRY_get_data()\fR retrieves the field value of \fBne\fR in and \fB\s-1ASN1_STRING\s0\fR structure. .PP -\&\fIX509_NAME_ENTRY_set_object()\fR sets the field name of \fBne\fR to \fBobj\fR. +\&\fBX509_NAME_ENTRY_set_object()\fR sets the field name of \fBne\fR to \fBobj\fR. .PP -\&\fIX509_NAME_ENTRY_set_data()\fR sets the field value of \fBne\fR to string type +\&\fBX509_NAME_ENTRY_set_data()\fR sets the field value of \fBne\fR to string type \&\fBtype\fR and value determined by \fBbytes\fR and \fBlen\fR. .PP -\&\fIX509_NAME_ENTRY_create_by_txt()\fR, \fIX509_NAME_ENTRY_create_by_NID()\fR -and \fIX509_NAME_ENTRY_create_by_OBJ()\fR create and return an +\&\fBX509_NAME_ENTRY_create_by_txt()\fR, \fBX509_NAME_ENTRY_create_by_NID()\fR +and \fBX509_NAME_ENTRY_create_by_OBJ()\fR create and return an \&\fBX509_NAME_ENTRY\fR structure. .SH "NOTES" .IX Header "NOTES" -\&\fIX509_NAME_ENTRY_get_object()\fR and \fIX509_NAME_ENTRY_get_data()\fR can be +\&\fBX509_NAME_ENTRY_get_object()\fR and \fBX509_NAME_ENTRY_get_data()\fR can be used to examine an \fBX509_NAME_ENTRY\fR function as returned by -\&\fIX509_NAME_get_entry()\fR for example. +\&\fBX509_NAME_get_entry()\fR for example. .PP -\&\fIX509_NAME_ENTRY_create_by_txt()\fR, \fIX509_NAME_ENTRY_create_by_NID()\fR, -and \fIX509_NAME_ENTRY_create_by_OBJ()\fR create and return an -.PP -\&\fIX509_NAME_ENTRY_create_by_txt()\fR, \fIX509_NAME_ENTRY_create_by_OBJ()\fR, -\&\fIX509_NAME_ENTRY_create_by_NID()\fR and \fIX509_NAME_ENTRY_set_data()\fR +\&\fBX509_NAME_ENTRY_create_by_txt()\fR, \fBX509_NAME_ENTRY_create_by_OBJ()\fR, +\&\fBX509_NAME_ENTRY_create_by_NID()\fR and \fBX509_NAME_ENTRY_set_data()\fR are seldom used in practice because \fBX509_NAME_ENTRY\fR structures are almost always part of \fBX509_NAME\fR structures and the corresponding \fBX509_NAME\fR functions are typically used to @@ -192,27 +193,27 @@ create and add new entries in a single operation. .PP The arguments of these functions support similar options to the similarly named ones of the corresponding \fBX509_NAME\fR functions such as -\&\fIX509_NAME_add_entry_by_txt()\fR. So for example \fBtype\fR can be set to -\&\fB\s-1MBSTRING_ASC\s0\fR but in the case of \fIX509_set_data()\fR the field name must be +\&\fBX509_NAME_add_entry_by_txt()\fR. So for example \fBtype\fR can be set to +\&\fB\s-1MBSTRING_ASC\s0\fR but in the case of \fBX509_set_data()\fR the field name must be set first so the relevant field information can be looked up internally. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509_NAME_ENTRY_get_object()\fR returns a valid \fB\s-1ASN1_OBJECT\s0\fR structure if it is +\&\fBX509_NAME_ENTRY_get_object()\fR returns a valid \fB\s-1ASN1_OBJECT\s0\fR structure if it is set or \s-1NULL\s0 if an error occurred. .PP -\&\fIX509_NAME_ENTRY_get_data()\fR returns a valid \fB\s-1ASN1_STRING\s0\fR structure if it is set +\&\fBX509_NAME_ENTRY_get_data()\fR returns a valid \fB\s-1ASN1_STRING\s0\fR structure if it is set or \s-1NULL\s0 if an error occurred. .PP -\&\fIX509_NAME_ENTRY_set_object()\fR and \fIX509_NAME_ENTRY_set_data()\fR return 1 on success +\&\fBX509_NAME_ENTRY_set_object()\fR and \fBX509_NAME_ENTRY_set_data()\fR return 1 on success or 0 on error. .PP -\&\fIX509_NAME_ENTRY_create_by_txt()\fR, \fIX509_NAME_ENTRY_create_by_NID()\fR and -\&\fIX509_NAME_ENTRY_create_by_OBJ()\fR return a valid \fBX509_NAME_ENTRY\fR on success or +\&\fBX509_NAME_ENTRY_create_by_txt()\fR, \fBX509_NAME_ENTRY_create_by_NID()\fR and +\&\fBX509_NAME_ENTRY_create_by_OBJ()\fR return a valid \fBX509_NAME_ENTRY\fR on success or \&\s-1NULL\s0 if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fId2i_X509_NAME\fR\|(3), -\&\fIOBJ_nid2obj\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBd2i_X509_NAME\fR\|(3), +\&\fBOBJ_nid2obj\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 index 9490048c4edf..49ead0319777 100644 --- a/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 +++ b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_ADD_ENTRY_BY_TXT 3" -.TH X509_NAME_ADD_ENTRY_BY_TXT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_NAME_ADD_ENTRY_BY_TXT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,8 +160,8 @@ X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_N .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIX509_NAME_add_entry_by_txt()\fR, \fIX509_NAME_add_entry_by_OBJ()\fR and -\&\fIX509_NAME_add_entry_by_NID()\fR add a field whose name is defined +\&\fBX509_NAME_add_entry_by_txt()\fR, \fBX509_NAME_add_entry_by_OBJ()\fR and +\&\fBX509_NAME_add_entry_by_NID()\fR add a field whose name is defined by a string \fBfield\fR, an object \fBobj\fR or a \s-1NID\s0 \fBnid\fR respectively. The field value to be added is in \fBbytes\fR of length \fBlen\fR. If \&\fBlen\fR is \-1 then the field length is calculated internally using @@ -168,12 +172,12 @@ definition of the type of \fBbytes\fR (such as \fB\s-1MBSTRING_ASC\s0\fR) or a standard \s-1ASN1\s0 type (such as \fBV_ASN1_IA5STRING\fR). The new entry is added to a position determined by \fBloc\fR and \fBset\fR. .PP -\&\fIX509_NAME_add_entry()\fR adds a copy of \fBX509_NAME_ENTRY\fR structure \fBne\fR +\&\fBX509_NAME_add_entry()\fR adds a copy of \fBX509_NAME_ENTRY\fR structure \fBne\fR to \fBname\fR. The new entry is added to a position determined by \fBloc\fR and \fBset\fR. Since a copy of \fBne\fR is added \fBne\fR must be freed up after the call. .PP -\&\fIX509_NAME_delete_entry()\fR deletes an entry from \fBname\fR at position +\&\fBX509_NAME_delete_entry()\fR deletes an entry from \fBname\fR at position \&\fBloc\fR. The deleted entry is returned and must be freed up. .SH "NOTES" .IX Header "NOTES" @@ -181,12 +185,12 @@ The use of string types such as \fB\s-1MBSTRING_ASC\s0\fR or \fB\s-1MBSTRING_UTF is strongly recommended for the \fBtype\fR parameter. This allows the internal code to correctly determine the type of the field and to apply length checks according to the relevant standards. This is -done using \fIASN1_STRING_set_by_NID()\fR. +done using \fBASN1_STRING_set_by_NID()\fR. .PP If instead an \s-1ASN1\s0 type is used no checks are performed and the supplied data in \fBbytes\fR is used directly. .PP -In \fIX509_NAME_add_entry_by_txt()\fR the \fBfield\fR string represents +In \fBX509_NAME_add_entry_by_txt()\fR the \fBfield\fR string represents the field name using OBJ_txt2obj(field, 0). .PP The \fBloc\fR and \fBset\fR parameters determine where a new entry should @@ -228,11 +232,11 @@ Create an \fBX509_NAME\fR structure: .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509_NAME_add_entry_by_txt()\fR, \fIX509_NAME_add_entry_by_OBJ()\fR, -\&\fIX509_NAME_add_entry_by_NID()\fR and \fIX509_NAME_add_entry()\fR return 1 for +\&\fBX509_NAME_add_entry_by_txt()\fR, \fBX509_NAME_add_entry_by_OBJ()\fR, +\&\fBX509_NAME_add_entry_by_NID()\fR and \fBX509_NAME_add_entry()\fR return 1 for success of 0 if an error occurred. .PP -\&\fIX509_NAME_delete_entry()\fR returns either the deleted \fBX509_NAME_ENTRY\fR +\&\fBX509_NAME_delete_entry()\fR returns either the deleted \fBX509_NAME_ENTRY\fR structure of \fB\s-1NULL\s0\fR if an error occurred. .SH "BUGS" .IX Header "BUGS" @@ -242,7 +246,7 @@ not understand multicharacter types, performs no length checks and can result in invalid field types its use is strongly discouraged. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fId2i_X509_NAME\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBd2i_X509_NAME\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/X509_NAME_get0_der.3 b/secure/lib/libcrypto/man/X509_NAME_get0_der.3 index 286feb1b3bb1..40bb2dbc9eb2 100644 --- a/secure/lib/libcrypto/man/X509_NAME_get0_der.3 +++ b/secure/lib/libcrypto/man/X509_NAME_get0_der.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_GET0_DER 3" -.TH X509_NAME_GET0_DER 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_NAME_GET0_DER 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,17 +150,17 @@ X509_NAME_get0_der \- get X509_NAME DER encoding .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The function \fIX509_NAME_get0_der()\fR returns an internal pointer to the +The function \fBX509_NAME_get0_der()\fR returns an internal pointer to the encoding of an \fBX509_NAME\fR structure in \fB*pder\fR and consisting of \&\fB*pderlen\fR bytes. It is useful for applications that wish to examine the encoding of an \fBX509_NAME\fR structure without copying it. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The function \fIX509_NAME_get0_der()\fR returns 1 for success and 0 if an error +The function \fBX509_NAME_get0_der()\fR returns 1 for success and 0 if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fId2i_X509\fR\|(3) +\&\fBd2i_X509\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 index 5d68312a47e9..cb319bb4eb58 100644 --- a/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 +++ b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_GET_INDEX_BY_NID 3" -.TH X509_NAME_GET_INDEX_BY_NID 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_NAME_GET_INDEX_BY_NID 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -157,19 +161,19 @@ These functions allow an \fBX509_NAME\fR structure to be examined. The \&\s-1RFC2459\s0 (and elsewhere) and used for example in certificate subject and issuer names. .PP -\&\fIX509_NAME_get_index_by_NID()\fR and \fIX509_NAME_get_index_by_OBJ()\fR retrieve +\&\fBX509_NAME_get_index_by_NID()\fR and \fBX509_NAME_get_index_by_OBJ()\fR retrieve the next index matching \fBnid\fR or \fBobj\fR after \fBlastpos\fR. \fBlastpos\fR should initially be set to \-1. If there are no more entries \-1 is returned. If \fBnid\fR is invalid (doesn't correspond to a valid \s-1OID\s0) then \-2 is returned. .PP -\&\fIX509_NAME_entry_count()\fR returns the total number of entries in \fBname\fR. +\&\fBX509_NAME_entry_count()\fR returns the total number of entries in \fBname\fR. .PP -\&\fIX509_NAME_get_entry()\fR retrieves the \fBX509_NAME_ENTRY\fR from \fBname\fR +\&\fBX509_NAME_get_entry()\fR retrieves the \fBX509_NAME_ENTRY\fR from \fBname\fR corresponding to index \fBloc\fR. Acceptable values for \fBloc\fR run from 0 to (X509_NAME_entry_count(name) \- 1). The value returned is an internal pointer which must not be freed. .PP -\&\fIX509_NAME_get_text_by_NID()\fR, \fIX509_NAME_get_text_by_OBJ()\fR retrieve +\&\fBX509_NAME_get_text_by_NID()\fR, \fBX509_NAME_get_text_by_OBJ()\fR retrieve the \*(L"text\*(R" from the first entry in \fBname\fR which matches \fBnid\fR or \&\fBobj\fR, if no such entry exists \-1 is returned. At most \fBlen\fR bytes will be written and the text written to \fBbuf\fR will be null @@ -178,7 +182,7 @@ excluding the terminating null. If \fBbuf\fR is <\s-1NULL\s0> then the amount of space needed in \fBbuf\fR (excluding the final null) is returned. .SH "NOTES" .IX Header "NOTES" -\&\fIX509_NAME_get_text_by_NID()\fR and \fIX509_NAME_get_text_by_OBJ()\fR should be +\&\fBX509_NAME_get_text_by_NID()\fR and \fBX509_NAME_get_text_by_OBJ()\fR should be considered deprecated because they have various limitations which make them of minimal use in practice. They can only find the first matching @@ -186,16 +190,16 @@ entry and will copy the contents of the field verbatim: this can be highly confusing if the target is a multicharacter string type like a BMPString or a UTF8String. .PP -For a more general solution \fIX509_NAME_get_index_by_NID()\fR or -\&\fIX509_NAME_get_index_by_OBJ()\fR should be used followed by -\&\fIX509_NAME_get_entry()\fR on any matching indices and then the +For a more general solution \fBX509_NAME_get_index_by_NID()\fR or +\&\fBX509_NAME_get_index_by_OBJ()\fR should be used followed by +\&\fBX509_NAME_get_entry()\fR on any matching indices and then the various \fBX509_NAME_ENTRY\fR utility functions on the result. .PP The list of all relevant \fBNID_*\fR and \fBOBJ_* codes\fR can be found in the source code header files <openssl/obj_mac.h> and/or <openssl/objects.h>. .PP -Applications which could pass invalid NIDs to \fIX509_NAME_get_index_by_NID()\fR +Applications which could pass invalid NIDs to \fBX509_NAME_get_index_by_NID()\fR should check for the return value of \-2. Alternatively the \s-1NID\s0 validity can be determined first by checking OBJ_nid2obj(nid) is not \s-1NULL.\s0 .SH "EXAMPLES" @@ -228,18 +232,18 @@ Process all commonName entries: .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509_NAME_get_index_by_NID()\fR and \fIX509_NAME_get_index_by_OBJ()\fR +\&\fBX509_NAME_get_index_by_NID()\fR and \fBX509_NAME_get_index_by_OBJ()\fR return the index of the next matching entry or \-1 if not found. -\&\fIX509_NAME_get_index_by_NID()\fR can also return \-2 if the supplied +\&\fBX509_NAME_get_index_by_NID()\fR can also return \-2 if the supplied \&\s-1NID\s0 is invalid. .PP -\&\fIX509_NAME_entry_count()\fR returns the total number of entries. +\&\fBX509_NAME_entry_count()\fR returns the total number of entries. .PP -\&\fIX509_NAME_get_entry()\fR returns an \fBX509_NAME\fR pointer to the +\&\fBX509_NAME_get_entry()\fR returns an \fBX509_NAME\fR pointer to the requested entry or \fB\s-1NULL\s0\fR if the index is invalid. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fId2i_X509_NAME\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBd2i_X509_NAME\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/X509_NAME_print_ex.3 b/secure/lib/libcrypto/man/X509_NAME_print_ex.3 index c8843387f9a6..ba54b24484b8 100644 --- a/secure/lib/libcrypto/man/X509_NAME_print_ex.3 +++ b/secure/lib/libcrypto/man/X509_NAME_print_ex.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_PRINT_EX 3" -.TH X509_NAME_PRINT_EX 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_NAME_PRINT_EX 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,25 +152,25 @@ X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print, X509_NAME_oneline \- .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIX509_NAME_print_ex()\fR prints a human readable version of \fBnm\fR to \s-1BIO\s0 \fBout\fR. Each +\&\fBX509_NAME_print_ex()\fR prints a human readable version of \fBnm\fR to \s-1BIO\s0 \fBout\fR. Each line (for multiline formats) is indented by \fBindent\fR spaces. The output format can be extensively customised by use of the \fBflags\fR parameter. .PP -\&\fIX509_NAME_print_ex_fp()\fR is identical to \fIX509_NAME_print_ex()\fR except the output is +\&\fBX509_NAME_print_ex_fp()\fR is identical to \fBX509_NAME_print_ex()\fR except the output is written to \s-1FILE\s0 pointer \fBfp\fR. .PP -\&\fIX509_NAME_oneline()\fR prints an \s-1ASCII\s0 version of \fBa\fR to \fBbuf\fR. +\&\fBX509_NAME_oneline()\fR prints an \s-1ASCII\s0 version of \fBa\fR to \fBbuf\fR. If \fBbuf\fR is \fB\s-1NULL\s0\fR then a buffer is dynamically allocated and returned, and \&\fBsize\fR is ignored. Otherwise, at most \fBsize\fR bytes will be written, including the ending '\e0', and \fBbuf\fR is returned. .PP -\&\fIX509_NAME_print()\fR prints out \fBname\fR to \fBbp\fR indenting each line by \fBobase\fR +\&\fBX509_NAME_print()\fR prints out \fBname\fR to \fBbp\fR indenting each line by \fBobase\fR characters. Multiple lines are used if the output (including indent) exceeds 80 characters. .SH "NOTES" .IX Header "NOTES" -The functions \fIX509_NAME_oneline()\fR and \fIX509_NAME_print()\fR +The functions \fBX509_NAME_oneline()\fR and \fBX509_NAME_print()\fR produce a non standard output form, they don't handle multi character fields and have various quirks and inconsistencies. Their use is strongly discouraged in new applications and they could @@ -174,11 +178,11 @@ be deprecated in a future release. .PP Although there are a large number of possible flags for most purposes \&\fB\s-1XN_FLAG_ONELINE\s0\fR, \fB\s-1XN_FLAG_MULTILINE\s0\fR or \fB\s-1XN_FLAG_RFC2253\s0\fR will suffice. -As noted on the \fIASN1_STRING_print_ex\fR\|(3) manual page +As noted on the \fBASN1_STRING_print_ex\fR\|(3) manual page for \s-1UTF8\s0 terminals the \fB\s-1ASN1_STRFLGS_ESC_MSB\s0\fR should be unset: so for example \&\fB\s-1XN_FLAG_ONELINE &\s0 ~ASN1_STRFLGS_ESC_MSB\fR would be used. .PP -The complete set of the flags supported by \fIX509_NAME_print_ex()\fR is listed below. +The complete set of the flags supported by \fBX509_NAME_print_ex()\fR is listed below. .PP Several options can be ored together. .PP @@ -210,7 +214,7 @@ printed instead of the values. If \fB\s-1XN_FLAG_FN_ALIGN\s0\fR is set then field names are padded to 20 characters: this is only of use for multiline format. .PP -Additionally all the options supported by \fIASN1_STRING_print_ex()\fR can be used to +Additionally all the options supported by \fBASN1_STRING_print_ex()\fR can be used to control how each field value is displayed. .PP In addition a number options can be set for commonly used formats. @@ -225,19 +229,19 @@ is equivalent to: \&\fB\s-1XN_FLAG_MULTILINE\s0\fR is a multiline format which is the same as: \fB\s-1ASN1_STRFLGS_ESC_CTRL\s0 | \s-1ASN1_STRFLGS_ESC_MSB\s0 | \s-1XN_FLAG_SEP_MULTILINE\s0 | \s-1XN_FLAG_SPC_EQ\s0 | \s-1XN_FLAG_FN_LN\s0 | \s-1XN_FLAG_FN_ALIGN\s0\fR .PP -\&\fB\s-1XN_FLAG_COMPAT\s0\fR uses a format identical to \fIX509_NAME_print()\fR: in fact it calls \fIX509_NAME_print()\fR internally. +\&\fB\s-1XN_FLAG_COMPAT\s0\fR uses a format identical to \fBX509_NAME_print()\fR: in fact it calls \fBX509_NAME_print()\fR internally. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509_NAME_oneline()\fR returns a valid string on success or \s-1NULL\s0 on error. +\&\fBX509_NAME_oneline()\fR returns a valid string on success or \s-1NULL\s0 on error. .PP -\&\fIX509_NAME_print()\fR returns 1 on success or 0 on error. +\&\fBX509_NAME_print()\fR returns 1 on success or 0 on error. .PP -\&\fIX509_NAME_print_ex()\fR and \fIX509_NAME_print_ex_fp()\fR return 1 on success or 0 on error -if the \fB\s-1XN_FLAG_COMPAT\s0\fR is set, which is the same as \fIX509_NAME_print()\fR. Otherwise, +\&\fBX509_NAME_print_ex()\fR and \fBX509_NAME_print_ex_fp()\fR return 1 on success or 0 on error +if the \fB\s-1XN_FLAG_COMPAT\s0\fR is set, which is the same as \fBX509_NAME_print()\fR. Otherwise, it returns \-1 on error or other values on success. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIASN1_STRING_print_ex\fR\|(3) +\&\fBASN1_STRING_print_ex\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/X509_PUBKEY_new.3 b/secure/lib/libcrypto/man/X509_PUBKEY_new.3 index bb6ce8ffda80..979ef15391fa 100644 --- a/secure/lib/libcrypto/man/X509_PUBKEY_new.3 +++ b/secure/lib/libcrypto/man/X509_PUBKEY_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_PUBKEY_NEW 3" -.TH X509_PUBKEY_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_PUBKEY_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -169,31 +173,31 @@ X509_PUBKEY_new, X509_PUBKEY_free, X509_PUBKEY_set, X509_PUBKEY_get0, X509_PUBKE The \fBX509_PUBKEY\fR structure represents the \s-1ASN.1\s0 \fBSubjectPublicKeyInfo\fR structure defined in \s-1RFC5280\s0 and used in certificates and certificate requests. .PP -\&\fIX509_PUBKEY_new()\fR allocates and initializes an \fBX509_PUBKEY\fR structure. +\&\fBX509_PUBKEY_new()\fR allocates and initializes an \fBX509_PUBKEY\fR structure. .PP -\&\fIX509_PUBKEY_free()\fR frees up \fBX509_PUBKEY\fR structure \fBa\fR. If \fBa\fR is \s-1NULL\s0 +\&\fBX509_PUBKEY_free()\fR frees up \fBX509_PUBKEY\fR structure \fBa\fR. If \fBa\fR is \s-1NULL\s0 nothing is done. .PP -\&\fIX509_PUBKEY_set()\fR sets the public key in \fB*x\fR to the public key contained +\&\fBX509_PUBKEY_set()\fR sets the public key in \fB*x\fR to the public key contained in the \fB\s-1EVP_PKEY\s0\fR structure \fBpkey\fR. If \fB*x\fR is not \s-1NULL\s0 any existing public key structure will be freed. .PP -\&\fIX509_PUBKEY_get0()\fR returns the public key contained in \fBkey\fR. The returned +\&\fBX509_PUBKEY_get0()\fR returns the public key contained in \fBkey\fR. The returned value is an internal pointer which \fB\s-1MUST NOT\s0\fR be freed after use. .PP -\&\fIX509_PUBKEY_get()\fR is similar to \fIX509_PUBKEY_get0()\fR except the reference +\&\fBX509_PUBKEY_get()\fR is similar to \fBX509_PUBKEY_get0()\fR except the reference count on the returned key is incremented so it \fB\s-1MUST\s0\fR be freed using -\&\fIEVP_PKEY_free()\fR after use. +\&\fBEVP_PKEY_free()\fR after use. .PP -\&\fId2i_PUBKEY()\fR and \fIi2d_PUBKEY()\fR decode and encode an \fB\s-1EVP_PKEY\s0\fR structure +\&\fBd2i_PUBKEY()\fR and \fBi2d_PUBKEY()\fR decode and encode an \fB\s-1EVP_PKEY\s0\fR structure using \fBSubjectPublicKeyInfo\fR format. They otherwise follow the conventions of -other \s-1ASN.1\s0 functions such as \fId2i_X509()\fR. +other \s-1ASN.1\s0 functions such as \fBd2i_X509()\fR. .PP -\&\fId2i_PUBKEY_bio()\fR, \fId2i_PUBKEY_fp()\fR, \fIi2d_PUBKEY_bio()\fR and \fIi2d_PUBKEY_fp()\fR are -similar to \fId2i_PUBKEY()\fR and \fIi2d_PUBKEY()\fR except they decode or encode using a +\&\fBd2i_PUBKEY_bio()\fR, \fBd2i_PUBKEY_fp()\fR, \fBi2d_PUBKEY_bio()\fR and \fBi2d_PUBKEY_fp()\fR are +similar to \fBd2i_PUBKEY()\fR and \fBi2d_PUBKEY()\fR except they decode or encode using a \&\fB\s-1BIO\s0\fR or \fB\s-1FILE\s0\fR pointer. .PP -\&\fIX509_PUBKEY_set0_param()\fR sets the public key parameters of \fBpub\fR. The +\&\fBX509_PUBKEY_set0_param()\fR sets the public key parameters of \fBpub\fR. The \&\s-1OID\s0 associated with the algorithm is set to \fBaobj\fR. The type of the algorithm parameters is set to \fBtype\fR using the structure \fBpval\fR. The encoding of the public key itself is set to the \fBpenclen\fR @@ -201,7 +205,7 @@ bytes contained in buffer \fBpenc\fR. On success ownership of all the supplied parameters is passed to \fBpub\fR so they must not be freed after the call. .PP -\&\fIX509_PUBKEY_get0_param()\fR retrieves the public key parameters from \fBpub\fR, +\&\fBX509_PUBKEY_get0_param()\fR retrieves the public key parameters from \fBpub\fR, \&\fB*ppkalg\fR is set to the associated \s-1OID\s0 and the encoding consists of \&\fB*ppklen\fR bytes at \fB*pk\fR, \fB*pa\fR is set to the associated AlgorithmIdentifier for the public key. If the value of any of these @@ -214,26 +218,26 @@ The \fBX509_PUBKEY\fR functions can be used to encode and decode public keys in a standard format. .PP In many cases applications will not call the \fBX509_PUBKEY\fR functions -directly: they will instead call wrapper functions such as \fIX509_get0_pubkey()\fR. +directly: they will instead call wrapper functions such as \fBX509_get0_pubkey()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -If the allocation fails, \fIX509_PUBKEY_new()\fR returns \fB\s-1NULL\s0\fR and sets an error -code that can be obtained by \fIERR_get_error\fR\|(3). +If the allocation fails, \fBX509_PUBKEY_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by \fBERR_get_error\fR\|(3). .PP Otherwise it returns a pointer to the newly allocated structure. .PP -\&\fIX509_PUBKEY_free()\fR does not return a value. +\&\fBX509_PUBKEY_free()\fR does not return a value. .PP -\&\fIX509_PUBKEY_get0()\fR and \fIX509_PUBKEY_get()\fR return a pointer to an \fB\s-1EVP_PKEY\s0\fR +\&\fBX509_PUBKEY_get0()\fR and \fBX509_PUBKEY_get()\fR return a pointer to an \fB\s-1EVP_PKEY\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurs. .PP -\&\fIX509_PUBKEY_set()\fR, \fIX509_PUBKEY_set0_param()\fR and \fIX509_PUBKEY_get0_param()\fR +\&\fBX509_PUBKEY_set()\fR, \fBX509_PUBKEY_set0_param()\fR and \fBX509_PUBKEY_get0_param()\fR return 1 for success and 0 if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fId2i_X509\fR\|(3), -\&\fIERR_get_error\fR\|(3), -\&\fIX509_get_pubkey\fR\|(3), +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/X509_SIG_get0.3 b/secure/lib/libcrypto/man/X509_SIG_get0.3 index 55653d6adca4..c7603dbe3f69 100644 --- a/secure/lib/libcrypto/man/X509_SIG_get0.3 +++ b/secure/lib/libcrypto/man/X509_SIG_get0.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_SIG_GET0 3" -.TH X509_SIG_GET0 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_SIG_GET0 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,16 +152,16 @@ X509_SIG_get0, X509_SIG_getm \- DigestInfo functions .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIX509_SIG_get0()\fR returns pointers to the algorithm identifier and digest -value in \fBsig\fR. \fIX509_SIG_getm()\fR is identical to \fIX509_SIG_get0()\fR +\&\fBX509_SIG_get0()\fR returns pointers to the algorithm identifier and digest +value in \fBsig\fR. \fBX509_SIG_getm()\fR is identical to \fBX509_SIG_get0()\fR except the pointers returned are not constant and can be modified: for example to initialise them. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509_SIG_get0()\fR and \fIX509_SIG_getm()\fR return no values. +\&\fBX509_SIG_get0()\fR and \fBX509_SIG_getm()\fR return no values. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fId2i_X509\fR\|(3) +\&\fBd2i_X509\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 index 92a269a4431a..124c8b6265f5 100644 --- a/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 +++ b/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_GET_ERROR 3" -.TH X509_STORE_CTX_GET_ERROR 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_STORE_CTX_GET_ERROR 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,29 +159,29 @@ X509_STORE_CTX_get_error, X509_STORE_CTX_set_error, X509_STORE_CTX_get_error_dep .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -These functions are typically called after \fIX509_verify_cert()\fR has indicated +These functions are typically called after \fBX509_verify_cert()\fR has indicated an error or in a verification callback to determine the nature of an error. .PP -\&\fIX509_STORE_CTX_get_error()\fR returns the error code of \fBctx\fR, see +\&\fBX509_STORE_CTX_get_error()\fR returns the error code of \fBctx\fR, see the \fB\s-1ERROR CODES\s0\fR section for a full description of all error codes. .PP -\&\fIX509_STORE_CTX_set_error()\fR sets the error code of \fBctx\fR to \fBs\fR. For example +\&\fBX509_STORE_CTX_set_error()\fR sets the error code of \fBctx\fR to \fBs\fR. For example it might be used in a verification callback to set an error based on additional checks. .PP -\&\fIX509_STORE_CTX_get_error_depth()\fR returns the \fBdepth\fR of the error. This is a +\&\fBX509_STORE_CTX_get_error_depth()\fR returns the \fBdepth\fR of the error. This is a non-negative integer representing where in the certificate chain the error occurred. If it is zero it occurred in the end entity certificate, one if it is the certificate which signed the end entity certificate and so on. .PP -\&\fIX509_STORE_CTX_set_error_depth()\fR sets the error \fBdepth\fR. -This can be used in combination with \fIX509_STORE_CTX_set_error()\fR to set the +\&\fBX509_STORE_CTX_set_error_depth()\fR sets the error \fBdepth\fR. +This can be used in combination with \fBX509_STORE_CTX_set_error()\fR to set the depth at which an error condition was detected. .PP -\&\fIX509_STORE_CTX_get_current_cert()\fR returns the certificate in \fBctx\fR which +\&\fBX509_STORE_CTX_get_current_cert()\fR returns the certificate in \fBctx\fR which caused the error or \fB\s-1NULL\s0\fR if no certificate is relevant. .PP -\&\fIX509_STORE_CTX_set_current_cert()\fR sets the certificate \fBx\fR in \fBctx\fR which +\&\fBX509_STORE_CTX_set_current_cert()\fR sets the certificate \fBx\fR in \fBctx\fR which caused the error. This value is not intended to remain valid for very long, and remains owned by the caller. @@ -185,15 +189,15 @@ It may be examined by a verification callback invoked to handle each error encountered during chain verification and is no longer required after such a callback. If a callback wishes the save the certificate for use after it returns, it -needs to increment its reference count via \fIX509_up_ref\fR\|(3). +needs to increment its reference count via \fBX509_up_ref\fR\|(3). Once such a \fIsaved\fR certificate is no longer needed it can be freed with -\&\fIX509_free\fR\|(3). +\&\fBX509_free\fR\|(3). .PP -\&\fIX509_STORE_CTX_get0_cert()\fR retrieves an internal pointer to the +\&\fBX509_STORE_CTX_get0_cert()\fR retrieves an internal pointer to the certificate being verified by the \fBctx\fR. .PP -\&\fIX509_STORE_CTX_get1_chain()\fR returns a complete validate chain if a previous -call to \fIX509_verify_cert()\fR is successful. If the call to \fIX509_verify_cert()\fR +\&\fBX509_STORE_CTX_get1_chain()\fR returns a complete validate chain if a previous +call to \fBX509_verify_cert()\fR is successful. If the call to \fBX509_verify_cert()\fR is \fBnot\fR successful the returned chain may be incomplete or invalid. The returned chain persists after the \fBctx\fR structure is freed, when it is no longer needed it should be free up using: @@ -202,18 +206,18 @@ no longer needed it should be free up using: \& sk_X509_pop_free(chain, X509_free); .Ve .PP -\&\fIX509_verify_cert_error_string()\fR returns a human readable error string for +\&\fBX509_verify_cert_error_string()\fR returns a human readable error string for verification error \fBn\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509_STORE_CTX_get_error()\fR returns \fBX509_V_OK\fR or an error code. +\&\fBX509_STORE_CTX_get_error()\fR returns \fBX509_V_OK\fR or an error code. .PP -\&\fIX509_STORE_CTX_get_error_depth()\fR returns a non-negative error depth. +\&\fBX509_STORE_CTX_get_error_depth()\fR returns a non-negative error depth. .PP -\&\fIX509_STORE_CTX_get_current_cert()\fR returns the certificate which caused the +\&\fBX509_STORE_CTX_get_current_cert()\fR returns the certificate which caused the error or \fB\s-1NULL\s0\fR if no certificate is relevant to the error. .PP -\&\fIX509_verify_cert_error_string()\fR returns a human readable error string for +\&\fBX509_verify_cert_error_string()\fR returns a human readable error string for verification error \fBn\fR. .SH "ERROR CODES" .IX Header "ERROR CODES" @@ -390,18 +394,18 @@ The above functions should be used instead of directly referencing the fields in the \fBX509_VERIFY_CTX\fR structure. .PP In versions of OpenSSL before 1.0 the current certificate returned by -\&\fIX509_STORE_CTX_get_current_cert()\fR was never \fB\s-1NULL\s0\fR. Applications should +\&\fBX509_STORE_CTX_get_current_cert()\fR was never \fB\s-1NULL\s0\fR. Applications should check the return value before printing out any debugging information relating to the current certificate. .PP -If an unrecognised error code is passed to \fIX509_verify_cert_error_string()\fR the +If an unrecognised error code is passed to \fBX509_verify_cert_error_string()\fR the numerical value of the unknown code is returned in a static buffer. This is not thread safe but will never happen unless an invalid code is passed. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIX509_verify_cert\fR\|(3), -\&\fIX509_up_ref\fR\|(3), -\&\fIX509_free\fR\|(3). +\&\fBX509_verify_cert\fR\|(3), +\&\fBX509_up_ref\fR\|(3), +\&\fBX509_free\fR\|(3). .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2009\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 index bd3af993d9d7..df10d6b3c78e 100644 --- a/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 +++ b/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_NEW 3" -.TH X509_STORE_CTX_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_STORE_CTX_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -170,68 +174,68 @@ X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free, X509_STORE_CTX_ .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions initialise an \fBX509_STORE_CTX\fR structure for subsequent use -by \fIX509_verify_cert()\fR. +by \fBX509_verify_cert()\fR. .PP -\&\fIX509_STORE_CTX_new()\fR returns a newly initialised \fBX509_STORE_CTX\fR structure. +\&\fBX509_STORE_CTX_new()\fR returns a newly initialised \fBX509_STORE_CTX\fR structure. .PP -\&\fIX509_STORE_CTX_cleanup()\fR internally cleans up an \fBX509_STORE_CTX\fR structure. -The context can then be reused with an new call to \fIX509_STORE_CTX_init()\fR. +\&\fBX509_STORE_CTX_cleanup()\fR internally cleans up an \fBX509_STORE_CTX\fR structure. +The context can then be reused with an new call to \fBX509_STORE_CTX_init()\fR. .PP -\&\fIX509_STORE_CTX_free()\fR completely frees up \fBctx\fR. After this call \fBctx\fR +\&\fBX509_STORE_CTX_free()\fR completely frees up \fBctx\fR. After this call \fBctx\fR is no longer valid. If \fBctx\fR is \s-1NULL\s0 nothing is done. .PP -\&\fIX509_STORE_CTX_init()\fR sets up \fBctx\fR for a subsequent verification operation. -It must be called before each call to \fIX509_verify_cert()\fR, i.e. a \fBctx\fR is only -good for one call to \fIX509_verify_cert()\fR; if you want to verify a second -certificate with the same \fBctx\fR then you must call \fIX509_STORE_CTX_cleanup()\fR -and then \fIX509_STORE_CTX_init()\fR again before the second call to -\&\fIX509_verify_cert()\fR. The trusted certificate store is set to \fBstore\fR, the end +\&\fBX509_STORE_CTX_init()\fR sets up \fBctx\fR for a subsequent verification operation. +It must be called before each call to \fBX509_verify_cert()\fR, i.e. a \fBctx\fR is only +good for one call to \fBX509_verify_cert()\fR; if you want to verify a second +certificate with the same \fBctx\fR then you must call \fBX509_STORE_CTX_cleanup()\fR +and then \fBX509_STORE_CTX_init()\fR again before the second call to +\&\fBX509_verify_cert()\fR. The trusted certificate store is set to \fBstore\fR, the end entity certificate to be verified is set to \fBx509\fR and a set of additional certificates (which will be untrusted but may be used to build the chain) in \&\fBchain\fR. Any or all of the \fBstore\fR, \fBx509\fR and \fBchain\fR parameters can be \&\fB\s-1NULL\s0\fR. .PP -\&\fIX509_STORE_CTX_set0_trusted_stack()\fR sets the set of trusted certificates of +\&\fBX509_STORE_CTX_set0_trusted_stack()\fR sets the set of trusted certificates of \&\fBctx\fR to \fBsk\fR. This is an alternative way of specifying trusted certificates instead of using an \fBX509_STORE\fR. .PP -\&\fIX509_STORE_CTX_set_cert()\fR sets the certificate to be verified in \fBctx\fR to +\&\fBX509_STORE_CTX_set_cert()\fR sets the certificate to be verified in \fBctx\fR to \&\fBx\fR. .PP -\&\fIX509_STORE_CTX_set0_verified_chain()\fR sets the validated chain used +\&\fBX509_STORE_CTX_set0_verified_chain()\fR sets the validated chain used by \fBctx\fR to be \fBchain\fR. Ownership of the chain is transferred to \fBctx\fR and should not be free'd by the caller. -\&\fIX509_STORE_CTX_get0_chain()\fR returns a the internal pointer used by the +\&\fBX509_STORE_CTX_get0_chain()\fR returns a the internal pointer used by the \&\fBctx\fR that contains the validated chain. .PP -\&\fIX509_STORE_CTX_set0_crls()\fR sets a set of CRLs to use to aid certificate +\&\fBX509_STORE_CTX_set0_crls()\fR sets a set of CRLs to use to aid certificate verification to \fBsk\fR. These CRLs will only be used if \s-1CRL\s0 verification is enabled in the associated \fBX509_VERIFY_PARAM\fR structure. This might be used where additional \*(L"useful\*(R" CRLs are supplied as part of a protocol, for example in a PKCS#7 structure. .PP -\&\fIX509_STORE_CTX_get0_param()\fR retrieves an internal pointer +\&\fBX509_STORE_CTX_get0_param()\fR retrieves an internal pointer to the verification parameters associated with \fBctx\fR. .PP -\&\fIX509_STORE_CTX_get0_untrusted()\fR retrieves an internal pointer to the +\&\fBX509_STORE_CTX_get0_untrusted()\fR retrieves an internal pointer to the stack of untrusted certificates associated with \fBctx\fR. .PP -\&\fIX509_STORE_CTX_set0_untrusted()\fR sets the internal point to the stack +\&\fBX509_STORE_CTX_set0_untrusted()\fR sets the internal point to the stack of untrusted certificates associated with \fBctx\fR to \fBsk\fR. .PP -\&\fIX509_STORE_CTX_set0_param()\fR sets the internal verification parameter pointer +\&\fBX509_STORE_CTX_set0_param()\fR sets the internal verification parameter pointer to \fBparam\fR. After this call \fBparam\fR should not be used. .PP -\&\fIX509_STORE_CTX_set_default()\fR looks up and sets the default verification -method to \fBname\fR. This uses the function \fIX509_VERIFY_PARAM_lookup()\fR to +\&\fBX509_STORE_CTX_set_default()\fR looks up and sets the default verification +method to \fBname\fR. This uses the function \fBX509_VERIFY_PARAM_lookup()\fR to find an appropriate set of parameters from \fBname\fR. .PP -\&\fIX509_STORE_CTX_get_num_untrusted()\fR returns the number of untrusted certificates -that were used in building the chain following a call to \fIX509_verify_cert()\fR. +\&\fBX509_STORE_CTX_get_num_untrusted()\fR returns the number of untrusted certificates +that were used in building the chain following a call to \fBX509_verify_cert()\fR. .PP -\&\fIX509_STORE_CTX_set_verify()\fR provides the capability for overriding the default +\&\fBX509_STORE_CTX_set_verify()\fR provides the capability for overriding the default verify function. This function is responsible for verifying chain signatures and expiration times. .PP @@ -255,32 +259,32 @@ be freed up until after the associated \fBX509_STORE_CTX\fR is freed. Copies should be made or reference counts increased instead. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509_STORE_CTX_new()\fR returns an newly allocates context or \fB\s-1NULL\s0\fR is an +\&\fBX509_STORE_CTX_new()\fR returns an newly allocates context or \fB\s-1NULL\s0\fR is an error occurred. .PP -\&\fIX509_STORE_CTX_init()\fR returns 1 for success or 0 if an error occurred. +\&\fBX509_STORE_CTX_init()\fR returns 1 for success or 0 if an error occurred. .PP -\&\fIX509_STORE_CTX_get0_param()\fR returns a pointer to an \fBX509_VERIFY_PARAM\fR +\&\fBX509_STORE_CTX_get0_param()\fR returns a pointer to an \fBX509_VERIFY_PARAM\fR structure or \fB\s-1NULL\s0\fR if an error occurred. .PP -\&\fIX509_STORE_CTX_cleanup()\fR, \fIX509_STORE_CTX_free()\fR, -\&\fIX509_STORE_CTX_set0_trusted_stack()\fR, -\&\fIX509_STORE_CTX_set_cert()\fR, -\&\fIX509_STORE_CTX_set0_crls()\fR and \fIX509_STORE_CTX_set0_param()\fR do not return +\&\fBX509_STORE_CTX_cleanup()\fR, \fBX509_STORE_CTX_free()\fR, +\&\fBX509_STORE_CTX_set0_trusted_stack()\fR, +\&\fBX509_STORE_CTX_set_cert()\fR, +\&\fBX509_STORE_CTX_set0_crls()\fR and \fBX509_STORE_CTX_set0_param()\fR do not return values. .PP -\&\fIX509_STORE_CTX_set_default()\fR returns 1 for success or 0 if an error occurred. +\&\fBX509_STORE_CTX_set_default()\fR returns 1 for success or 0 if an error occurred. .PP -\&\fIX509_STORE_CTX_get_num_untrusted()\fR returns the number of untrusted certificates +\&\fBX509_STORE_CTX_get_num_untrusted()\fR returns the number of untrusted certificates used. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIX509_verify_cert\fR\|(3) -\&\fIX509_VERIFY_PARAM_set_flags\fR\|(3) +\&\fBX509_verify_cert\fR\|(3) +\&\fBX509_VERIFY_PARAM_set_flags\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIX509_STORE_CTX_set0_crls()\fR was first added to OpenSSL 1.0.0 -\&\fIX509_STORE_CTX_get_num_untrusted()\fR was first added to OpenSSL 1.1.0 +The \fBX509_STORE_CTX_set0_crls()\fR function was added in OpenSSL 1.0.0. +The \fBX509_STORE_CTX_get_num_untrusted()\fR function was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2009\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 index c0c55442e705..57959c847d39 100644 --- a/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 +++ b/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_SET_VERIFY_CB 3" -.TH X509_STORE_CTX_SET_VERIFY_CB 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_STORE_CTX_SET_VERIFY_CB 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -161,7 +165,7 @@ X509_STORE_CTX_get_cleanup, X509_STORE_CTX_get_lookup_crls, X509_STORE_CTX_get_l .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIX509_STORE_CTX_set_verify_cb()\fR sets the verification callback of \fBctx\fR to +\&\fBX509_STORE_CTX_set_verify_cb()\fR sets the verification callback of \fBctx\fR to \&\fBverify_cb\fR overwriting any existing callback. .PP The verification callback can be used to customise the operation of certificate @@ -180,20 +184,20 @@ policy checking is complete. The \fBctx\fR parameter to the callback is the \fBX509_STORE_CTX\fR structure that is performing the verification operation. A callback can examine this structure and receive additional information about the error, for example -by calling \fIX509_STORE_CTX_get_current_cert()\fR. Additional application data can +by calling \fBX509_STORE_CTX_get_current_cert()\fR. Additional application data can be passed to the callback via the \fBex_data\fR mechanism. .PP -\&\fIX509_STORE_CTX_get_verify_cb()\fR returns the value of the current callback +\&\fBX509_STORE_CTX_get_verify_cb()\fR returns the value of the current callback for the specific \fBctx\fR. .PP -\&\fIX509_STORE_CTX_get_get_issuer()\fR, -\&\fIX509_STORE_CTX_get_check_issued()\fR, \fIX509_STORE_CTX_get_check_revocation()\fR, -\&\fIX509_STORE_CTX_get_get_crl()\fR, \fIX509_STORE_CTX_get_check_crl()\fR, -\&\fIX509_STORE_CTX_get_cert_crl()\fR, \fIX509_STORE_CTX_get_check_policy()\fR, -\&\fIX509_STORE_CTX_get_lookup_certs()\fR, \fIX509_STORE_CTX_get_lookup_crls()\fR -and \fIX509_STORE_CTX_get_cleanup()\fR return the function pointers cached +\&\fBX509_STORE_CTX_get_get_issuer()\fR, +\&\fBX509_STORE_CTX_get_check_issued()\fR, \fBX509_STORE_CTX_get_check_revocation()\fR, +\&\fBX509_STORE_CTX_get_get_crl()\fR, \fBX509_STORE_CTX_get_check_crl()\fR, +\&\fBX509_STORE_CTX_get_cert_crl()\fR, \fBX509_STORE_CTX_get_check_policy()\fR, +\&\fBX509_STORE_CTX_get_lookup_certs()\fR, \fBX509_STORE_CTX_get_lookup_crls()\fR +and \fBX509_STORE_CTX_get_cleanup()\fR return the function pointers cached from the corresponding \fBX509_STORE\fR, please see -\&\fIX509_STORE_set_verify\fR\|(3) for more information. +\&\fBX509_STORE_set_verify\fR\|(3) for more information. .SH "WARNING" .IX Header "WARNING" In general a verification callback should \fB\s-1NOT\s0\fR unconditionally return 1 in @@ -210,7 +214,7 @@ only way to set a custom verification callback is by inheriting it from the associated \fBX509_STORE\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509_STORE_CTX_set_verify_cb()\fR does not return a value. +\&\fBX509_STORE_CTX_set_verify_cb()\fR does not return a value. .SH "EXAMPLES" .IX Header "EXAMPLES" Default callback operation: @@ -308,17 +312,18 @@ a global logging \fB\s-1BIO\s0\fR, an alternative would to store a \s-1BIO\s0 in .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIX509_STORE_CTX_get_error\fR\|(3) -\&\fIX509_STORE_set_verify_cb_func\fR\|(3) -\&\fIX509_STORE_CTX_get_ex_new_index\fR\|(3) +\&\fBX509_STORE_CTX_get_error\fR\|(3) +\&\fBX509_STORE_set_verify_cb_func\fR\|(3) +\&\fBX509_STORE_CTX_get_ex_new_index\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIX509_STORE_CTX_get_get_issuer()\fR, -\&\fIX509_STORE_CTX_get_check_issued()\fR, \fIX509_STORE_CTX_get_check_revocation()\fR, -\&\fIX509_STORE_CTX_get_get_crl()\fR, \fIX509_STORE_CTX_get_check_crl()\fR, -\&\fIX509_STORE_CTX_get_cert_crl()\fR, \fIX509_STORE_CTX_get_check_policy()\fR, -\&\fIX509_STORE_CTX_get_lookup_certs()\fR, \fIX509_STORE_CTX_get_lookup_crls()\fR -and \fIX509_STORE_CTX_get_cleanup()\fR were added in OpenSSL 1.1.0. +The +\&\fBX509_STORE_CTX_get_get_issuer()\fR, +\&\fBX509_STORE_CTX_get_check_issued()\fR, \fBX509_STORE_CTX_get_check_revocation()\fR, +\&\fBX509_STORE_CTX_get_get_crl()\fR, \fBX509_STORE_CTX_get_check_crl()\fR, +\&\fBX509_STORE_CTX_get_cert_crl()\fR, \fBX509_STORE_CTX_get_check_policy()\fR, +\&\fBX509_STORE_CTX_get_lookup_certs()\fR, \fBX509_STORE_CTX_get_lookup_crls()\fR +and \fBX509_STORE_CTX_get_cleanup()\fR functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2009\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/X509_STORE_add_cert.3 b/secure/lib/libcrypto/man/X509_STORE_add_cert.3 index 5cd2b930e997..736470a544b5 100644 --- a/secure/lib/libcrypto/man/X509_STORE_add_cert.3 +++ b/secure/lib/libcrypto/man/X509_STORE_add_cert.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_ADD_CERT 3" -.TH X509_STORE_ADD_CERT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_STORE_ADD_CERT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -161,15 +165,15 @@ It admits multiple lookup mechanisms and efficient scaling performance with large numbers of certificates, and a great deal of flexibility in how validation and policy checks are performed. .PP -\&\fIX509_STORE_new\fR\|(3) creates an empty \fBX509_STORE\fR structure, which contains +\&\fBX509_STORE_new\fR\|(3) creates an empty \fBX509_STORE\fR structure, which contains no information about trusted certificates or where such certificates are located on disk, and is generally not usable. Normally, trusted certificates will be added to the \fBX509_STORE\fR to prepare it for use, -via mechanisms such as \fIX509_STORE_add_lookup()\fR and \fIX509_LOOKUP_file()\fR, or -\&\fIPEM_read_bio_X509_AUX()\fR and \fIX509_STORE_add_cert()\fR. CRLs can also be added, +via mechanisms such as \fBX509_STORE_add_lookup()\fR and \fBX509_LOOKUP_file()\fR, or +\&\fBPEM_read_bio_X509_AUX()\fR and \fBX509_STORE_add_cert()\fR. CRLs can also be added, and many behaviors configured as desired. .PP -Once the \fBX509_STORE\fR is suitably configured, \fIX509_STORE_CTX_new()\fR is +Once the \fBX509_STORE\fR is suitably configured, \fBX509_STORE_CTX_new()\fR is used to instantiate a single-use \fBX509_STORE_CTX\fR for each chain-building and verification operation. That process includes providing the end-entity certificate to be verified and an additional set of untrusted certificates @@ -178,42 +182,42 @@ certificates included in the \fBX509_STORE\fR are certificates that represent trusted entities such as root certificate authorities (CAs). OpenSSL represents these trusted certificates internally as \fBX509\fR objects with an associated \fBX509_CERT_AUX\fR, as are produced by -\&\fIPEM_read_bio_X509_AUX()\fR and similar routines that refer to X509_AUX. +\&\fBPEM_read_bio_X509_AUX()\fR and similar routines that refer to X509_AUX. The public interfaces that operate on such trusted certificates still operate on pointers to \fBX509\fR objects, though. .PP -\&\fIX509_STORE_add_cert()\fR and \fIX509_STORE_add_crl()\fR add the respective object +\&\fBX509_STORE_add_cert()\fR and \fBX509_STORE_add_crl()\fR add the respective object to the \fBX509_STORE\fR's local storage. Untrusted objects should not be added in this way. .PP -\&\fIX509_STORE_set_depth()\fR, \fIX509_STORE_set_flags()\fR, \fIX509_STORE_set_purpose()\fR, -\&\fIX509_STORE_set_trust()\fR, and \fIX509_STORE_set1_param()\fR set the default values +\&\fBX509_STORE_set_depth()\fR, \fBX509_STORE_set_flags()\fR, \fBX509_STORE_set_purpose()\fR, +\&\fBX509_STORE_set_trust()\fR, and \fBX509_STORE_set1_param()\fR set the default values for the corresponding values used in certificate chain validation. Their behavior is documented in the corresponding \fBX509_VERIFY_PARAM\fR manual -pages, e.g., \fIX509_VERIFY_PARAM_set_depth\fR\|(3). +pages, e.g., \fBX509_VERIFY_PARAM_set_depth\fR\|(3). .PP -\&\fIX509_STORE_load_locations()\fR loads trusted certificate(s) into an +\&\fBX509_STORE_load_locations()\fR loads trusted certificate(s) into an \&\fBX509_STORE\fR from a given file and/or directory path. It is permitted to specify just a file, just a directory, or both paths. The certificates in the directory must be in hashed form, as documented in -\&\fIX509_LOOKUP_hash_dir\fR\|(3). +\&\fBX509_LOOKUP_hash_dir\fR\|(3). .PP -\&\fIX509_STORE_set_default_paths()\fR is somewhat misnamed, in that it does not +\&\fBX509_STORE_set_default_paths()\fR is somewhat misnamed, in that it does not set what default paths should be used for loading certificates. Instead, it loads certificates into the \fBX509_STORE\fR from the hardcoded default paths. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509_STORE_add_cert()\fR, \fIX509_STORE_add_crl()\fR, \fIX509_STORE_set_depth()\fR, -\&\fIX509_STORE_set_flags()\fR, \fIX509_STORE_set_purpose()\fR, -\&\fIX509_STORE_set_trust()\fR, \fIX509_STORE_load_locations()\fR, and -\&\fIX509_STORE_set_default_paths()\fR return 1 on success or 0 on failure. +\&\fBX509_STORE_add_cert()\fR, \fBX509_STORE_add_crl()\fR, \fBX509_STORE_set_depth()\fR, +\&\fBX509_STORE_set_flags()\fR, \fBX509_STORE_set_purpose()\fR, +\&\fBX509_STORE_set_trust()\fR, \fBX509_STORE_load_locations()\fR, and +\&\fBX509_STORE_set_default_paths()\fR return 1 on success or 0 on failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIX509_LOOKUP_hash_dir\fR\|(3). -\&\fIX509_VERIFY_PARAM_set_depth\fR\|(3). -\&\fIX509_STORE_new\fR\|(3), -\&\fIX509_STORE_get0_param\fR\|(3) +\&\fBX509_LOOKUP_hash_dir\fR\|(3). +\&\fBX509_VERIFY_PARAM_set_depth\fR\|(3). +\&\fBX509_STORE_new\fR\|(3), +\&\fBX509_STORE_get0_param\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/X509_STORE_get0_param.3 b/secure/lib/libcrypto/man/X509_STORE_get0_param.3 index 5a148e0b9e61..5b87c3d8dae4 100644 --- a/secure/lib/libcrypto/man/X509_STORE_get0_param.3 +++ b/secure/lib/libcrypto/man/X509_STORE_get0_param.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_GET0_PARAM 3" -.TH X509_STORE_GET0_PARAM 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_STORE_GET0_PARAM 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,27 +151,27 @@ X509_STORE_get0_param, X509_STORE_set1_param, X509_STORE_get0_objects \- X509_ST .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIX509_STORE_set1_param()\fR sets the verification parameters +\&\fBX509_STORE_set1_param()\fR sets the verification parameters to \fBpm\fR for \fBctx\fR. .PP -\&\fIX509_STORE_get0_param()\fR retrieves an internal pointer to the verification +\&\fBX509_STORE_get0_param()\fR retrieves an internal pointer to the verification parameters for \fBctx\fR. The returned pointer must not be freed by the calling application .PP -\&\fIX509_STORE_get0_objects()\fR retrieve an internal pointer to the store's +\&\fBX509_STORE_get0_objects()\fR retrieve an internal pointer to the store's X509 object cache. The cache contains \fBX509\fR and \fBX509_CRL\fR objects. The returned pointer must not be freed by the calling application. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509_STORE_get0_param()\fR returns a pointer to an +\&\fBX509_STORE_get0_param()\fR returns a pointer to an \&\fBX509_VERIFY_PARAM\fR structure. .PP -\&\fIX509_STORE_set1_param()\fR returns 1 for success and 0 for failure. +\&\fBX509_STORE_set1_param()\fR returns 1 for success and 0 for failure. .PP -\&\fIX509_STORE_get0_objects()\fR returns a pointer to a stack of \fBX509_OBJECT\fR. +\&\fBX509_STORE_get0_objects()\fR returns a pointer to a stack of \fBX509_OBJECT\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIX509_STORE_new\fR\|(3) +\&\fBX509_STORE_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fBX509_STORE_get0_param\fR and \fBX509_STORE_get0_objects\fR were added in diff --git a/secure/lib/libcrypto/man/X509_STORE_new.3 b/secure/lib/libcrypto/man/X509_STORE_new.3 index e993112cb71f..89c156baa5de 100644 --- a/secure/lib/libcrypto/man/X509_STORE_new.3 +++ b/secure/lib/libcrypto/man/X509_STORE_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_NEW 3" -.TH X509_STORE_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_STORE_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,31 +153,31 @@ X509_STORE_new, X509_STORE_up_ref, X509_STORE_free, X509_STORE_lock, X509_STORE_ .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIX509_STORE_new()\fR function returns a new X509_STORE. +The \fBX509_STORE_new()\fR function returns a new X509_STORE. .PP -\&\fIX509_STORE_up_ref()\fR increments the reference count associated with the +\&\fBX509_STORE_up_ref()\fR increments the reference count associated with the X509_STORE object. .PP -\&\fIX509_STORE_lock()\fR locks the store from modification by other threads, -\&\fIX509_STORE_unlock()\fR locks it. +\&\fBX509_STORE_lock()\fR locks the store from modification by other threads, +\&\fBX509_STORE_unlock()\fR locks it. .PP -\&\fIX509_STORE_free()\fR frees up a single X509_STORE object. +\&\fBX509_STORE_free()\fR frees up a single X509_STORE object. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509_STORE_new()\fR returns a newly created X509_STORE or \s-1NULL\s0 if the call fails. +\&\fBX509_STORE_new()\fR returns a newly created X509_STORE or \s-1NULL\s0 if the call fails. .PP -\&\fIX509_STORE_up_ref()\fR, \fIX509_STORE_lock()\fR and \fIX509_STORE_unlock()\fR return +\&\fBX509_STORE_up_ref()\fR, \fBX509_STORE_lock()\fR and \fBX509_STORE_unlock()\fR return 1 for success and 0 for failure. .PP -\&\fIX509_STORE_free()\fR does not return values. +\&\fBX509_STORE_free()\fR does not return values. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIX509_STORE_set_verify_cb_func\fR\|(3) -\&\fIX509_STORE_get0_param\fR\|(3) +\&\fBX509_STORE_set_verify_cb_func\fR\|(3) +\&\fBX509_STORE_get0_param\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -The \fIX509_STORE_up_ref()\fR, \fIX509_STORE_lock()\fR and \fIX509_STORE_unlock()\fR -functions were added in OpenSSL 1.1.0 +The \fBX509_STORE_up_ref()\fR, \fBX509_STORE_lock()\fR and \fBX509_STORE_unlock()\fR +functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 b/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 index 53a2cbb5ffdf..b633bcb00183 100644 --- a/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 +++ b/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_SET_VERIFY_CB_FUNC 3" -.TH X509_STORE_SET_VERIFY_CB_FUNC 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_STORE_SET_VERIFY_CB_FUNC 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -215,13 +219,13 @@ X509_STORE_set_lookup_crls_cb, X509_STORE_set_verify_func, X509_STORE_get_cleanu .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIX509_STORE_set_verify_cb()\fR sets the verification callback of \fBctx\fR to +\&\fBX509_STORE_set_verify_cb()\fR sets the verification callback of \fBctx\fR to \&\fBverify_cb\fR overwriting the previous callback. The callback assigned with this function becomes a default for the one that can be assigned directly to the corresponding \fBX509_STORE_CTX\fR, -please see \fIX509_STORE_CTX_set_verify_cb\fR\|(3) for further information. +please see \fBX509_STORE_CTX_set_verify_cb\fR\|(3) for further information. .PP -\&\fIX509_STORE_set_verify()\fR sets the final chain verification function for +\&\fBX509_STORE_set_verify()\fR sets the final chain verification function for \&\fBctx\fR to \fBverify\fR. Its purpose is to go through the chain of certificates and check that all signatures are valid and that the current time is within the @@ -231,21 +235,21 @@ on success. \&\fIIf no chain verification function is provided, the internal default function will be used instead.\fR .PP -\&\fIX509_STORE_set_get_issuer()\fR sets the function to get the issuer +\&\fBX509_STORE_set_get_issuer()\fR sets the function to get the issuer certificate that verifies the given certificate \fBx\fR. When found, the issuer certificate must be assigned to \fB*issuer\fR. This function must return 0 on failure and 1 on success. \&\fIIf no function to get the issuer is provided, the internal default function will be used instead.\fR .PP -\&\fIX509_STORE_set_check_issued()\fR sets the function to check that a given +\&\fBX509_STORE_set_check_issued()\fR sets the function to check that a given certificate \fBx\fR is issued with the issuer certificate \fBissuer\fR. This function must return 0 on failure (among others if \fBx\fR hasn't been issued with \fBissuer\fR) and 1 on success. \&\fIIf no function to get the issuer is provided, the internal default function will be used instead.\fR .PP -\&\fIX509_STORE_set_check_revocation()\fR sets the revocation checking +\&\fBX509_STORE_set_check_revocation()\fR sets the revocation checking function. Its purpose is to look through the final chain and check the revocation status for each certificate. @@ -253,32 +257,32 @@ It must return 0 on failure and 1 on success. \&\fIIf no function to get the issuer is provided, the internal default function will be used instead.\fR .PP -\&\fIX509_STORE_set_get_crl()\fR sets the function to get the crl for a given +\&\fBX509_STORE_set_get_crl()\fR sets the function to get the crl for a given certificate \fBx\fR. When found, the crl must be assigned to \fB*crl\fR. This function must return 0 on failure and 1 on success. \&\fIIf no function to get the issuer is provided, the internal default function will be used instead.\fR .PP -\&\fIX509_STORE_set_check_crl()\fR sets the function to check the validity of +\&\fBX509_STORE_set_check_crl()\fR sets the function to check the validity of the given \fBcrl\fR. This function must return 0 on failure and 1 on success. \&\fIIf no function to get the issuer is provided, the internal default function will be used instead.\fR .PP -\&\fIX509_STORE_set_cert_crl()\fR sets the function to check the revocation +\&\fBX509_STORE_set_cert_crl()\fR sets the function to check the revocation status of the given certificate \fBx\fR against the given \fBcrl\fR. This function must return 0 on failure and 1 on success. \&\fIIf no function to get the issuer is provided, the internal default function will be used instead.\fR .PP -\&\fIX509_STORE_set_check_policy()\fR sets the function to check the policies +\&\fBX509_STORE_set_check_policy()\fR sets the function to check the policies of all the certificates in the final chain.. This function must return 0 on failure and 1 on success. \&\fIIf no function to get the issuer is provided, the internal default function will be used instead.\fR .PP -\&\fIX509_STORE_set_lookup_certs()\fR and \fIX509_STORE_set_lookup_crls()\fR set the +\&\fBX509_STORE_set_lookup_certs()\fR and \fBX509_STORE_set_lookup_crls()\fR set the functions to look up all the certs or all the CRLs that match the given name \fBnm\fR. These functions return \s-1NULL\s0 on failure and a pointer to a stack of @@ -287,36 +291,36 @@ success. \&\fIIf no function to get the issuer is provided, the internal default function will be used instead.\fR .PP -\&\fIX509_STORE_set_cleanup()\fR sets the final cleanup function, which is +\&\fBX509_STORE_set_cleanup()\fR sets the final cleanup function, which is called when the context (\fBX509_STORE_CTX\fR) is being torn down. This function doesn't return any value. \&\fIIf no function to get the issuer is provided, the internal default function will be used instead.\fR .PP -\&\fIX509_STORE_get_verify_cb()\fR, \fIX509_STORE_CTX_get_verify()\fR, -\&\fIX509_STORE_get_get_issuer()\fR, \fIX509_STORE_get_check_issued()\fR, -\&\fIX509_STORE_get_check_revocation()\fR, \fIX509_STORE_get_get_crl()\fR, -\&\fIX509_STORE_get_check_crl()\fR, \fIX509_STORE_set_verify()\fR, -\&\fIX509_STORE_set_get_issuer()\fR, \fIX509_STORE_get_cert_crl()\fR, -\&\fIX509_STORE_get_check_policy()\fR, \fIX509_STORE_get_lookup_certs()\fR, -\&\fIX509_STORE_get_lookup_crls()\fR and \fIX509_STORE_get_cleanup()\fR all return -the function pointer assigned with \fIX509_STORE_set_check_issued()\fR, -\&\fIX509_STORE_set_check_revocation()\fR, \fIX509_STORE_set_get_crl()\fR, -\&\fIX509_STORE_set_check_crl()\fR, \fIX509_STORE_set_cert_crl()\fR, -\&\fIX509_STORE_set_check_policy()\fR, \fIX509_STORE_set_lookup_certs()\fR, -\&\fIX509_STORE_set_lookup_crls()\fR and \fIX509_STORE_set_cleanup()\fR, or \s-1NULL\s0 if +\&\fBX509_STORE_get_verify_cb()\fR, \fBX509_STORE_CTX_get_verify()\fR, +\&\fBX509_STORE_get_get_issuer()\fR, \fBX509_STORE_get_check_issued()\fR, +\&\fBX509_STORE_get_check_revocation()\fR, \fBX509_STORE_get_get_crl()\fR, +\&\fBX509_STORE_get_check_crl()\fR, \fBX509_STORE_set_verify()\fR, +\&\fBX509_STORE_set_get_issuer()\fR, \fBX509_STORE_get_cert_crl()\fR, +\&\fBX509_STORE_get_check_policy()\fR, \fBX509_STORE_get_lookup_certs()\fR, +\&\fBX509_STORE_get_lookup_crls()\fR and \fBX509_STORE_get_cleanup()\fR all return +the function pointer assigned with \fBX509_STORE_set_check_issued()\fR, +\&\fBX509_STORE_set_check_revocation()\fR, \fBX509_STORE_set_get_crl()\fR, +\&\fBX509_STORE_set_check_crl()\fR, \fBX509_STORE_set_cert_crl()\fR, +\&\fBX509_STORE_set_check_policy()\fR, \fBX509_STORE_set_lookup_certs()\fR, +\&\fBX509_STORE_set_lookup_crls()\fR and \fBX509_STORE_set_cleanup()\fR, or \s-1NULL\s0 if no assignment has been made. .PP -\&\fIX509_STORE_set_verify_cb_func()\fR, \fIX509_STORE_set_verify_func()\fR and -\&\fIX509_STORE_set_lookup_crls_cb()\fR are aliases for -\&\fIX509_STORE_set_verify_cb()\fR, \fIX509_STORE_set_verify()\fR and +\&\fBX509_STORE_set_verify_cb_func()\fR, \fBX509_STORE_set_verify_func()\fR and +\&\fBX509_STORE_set_lookup_crls_cb()\fR are aliases for +\&\fBX509_STORE_set_verify_cb()\fR, \fBX509_STORE_set_verify()\fR and X509_STORE_set_lookup_crls, available as macros for backward compatibility. .SH "NOTES" .IX Header "NOTES" All the callbacks from a \fBX509_STORE\fR are inherited by the corresponding \fBX509_STORE_CTX\fR structure when it is initialized. -See \fIX509_STORE_CTX_set_verify_cb\fR\|(3) for further details. +See \fBX509_STORE_CTX_set_verify_cb\fR\|(3) for further details. .SH "BUGS" .IX Header "BUGS" The macro version of this function was the only one available before @@ -329,26 +333,27 @@ The X509_STORE_get_*() functions return a pointer of the appropriate function type. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIX509_STORE_CTX_set_verify_cb\fR\|(3), \fIX509_STORE_CTX_get0_chain\fR\|(3), -\&\fIX509_STORE_CTX_verify_cb\fR\|(3), \fIX509_STORE_CTX_verify_fn\fR\|(3), -\&\fICMS_verify\fR\|(3) +\&\fBX509_STORE_CTX_set_verify_cb\fR\|(3), \fBX509_STORE_CTX_get0_chain\fR\|(3), +\&\fBX509_STORE_CTX_verify_cb\fR\|(3), \fBX509_STORE_CTX_verify_fn\fR\|(3), +\&\fBCMS_verify\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIX509_STORE_set_verify_cb()\fR was added to OpenSSL 1.0.0. +The \fBX509_STORE_set_verify_cb()\fR function was added in OpenSSL 1.0.0. .PP -\&\fIX509_STORE_set_verify_cb()\fR, \fIX509_STORE_get_verify_cb()\fR, -\&\fIX509_STORE_set_verify()\fR, \fIX509_STORE_CTX_get_verify()\fR, -\&\fIX509_STORE_set_get_issuer()\fR, \fIX509_STORE_get_get_issuer()\fR, -\&\fIX509_STORE_set_check_issued()\fR, \fIX509_STORE_get_check_issued()\fR, -\&\fIX509_STORE_set_check_revocation()\fR, \fIX509_STORE_get_check_revocation()\fR, -\&\fIX509_STORE_set_get_crl()\fR, \fIX509_STORE_get_get_crl()\fR, -\&\fIX509_STORE_set_check_crl()\fR, \fIX509_STORE_get_check_crl()\fR, -\&\fIX509_STORE_set_cert_crl()\fR, \fIX509_STORE_get_cert_crl()\fR, -\&\fIX509_STORE_set_check_policy()\fR, \fIX509_STORE_get_check_policy()\fR, -\&\fIX509_STORE_set_lookup_certs()\fR, \fIX509_STORE_get_lookup_certs()\fR, -\&\fIX509_STORE_set_lookup_crls()\fR, \fIX509_STORE_get_lookup_crls()\fR, -\&\fIX509_STORE_set_cleanup()\fR and \fIX509_STORE_get_cleanup()\fR were added in -OpenSSL 1.1.0. +The functions +\&\fBX509_STORE_set_verify_cb()\fR, \fBX509_STORE_get_verify_cb()\fR, +\&\fBX509_STORE_set_verify()\fR, \fBX509_STORE_CTX_get_verify()\fR, +\&\fBX509_STORE_set_get_issuer()\fR, \fBX509_STORE_get_get_issuer()\fR, +\&\fBX509_STORE_set_check_issued()\fR, \fBX509_STORE_get_check_issued()\fR, +\&\fBX509_STORE_set_check_revocation()\fR, \fBX509_STORE_get_check_revocation()\fR, +\&\fBX509_STORE_set_get_crl()\fR, \fBX509_STORE_get_get_crl()\fR, +\&\fBX509_STORE_set_check_crl()\fR, \fBX509_STORE_get_check_crl()\fR, +\&\fBX509_STORE_set_cert_crl()\fR, \fBX509_STORE_get_cert_crl()\fR, +\&\fBX509_STORE_set_check_policy()\fR, \fBX509_STORE_get_check_policy()\fR, +\&\fBX509_STORE_set_lookup_certs()\fR, \fBX509_STORE_get_lookup_certs()\fR, +\&\fBX509_STORE_set_lookup_crls()\fR, \fBX509_STORE_get_lookup_crls()\fR, +\&\fBX509_STORE_set_cleanup()\fR and \fBX509_STORE_get_cleanup()\fR +were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2009\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 b/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 index acc934e9c520..88aa0a8a4987 100644 --- a/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 +++ b/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_VERIFY_PARAM_SET_FLAGS 3" -.TH X509_VERIFY_PARAM_SET_FLAGS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_VERIFY_PARAM_SET_FLAGS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -188,38 +192,38 @@ X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_ge These functions manipulate the \fBX509_VERIFY_PARAM\fR structure associated with a certificate verification operation. .PP -The \fIX509_VERIFY_PARAM_set_flags()\fR function sets the flags in \fBparam\fR by oring +The \fBX509_VERIFY_PARAM_set_flags()\fR function sets the flags in \fBparam\fR by oring it with \fBflags\fR. See the \fB\s-1VERIFICATION FLAGS\s0\fR section for a complete description of values the \fBflags\fR parameter can take. .PP -\&\fIX509_VERIFY_PARAM_get_flags()\fR returns the flags in \fBparam\fR. +\&\fBX509_VERIFY_PARAM_get_flags()\fR returns the flags in \fBparam\fR. .PP -\&\fIX509_VERIFY_PARAM_get_inh_flags()\fR returns the inheritance flags in \fBparam\fR +\&\fBX509_VERIFY_PARAM_get_inh_flags()\fR returns the inheritance flags in \fBparam\fR which specifies how verification flags are copied from one structure to -another. \fIX509_VERIFY_PARAM_set_inh_flags()\fR sets the inheritance flags. +another. \fBX509_VERIFY_PARAM_set_inh_flags()\fR sets the inheritance flags. See the \fB\s-1INHERITANCE FLAGS\s0\fR section for a description of these bits. .PP -\&\fIX509_VERIFY_PARAM_clear_flags()\fR clears the flags \fBflags\fR in \fBparam\fR. +\&\fBX509_VERIFY_PARAM_clear_flags()\fR clears the flags \fBflags\fR in \fBparam\fR. .PP -\&\fIX509_VERIFY_PARAM_set_purpose()\fR sets the verification purpose in \fBparam\fR +\&\fBX509_VERIFY_PARAM_set_purpose()\fR sets the verification purpose in \fBparam\fR to \fBpurpose\fR. This determines the acceptable purpose of the certificate chain, for example \s-1SSL\s0 client or \s-1SSL\s0 server. .PP -\&\fIX509_VERIFY_PARAM_set_trust()\fR sets the trust setting in \fBparam\fR to +\&\fBX509_VERIFY_PARAM_set_trust()\fR sets the trust setting in \fBparam\fR to \&\fBtrust\fR. .PP -\&\fIX509_VERIFY_PARAM_set_time()\fR sets the verification time in \fBparam\fR to +\&\fBX509_VERIFY_PARAM_set_time()\fR sets the verification time in \fBparam\fR to \&\fBt\fR. Normally the current time is used. .PP -\&\fIX509_VERIFY_PARAM_add0_policy()\fR enables policy checking (it is disabled +\&\fBX509_VERIFY_PARAM_add0_policy()\fR enables policy checking (it is disabled by default) and adds \fBpolicy\fR to the acceptable policy set. .PP -\&\fIX509_VERIFY_PARAM_set1_policies()\fR enables policy checking (it is disabled +\&\fBX509_VERIFY_PARAM_set1_policies()\fR enables policy checking (it is disabled by default) and sets the acceptable policy set to \fBpolicies\fR. Any existing policy set is cleared. The \fBpolicies\fR parameter can be \fB\s-1NULL\s0\fR to clear an existing policy set. .PP -\&\fIX509_VERIFY_PARAM_set_depth()\fR sets the maximum verification depth to \fBdepth\fR. +\&\fBX509_VERIFY_PARAM_set_depth()\fR sets the maximum verification depth to \fBdepth\fR. That is the maximum number of intermediate \s-1CA\s0 certificates that can appear in a chain. A maximal depth chain contains 2 more certificates than the limit, since @@ -230,7 +234,7 @@ directly by the trust-anchor, while with a \fBdepth\fR limit of 1 there can be o intermediate \s-1CA\s0 certificate between the trust-anchor and the end-entity certificate. .PP -\&\fIX509_VERIFY_PARAM_set_auth_level()\fR sets the authentication security level to +\&\fBX509_VERIFY_PARAM_set_auth_level()\fR sets the authentication security level to \&\fBauth_level\fR. The authentication security level determines the acceptable signature and public key strength when verifying certificate chains. @@ -239,7 +243,7 @@ must meet the specified security level. The signature algorithm security level is not enforced for the chain's \fItrust anchor\fR certificate, which is either directly trusted or validated by means other than its signature. -See \fISSL_CTX_set_security_level\fR\|(3) for the definitions of the available +See \fBSSL_CTX_set_security_level\fR\|(3) for the definitions of the available levels. The default security level is \-1, or \*(L"not set\*(R". At security level 0 or lower all algorithms are acceptable. @@ -247,7 +251,7 @@ Security level 1 requires at least 80\-bit\-equivalent security and is broadly interoperable, though it will, for example, reject \s-1MD5\s0 signatures or \s-1RSA\s0 keys shorter than 1024 bits. .PP -\&\fIX509_VERIFY_PARAM_set1_host()\fR sets the expected \s-1DNS\s0 hostname to +\&\fBX509_VERIFY_PARAM_set1_host()\fR sets the expected \s-1DNS\s0 hostname to \&\fBname\fR clearing any previously specified host name or names. If \&\fBname\fR is \s-1NULL,\s0 or empty the list of hostnames is cleared, and name checks are not performed on the peer certificate. If \fBname\fR @@ -255,12 +259,12 @@ is NUL-terminated, \fBnamelen\fR may be zero, otherwise \fBnamelen\fR must be set to the length of \fBname\fR. .PP When a hostname is specified, -certificate verification automatically invokes \fIX509_check_host\fR\|(3) +certificate verification automatically invokes \fBX509_check_host\fR\|(3) with flags equal to the \fBflags\fR argument given to -\&\fIX509_VERIFY_PARAM_set_hostflags()\fR (default zero). Applications +\&\fBX509_VERIFY_PARAM_set_hostflags()\fR (default zero). Applications are strongly advised to use this interface in preference to explicitly -calling \fIX509_check_host\fR\|(3), hostname checks may be out of scope -with the \s-1\fIDANE\-EE\s0\fR\|(3) certificate usage, and the internal check will +calling \fBX509_check_host\fR\|(3), hostname checks may be out of scope +with the \s-1\fBDANE\-EE\s0\fR\|(3) certificate usage, and the internal check will be suppressed as appropriate when \s-1DANE\s0 verification is enabled. .PP When the subject CommonName will not be ignored, whether as a result of the @@ -273,20 +277,20 @@ When the subject CommonName will be ignored, whether as a result of the \&\fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR host flag, or because some \s-1DNS\s0 subject alternative names are present in the certificate, \s-1DNS\s0 name constraints in issuer certificates will not be applied to the subject \s-1DN.\s0 -As described in \fIX509_check_host\fR\|(3) the \fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR +As described in \fBX509_check_host\fR\|(3) the \fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR flag takes precedence over the \fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR flag. .PP -\&\fIX509_VERIFY_PARAM_get_hostflags()\fR returns any host flags previously set via a -call to \fIX509_VERIFY_PARAM_set_hostflags()\fR. +\&\fBX509_VERIFY_PARAM_get_hostflags()\fR returns any host flags previously set via a +call to \fBX509_VERIFY_PARAM_set_hostflags()\fR. .PP -\&\fIX509_VERIFY_PARAM_add1_host()\fR adds \fBname\fR as an additional reference +\&\fBX509_VERIFY_PARAM_add1_host()\fR adds \fBname\fR as an additional reference identifier that can match the peer's certificate. Any previous names -set via \fIX509_VERIFY_PARAM_set1_host()\fR or \fIX509_VERIFY_PARAM_add1_host()\fR +set via \fBX509_VERIFY_PARAM_set1_host()\fR or \fBX509_VERIFY_PARAM_add1_host()\fR are retained, no change is made if \fBname\fR is \s-1NULL\s0 or empty. When multiple names are configured, the peer is considered verified when any name matches. .PP -\&\fIX509_VERIFY_PARAM_get0_peername()\fR returns the \s-1DNS\s0 hostname or subject +\&\fBX509_VERIFY_PARAM_get0_peername()\fR returns the \s-1DNS\s0 hostname or subject CommonName from the peer certificate that matched one of the reference identifiers. When wildcard matching is not disabled, or when a reference identifier specifies a parent domain (starts with \*(L".\*(R") @@ -296,45 +300,45 @@ string is allocated by the library and is no longer valid once the associated \fBparam\fR argument is freed. Applications must not free the return value. .PP -\&\fIX509_VERIFY_PARAM_set1_email()\fR sets the expected \s-1RFC822\s0 email address to +\&\fBX509_VERIFY_PARAM_set1_email()\fR sets the expected \s-1RFC822\s0 email address to \&\fBemail\fR. If \fBemail\fR is NUL-terminated, \fBemaillen\fR may be zero, otherwise \&\fBemaillen\fR must be set to the length of \fBemail\fR. When an email address is specified, certificate verification automatically invokes -\&\fIX509_check_email\fR\|(3). +\&\fBX509_check_email\fR\|(3). .PP -\&\fIX509_VERIFY_PARAM_set1_ip()\fR sets the expected \s-1IP\s0 address to \fBip\fR. +\&\fBX509_VERIFY_PARAM_set1_ip()\fR sets the expected \s-1IP\s0 address to \fBip\fR. The \fBip\fR argument is in binary format, in network byte-order and \&\fBiplen\fR must be set to 4 for IPv4 and 16 for IPv6. When an \s-1IP\s0 address is specified, certificate verification automatically invokes -\&\fIX509_check_ip\fR\|(3). +\&\fBX509_check_ip\fR\|(3). .PP -\&\fIX509_VERIFY_PARAM_set1_ip_asc()\fR sets the expected \s-1IP\s0 address to +\&\fBX509_VERIFY_PARAM_set1_ip_asc()\fR sets the expected \s-1IP\s0 address to \&\fBipasc\fR. The \fBipasc\fR argument is a NUL-terminal \s-1ASCII\s0 string: dotted decimal quad for IPv4 and colon-separated hexadecimal for IPv6. The condensed \*(L"::\*(R" notation is supported for IPv6 addresses. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509_VERIFY_PARAM_set_flags()\fR, \fIX509_VERIFY_PARAM_clear_flags()\fR, -\&\fIX509_VERIFY_PARAM_set_inh_flags()\fR, -\&\fIX509_VERIFY_PARAM_set_purpose()\fR, \fIX509_VERIFY_PARAM_set_trust()\fR, -\&\fIX509_VERIFY_PARAM_add0_policy()\fR \fIX509_VERIFY_PARAM_set1_policies()\fR, -\&\fIX509_VERIFY_PARAM_set1_host()\fR, \fIX509_VERIFY_PARAM_add1_host()\fR, -\&\fIX509_VERIFY_PARAM_set1_email()\fR, \fIX509_VERIFY_PARAM_set1_ip()\fR and -\&\fIX509_VERIFY_PARAM_set1_ip_asc()\fR return 1 for success and 0 for +\&\fBX509_VERIFY_PARAM_set_flags()\fR, \fBX509_VERIFY_PARAM_clear_flags()\fR, +\&\fBX509_VERIFY_PARAM_set_inh_flags()\fR, +\&\fBX509_VERIFY_PARAM_set_purpose()\fR, \fBX509_VERIFY_PARAM_set_trust()\fR, +\&\fBX509_VERIFY_PARAM_add0_policy()\fR \fBX509_VERIFY_PARAM_set1_policies()\fR, +\&\fBX509_VERIFY_PARAM_set1_host()\fR, \fBX509_VERIFY_PARAM_add1_host()\fR, +\&\fBX509_VERIFY_PARAM_set1_email()\fR, \fBX509_VERIFY_PARAM_set1_ip()\fR and +\&\fBX509_VERIFY_PARAM_set1_ip_asc()\fR return 1 for success and 0 for failure. .PP -\&\fIX509_VERIFY_PARAM_get_flags()\fR returns the current verification flags. +\&\fBX509_VERIFY_PARAM_get_flags()\fR returns the current verification flags. .PP -\&\fIX509_VERIFY_PARAM_get_hostflags()\fR returns any current host flags. +\&\fBX509_VERIFY_PARAM_get_hostflags()\fR returns any current host flags. .PP -\&\fIX509_VERIFY_PARAM_get_inh_flags()\fR returns the current inheritance flags. +\&\fBX509_VERIFY_PARAM_get_inh_flags()\fR returns the current inheritance flags. .PP -\&\fIX509_VERIFY_PARAM_set_time()\fR and \fIX509_VERIFY_PARAM_set_depth()\fR do not return +\&\fBX509_VERIFY_PARAM_set_time()\fR and \fBX509_VERIFY_PARAM_set_depth()\fR do not return values. .PP -\&\fIX509_VERIFY_PARAM_get_depth()\fR returns the current verification depth. +\&\fBX509_VERIFY_PARAM_get_depth()\fR returns the current verification depth. .PP -\&\fIX509_VERIFY_PARAM_get_auth_level()\fR returns the current authentication security +\&\fBX509_VERIFY_PARAM_get_auth_level()\fR returns the current authentication security level. .SH "VERIFICATION FLAGS" .IX Header "VERIFICATION FLAGS" @@ -389,12 +393,12 @@ signature is that disabled or unsupported message digests on the root \s-1CA\s0 are not treated as fatal errors. .PP When \fBX509_V_FLAG_TRUSTED_FIRST\fR is set, construction of the certificate chain -in \fIX509_verify_cert\fR\|(3) will search the trust store for issuer certificates +in \fBX509_verify_cert\fR\|(3) will search the trust store for issuer certificates before searching the provided untrusted certificates. Local issuer certificates are often more likely to satisfy local security requirements and lead to a locally trusted root. This is especially important when some certificates in the trust store have -explicit trust settings (see \*(L"\s-1TRUST SETTINGS\*(R"\s0 in \fIx509\fR\|(1)). +explicit trust settings (see \*(L"\s-1TRUST SETTINGS\*(R"\s0 in \fBx509\fR\|(1)). As of OpenSSL 1.1.0 this option is on by default. .PP The \fBX509_V_FLAG_NO_ALT_CHAINS\fR flag suppresses checking for alternative @@ -421,7 +425,7 @@ verified chain passed to callbacks may be shorter than it otherwise would be without the \fBX509_V_FLAG_PARTIAL_CHAIN\fR flag. .PP The \fBX509_V_FLAG_NO_CHECK_TIME\fR flag suppresses checking the validity period -of certificates and CRLs against the current time. If \fIX509_VERIFY_PARAM_set_time()\fR +of certificates and CRLs against the current time. If \fBX509_VERIFY_PARAM_set_time()\fR is used to specify a verification time, the check is not suppressed. .SH "INHERITANCE FLAGS" .IX Header "INHERITANCE FLAGS" @@ -448,7 +452,7 @@ of ORed. .IX Header "NOTES" The above functions should be used to manipulate verification parameters instead of functions which work in specific structures such as -\&\fIX509_STORE_CTX_set_flags()\fR which are likely to be deprecated in a future +\&\fBX509_STORE_CTX_set_flags()\fR which are likely to be deprecated in a future release. .SH "BUGS" .IX Header "BUGS" @@ -474,18 +478,18 @@ connections associated with an \fB\s-1SSL_CTX\s0\fR structure \fBctx\fR: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIX509_verify_cert\fR\|(3), -\&\fIX509_check_host\fR\|(3), -\&\fIX509_check_email\fR\|(3), -\&\fIX509_check_ip\fR\|(3), -\&\fIx509\fR\|(1) +\&\fBX509_verify_cert\fR\|(3), +\&\fBX509_check_host\fR\|(3), +\&\fBX509_check_email\fR\|(3), +\&\fBX509_check_ip\fR\|(3), +\&\fBx509\fR\|(1) .SH "HISTORY" .IX Header "HISTORY" -The \fBX509_V_FLAG_NO_ALT_CHAINS\fR flag was added in OpenSSL 1.1.0 -The flag \fBX509_V_FLAG_CB_ISSUER_CHECK\fR was deprecated in -OpenSSL 1.1.0, and has no effect. +The \fBX509_V_FLAG_NO_ALT_CHAINS\fR flag was added in OpenSSL 1.1.0. +The flag \fBX509_V_FLAG_CB_ISSUER_CHECK\fR was deprecated in OpenSSL 1.1.0 +and has no effect. .PP -\&\fIX509_VERIFY_PARAM_get_hostflags()\fR was added in OpenSSL 1.1.0i. +The \fBX509_VERIFY_PARAM_get_hostflags()\fR function was added in OpenSSL 1.1.0i. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2009\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/X509_check_ca.3 b/secure/lib/libcrypto/man/X509_check_ca.3 index a948dd11c3a4..dab4a8d3fcd7 100644 --- a/secure/lib/libcrypto/man/X509_check_ca.3 +++ b/secure/lib/libcrypto/man/X509_check_ca.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_CHECK_CA 3" -.TH X509_CHECK_CA 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_CHECK_CA 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -160,9 +164,9 @@ Actually, any non-zero value means that this certificate could have been used to sign other certificates. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIX509_verify_cert\fR\|(3), -\&\fIX509_check_issued\fR\|(3), -\&\fIX509_check_purpose\fR\|(3) +\&\fBX509_verify_cert\fR\|(3), +\&\fBX509_check_issued\fR\|(3), +\&\fBX509_check_purpose\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/X509_check_host.3 b/secure/lib/libcrypto/man/X509_check_host.3 index ffa53b5d2894..f882853034db 100644 --- a/secure/lib/libcrypto/man/X509_check_host.3 +++ b/secure/lib/libcrypto/man/X509_check_host.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_CHECK_HOST 3" -.TH X509_CHECK_HOST 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_CHECK_HOST 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,7 +160,7 @@ certificate matches a given host name, email address, or \s-1IP\s0 address. The validity of the certificate and its trust level has to be checked by other means. .PP -\&\fIX509_check_host()\fR checks if the certificate Subject Alternative +\&\fBX509_check_host()\fR checks if the certificate Subject Alternative Name (\s-1SAN\s0) or Subject CommonName (\s-1CN\s0) matches the specified host name, which must be encoded in the preferred name syntax described in section 3.5 of \s-1RFC 1034.\s0 By default, wildcards are supported @@ -177,23 +181,23 @@ valid for any sub-domain of \fBname\fR, (see also When the certificate is matched, and \fBpeername\fR is not \s-1NULL,\s0 a pointer to a copy of the matching \s-1SAN\s0 or \s-1CN\s0 from the peer certificate is stored at the address passed in \fBpeername\fR. The application -is responsible for freeing the peername via \fIOPENSSL_free()\fR when it +is responsible for freeing the peername via \fBOPENSSL_free()\fR when it is no longer needed. .PP -\&\fIX509_check_email()\fR checks if the certificate matches the specified +\&\fBX509_check_email()\fR checks if the certificate matches the specified email \fBaddress\fR. Only the mailbox syntax of \s-1RFC 822\s0 is supported, comments are not allowed, and no attempt is made to normalize quoted characters. The \fBaddresslen\fR argument must be the number of characters in the address string or zero in which case the length is calculated with strlen(\fBaddress\fR). .PP -\&\fIX509_check_ip()\fR checks if the certificate matches a specified IPv4 or +\&\fBX509_check_ip()\fR checks if the certificate matches a specified IPv4 or IPv6 address. The \fBaddress\fR array is in binary format, in network byte order. The length is either 4 (IPv4) or 16 (IPv6). Only explicitly marked addresses in the certificates are considered; \s-1IP\s0 addresses stored in \s-1DNS\s0 names and Common Names are ignored. .PP -\&\fIX509_check_ip_asc()\fR is similar, except that the NUL-terminated +\&\fBX509_check_ip_asc()\fR is similar, except that the NUL-terminated string \fBaddress\fR is first converted to the internal representation. .PP The \fBflags\fR argument is usually 0. It can be the bitwise \s-1OR\s0 of the @@ -254,23 +258,23 @@ and \-1 for an internal error: typically a memory allocation failure or an \s-1ASN.1\s0 decoding error. .PP All functions can also return \-2 if the input is malformed. For example, -\&\fIX509_check_host()\fR returns \-2 if the provided \fBname\fR contains embedded +\&\fBX509_check_host()\fR returns \-2 if the provided \fBname\fR contains embedded NULs. .SH "NOTES" .IX Header "NOTES" -Applications are encouraged to use \fIX509_VERIFY_PARAM_set1_host()\fR -rather than explicitly calling \fIX509_check_host\fR\|(3). Host name -checks may be out of scope with the \s-1\fIDANE\-EE\s0\fR\|(3) certificate usage, +Applications are encouraged to use \fBX509_VERIFY_PARAM_set1_host()\fR +rather than explicitly calling \fBX509_check_host\fR\|(3). Host name +checks may be out of scope with the \s-1\fBDANE\-EE\s0\fR\|(3) certificate usage, and the internal checks will be suppressed as appropriate when \&\s-1DANE\s0 support is enabled. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_get_verify_result\fR\|(3), -\&\fIX509_VERIFY_PARAM_set1_host\fR\|(3), -\&\fIX509_VERIFY_PARAM_add1_host\fR\|(3), -\&\fIX509_VERIFY_PARAM_set1_email\fR\|(3), -\&\fIX509_VERIFY_PARAM_set1_ip\fR\|(3), -\&\fIX509_VERIFY_PARAM_set1_ipasc\fR\|(3) +\&\fBSSL_get_verify_result\fR\|(3), +\&\fBX509_VERIFY_PARAM_set1_host\fR\|(3), +\&\fBX509_VERIFY_PARAM_add1_host\fR\|(3), +\&\fBX509_VERIFY_PARAM_set1_email\fR\|(3), +\&\fBX509_VERIFY_PARAM_set1_ip\fR\|(3), +\&\fBX509_VERIFY_PARAM_set1_ipasc\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.0.2. diff --git a/secure/lib/libcrypto/man/X509_check_issued.3 b/secure/lib/libcrypto/man/X509_check_issued.3 index ac806364796e..35dcdd81cc5b 100644 --- a/secure/lib/libcrypto/man/X509_check_issued.3 +++ b/secure/lib/libcrypto/man/X509_check_issued.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_CHECK_ISSUED 3" -.TH X509_CHECK_ISSUED 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_CHECK_ISSUED 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -158,9 +162,9 @@ Function return \fBX509_V_OK\fR if certificate \fIsubject\fR is issued by \&\fIissuer\fR or some \fBX509_V_ERR*\fR constant to indicate an error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIX509_verify_cert\fR\|(3), -\&\fIX509_check_ca\fR\|(3), -\&\fIverify\fR\|(1) +\&\fBX509_verify_cert\fR\|(3), +\&\fBX509_check_ca\fR\|(3), +\&\fBverify\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/X509_check_private_key.3 b/secure/lib/libcrypto/man/X509_check_private_key.3 index ec825d44c822..263631e5eefc 100644 --- a/secure/lib/libcrypto/man/X509_check_private_key.3 +++ b/secure/lib/libcrypto/man/X509_check_private_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_CHECK_PRIVATE_KEY 3" -.TH X509_CHECK_PRIVATE_KEY 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_CHECK_PRIVATE_KEY 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,18 +151,18 @@ X509_check_private_key, X509_REQ_check_private_key \- check the consistency of a .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIX509_check_private_key()\fR function checks the consistency of private +\&\fBX509_check_private_key()\fR function checks the consistency of private key \fBk\fR with the public key in \fBx\fR. .PP -\&\fIX509_REQ_check_private_key()\fR is equivalent to \fIX509_check_private_key()\fR +\&\fBX509_REQ_check_private_key()\fR is equivalent to \fBX509_check_private_key()\fR except that \fBx\fR represents a certificate request of structure \fBX509_REQ\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509_check_private_key()\fR and \fIX509_REQ_check_private_key()\fR return 1 if +\&\fBX509_check_private_key()\fR and \fBX509_REQ_check_private_key()\fR return 1 if the keys match each other, and 0 if not. .PP If the key is invalid or an error occurred, the reason code can be -obtained using \fIERR_get_error\fR\|(3). +obtained using \fBERR_get_error\fR\|(3). .SH "BUGS" .IX Header "BUGS" The \fBcheck_private_key\fR functions don't check if \fBk\fR itself is indeed @@ -168,7 +172,7 @@ of a key pair. So if you pass a public key to these functions in \fBk\fR, it wil return success. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3) +\&\fBERR_get_error\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/X509_cmp_time.3 b/secure/lib/libcrypto/man/X509_cmp_time.3 index 135fc1219742..4dfc906c8441 100644 --- a/secure/lib/libcrypto/man/X509_cmp_time.3 +++ b/secure/lib/libcrypto/man/X509_cmp_time.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_CMP_TIME 3" -.TH X509_CMP_TIME 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_CMP_TIME 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,18 +151,18 @@ X509_cmp_time, X509_cmp_current_time, X509_time_adj, X509_time_adj_ex \&\- X509 .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIX509_cmp_time()\fR compares the \s-1ASN1_TIME\s0 in \fBasn1_time\fR with the time -in <cmp_time>. \fIX509_cmp_current_time()\fR compares the \s-1ASN1_TIME\s0 in +\&\fBX509_cmp_time()\fR compares the \s-1ASN1_TIME\s0 in \fBasn1_time\fR with the time +in <cmp_time>. \fBX509_cmp_current_time()\fR compares the \s-1ASN1_TIME\s0 in \&\fBasn1_time\fR with the current time, expressed as time_t. \fBasn1_time\fR must satisfy the \s-1ASN1_TIME\s0 format mandated by \s-1RFC 5280,\s0 i.e., its format must be either \s-1YYMMDDHHMMSSZ\s0 or \s-1YYYYMMDDHHMMSSZ.\s0 .PP -\&\fIX509_time_adj_ex()\fR sets the \s-1ASN1_TIME\s0 structure \fBasn1_time\fR to the time +\&\fBX509_time_adj_ex()\fR sets the \s-1ASN1_TIME\s0 structure \fBasn1_time\fR to the time \&\fBoffset_day\fR and \fBoffset_sec\fR after \fBin_tm\fR. .PP -\&\fIX509_time_adj()\fR sets the \s-1ASN1_TIME\s0 structure \fBasn1_time\fR to the time +\&\fBX509_time_adj()\fR sets the \s-1ASN1_TIME\s0 structure \fBasn1_time\fR to the time \&\fBoffset_sec\fR after \fBin_tm\fR. This method can only handle second -offsets up to the capacity of long, so the newer \fIX509_time_adj_ex()\fR +offsets up to the capacity of long, so the newer \fBX509_time_adj_ex()\fR \&\s-1API\s0 should be preferred. .PP In both methods, if \fBasn1_time\fR is \s-1NULL,\s0 a new \s-1ASN1_TIME\s0 structure @@ -168,15 +172,15 @@ In all methods, if \fBin_tm\fR is \s-1NULL,\s0 the current time, expressed as time_t, is used. .SH "BUGS" .IX Header "BUGS" -Unlike many standard comparison functions, \fIX509_cmp_time()\fR and -\&\fIX509_cmp_current_time()\fR return 0 on error. +Unlike many standard comparison functions, \fBX509_cmp_time()\fR and +\&\fBX509_cmp_current_time()\fR return 0 on error. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509_cmp_time()\fR and \fIX509_cmp_current_time()\fR return \-1 if \fBasn1_time\fR +\&\fBX509_cmp_time()\fR and \fBX509_cmp_current_time()\fR return \-1 if \fBasn1_time\fR is earlier than, or equal to, \fBcmp_time\fR (resp. current time), and 1 otherwise. These methods return 0 on error. .PP -\&\fIX509_time_adj()\fR and \fIX509_time_adj_ex()\fR return a pointer to the updated +\&\fBX509_time_adj()\fR and \fBX509_time_adj_ex()\fR return a pointer to the updated \&\s-1ASN1_TIME\s0 structure, and \s-1NULL\s0 on error. .SH "COPYRIGHT" .IX Header "COPYRIGHT" diff --git a/secure/lib/libcrypto/man/X509_digest.3 b/secure/lib/libcrypto/man/X509_digest.3 index 800c99fa0c77..7d205fa6aaf5 100644 --- a/secure/lib/libcrypto/man/X509_digest.3 +++ b/secure/lib/libcrypto/man/X509_digest.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_DIGEST 3" -.TH X509_DIGEST 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_DIGEST 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -164,13 +168,13 @@ X509_digest, X509_CRL_digest, X509_pubkey_digest, X509_NAME_digest, X509_REQ_dig .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIX509_pubkey_digest()\fR returns a digest of the \s-1DER\s0 representation of the public +\&\fBX509_pubkey_digest()\fR returns a digest of the \s-1DER\s0 representation of the public key in the specified X509 \fBdata\fR object. All other functions described here return a digest of the \s-1DER\s0 representation of their entire \fBdata\fR objects. .PP The \fBtype\fR parameter specifies the digest to -be used, such as \fIEVP_sha1()\fR. The \fBmd\fR is a pointer to the buffer where the +be used, such as \fBEVP_sha1()\fR. The \fBmd\fR is a pointer to the buffer where the digest will be copied and is assumed to be large enough; the constant \&\fB\s-1EVP_MAX_MD_SIZE\s0\fR is suggested. The \fBlen\fR parameter, if not \s-1NULL,\s0 points to a place where the digest size will be stored. @@ -179,7 +183,7 @@ to a place where the digest size will be stored. All functions described here return 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_sha1\fR\|(3) +\&\fBEVP_sha1\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/X509_dup.3 b/secure/lib/libcrypto/man/X509_dup.3 index 93e18c98584d..0ed400bac1cc 100644 --- a/secure/lib/libcrypto/man/X509_dup.3 +++ b/secure/lib/libcrypto/man/X509_dup.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_DUP 3" -.TH X509_DUP 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_DUP 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -164,30 +168,30 @@ such as its fields. (On systems which cannot export variables from shared libraries, the global is instead a function which returns a pointer to a static variable. .PP -The macro \s-1\fIDECLARE_ASN1_FUNCTIONS\s0()\fR is typically used in header files +The macro \s-1\fBDECLARE_ASN1_FUNCTIONS\s0()\fR is typically used in header files to generate the function declarations. .PP -The macro \s-1\fIIMPLEMENT_ASN1_FUNCTIONS\s0()\fR is used once in a source file +The macro \s-1\fBIMPLEMENT_ASN1_FUNCTIONS\s0()\fR is used once in a source file to generate the function bodies. .PP -\&\fITYPE_new()\fR allocates an empty object of the indicated type. -The object returned must be released by calling \fITYPE_free()\fR. +\&\fBTYPE_new()\fR allocates an empty object of the indicated type. +The object returned must be released by calling \fBTYPE_free()\fR. .PP -\&\fITYPE_dup()\fR copies an existing object. +\&\fBTYPE_dup()\fR copies an existing object. .PP -\&\fITYPE_free()\fR releases the object and all pointers and sub-objects +\&\fBTYPE_free()\fR releases the object and all pointers and sub-objects within it. .PP -\&\fITYPE_print_ctx()\fR prints the object \fBa\fR on the specified \s-1BIO\s0 \fBout\fR. +\&\fBTYPE_print_ctx()\fR prints the object \fBa\fR on the specified \s-1BIO\s0 \fBout\fR. Each line will be prefixed with \fBindent\fR spaces. The \fBpctx\fR specifies the printing context and is for internal use; use \s-1NULL\s0 to get the default behavior. If a print function is user-defined, then pass in any \fBpctx\fR down to any nested calls. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fITYPE_new()\fR and \fITYPE_dup()\fR return a pointer to the object or \s-1NULL\s0 on failure. +\&\fBTYPE_new()\fR and \fBTYPE_dup()\fR return a pointer to the object or \s-1NULL\s0 on failure. .PP -\&\fITYPE_print_ctx()\fR returns 1 on success or zero on failure. +\&\fBTYPE_print_ctx()\fR returns 1 on success or zero on failure. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/X509_get0_notBefore.3 b/secure/lib/libcrypto/man/X509_get0_notBefore.3 index 12a6d59b947b..72b45f89e025 100644 --- a/secure/lib/libcrypto/man/X509_get0_notBefore.3 +++ b/secure/lib/libcrypto/man/X509_get0_notBefore.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_GET0_NOTBEFORE 3" -.TH X509_GET0_NOTBEFORE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_GET0_NOTBEFORE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -158,64 +162,64 @@ X509_get0_notBefore, X509_getm_notBefore, X509_get0_notAfter, X509_getm_notAfter .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIX509_get0_notBefore()\fR and \fIX509_get0_notAfter()\fR return the \fBnotBefore\fR +\&\fBX509_get0_notBefore()\fR and \fBX509_get0_notAfter()\fR return the \fBnotBefore\fR and \fBnotAfter\fR fields of certificate \fBx\fR respectively. The value returned is an internal pointer which must not be freed up after the call. .PP -\&\fIX509_getm_notBefore()\fR and \fIX509_getm_notAfter()\fR are similar to -\&\fIX509_get0_notBefore()\fR and \fIX509_get0_notAfter()\fR except they return +\&\fBX509_getm_notBefore()\fR and \fBX509_getm_notAfter()\fR are similar to +\&\fBX509_get0_notBefore()\fR and \fBX509_get0_notAfter()\fR except they return non-constant mutable references to the associated date field of the certificate. .PP -\&\fIX509_set1_notBefore()\fR and \fIX509_set1_notAfter()\fR set the \fBnotBefore\fR +\&\fBX509_set1_notBefore()\fR and \fBX509_set1_notAfter()\fR set the \fBnotBefore\fR and \fBnotAfter\fR fields of \fBx\fR to \fBtm\fR. Ownership of the passed parameter \fBtm\fR is not transferred by these functions so it must be freed up after the call. .PP -\&\fIX509_CRL_get0_lastUpdate()\fR and \fIX509_CRL_get0_nextUpdate()\fR return the +\&\fBX509_CRL_get0_lastUpdate()\fR and \fBX509_CRL_get0_nextUpdate()\fR return the \&\fBlastUpdate\fR and \fBnextUpdate\fR fields of \fBcrl\fR. The value returned is an internal pointer which must not be freed up after the call. If the \fBnextUpdate\fR field is absent from \fBcrl\fR then \&\fB\s-1NULL\s0\fR is returned. .PP -\&\fIX509_CRL_set1_lastUpdate()\fR and \fIX509_CRL_set1_nextUpdate()\fR set the \fBlastUpdate\fR +\&\fBX509_CRL_set1_lastUpdate()\fR and \fBX509_CRL_set1_nextUpdate()\fR set the \fBlastUpdate\fR and \fBnextUpdate\fR fields of \fBcrl\fR to \fBtm\fR. Ownership of the passed parameter \&\fBtm\fR is not transferred by these functions so it must be freed up after the call. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509_get0_notBefore()\fR, \fIX509_get0_notAfter()\fR and \fIX509_CRL_get0_lastUpdate()\fR +\&\fBX509_get0_notBefore()\fR, \fBX509_get0_notAfter()\fR and \fBX509_CRL_get0_lastUpdate()\fR return a pointer to an \fB\s-1ASN1_TIME\s0\fR structure. .PP -\&\fIX509_CRL_get0_lastUpdate()\fR return a pointer to an \fB\s-1ASN1_TIME\s0\fR structure +\&\fBX509_CRL_get0_lastUpdate()\fR return a pointer to an \fB\s-1ASN1_TIME\s0\fR structure or \s-1NULL\s0 if the \fBlastUpdate\fR field is absent. .PP -\&\fIX509_set1_notBefore()\fR, \fIX509_set1_notAfter()\fR, \fIX509_CRL_set1_lastUpdate()\fR and -\&\fIX509_CRL_set1_nextUpdate()\fR return 1 for success or 0 for failure. +\&\fBX509_set1_notBefore()\fR, \fBX509_set1_notAfter()\fR, \fBX509_CRL_set1_lastUpdate()\fR and +\&\fBX509_CRL_set1_nextUpdate()\fR return 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fId2i_X509\fR\|(3), -\&\fIERR_get_error\fR\|(3), -\&\fIX509_CRL_get0_by_serial\fR\|(3), -\&\fIX509_get0_signature\fR\|(3), -\&\fIX509_get_ext_d2i\fR\|(3), -\&\fIX509_get_extension_flags\fR\|(3), -\&\fIX509_get_pubkey\fR\|(3), -\&\fIX509_get_subject_name\fR\|(3), -\&\fIX509_NAME_add_entry_by_txt\fR\|(3), -\&\fIX509_NAME_ENTRY_get_object\fR\|(3), -\&\fIX509_NAME_get_index_by_NID\fR\|(3), -\&\fIX509_NAME_print_ex\fR\|(3), -\&\fIX509_new\fR\|(3), -\&\fIX509_sign\fR\|(3), -\&\fIX509V3_get_d2i\fR\|(3), -\&\fIX509_verify_cert\fR\|(3) +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions are available in all versions of OpenSSL. .PP -\&\fIX509_get_notBefore()\fR and \fIX509_get_notAfter()\fR were deprecated in OpenSSL +\&\fBX509_get_notBefore()\fR and \fBX509_get_notAfter()\fR were deprecated in OpenSSL 1.1.0 .SH "COPYRIGHT" .IX Header "COPYRIGHT" diff --git a/secure/lib/libcrypto/man/X509_get0_signature.3 b/secure/lib/libcrypto/man/X509_get0_signature.3 index e9a7f4837a30..a484c2a7f0ae 100644 --- a/secure/lib/libcrypto/man/X509_get0_signature.3 +++ b/secure/lib/libcrypto/man/X509_get0_signature.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_GET0_SIGNATURE 3" -.TH X509_GET0_SIGNATURE 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_GET0_SIGNATURE 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -167,27 +171,27 @@ X509_get0_signature, X509_get_signature_nid, X509_get0_tbs_sigalg, X509_REQ_get0 .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIX509_get0_signature()\fR sets \fB*psig\fR to the signature of \fBx\fR and \fB*palg\fR +\&\fBX509_get0_signature()\fR sets \fB*psig\fR to the signature of \fBx\fR and \fB*palg\fR to the signature algorithm of \fBx\fR. The values returned are internal pointers which \fB\s-1MUST NOT\s0\fR be freed up after the call. .PP -\&\fIX509_get0_tbs_sigalg()\fR returns the signature algorithm in the signed +\&\fBX509_get0_tbs_sigalg()\fR returns the signature algorithm in the signed portion of \fBx\fR. .PP -\&\fIX509_get_signature_nid()\fR returns the \s-1NID\s0 corresponding to the signature +\&\fBX509_get_signature_nid()\fR returns the \s-1NID\s0 corresponding to the signature algorithm of \fBx\fR. .PP -\&\fIX509_REQ_get0_signature()\fR, \fIX509_REQ_get_signature_nid()\fR -\&\fIX509_CRL_get0_signature()\fR and \fIX509_CRL_get_signature_nid()\fR perform the +\&\fBX509_REQ_get0_signature()\fR, \fBX509_REQ_get_signature_nid()\fR +\&\fBX509_CRL_get0_signature()\fR and \fBX509_CRL_get_signature_nid()\fR perform the same function for certificate requests and CRLs. .PP -\&\fIX509_get_signature_info()\fR retrieves information about the signature of +\&\fBX509_get_signature_info()\fR retrieves information about the signature of certificate \fBx\fR. The \s-1NID\s0 of the signing digest is written to \fB*mdnid\fR, the public key algorithm to \fB*pknid\fR, the effective security bits to \&\fB*secbits\fR and flag details to \fB*flags\fR. Any of the parameters can be set to \fB\s-1NULL\s0\fR if the information is not required. .PP -\&\fIX509_SIG_INFO_get()\fR and \fIX509_SIG_INFO_set()\fR get and set information +\&\fBX509_SIG_INFO_get()\fR and \fBX509_SIG_INFO_set()\fR get and set information about a signature in an \fBX509_SIG_INFO\fR structure. They are only used by implementations of algorithms which need to set custom signature information: most applications will never need to call @@ -196,51 +200,53 @@ them. .IX Header "NOTES" These functions provide lower level access to signatures in certificates where an application wishes to analyse or generate a signature in a form -where \fIX509_sign()\fR et al is not appropriate (for example a non standard +where \fBX509_sign()\fR et al is not appropriate (for example a non standard or unsupported format). .PP -The security bits returned by \fIX509_get_signature_info()\fR refers to information +The security bits returned by \fBX509_get_signature_info()\fR refers to information available from the certificate signature (such as the signing digest). In some cases the actual security of the signature is less because the signing key is less secure: for example a certificate signed using \s-1SHA\-512\s0 and a 1024 bit \s-1RSA\s0 key. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509_get_signature_nid()\fR, \fIX509_REQ_get_signature_nid()\fR and -\&\fIX509_CRL_get_signature_nid()\fR return a \s-1NID.\s0 +\&\fBX509_get_signature_nid()\fR, \fBX509_REQ_get_signature_nid()\fR and +\&\fBX509_CRL_get_signature_nid()\fR return a \s-1NID.\s0 .PP -\&\fIX509_get0_signature()\fR, \fIX509_REQ_get0_signature()\fR and -\&\fIX509_CRL_get0_signature()\fR do not return values. +\&\fBX509_get0_signature()\fR, \fBX509_REQ_get0_signature()\fR and +\&\fBX509_CRL_get0_signature()\fR do not return values. .PP -\&\fIX509_get_signature_info()\fR returns 1 if the signature information +\&\fBX509_get_signature_info()\fR returns 1 if the signature information returned is valid or 0 if the information is not available (e.g. unknown algorithms or malformed parameters). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fId2i_X509\fR\|(3), -\&\fIERR_get_error\fR\|(3), -\&\fIX509_CRL_get0_by_serial\fR\|(3), -\&\fIX509_get_ext_d2i\fR\|(3), -\&\fIX509_get_extension_flags\fR\|(3), -\&\fIX509_get_pubkey\fR\|(3), -\&\fIX509_get_subject_name\fR\|(3), -\&\fIX509_get_version\fR\|(3), -\&\fIX509_NAME_add_entry_by_txt\fR\|(3), -\&\fIX509_NAME_ENTRY_get_object\fR\|(3), -\&\fIX509_NAME_get_index_by_NID\fR\|(3), -\&\fIX509_NAME_print_ex\fR\|(3), -\&\fIX509_new\fR\|(3), -\&\fIX509_sign\fR\|(3), -\&\fIX509V3_get_d2i\fR\|(3), -\&\fIX509_verify_cert\fR\|(3) +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_get_version\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIX509_get0_signature()\fR and \fIX509_get_signature_nid()\fR were first added to -OpenSSL 1.0.2. +The +\&\fBX509_get0_signature()\fR and \fBX509_get_signature_nid()\fR functions were +added in OpenSSL 1.0.2. .PP -\&\fIX509_REQ_get0_signature()\fR, \fIX509_REQ_get_signature_nid()\fR, -\&\fIX509_CRL_get0_signature()\fR and \fIX509_CRL_get_signature_nid()\fR were first added -to OpenSSL 1.1.0. +The +\&\fBX509_REQ_get0_signature()\fR, \fBX509_REQ_get_signature_nid()\fR, +\&\fBX509_CRL_get0_signature()\fR and \fBX509_CRL_get_signature_nid()\fR were +added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/X509_get0_uids.3 b/secure/lib/libcrypto/man/X509_get0_uids.3 index 742fc71a2c40..c05b40139f38 100644 --- a/secure/lib/libcrypto/man/X509_get0_uids.3 +++ b/secure/lib/libcrypto/man/X509_get0_uids.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_GET0_UIDS 3" -.TH X509_GET0_UIDS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_GET0_UIDS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,7 +150,7 @@ X509_get0_uids \- get certificate unique identifiers .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIX509_get0_uids()\fR sets \fB*piuid\fR and \fB*psuid\fR to the issuer and subject unique +\&\fBX509_get0_uids()\fR sets \fB*piuid\fR and \fB*psuid\fR to the issuer and subject unique identifiers of certificate \fBx\fR or \s-1NULL\s0 if the fields are not present. .SH "NOTES" .IX Header "NOTES" @@ -154,26 +158,26 @@ The issuer and subject unique identifier fields are very rarely encountered in practice outside test cases. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509_get0_uids()\fR does not return a value. +\&\fBX509_get0_uids()\fR does not return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fId2i_X509\fR\|(3), -\&\fIERR_get_error\fR\|(3), -\&\fIX509_CRL_get0_by_serial\fR\|(3), -\&\fIX509_get0_signature\fR\|(3), -\&\fIX509_get_ext_d2i\fR\|(3), -\&\fIX509_get_extension_flags\fR\|(3), -\&\fIX509_get_pubkey\fR\|(3), -\&\fIX509_get_subject_name\fR\|(3), -\&\fIX509_get_version\fR\|(3), -\&\fIX509_NAME_add_entry_by_txt\fR\|(3), -\&\fIX509_NAME_ENTRY_get_object\fR\|(3), -\&\fIX509_NAME_get_index_by_NID\fR\|(3), -\&\fIX509_NAME_print_ex\fR\|(3), -\&\fIX509_new\fR\|(3), -\&\fIX509_sign\fR\|(3), -\&\fIX509V3_get_d2i\fR\|(3), -\&\fIX509_verify_cert\fR\|(3) +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_get_version\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/X509_get_extension_flags.3 b/secure/lib/libcrypto/man/X509_get_extension_flags.3 index c0146c0e3195..82ed11dd4fbe 100644 --- a/secure/lib/libcrypto/man/X509_get_extension_flags.3 +++ b/secure/lib/libcrypto/man/X509_get_extension_flags.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_GET_EXTENSION_FLAGS 3" -.TH X509_GET_EXTENSION_FLAGS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_GET_EXTENSION_FLAGS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,11 +159,11 @@ X509_get0_subject_key_id, X509_get0_authority_key_id, X509_get_pathlen, X509_get .IX Header "DESCRIPTION" These functions retrieve information related to commonly used certificate extensions. .PP -\&\fIX509_get_pathlen()\fR retrieves the path length extension from a certificate. +\&\fBX509_get_pathlen()\fR retrieves the path length extension from a certificate. This extension is used to limit the length of a cert chain that may be issued from that \s-1CA.\s0 .PP -\&\fIX509_get_extension_flags()\fR retrieves general information about a certificate, +\&\fBX509_get_extension_flags()\fR retrieves general information about a certificate, it will return one or more of the following flags ored together. .IP "\fB\s-1EXFLAG_V1\s0\fR" 4 .IX Item "EXFLAG_V1" @@ -193,13 +197,13 @@ certificate should be rejected. .IP "\fB\s-1EXFLAG_KUSAGE\s0\fR" 4 .IX Item "EXFLAG_KUSAGE" The certificate contains a key usage extension. The value can be retrieved -using \fIX509_get_key_usage()\fR. +using \fBX509_get_key_usage()\fR. .IP "\fB\s-1EXFLAG_XKUSAGE\s0\fR" 4 .IX Item "EXFLAG_XKUSAGE" The certificate contains an extended key usage extension. The value can be -retrieved using \fIX509_get_extended_key_usage()\fR. +retrieved using \fBX509_get_extended_key_usage()\fR. .PP -\&\fIX509_get_key_usage()\fR returns the value of the key usage extension. If key +\&\fBX509_get_key_usage()\fR returns the value of the key usage extension. If key usage is present will return zero or more of the flags: \&\fB\s-1KU_DIGITAL_SIGNATURE\s0\fR, \fB\s-1KU_NON_REPUDIATION\s0\fR, \fB\s-1KU_KEY_ENCIPHERMENT\s0\fR, \&\fB\s-1KU_DATA_ENCIPHERMENT\s0\fR, \fB\s-1KU_KEY_AGREEMENT\s0\fR, \fB\s-1KU_KEY_CERT_SIGN\s0\fR, @@ -207,7 +211,7 @@ usage is present will return zero or more of the flags: individual key usage bits. If key usage is absent then \fB\s-1UINT32_MAX\s0\fR is returned. .PP -\&\fIX509_get_extended_key_usage()\fR returns the value of the extended key usage +\&\fBX509_get_extended_key_usage()\fR returns the value of the extended key usage extension. If extended key usage is present it will return zero or more of the flags: \fB\s-1XKU_SSL_SERVER\s0\fR, \fB\s-1XKU_SSL_CLIENT\s0\fR, \fB\s-1XKU_SMIME\s0\fR, \fB\s-1XKU_CODE_SIGN\s0\fR \&\fB\s-1XKU_OCSP_SIGN\s0\fR, \fB\s-1XKU_TIMESTAMP\s0\fR, \fB\s-1XKU_DVCS\s0\fR or \fB\s-1XKU_ANYEKU\s0\fR. These @@ -217,63 +221,63 @@ correspond to the OIDs \fBid-kp-serverAuth\fR, \fBid-kp-clientAuth\fR, Additionally \fB\s-1XKU_SGC\s0\fR is set if either Netscape or Microsoft \s-1SGC\s0 OIDs are present. .PP -\&\fIX509_get0_subject_key_id()\fR returns an internal pointer to the subject key +\&\fBX509_get0_subject_key_id()\fR returns an internal pointer to the subject key identifier of \fBx\fR as an \fB\s-1ASN1_OCTET_STRING\s0\fR or \fB\s-1NULL\s0\fR if the extension is not present or cannot be parsed. .PP -\&\fIX509_get0_authority_key_id()\fR returns an internal pointer to the authority key +\&\fBX509_get0_authority_key_id()\fR returns an internal pointer to the authority key identifier of \fBx\fR as an \fB\s-1ASN1_OCTET_STRING\s0\fR or \fB\s-1NULL\s0\fR if the extension is not present or cannot be parsed. .PP -\&\fIX509_set_proxy_flag()\fR marks the certificate with the \fB\s-1EXFLAG_PROXY\s0\fR flag. +\&\fBX509_set_proxy_flag()\fR marks the certificate with the \fB\s-1EXFLAG_PROXY\s0\fR flag. This is for the users who need to mark non\-RFC3820 proxy certificates as such, as OpenSSL only detects \s-1RFC3820\s0 compliant ones. .PP -\&\fIX509_set_proxy_pathlen()\fR sets the proxy certificate path length for the given +\&\fBX509_set_proxy_pathlen()\fR sets the proxy certificate path length for the given certificate \fBx\fR. This is for the users who need to mark non\-RFC3820 proxy certificates as such, as OpenSSL only detects \s-1RFC3820\s0 compliant ones. .PP -\&\fIX509_get_proxy_pathlen()\fR returns the proxy certificate path length for the +\&\fBX509_get_proxy_pathlen()\fR returns the proxy certificate path length for the given certificate \fBx\fR if it is a proxy certificate. .SH "NOTES" .IX Header "NOTES" The value of the flags correspond to extension values which are cached in the \fBX509\fR structure. If the flags returned do not provide sufficient information an application should examine extension values directly -for example using \fIX509_get_ext_d2i()\fR. +for example using \fBX509_get_ext_d2i()\fR. .PP If the key usage or extended key usage extension is absent then typically usage -is unrestricted. For this reason \fIX509_get_key_usage()\fR and -\&\fIX509_get_extended_key_usage()\fR return \fB\s-1UINT32_MAX\s0\fR when the corresponding +is unrestricted. For this reason \fBX509_get_key_usage()\fR and +\&\fBX509_get_extended_key_usage()\fR return \fB\s-1UINT32_MAX\s0\fR when the corresponding extension is absent. Applications can additionally check the return value of -\&\fIX509_get_extension_flags()\fR and take appropriate action is an extension is +\&\fBX509_get_extension_flags()\fR and take appropriate action is an extension is absent. .PP -If \fIX509_get0_subject_key_id()\fR returns \fB\s-1NULL\s0\fR then the extension may be +If \fBX509_get0_subject_key_id()\fR returns \fB\s-1NULL\s0\fR then the extension may be absent or malformed. Applications can determine the precise reason using -\&\fIX509_get_ext_d2i()\fR. +\&\fBX509_get_ext_d2i()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509_get_pathlen()\fR returns the path length value, or \-1 if the extension +\&\fBX509_get_pathlen()\fR returns the path length value, or \-1 if the extension is not present. .PP -\&\fIX509_get_extension_flags()\fR, \fIX509_get_key_usage()\fR and -\&\fIX509_get_extended_key_usage()\fR return sets of flags corresponding to the +\&\fBX509_get_extension_flags()\fR, \fBX509_get_key_usage()\fR and +\&\fBX509_get_extended_key_usage()\fR return sets of flags corresponding to the certificate extension values. .PP -\&\fIX509_get0_subject_key_id()\fR returns the subject key identifier as a +\&\fBX509_get0_subject_key_id()\fR returns the subject key identifier as a pointer to an \fB\s-1ASN1_OCTET_STRING\s0\fR structure or \fB\s-1NULL\s0\fR if the extension is absent or an error occurred during parsing. .PP -\&\fIX509_get_proxy_pathlen()\fR returns the path length value if the given +\&\fBX509_get_proxy_pathlen()\fR returns the path length value if the given certificate is a proxy one and has a path length set, and \-1 otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIX509_check_purpose\fR\|(3) +\&\fBX509_check_purpose\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIX509_get_pathlen()\fR, \fIX509_set_proxy_flag()\fR, \fIX509_set_proxy_pathlen()\fR and -\&\fIX509_get_proxy_pathlen()\fR were added in OpenSSL 1.1.0. +\&\fBX509_get_pathlen()\fR, \fBX509_set_proxy_flag()\fR, \fBX509_set_proxy_pathlen()\fR and +\&\fBX509_get_proxy_pathlen()\fR were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/X509_get_pubkey.3 b/secure/lib/libcrypto/man/X509_get_pubkey.3 index 6fd823acec30..5dae956571c9 100644 --- a/secure/lib/libcrypto/man/X509_get_pubkey.3 +++ b/secure/lib/libcrypto/man/X509_get_pubkey.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_GET_PUBKEY 3" -.TH X509_GET_PUBKEY 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_GET_PUBKEY 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,22 +157,22 @@ X509_get_pubkey, X509_get0_pubkey, X509_set_pubkey, X509_get_X509_PUBKEY, X509_R .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIX509_get_pubkey()\fR attempts to decode the public key for certificate \fBx\fR. If +\&\fBX509_get_pubkey()\fR attempts to decode the public key for certificate \fBx\fR. If successful it returns the public key as an \fB\s-1EVP_PKEY\s0\fR pointer with its reference count incremented: this means the returned key must be freed up -after use. \fIX509_get0_pubkey()\fR is similar except it does \fBnot\fR increment +after use. \fBX509_get0_pubkey()\fR is similar except it does \fBnot\fR increment the reference count of the returned \fB\s-1EVP_PKEY\s0\fR so it must not be freed up after use. .PP -\&\fIX509_get_X509_PUBKEY()\fR returns an internal pointer to the \fBX509_PUBKEY\fR +\&\fBX509_get_X509_PUBKEY()\fR returns an internal pointer to the \fBX509_PUBKEY\fR structure which encodes the certificate of \fBx\fR. The returned value must not be freed up after use. .PP -\&\fIX509_set_pubkey()\fR attempts to set the public key for certificate \fBx\fR to +\&\fBX509_set_pubkey()\fR attempts to set the public key for certificate \fBx\fR to \&\fBpkey\fR. The key \fBpkey\fR should be freed up after use. .PP -\&\fIX509_REQ_get_pubkey()\fR, \fIX509_REQ_get0_pubkey()\fR, \fIX509_REQ_set_pubkey()\fR and -\&\fIX509_REQ_get_X509_PUBKEY()\fR are similar but operate on certificate request \fBreq\fR. +\&\fBX509_REQ_get_pubkey()\fR, \fBX509_REQ_get0_pubkey()\fR, \fBX509_REQ_set_pubkey()\fR and +\&\fBX509_REQ_get_X509_PUBKEY()\fR are similar but operate on certificate request \fBreq\fR. .SH "NOTES" .IX Header "NOTES" The first time a public key is decoded the \fB\s-1EVP_PKEY\s0\fR structure is @@ -177,30 +181,30 @@ return the cached structure with its reference count incremented to improve performance. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509_get_pubkey()\fR, \fIX509_get0_pubkey()\fR, \fIX509_get_X509_PUBKEY()\fR, -\&\fIX509_REQ_get_pubkey()\fR and \fIX509_REQ_get_X509_PUBKEY()\fR return a public key or +\&\fBX509_get_pubkey()\fR, \fBX509_get0_pubkey()\fR, \fBX509_get_X509_PUBKEY()\fR, +\&\fBX509_REQ_get_pubkey()\fR and \fBX509_REQ_get_X509_PUBKEY()\fR return a public key or \&\fB\s-1NULL\s0\fR if an error occurred. .PP -\&\fIX509_set_pubkey()\fR and \fIX509_REQ_set_pubkey()\fR return 1 for success and 0 +\&\fBX509_set_pubkey()\fR and \fBX509_REQ_set_pubkey()\fR return 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fId2i_X509\fR\|(3), -\&\fIERR_get_error\fR\|(3), -\&\fIX509_CRL_get0_by_serial\fR\|(3), -\&\fIX509_get0_signature\fR\|(3), -\&\fIX509_get_ext_d2i\fR\|(3), -\&\fIX509_get_extension_flags\fR\|(3), -\&\fIX509_get_subject_name\fR\|(3), -\&\fIX509_get_version\fR\|(3), -\&\fIX509_NAME_add_entry_by_txt\fR\|(3), -\&\fIX509_NAME_ENTRY_get_object\fR\|(3), -\&\fIX509_NAME_get_index_by_NID\fR\|(3), -\&\fIX509_NAME_print_ex\fR\|(3), -\&\fIX509_new\fR\|(3), -\&\fIX509_sign\fR\|(3), -\&\fIX509V3_get_d2i\fR\|(3), -\&\fIX509_verify_cert\fR\|(3) +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_get_version\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/X509_get_serialNumber.3 b/secure/lib/libcrypto/man/X509_get_serialNumber.3 index 464f1c0020ba..550b90b39ff6 100644 --- a/secure/lib/libcrypto/man/X509_get_serialNumber.3 +++ b/secure/lib/libcrypto/man/X509_get_serialNumber.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_GET_SERIALNUMBER 3" -.TH X509_GET_SERIALNUMBER 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_GET_SERIALNUMBER 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,44 +151,45 @@ X509_get_serialNumber, X509_get0_serialNumber, X509_set_serialNumber \&\- get or .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIX509_get_serialNumber()\fR returns the serial number of certificate \fBx\fR as an +\&\fBX509_get_serialNumber()\fR returns the serial number of certificate \fBx\fR as an \&\fB\s-1ASN1_INTEGER\s0\fR structure which can be examined or initialised. The value returned is an internal pointer which \fB\s-1MUST NOT\s0\fR be freed up after the call. .PP -\&\fIX509_get0_serialNumber()\fR is the same as \fIX509_get_serialNumber()\fR except it +\&\fBX509_get0_serialNumber()\fR is the same as \fBX509_get_serialNumber()\fR except it accepts a const parameter and returns a const result. .PP -\&\fIX509_set_serialNumber()\fR sets the serial number of certificate \fBx\fR to +\&\fBX509_set_serialNumber()\fR sets the serial number of certificate \fBx\fR to \&\fBserial\fR. A copy of the serial number is used internally so \fBserial\fR should be freed up after use. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509_get_serialNumber()\fR and \fIX509_get0_serialNumber()\fR return an \fB\s-1ASN1_INTEGER\s0\fR +\&\fBX509_get_serialNumber()\fR and \fBX509_get0_serialNumber()\fR return an \fB\s-1ASN1_INTEGER\s0\fR structure. .PP -\&\fIX509_set_serialNumber()\fR returns 1 for success and 0 for failure. +\&\fBX509_set_serialNumber()\fR returns 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fId2i_X509\fR\|(3), -\&\fIERR_get_error\fR\|(3), -\&\fIX509_CRL_get0_by_serial\fR\|(3), -\&\fIX509_get0_signature\fR\|(3), -\&\fIX509_get_ext_d2i\fR\|(3), -\&\fIX509_get_extension_flags\fR\|(3), -\&\fIX509_get_pubkey\fR\|(3), -\&\fIX509_get_subject_name\fR\|(3), -\&\fIX509_NAME_add_entry_by_txt\fR\|(3), -\&\fIX509_NAME_ENTRY_get_object\fR\|(3), -\&\fIX509_NAME_get_index_by_NID\fR\|(3), -\&\fIX509_NAME_print_ex\fR\|(3), -\&\fIX509_new\fR\|(3), -\&\fIX509_sign\fR\|(3), -\&\fIX509V3_get_d2i\fR\|(3), -\&\fIX509_verify_cert\fR\|(3) +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIX509_get_serialNumber()\fR and \fIX509_set_serialNumber()\fR are available in -all versions of OpenSSL. \fIX509_get0_serialNumber()\fR was added in OpenSSL 1.1.0. +The \fBX509_get_serialNumber()\fR and \fBX509_set_serialNumber()\fR functions are +available in all versions of OpenSSL. +The \fBX509_get0_serialNumber()\fR function was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/X509_get_subject_name.3 b/secure/lib/libcrypto/man/X509_get_subject_name.3 index b056d3480195..27bed691e71c 100644 --- a/secure/lib/libcrypto/man/X509_get_subject_name.3 +++ b/secure/lib/libcrypto/man/X509_get_subject_name.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_GET_SUBJECT_NAME 3" -.TH X509_GET_SUBJECT_NAME 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_GET_SUBJECT_NAME 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,51 +159,51 @@ X509_get_subject_name, X509_set_subject_name, X509_get_issuer_name, X509_set_iss .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIX509_get_subject_name()\fR returns the subject name of certificate \fBx\fR. The +\&\fBX509_get_subject_name()\fR returns the subject name of certificate \fBx\fR. The returned value is an internal pointer which \fB\s-1MUST NOT\s0\fR be freed. .PP -\&\fIX509_set_subject_name()\fR sets the issuer name of certificate \fBx\fR to +\&\fBX509_set_subject_name()\fR sets the issuer name of certificate \fBx\fR to \&\fBname\fR. The \fBname\fR parameter is copied internally and should be freed up when it is no longer needed. .PP -\&\fIX509_get_issuer_name()\fR and \fIX509_set_issuer_name()\fR are identical to -\&\fIX509_get_subject_name()\fR and \fIX509_set_subject_name()\fR except the get and +\&\fBX509_get_issuer_name()\fR and \fBX509_set_issuer_name()\fR are identical to +\&\fBX509_get_subject_name()\fR and \fBX509_set_subject_name()\fR except the get and set the issuer name of \fBx\fR. .PP -Similarly \fIX509_REQ_get_subject_name()\fR, \fIX509_REQ_set_subject_name()\fR, -\&\fIX509_CRL_get_issuer()\fR and \fIX509_CRL_set_issuer_name()\fR get or set the subject +Similarly \fBX509_REQ_get_subject_name()\fR, \fBX509_REQ_set_subject_name()\fR, +\&\fBX509_CRL_get_issuer()\fR and \fBX509_CRL_set_issuer_name()\fR get or set the subject or issuer names of certificate requests of CRLs respectively. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509_get_subject_name()\fR, \fIX509_get_issuer_name()\fR, \fIX509_REQ_get_subject_name()\fR -and \fIX509_CRL_get_issuer()\fR return an \fBX509_NAME\fR pointer. +\&\fBX509_get_subject_name()\fR, \fBX509_get_issuer_name()\fR, \fBX509_REQ_get_subject_name()\fR +and \fBX509_CRL_get_issuer()\fR return an \fBX509_NAME\fR pointer. .PP -\&\fIX509_set_subject_name()\fR, \fIX509_set_issuer_name()\fR, \fIX509_REQ_set_subject_name()\fR -and \fIX509_CRL_set_issuer_name()\fR return 1 for success and 0 for failure. +\&\fBX509_set_subject_name()\fR, \fBX509_set_issuer_name()\fR, \fBX509_REQ_set_subject_name()\fR +and \fBX509_CRL_set_issuer_name()\fR return 1 for success and 0 for failure. .SH "HISTORY" .IX Header "HISTORY" -\&\fIX509_REQ_get_subject_name()\fR is a function in OpenSSL 1.1.0 and a macro in +\&\fBX509_REQ_get_subject_name()\fR is a function in OpenSSL 1.1.0 and a macro in earlier versions. .PP -\&\fIX509_CRL_get_issuer()\fR is a function in OpenSSL 1.1.0. It was first added -to OpenSSL 1.0.0 as a macro. +\&\fBX509_CRL_get_issuer()\fR is a function in OpenSSL 1.1.0. It was previously +added in OpenSSL 1.0.0 as a macro. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fId2i_X509\fR\|(3), -\&\fIERR_get_error\fR\|(3), \fId2i_X509\fR\|(3) -\&\fIX509_CRL_get0_by_serial\fR\|(3), -\&\fIX509_get0_signature\fR\|(3), -\&\fIX509_get_ext_d2i\fR\|(3), -\&\fIX509_get_extension_flags\fR\|(3), -\&\fIX509_get_pubkey\fR\|(3), -\&\fIX509_NAME_add_entry_by_txt\fR\|(3), -\&\fIX509_NAME_ENTRY_get_object\fR\|(3), -\&\fIX509_NAME_get_index_by_NID\fR\|(3), -\&\fIX509_NAME_print_ex\fR\|(3), -\&\fIX509_new\fR\|(3), -\&\fIX509_sign\fR\|(3), -\&\fIX509V3_get_d2i\fR\|(3), -\&\fIX509_verify_cert\fR\|(3) +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), \fBd2i_X509\fR\|(3) +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/X509_get_version.3 b/secure/lib/libcrypto/man/X509_get_version.3 index 73065034be05..0cc7f4ecc23d 100644 --- a/secure/lib/libcrypto/man/X509_get_version.3 +++ b/secure/lib/libcrypto/man/X509_get_version.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_GET_VERSION 3" -.TH X509_GET_VERSION 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_GET_VERSION 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -152,50 +156,50 @@ X509_get_version, X509_set_version, X509_REQ_get_version, X509_REQ_set_version, .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIX509_get_version()\fR returns the numerical value of the version field of +\&\fBX509_get_version()\fR returns the numerical value of the version field of certificate \fBx\fR. Note: this is defined by standards (X.509 et al) to be one less than the certificate version. So a version 3 certificate will return 2 and a version 1 certificate will return 0. .PP -\&\fIX509_set_version()\fR sets the numerical value of the version field of certificate +\&\fBX509_set_version()\fR sets the numerical value of the version field of certificate \&\fBx\fR to \fBversion\fR. .PP -Similarly \fIX509_REQ_get_version()\fR, \fIX509_REQ_set_version()\fR, -\&\fIX509_CRL_get_version()\fR and \fIX509_CRL_set_version()\fR get and set the version +Similarly \fBX509_REQ_get_version()\fR, \fBX509_REQ_set_version()\fR, +\&\fBX509_CRL_get_version()\fR and \fBX509_CRL_set_version()\fR get and set the version number of certificate requests and CRLs. .SH "NOTES" .IX Header "NOTES" The version field of certificates, certificate requests and CRLs has a -\&\s-1DEFAULT\s0 value of \fB\f(BIv1\fB\|(0)\fR meaning the field should be omitted for version +\&\s-1DEFAULT\s0 value of \fB\fBv1\fB\|(0)\fR meaning the field should be omitted for version 1. This is handled transparently by these functions. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509_get_version()\fR, \fIX509_REQ_get_version()\fR and \fIX509_CRL_get_version()\fR +\&\fBX509_get_version()\fR, \fBX509_REQ_get_version()\fR and \fBX509_CRL_get_version()\fR return the numerical value of the version field. .PP -\&\fIX509_set_version()\fR, \fIX509_REQ_set_version()\fR and \fIX509_CRL_set_version()\fR +\&\fBX509_set_version()\fR, \fBX509_REQ_set_version()\fR and \fBX509_CRL_set_version()\fR return 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fId2i_X509\fR\|(3), -\&\fIERR_get_error\fR\|(3), -\&\fIX509_CRL_get0_by_serial\fR\|(3), -\&\fIX509_get0_signature\fR\|(3), -\&\fIX509_get_ext_d2i\fR\|(3), -\&\fIX509_get_extension_flags\fR\|(3), -\&\fIX509_get_pubkey\fR\|(3), -\&\fIX509_get_subject_name\fR\|(3), -\&\fIX509_NAME_add_entry_by_txt\fR\|(3), -\&\fIX509_NAME_ENTRY_get_object\fR\|(3), -\&\fIX509_NAME_get_index_by_NID\fR\|(3), -\&\fIX509_NAME_print_ex\fR\|(3), -\&\fIX509_new\fR\|(3), -\&\fIX509_sign\fR\|(3), -\&\fIX509V3_get_d2i\fR\|(3), -\&\fIX509_verify_cert\fR\|(3) +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIX509_get_version()\fR, \fIX509_REQ_get_version()\fR and \fIX509_CRL_get_version()\fR are +\&\fBX509_get_version()\fR, \fBX509_REQ_get_version()\fR and \fBX509_CRL_get_version()\fR are functions in OpenSSL 1.1.0, in previous versions they were macros. .SH "COPYRIGHT" .IX Header "COPYRIGHT" diff --git a/secure/lib/libcrypto/man/X509_new.3 b/secure/lib/libcrypto/man/X509_new.3 index de1353f59784..2fe941f2f53c 100644 --- a/secure/lib/libcrypto/man/X509_new.3 +++ b/secure/lib/libcrypto/man/X509_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_NEW 3" -.TH X509_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,54 +155,54 @@ X509_chain_up_ref, X509_new, X509_free, X509_up_ref \- X509 certificate ASN1 all The X509 \s-1ASN1\s0 allocation routines, allocate and free an X509 structure, which represents an X509 certificate. .PP -\&\fIX509_new()\fR allocates and initializes a X509 structure with reference count +\&\fBX509_new()\fR allocates and initializes a X509 structure with reference count \&\fB1\fR. .PP -\&\fIX509_free()\fR decrements the reference count of \fBX509\fR structure \fBa\fR and +\&\fBX509_free()\fR decrements the reference count of \fBX509\fR structure \fBa\fR and frees it up if the reference count is zero. If \fBa\fR is \s-1NULL\s0 nothing is done. .PP -\&\fIX509_up_ref()\fR increments the reference count of \fBa\fR. +\&\fBX509_up_ref()\fR increments the reference count of \fBa\fR. .PP -\&\fIX509_chain_up_ref()\fR increases the reference count of all certificates in +\&\fBX509_chain_up_ref()\fR increases the reference count of all certificates in chain \fBx\fR and returns a copy of the stack. .SH "NOTES" .IX Header "NOTES" -The function \fIX509_up_ref()\fR if useful if a certificate structure is being +The function \fBX509_up_ref()\fR if useful if a certificate structure is being used by several different operations each of which will free it up after use: this avoids the need to duplicate the entire certificate structure. .PP -The function \fIX509_chain_up_ref()\fR doesn't just up the reference count of -each certificate it also returns a copy of the stack, using \fIsk_X509_dup()\fR, +The function \fBX509_chain_up_ref()\fR doesn't just up the reference count of +each certificate it also returns a copy of the stack, using \fBsk_X509_dup()\fR, but it serves a similar purpose: the returned chain persists after the original has been freed. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -If the allocation fails, \fIX509_new()\fR returns \fB\s-1NULL\s0\fR and sets an error -code that can be obtained by \fIERR_get_error\fR\|(3). +If the allocation fails, \fBX509_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by \fBERR_get_error\fR\|(3). Otherwise it returns a pointer to the newly allocated structure. .PP -\&\fIX509_up_ref()\fR returns 1 for success and 0 for failure. +\&\fBX509_up_ref()\fR returns 1 for success and 0 for failure. .PP -\&\fIX509_chain_up_ref()\fR returns a copy of the stack or \fB\s-1NULL\s0\fR if an error +\&\fBX509_chain_up_ref()\fR returns a copy of the stack or \fB\s-1NULL\s0\fR if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fId2i_X509\fR\|(3), -\&\fIERR_get_error\fR\|(3), -\&\fIX509_CRL_get0_by_serial\fR\|(3), -\&\fIX509_get0_signature\fR\|(3), -\&\fIX509_get_ext_d2i\fR\|(3), -\&\fIX509_get_extension_flags\fR\|(3), -\&\fIX509_get_pubkey\fR\|(3), -\&\fIX509_get_subject_name\fR\|(3), -\&\fIX509_get_version\fR\|(3), -\&\fIX509_NAME_add_entry_by_txt\fR\|(3), -\&\fIX509_NAME_ENTRY_get_object\fR\|(3), -\&\fIX509_NAME_get_index_by_NID\fR\|(3), -\&\fIX509_NAME_print_ex\fR\|(3), -\&\fIX509_sign\fR\|(3), -\&\fIX509V3_get_d2i\fR\|(3), -\&\fIX509_verify_cert\fR\|(3) +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_get_version\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/X509_sign.3 b/secure/lib/libcrypto/man/X509_sign.3 index fde61ff41e5c..c323f9f84d75 100644 --- a/secure/lib/libcrypto/man/X509_sign.3 +++ b/secure/lib/libcrypto/man/X509_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_SIGN 3" -.TH X509_SIGN 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_SIGN 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,20 +159,20 @@ X509_sign, X509_sign_ctx, X509_verify, X509_REQ_sign, X509_REQ_sign_ctx, X509_RE .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIX509_sign()\fR signs certificate \fBx\fR using private key \fBpkey\fR and message -digest \fBmd\fR and sets the signature in \fBx\fR. \fIX509_sign_ctx()\fR also signs +\&\fBX509_sign()\fR signs certificate \fBx\fR using private key \fBpkey\fR and message +digest \fBmd\fR and sets the signature in \fBx\fR. \fBX509_sign_ctx()\fR also signs certificate \fBx\fR but uses the parameters contained in digest context \fBctx\fR. .PP -\&\fIX509_verify()\fR verifies the signature of certificate \fBx\fR using public key +\&\fBX509_verify()\fR verifies the signature of certificate \fBx\fR using public key \&\fBpkey\fR. Only the signature is checked: no other checks (such as certificate chain validity) are performed. .PP -\&\fIX509_REQ_sign()\fR, \fIX509_REQ_sign_ctx()\fR, \fIX509_REQ_verify()\fR, -\&\fIX509_CRL_sign()\fR, \fIX509_CRL_sign_ctx()\fR and \fIX509_CRL_verify()\fR sign and verify +\&\fBX509_REQ_sign()\fR, \fBX509_REQ_sign_ctx()\fR, \fBX509_REQ_verify()\fR, +\&\fBX509_CRL_sign()\fR, \fBX509_CRL_sign_ctx()\fR and \fBX509_CRL_verify()\fR sign and verify certificate requests and CRLs respectively. .SH "NOTES" .IX Header "NOTES" -\&\fIX509_sign_ctx()\fR is used where the default parameters for the corresponding +\&\fBX509_sign_ctx()\fR is used where the default parameters for the corresponding public key and digest are not suitable. It can be used to sign keys using RSA-PSS for example. .PP @@ -180,39 +184,39 @@ normally a problem because modifying the signed portion will invalidate the signature and signing will always update the encoding. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509_sign()\fR, \fIX509_sign_ctx()\fR, \fIX509_REQ_sign()\fR, \fIX509_REQ_sign_ctx()\fR, -\&\fIX509_CRL_sign()\fR and \fIX509_CRL_sign_ctx()\fR return the size of the signature +\&\fBX509_sign()\fR, \fBX509_sign_ctx()\fR, \fBX509_REQ_sign()\fR, \fBX509_REQ_sign_ctx()\fR, +\&\fBX509_CRL_sign()\fR and \fBX509_CRL_sign_ctx()\fR return the size of the signature in bytes for success and zero for failure. .PP -\&\fIX509_verify()\fR, \fIX509_REQ_verify()\fR and \fIX509_CRL_verify()\fR return 1 if the +\&\fBX509_verify()\fR, \fBX509_REQ_verify()\fR and \fBX509_CRL_verify()\fR return 1 if the signature is valid and 0 if the signature check fails. If the signature could not be checked at all because it was invalid or some other error occurred then \-1 is returned. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fId2i_X509\fR\|(3), -\&\fIERR_get_error\fR\|(3), -\&\fIX509_CRL_get0_by_serial\fR\|(3), -\&\fIX509_get0_signature\fR\|(3), -\&\fIX509_get_ext_d2i\fR\|(3), -\&\fIX509_get_extension_flags\fR\|(3), -\&\fIX509_get_pubkey\fR\|(3), -\&\fIX509_get_subject_name\fR\|(3), -\&\fIX509_get_version\fR\|(3), -\&\fIX509_NAME_add_entry_by_txt\fR\|(3), -\&\fIX509_NAME_ENTRY_get_object\fR\|(3), -\&\fIX509_NAME_get_index_by_NID\fR\|(3), -\&\fIX509_NAME_print_ex\fR\|(3), -\&\fIX509_new\fR\|(3), -\&\fIX509V3_get_d2i\fR\|(3), -\&\fIX509_verify_cert\fR\|(3) +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_get_version\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIX509_sign()\fR, \fIX509_REQ_sign()\fR and \fIX509_CRL_sign()\fR are available in all -versions of OpenSSL. +The \fBX509_sign()\fR, \fBX509_REQ_sign()\fR and \fBX509_CRL_sign()\fR functions are +available in all versions of OpenSSL. .PP -\&\fIX509_sign_ctx()\fR, \fIX509_REQ_sign_ctx()\fR and \fIX509_CRL_sign_ctx()\fR were first added -to OpenSSL 1.0.1. +The \fBX509_sign_ctx()\fR, \fBX509_REQ_sign_ctx()\fR +and \fBX509_CRL_sign_ctx()\fR functions were added OpenSSL 1.0.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/X509_verify_cert.3 b/secure/lib/libcrypto/man/X509_verify_cert.3 index fab02e6ff4d7..11f4966aa563 100644 --- a/secure/lib/libcrypto/man/X509_verify_cert.3 +++ b/secure/lib/libcrypto/man/X509_verify_cert.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_VERIFY_CERT 3" -.TH X509_VERIFY_CERT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509_VERIFY_CERT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,9 +149,9 @@ X509_verify_cert \- discover and verify X509 certificate chain .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIX509_verify_cert()\fR function attempts to discover and validate a +The \fBX509_verify_cert()\fR function attempts to discover and validate a certificate chain based on parameters in \fBctx\fR. A complete description of -the process is contained in the \fIverify\fR\|(1) manual page. +the process is contained in the \fBverify\fR\|(1) manual page. .SH "RETURN VALUES" .IX Header "RETURN VALUES" If a complete chain can be built and validated this function returns 1, @@ -155,14 +159,14 @@ otherwise it return zero, in exceptional circumstances it can also return a negative code. .PP If the function fails additional error information can be obtained by -examining \fBctx\fR using, for example \fIX509_STORE_CTX_get_error()\fR. +examining \fBctx\fR using, for example \fBX509_STORE_CTX_get_error()\fR. .SH "NOTES" .IX Header "NOTES" Applications rarely call this function directly but it is used by OpenSSL internally for certificate validation, in both the S/MIME and \&\s-1SSL/TLS\s0 code. .PP -A negative return value from \fIX509_verify_cert()\fR can occur if it is invoked +A negative return value from \fBX509_verify_cert()\fR can occur if it is invoked incorrectly, such as with no certificate set in \fBctx\fR, or when it is called twice in succession without reinitialising \fBctx\fR for the second call. A negative return value can also happen due to internal resource problems or if @@ -175,7 +179,7 @@ This function uses the header \fBx509.h\fR as opposed to most chain verification functions which use \fBx509_vfy.h\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIX509_STORE_CTX_get_error\fR\|(3) +\&\fBX509_STORE_CTX_get_error\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2009\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/X509v3_get_ext_by_NID.3 b/secure/lib/libcrypto/man/X509v3_get_ext_by_NID.3 index 2028b107d357..bc153bf47775 100644 --- a/secure/lib/libcrypto/man/X509v3_get_ext_by_NID.3 +++ b/secure/lib/libcrypto/man/X509v3_get_ext_by_NID.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509V3_GET_EXT_BY_NID 3" -.TH X509V3_GET_EXT_BY_NID 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509V3_GET_EXT_BY_NID 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -181,53 +185,53 @@ X509v3_get_ext_count, X509v3_get_ext, X509v3_get_ext_by_NID, X509v3_get_ext_by_O .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIX509v3_get_ext_count()\fR retrieves the number of extensions in \fBx\fR. +\&\fBX509v3_get_ext_count()\fR retrieves the number of extensions in \fBx\fR. .PP -\&\fIX509v3_get_ext()\fR retrieves extension \fBloc\fR from \fBx\fR. The index \fBloc\fR +\&\fBX509v3_get_ext()\fR retrieves extension \fBloc\fR from \fBx\fR. The index \fBloc\fR can take any value from \fB0\fR to X509_get_ext_count(x) \- 1. The returned extension is an internal pointer which \fBmust not\fR be freed up by the application. .PP -\&\fIX509v3_get_ext_by_NID()\fR and \fIX509v3_get_ext_by_OBJ()\fR look for an extension +\&\fBX509v3_get_ext_by_NID()\fR and \fBX509v3_get_ext_by_OBJ()\fR look for an extension with \fBnid\fR or \fBobj\fR from extension stack \fBx\fR. The search starts from the extension after \fBlastpos\fR or from the beginning if <lastpos> is \fB\-1\fR. If the extension is found its index is returned otherwise \fB\-1\fR is returned. .PP -\&\fIX509v3_get_ext_by_critical()\fR is similar to \fIX509v3_get_ext_by_NID()\fR except it +\&\fBX509v3_get_ext_by_critical()\fR is similar to \fBX509v3_get_ext_by_NID()\fR except it looks for an extension of criticality \fBcrit\fR. A zero value for \fBcrit\fR looks for a non-critical extension a non-zero value looks for a critical extension. .PP -\&\fIX509v3_delete_ext()\fR deletes the extension with index \fBloc\fR from \fBx\fR. The +\&\fBX509v3_delete_ext()\fR deletes the extension with index \fBloc\fR from \fBx\fR. The deleted extension is returned and must be freed by the caller. If \fBloc\fR is in invalid index value \fB\s-1NULL\s0\fR is returned. .PP -\&\fIX509v3_add_ext()\fR adds extension \fBex\fR to stack \fB*x\fR at position \fBloc\fR. If +\&\fBX509v3_add_ext()\fR adds extension \fBex\fR to stack \fB*x\fR at position \fBloc\fR. If \&\fBloc\fR is \fB\-1\fR the new extension is added to the end. If \fB*x\fR is \fB\s-1NULL\s0\fR a new stack will be allocated. The passed extension \fBex\fR is duplicated internally so it must be freed after use. .PP -\&\fIX509_get_ext_count()\fR, \fIX509_get_ext()\fR, \fIX509_get_ext_by_NID()\fR, -\&\fIX509_get_ext_by_OBJ()\fR, \fIX509_get_ext_by_critical()\fR, \fIX509_delete_ext()\fR -and \fIX509_add_ext()\fR operate on the extensions of certificate \fBx\fR they are +\&\fBX509_get_ext_count()\fR, \fBX509_get_ext()\fR, \fBX509_get_ext_by_NID()\fR, +\&\fBX509_get_ext_by_OBJ()\fR, \fBX509_get_ext_by_critical()\fR, \fBX509_delete_ext()\fR +and \fBX509_add_ext()\fR operate on the extensions of certificate \fBx\fR they are otherwise identical to the X509v3 functions. .PP -\&\fIX509_CRL_get_ext_count()\fR, \fIX509_CRL_get_ext()\fR, \fIX509_CRL_get_ext_by_NID()\fR, -\&\fIX509_CRL_get_ext_by_OBJ()\fR, \fIX509_CRL_get_ext_by_critical()\fR, -\&\fIX509_CRL_delete_ext()\fR and \fIX509_CRL_add_ext()\fR operate on the extensions of +\&\fBX509_CRL_get_ext_count()\fR, \fBX509_CRL_get_ext()\fR, \fBX509_CRL_get_ext_by_NID()\fR, +\&\fBX509_CRL_get_ext_by_OBJ()\fR, \fBX509_CRL_get_ext_by_critical()\fR, +\&\fBX509_CRL_delete_ext()\fR and \fBX509_CRL_add_ext()\fR operate on the extensions of \&\s-1CRL\s0 \fBx\fR they are otherwise identical to the X509v3 functions. .PP -\&\fIX509_REVOKED_get_ext_count()\fR, \fIX509_REVOKED_get_ext()\fR, -\&\fIX509_REVOKED_get_ext_by_NID()\fR, \fIX509_REVOKED_get_ext_by_OBJ()\fR, -\&\fIX509_REVOKED_get_ext_by_critical()\fR, \fIX509_REVOKED_delete_ext()\fR and -\&\fIX509_REVOKED_add_ext()\fR operate on the extensions of \s-1CRL\s0 entry \fBx\fR +\&\fBX509_REVOKED_get_ext_count()\fR, \fBX509_REVOKED_get_ext()\fR, +\&\fBX509_REVOKED_get_ext_by_NID()\fR, \fBX509_REVOKED_get_ext_by_OBJ()\fR, +\&\fBX509_REVOKED_get_ext_by_critical()\fR, \fBX509_REVOKED_delete_ext()\fR and +\&\fBX509_REVOKED_add_ext()\fR operate on the extensions of \s-1CRL\s0 entry \fBx\fR they are otherwise identical to the X509v3 functions. .SH "NOTES" .IX Header "NOTES" These functions are used to examine stacks of extensions directly. Many applications will want to parse or encode and add an extension: they should use the extension encode and decode functions instead such as -\&\fIX509_add1_ext_i2d()\fR and \fIX509_get_ext_d2i()\fR. +\&\fBX509_add1_ext_i2d()\fR and \fBX509_get_ext_d2i()\fR. .PP Extension indices start from zero, so a zero index return value is \fBnot\fR an error. These search functions start from the extension \fBafter\fR the \fBlastpos\fR @@ -235,21 +239,21 @@ parameter so it should initially be set to \fB\-1\fR, if it is set to zero the initial extension will not be checked. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509v3_get_ext_count()\fR returns the extension count. +\&\fBX509v3_get_ext_count()\fR returns the extension count. .PP -\&\fIX509v3_get_ext()\fR, \fIX509v3_delete_ext()\fR and \fIX509_delete_ext()\fR return an +\&\fBX509v3_get_ext()\fR, \fBX509v3_delete_ext()\fR and \fBX509_delete_ext()\fR return an \&\fBX509_EXTENSION\fR pointer or \fB\s-1NULL\s0\fR if an error occurs. .PP -\&\fIX509v3_get_ext_by_NID()\fR \fIX509v3_get_ext_by_OBJ()\fR and -\&\fIX509v3_get_ext_by_critical()\fR return the an extension index or \fB\-1\fR if an +\&\fBX509v3_get_ext_by_NID()\fR \fBX509v3_get_ext_by_OBJ()\fR and +\&\fBX509v3_get_ext_by_critical()\fR return the an extension index or \fB\-1\fR if an error occurs. .PP -\&\fIX509v3_add_ext()\fR returns a stack of extensions or \fB\s-1NULL\s0\fR on error. +\&\fBX509v3_add_ext()\fR returns a stack of extensions or \fB\s-1NULL\s0\fR on error. .PP -\&\fIX509_add_ext()\fR returns 1 on success and 0 on error. +\&\fBX509_add_ext()\fR returns 1 on success and 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIX509V3_get_d2i\fR\|(3) +\&\fBX509V3_get_d2i\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/d2i_DHparams.3 b/secure/lib/libcrypto/man/d2i_DHparams.3 index 96733a383166..5f8bc547f453 100644 --- a/secure/lib/libcrypto/man/d2i_DHparams.3 +++ b/secure/lib/libcrypto/man/d2i_DHparams.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "D2I_DHPARAMS 3" -.TH D2I_DHPARAMS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH D2I_DHPARAMS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,17 +153,17 @@ d2i_DHparams, i2d_DHparams \- PKCS#3 DH parameter functions These functions decode and encode PKCS#3 \s-1DH\s0 parameters using the DHparameter structure described in PKCS#3. .PP -Otherwise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR -described in the \fId2i_X509\fR\|(3) manual page. +Otherwise these behave in a similar way to \fBd2i_X509()\fR and \fBi2d_X509()\fR +described in the \fBd2i_X509\fR\|(3) manual page. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fId2i_DHparams()\fR returns a valid \fB\s-1DH\s0\fR structure or \s-1NULL\s0 if an error occurred. +\&\fBd2i_DHparams()\fR returns a valid \fB\s-1DH\s0\fR structure or \s-1NULL\s0 if an error occurred. .PP -\&\fIi2d_DHparams()\fR returns the length of encoded data on success or a value which +\&\fBi2d_DHparams()\fR returns the length of encoded data on success or a value which is less than or equal to 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fId2i_X509\fR\|(3) +\&\fBd2i_X509\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey_bio.3 b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey_bio.3 index b2a78550aaf9..b3f9e592d1f2 100644 --- a/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey_bio.3 +++ b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey_bio.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "D2I_PKCS8PRIVATEKEY_BIO 3" -.TH D2I_PKCS8PRIVATEKEY_BIO 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH D2I_PKCS8PRIVATEKEY_BIO 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -166,29 +170,29 @@ The PKCS#8 functions encode and decode private keys in PKCS#8 format using both PKCS#5 v1.5 and PKCS#5 v2.0 password based encryption algorithms. .PP Other than the use of \s-1DER\s0 as opposed to \s-1PEM\s0 these functions are identical to the -corresponding \fB\s-1PEM\s0\fR function as described in \fIPEM_read_PrivateKey\fR\|(3). +corresponding \fB\s-1PEM\s0\fR function as described in \fBPEM_read_PrivateKey\fR\|(3). .SH "NOTES" .IX Header "NOTES" These functions are currently the only way to store encrypted private keys using \s-1DER\s0 format. .PP Currently all the functions use BIOs or \s-1FILE\s0 pointers, there are no functions which work directly on memory: this can be readily worked around by converting the buffers -to memory BIOs, see \fIBIO_s_mem\fR\|(3) for details. +to memory BIOs, see \fBBIO_s_mem\fR\|(3) for details. .PP These functions make no assumption regarding the pass phrase received from the password callback. It will simply be treated as a byte sequence. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fId2i_PKCS8PrivateKey_bio()\fR and \fId2i_PKCS8PrivateKey_fp()\fR return a valid \fB\s-1EVP_PKEY\s0\fR +\&\fBd2i_PKCS8PrivateKey_bio()\fR and \fBd2i_PKCS8PrivateKey_fp()\fR return a valid \fB\s-1EVP_PKEY\s0\fR structure or \s-1NULL\s0 if an error occurred. .PP -\&\fIi2d_PKCS8PrivateKey_bio()\fR, \fIi2d_PKCS8PrivateKey_fp()\fR, \fIi2d_PKCS8PrivateKey_nid_bio()\fR -and \fIi2d_PKCS8PrivateKey_nid_fp()\fR return 1 on success or 0 on error. +\&\fBi2d_PKCS8PrivateKey_bio()\fR, \fBi2d_PKCS8PrivateKey_fp()\fR, \fBi2d_PKCS8PrivateKey_nid_bio()\fR +and \fBi2d_PKCS8PrivateKey_nid_fp()\fR return 1 on success or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIPEM_read_PrivateKey\fR\|(3), -\&\fIpassphrase\-encoding\fR\|(7) +\&\fBPEM_read_PrivateKey\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/d2i_PrivateKey.3 b/secure/lib/libcrypto/man/d2i_PrivateKey.3 index c7fbaf861cf9..d43f6cb97558 100644 --- a/secure/lib/libcrypto/man/d2i_PrivateKey.3 +++ b/secure/lib/libcrypto/man/d2i_PrivateKey.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "D2I_PRIVATEKEY 3" -.TH D2I_PRIVATEKEY 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH D2I_PRIVATEKEY 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,45 +159,49 @@ d2i_PrivateKey, d2i_PublicKey, d2i_AutoPrivateKey, i2d_PrivateKey, i2d_PublicKey .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fId2i_PrivateKey()\fR decodes a private key using algorithm \fBtype\fR. It attempts to +\&\fBd2i_PrivateKey()\fR decodes a private key using algorithm \fBtype\fR. It attempts to use any key specific format or PKCS#8 unencrypted PrivateKeyInfo format. The \&\fBtype\fR parameter should be a public key algorithm constant such as \&\fB\s-1EVP_PKEY_RSA\s0\fR. An error occurs if the decoded key does not match \fBtype\fR. -\&\fId2i_PublicKey()\fR does the same for public keys. +\&\fBd2i_PublicKey()\fR does the same for public keys. .PP -\&\fId2i_AutoPrivateKey()\fR is similar to \fId2i_PrivateKey()\fR except it attempts to +\&\fBd2i_AutoPrivateKey()\fR is similar to \fBd2i_PrivateKey()\fR except it attempts to automatically detect the private key format. .PP -\&\fIi2d_PrivateKey()\fR encodes \fBkey\fR. It uses a key specific format or, if none is +\&\fBi2d_PrivateKey()\fR encodes \fBkey\fR. It uses a key specific format or, if none is defined for that key type, PKCS#8 unencrypted PrivateKeyInfo format. -\&\fIi2d_PublicKey()\fR does the same for public keys. +\&\fBi2d_PublicKey()\fR does the same for public keys. .PP -These functions are similar to the \fId2i_X509()\fR functions; see \fId2i_X509\fR\|(3). +These functions are similar to the \fBd2i_X509()\fR functions; see \fBd2i_X509\fR\|(3). .SH "NOTES" .IX Header "NOTES" All these functions use \s-1DER\s0 format and unencrypted keys. Applications wishing to encrypt or decrypt private keys should use other functions such as -\&\fId2i_PKCS8PrivateKey()\fR instead. +\&\fBd2i_PKCS8PrivateKey()\fR instead. .PP -If the \fB*a\fR is not \s-1NULL\s0 when calling \fId2i_PrivateKey()\fR or \fId2i_AutoPrivateKey()\fR +If the \fB*a\fR is not \s-1NULL\s0 when calling \fBd2i_PrivateKey()\fR or \fBd2i_AutoPrivateKey()\fR (i.e. an existing structure is being reused) and the key format is PKCS#8 then \fB*a\fR will be freed and replaced on a successful call. +.PP +To decode a key with type \fB\s-1EVP_PKEY_EC\s0\fR, \fBd2i_PublicKey()\fR requires \fB*a\fR to be +a non-NULL \s-1EVP_PKEY\s0 structure assigned an \s-1EC_KEY\s0 structure referencing the proper +\&\s-1EC_GROUP.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fId2i_PrivateKey()\fR and \fId2i_AutoPrivateKey()\fR return a valid \fB\s-1EVP_KEY\s0\fR structure -or \fB\s-1NULL\s0\fR if an error occurs. The error code can be obtained by calling -\&\fIERR_get_error\fR\|(3). +The \fBd2i_PrivateKey()\fR, \fBd2i_AutoPrivateKey()\fR, \fBd2i_PrivateKey_bio()\fR, \fBd2i_PrivateKey_fp()\fR, +and \fBd2i_PublicKey()\fR functions return a valid \fB\s-1EVP_KEY\s0\fR structure or \fB\s-1NULL\s0\fR if an +error occurs. The error code can be obtained by calling \fBERR_get_error\fR\|(3). .PP -\&\fIi2d_PrivateKey()\fR returns the number of bytes successfully encoded or a -negative value if an error occurs. The error code can be obtained by calling -\&\fIERR_get_error\fR\|(3). +\&\fBi2d_PrivateKey()\fR and \fBi2d_PublicKey()\fR return the number of bytes successfully +encoded or a negative value if an error occurs. The error code can be obtained +by calling \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrypto\fR\|(7), -\&\fId2i_PKCS8PrivateKey_bio\fR\|(3) +\&\fBcrypto\fR\|(7), +\&\fBd2i_PKCS8PrivateKey_bio\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/d2i_SSL_SESSION.3 b/secure/lib/libcrypto/man/d2i_SSL_SESSION.3 index 082f9f6970a5..e5b054d3076c 100644 --- a/secure/lib/libcrypto/man/d2i_SSL_SESSION.3 +++ b/secure/lib/libcrypto/man/d2i_SSL_SESSION.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "D2I_SSL_SESSION 3" -.TH D2I_SSL_SESSION 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH D2I_SSL_SESSION 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,7 +152,7 @@ d2i_SSL_SESSION, i2d_SSL_SESSION \- convert SSL_SESSION object from/to ASN1 repr .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions decode and encode an \s-1SSL_SESSION\s0 object. -For encoding details see \fId2i_X509\fR\|(3). +For encoding details see \fBd2i_X509\fR\|(3). .PP \&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. @@ -157,17 +161,17 @@ only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created from this \s-1SSL_CTX\s0 object). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fId2i_SSL_SESSION()\fR returns a pointer to the newly allocated \s-1SSL_SESSION\s0 +\&\fBd2i_SSL_SESSION()\fR returns a pointer to the newly allocated \s-1SSL_SESSION\s0 object. In case of failure the NULL-pointer is returned and the error message can be retrieved from the error stack. .PP -\&\fIi2d_SSL_SESSION()\fR returns the size of the \s-1ASN1\s0 representation in bytes. +\&\fBi2d_SSL_SESSION()\fR returns the size of the \s-1ASN1\s0 representation in bytes. When the session is not valid, \fB0\fR is returned and no operation is performed. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_SESSION_free\fR\|(3), -\&\fISSL_CTX_sess_set_get_cb\fR\|(3), -\&\fId2i_X509\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_SESSION_free\fR\|(3), +\&\fBSSL_CTX_sess_set_get_cb\fR\|(3), +\&\fBd2i_X509\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/d2i_X509.3 b/secure/lib/libcrypto/man/d2i_X509.3 index 0f9e840e9f46..23f845b5358c 100644 --- a/secure/lib/libcrypto/man/d2i_X509.3 +++ b/secure/lib/libcrypto/man/d2i_X509.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "D2I_X509 3" -.TH D2I_X509 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH D2I_X509 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -159,7 +163,7 @@ encoding. Unlike the C structures which can have pointers to sub-objects within, the \s-1DER\s0 is a serialized encoding, suitable for sending over the network, writing to a file, and so on. .PP -\&\fId2i_TYPE()\fR attempts to decode \fBlen\fR bytes at \fB*ppin\fR. If successful a +\&\fBd2i_TYPE()\fR attempts to decode \fBlen\fR bytes at \fB*ppin\fR. If successful a pointer to the \fB\s-1TYPE\s0\fR structure is returned and \fB*ppin\fR is incremented to the byte following the parsed data. If \fBa\fR is not \fB\s-1NULL\s0\fR then a pointer to the returned structure is also written to \fB*a\fR. If an error occurred @@ -171,13 +175,13 @@ contains a valid \fB\s-1TYPE\s0\fR structure and an attempt is made to reuse it. \&\fBstrongly discouraged\fR (see \s-1BUGS\s0 below, and the discussion in the \s-1RETURN VALUES\s0 section). .PP -\&\fId2i_TYPE_bio()\fR is similar to \fId2i_TYPE()\fR except it attempts +\&\fBd2i_TYPE_bio()\fR is similar to \fBd2i_TYPE()\fR except it attempts to parse data from \s-1BIO\s0 \fBbp\fR. .PP -\&\fId2i_TYPE_fp()\fR is similar to \fId2i_TYPE()\fR except it attempts +\&\fBd2i_TYPE_fp()\fR is similar to \fBd2i_TYPE()\fR except it attempts to parse data from \s-1FILE\s0 pointer \fBfp\fR. .PP -\&\fIi2d_TYPE()\fR encodes the structure pointed to by \fBa\fR into \s-1DER\s0 format. +\&\fBi2d_TYPE()\fR encodes the structure pointed to by \fBa\fR into \s-1DER\s0 format. If \fBppout\fR is not \fB\s-1NULL\s0\fR, it writes the \s-1DER\s0 encoded data to the buffer at \fB*ppout\fR, and increments it to point after the data just written. If the return value is negative an error occurred, otherwise it @@ -187,16 +191,16 @@ If \fB*ppout\fR is \fB\s-1NULL\s0\fR memory will be allocated for a buffer and t data written to it. In this case \fB*ppout\fR is not incremented and it points to the start of the data just written. .PP -\&\fIi2d_TYPE_bio()\fR is similar to \fIi2d_TYPE()\fR except it writes +\&\fBi2d_TYPE_bio()\fR is similar to \fBi2d_TYPE()\fR except it writes the encoding of the structure \fBa\fR to \s-1BIO\s0 \fBbp\fR and it returns 1 for success and 0 for failure. .PP -\&\fIi2d_TYPE_fp()\fR is similar to \fIi2d_TYPE()\fR except it writes +\&\fBi2d_TYPE_fp()\fR is similar to \fBi2d_TYPE()\fR except it writes the encoding of the structure \fBa\fR to \s-1BIO\s0 \fBbp\fR and it returns 1 for success and 0 for failure. .PP These routines do not encrypt private keys and therefore offer no -security; use \fIPEM_write_PrivateKey\fR\|(3) or similar for writing to files. +security; use \fBPEM_write_PrivateKey\fR\|(3) or similar for writing to files. .SH "NOTES" .IX Header "NOTES" The letters \fBi\fR and \fBd\fR in \fBi2d_TYPE\fR stand for @@ -205,13 +209,13 @@ So \fBi2d_TYPE\fR converts from internal to \s-1DER.\s0 .PP The functions can also understand \fB\s-1BER\s0\fR forms. .PP -The actual \s-1TYPE\s0 structure passed to \fIi2d_TYPE()\fR must be a valid +The actual \s-1TYPE\s0 structure passed to \fBi2d_TYPE()\fR must be a valid populated \fB\s-1TYPE\s0\fR structure \*(-- it \fBcannot\fR simply be fed with an -empty structure such as that returned by \fITYPE_new()\fR. +empty structure such as that returned by \fBTYPE_new()\fR. .PP The encoded data is in binary form and may contain embedded zeroes. Therefore any \s-1FILE\s0 pointers or BIOs should be opened in binary mode. -Functions such as \fIstrlen()\fR will \fBnot\fR return the correct length +Functions such as \fBstrlen()\fR will \fBnot\fR return the correct length of the encoded structure. .PP The ways that \fB*ppin\fR and \fB*ppout\fR are incremented after the operation @@ -237,7 +241,7 @@ Represents a \s-1DSA\s0 public key using a \fBSubjectPublicKeyInfo\fR structure. .IP "\fBDSAPublicKey, DSAPrivateKey\fR" 4 .IX Item "DSAPublicKey, DSAPrivateKey" Use a non-standard OpenSSL format and should be avoided; use \fB\s-1DSA_PUBKEY\s0\fR, -\&\fB\f(BIPEM_write_PrivateKey\fB\|(3)\fR, or similar instead. +\&\fB\fBPEM_write_PrivateKey\fB\|(3)\fR, or similar instead. .IP "\fBRSAPublicKey\fR" 4 .IX Item "RSAPublicKey" Represents a PKCS#1 \s-1RSA\s0 public key structure. @@ -316,10 +320,10 @@ mistake is to attempt to use a buffer directly as follows: .PP This code will result in \fBbuf\fR apparently containing garbage because it was incremented after the call to point after the data just written. -Also \fBbuf\fR will no longer contain the pointer allocated by \fIOPENSSL_malloc()\fR -and the subsequent call to \fIOPENSSL_free()\fR is likely to crash. +Also \fBbuf\fR will no longer contain the pointer allocated by \fBOPENSSL_malloc()\fR +and the subsequent call to \fBOPENSSL_free()\fR is likely to crash. .PP -Another trap to avoid is misuse of the \fBa\fR argument to \fId2i_TYPE()\fR: +Another trap to avoid is misuse of the \fBa\fR argument to \fBd2i_TYPE()\fR: .PP .Vb 1 \& X509 *x; @@ -328,41 +332,41 @@ Another trap to avoid is misuse of the \fBa\fR argument to \fId2i_TYPE()\fR: \& /* error */ .Ve .PP -This will probably crash somewhere in \fId2i_X509()\fR. The reason for this +This will probably crash somewhere in \fBd2i_X509()\fR. The reason for this is that the variable \fBx\fR is uninitialized and an attempt will be made to interpret its (invalid) value as an \fBX509\fR structure, typically causing a segmentation violation. If \fBx\fR is set to \s-1NULL\s0 first then this will not happen. .SH "BUGS" .IX Header "BUGS" -In some versions of OpenSSL the \*(L"reuse\*(R" behaviour of \fId2i_TYPE()\fR when +In some versions of OpenSSL the \*(L"reuse\*(R" behaviour of \fBd2i_TYPE()\fR when \&\fB*px\fR is valid is broken and some parts of the reused structure may persist if they are not present in the new one. As a result the use of this \*(L"reuse\*(R" behaviour is strongly discouraged. .PP -\&\fIi2d_TYPE()\fR will not return an error in many versions of OpenSSL, +\&\fBi2d_TYPE()\fR will not return an error in many versions of OpenSSL, if mandatory fields are not initialized due to a programming error then the encoded structure may contain invalid data or omit the -fields entirely and will not be parsed by \fId2i_TYPE()\fR. This may be -fixed in future so code should not assume that \fIi2d_TYPE()\fR will +fields entirely and will not be parsed by \fBd2i_TYPE()\fR. This may be +fixed in future so code should not assume that \fBi2d_TYPE()\fR will always succeed. .PP -Any function which encodes a structure (\fIi2d_TYPE()\fR, -\&\fIi2d_TYPE()\fR or \fIi2d_TYPE()\fR) may return a stale encoding if the +Any function which encodes a structure (\fBi2d_TYPE()\fR, +\&\fBi2d_TYPE()\fR or \fBi2d_TYPE()\fR) may return a stale encoding if the structure has been modified after deserialization or previous serialization. This is because some objects cache the encoding for efficiency reasons. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fId2i_TYPE()\fR, \fId2i_TYPE_bio()\fR and \fId2i_TYPE_fp()\fR return a valid \fB\s-1TYPE\s0\fR structure +\&\fBd2i_TYPE()\fR, \fBd2i_TYPE_bio()\fR and \fBd2i_TYPE_fp()\fR return a valid \fB\s-1TYPE\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurs. If the \*(L"reuse\*(R" capability has been used with a valid structure being passed in via \fBa\fR, then the object is not freed in the event of error but may be in a potentially invalid or inconsistent state. .PP -\&\fIi2d_TYPE()\fR returns the number of bytes successfully encoded or a negative +\&\fBi2d_TYPE()\fR returns the number of bytes successfully encoded or a negative value if an error occurs. .PP -\&\fIi2d_TYPE_bio()\fR and \fIi2d_TYPE_fp()\fR return 1 for success and 0 if an error +\&\fBi2d_TYPE_bio()\fR and \fBi2d_TYPE_fp()\fR return 1 for success and 0 if an error occurs. .SH "COPYRIGHT" .IX Header "COPYRIGHT" diff --git a/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 b/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 index c7cd21d8225a..6894341d076b 100644 --- a/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 +++ b/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "I2D_CMS_BIO_STREAM 3" -.TH I2D_CMS_BIO_STREAM 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH I2D_CMS_BIO_STREAM 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,29 +149,29 @@ i2d_CMS_bio_stream \- output CMS_ContentInfo structure in BER format .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIi2d_CMS_bio_stream()\fR outputs a CMS_ContentInfo structure in \s-1BER\s0 format. +\&\fBi2d_CMS_bio_stream()\fR outputs a CMS_ContentInfo structure in \s-1BER\s0 format. .PP -It is otherwise identical to the function \fISMIME_write_CMS()\fR. +It is otherwise identical to the function \fBSMIME_write_CMS()\fR. .SH "NOTES" .IX Header "NOTES" -This function is effectively a version of the \fIi2d_CMS_bio()\fR supporting +This function is effectively a version of the \fBi2d_CMS_bio()\fR supporting streaming. .SH "BUGS" .IX Header "BUGS" The prefix \*(L"i2d\*(R" is arguably wrong because the function outputs \s-1BER\s0 format. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIi2d_CMS_bio_stream()\fR returns 1 for success or 0 for failure. +\&\fBi2d_CMS_bio_stream()\fR returns 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), -\&\fICMS_verify\fR\|(3), \fICMS_encrypt\fR\|(3) -\&\fICMS_decrypt\fR\|(3), -\&\fISMIME_write_CMS\fR\|(3), -\&\fIPEM_write_bio_CMS_stream\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_verify\fR\|(3), \fBCMS_encrypt\fR\|(3) +\&\fBCMS_decrypt\fR\|(3), +\&\fBSMIME_write_CMS\fR\|(3), +\&\fBPEM_write_bio_CMS_stream\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIi2d_CMS_bio_stream()\fR was added to OpenSSL 1.0.0 +The \fBi2d_CMS_bio_stream()\fR function was added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 b/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 index feb2a63d5bcb..fc1d08214eb9 100644 --- a/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 +++ b/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "I2D_PKCS7_BIO_STREAM 3" -.TH I2D_PKCS7_BIO_STREAM 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH I2D_PKCS7_BIO_STREAM 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,29 +149,29 @@ i2d_PKCS7_bio_stream \- output PKCS7 structure in BER format .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIi2d_PKCS7_bio_stream()\fR outputs a \s-1PKCS7\s0 structure in \s-1BER\s0 format. +\&\fBi2d_PKCS7_bio_stream()\fR outputs a \s-1PKCS7\s0 structure in \s-1BER\s0 format. .PP -It is otherwise identical to the function \fISMIME_write_PKCS7()\fR. +It is otherwise identical to the function \fBSMIME_write_PKCS7()\fR. .SH "NOTES" .IX Header "NOTES" -This function is effectively a version of the \fId2i_PKCS7_bio()\fR supporting +This function is effectively a version of the \fBd2i_PKCS7_bio()\fR supporting streaming. .SH "BUGS" .IX Header "BUGS" The prefix \*(L"i2d\*(R" is arguably wrong because the function outputs \s-1BER\s0 format. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIi2d_PKCS7_bio_stream()\fR returns 1 for success or 0 for failure. +\&\fBi2d_PKCS7_bio_stream()\fR returns 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3), -\&\fIPKCS7_verify\fR\|(3), \fIPKCS7_encrypt\fR\|(3) -\&\fIPKCS7_decrypt\fR\|(3), -\&\fISMIME_write_PKCS7\fR\|(3), -\&\fIPEM_write_bio_PKCS7_stream\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3), +\&\fBPKCS7_verify\fR\|(3), \fBPKCS7_encrypt\fR\|(3) +\&\fBPKCS7_decrypt\fR\|(3), +\&\fBSMIME_write_PKCS7\fR\|(3), +\&\fBPEM_write_bio_PKCS7_stream\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIi2d_PKCS7_bio_stream()\fR was added to OpenSSL 1.0.0 +The \fBi2d_PKCS7_bio_stream()\fR function was added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/i2d_re_X509_tbs.3 b/secure/lib/libcrypto/man/i2d_re_X509_tbs.3 index 036aea450d7b..2e76321ff47f 100644 --- a/secure/lib/libcrypto/man/i2d_re_X509_tbs.3 +++ b/secure/lib/libcrypto/man/i2d_re_X509_tbs.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "I2D_RE_X509_TBS 3" -.TH I2D_RE_X509_TBS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH I2D_RE_X509_TBS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -152,19 +156,19 @@ d2i_X509_AUX, i2d_X509_AUX, i2d_re_X509_tbs, i2d_re_X509_CRL_tbs, i2d_re_X509_RE The X509 encode and decode routines encode and parse an \&\fBX509\fR structure, which represents an X509 certificate. .PP -\&\fId2i_X509_AUX()\fR is similar to \fId2i_X509\fR\|(3) but the input is expected to +\&\fBd2i_X509_AUX()\fR is similar to \fBd2i_X509\fR\|(3) but the input is expected to consist of an X509 certificate followed by auxiliary trust information. This is used by the \s-1PEM\s0 routines to read \*(L"\s-1TRUSTED CERTIFICATE\*(R"\s0 objects. This function should not be called on untrusted input. .PP -\&\fIi2d_X509_AUX()\fR is similar to \fIi2d_X509\fR\|(3), but the encoded output +\&\fBi2d_X509_AUX()\fR is similar to \fBi2d_X509\fR\|(3), but the encoded output contains both the certificate and any auxiliary trust information. This is used by the \s-1PEM\s0 routines to write \*(L"\s-1TRUSTED CERTIFICATE\*(R"\s0 objects. Note that this is a non-standard OpenSSL-specific data format. .PP -\&\fIi2d_re_X509_tbs()\fR is similar to \fIi2d_X509\fR\|(3) except it encodes only -the TBSCertificate portion of the certificate. \fIi2d_re_X509_CRL_tbs()\fR -and \fIi2d_re_X509_REQ_tbs()\fR are analogous for \s-1CRL\s0 and certificate request, +\&\fBi2d_re_X509_tbs()\fR is similar to \fBi2d_X509\fR\|(3) except it encodes only +the TBSCertificate portion of the certificate. \fBi2d_re_X509_CRL_tbs()\fR +and \fBi2d_re_X509_REQ_tbs()\fR are analogous for \s-1CRL\s0 and certificate request, respectively. The \*(L"re\*(R" in \fBi2d_re_X509_tbs\fR stands for \*(L"re-encode\*(R", and ensures that a fresh encoding is generated in case the object has been modified after creation (see the \s-1BUGS\s0 section). @@ -174,36 +178,36 @@ in the \fBX509\fR structure internally to improve encoding performance and to ensure certificate signatures are verified correctly in some certificates with broken (non-DER) encodings. .PP -If, after modification, the \fBX509\fR object is re-signed with \fIX509_sign()\fR, +If, after modification, the \fBX509\fR object is re-signed with \fBX509_sign()\fR, the encoding is automatically renewed. Otherwise, the encoding of the TBSCertificate portion of the \fBX509\fR can be manually renewed by calling -\&\fIi2d_re_X509_tbs()\fR. +\&\fBi2d_re_X509_tbs()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fId2i_X509_AUX()\fR returns a valid \fBX509\fR structure or \s-1NULL\s0 if an error occurred. +\&\fBd2i_X509_AUX()\fR returns a valid \fBX509\fR structure or \s-1NULL\s0 if an error occurred. .PP -\&\fIi2d_X509_AUX()\fR returns the length of encoded data or \-1 on error. +\&\fBi2d_X509_AUX()\fR returns the length of encoded data or \-1 on error. .PP -\&\fIi2d_re_X509_tbs()\fR, \fIi2d_re_X509_CRL_tbs()\fR and \fIi2d_re_X509_REQ_tbs()\fR return the +\&\fBi2d_re_X509_tbs()\fR, \fBi2d_re_X509_CRL_tbs()\fR and \fBi2d_re_X509_REQ_tbs()\fR return the length of encoded data or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3) -\&\fIX509_CRL_get0_by_serial\fR\|(3), -\&\fIX509_get0_signature\fR\|(3), -\&\fIX509_get_ext_d2i\fR\|(3), -\&\fIX509_get_extension_flags\fR\|(3), -\&\fIX509_get_pubkey\fR\|(3), -\&\fIX509_get_subject_name\fR\|(3), -\&\fIX509_get_version\fR\|(3), -\&\fIX509_NAME_add_entry_by_txt\fR\|(3), -\&\fIX509_NAME_ENTRY_get_object\fR\|(3), -\&\fIX509_NAME_get_index_by_NID\fR\|(3), -\&\fIX509_NAME_print_ex\fR\|(3), -\&\fIX509_new\fR\|(3), -\&\fIX509_sign\fR\|(3), -\&\fIX509V3_get_d2i\fR\|(3), -\&\fIX509_verify_cert\fR\|(3) +\&\fBERR_get_error\fR\|(3) +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_get_version\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/o2i_SCT_LIST.3 b/secure/lib/libcrypto/man/o2i_SCT_LIST.3 index 0aa43c0254b9..fe6cba5ec0a4 100644 --- a/secure/lib/libcrypto/man/o2i_SCT_LIST.3 +++ b/secure/lib/libcrypto/man/o2i_SCT_LIST.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "O2I_SCT_LIST 3" -.TH O2I_SCT_LIST 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH O2I_SCT_LIST 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -159,9 +163,9 @@ All of the functions have return values consistent with those stated for d2i_SCT_LIST and i2d_SCT_LIST. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIct\fR\|(7), -\&\fId2i_SCT_LIST\fR\|(3), -\&\fIi2d_SCT_LIST\fR\|(3) +\&\fBct\fR\|(7), +\&\fBd2i_SCT_LIST\fR\|(3), +\&\fBi2d_SCT_LIST\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.1.0. diff --git a/secure/usr.bin/openssl/man/CA.pl.1 b/secure/usr.bin/openssl/man/CA.pl.1 index 126e63cbaa85..62361743b417 100644 --- a/secure/usr.bin/openssl/man/CA.pl.1 +++ b/secure/usr.bin/openssl/man/CA.pl.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CA.PL 1" -.TH CA.PL 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH CA.PL 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -265,7 +269,7 @@ the request and finally create a PKCS#12 file containing it. .SH "DSA CERTIFICATES" .IX Header "DSA CERTIFICATES" Although the \fB\s-1CA\s0.pl\fR creates \s-1RSA\s0 CAs and requests it is still possible to -use it with \s-1DSA\s0 certificates and requests using the \fIreq\fR\|(1) command +use it with \s-1DSA\s0 certificates and requests using the \fBreq\fR\|(1) command directly. The following example shows the steps that would typically be taken. .PP Create some \s-1DSA\s0 parameters: @@ -325,8 +329,8 @@ by a beginner. Its behaviour isn't always what is wanted. For more control over behaviour of the certificate commands call the \fBopenssl\fR command directly. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIx509\fR\|(1), \fIca\fR\|(1), \fIreq\fR\|(1), \fIpkcs12\fR\|(1), -\&\fIconfig\fR\|(5) +\&\fBx509\fR\|(1), \fBca\fR\|(1), \fBreq\fR\|(1), \fBpkcs12\fR\|(1), +\&\fBconfig\fR\|(5) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/usr.bin/openssl/man/asn1parse.1 b/secure/usr.bin/openssl/man/asn1parse.1 index a9d20be114bf..5f7227df4d51 100644 --- a/secure/usr.bin/openssl/man/asn1parse.1 +++ b/secure/usr.bin/openssl/man/asn1parse.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1PARSE 1" -.TH ASN1PARSE 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH ASN1PARSE 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -205,7 +209,7 @@ option can be used multiple times to \*(L"drill down\*(R" into a nested structur .IP "\fB\-genstr string\fR, \fB\-genconf file\fR" 4 .IX Item "-genstr string, -genconf file" Generate encoded data based on \fBstring\fR, \fBfile\fR or both using -\&\fIASN1_generate_nconf\fR\|(3) format. If \fBfile\fR only is +\&\fBASN1_generate_nconf\fR\|(3) format. If \fBfile\fR only is present then the string is obtained from the default section using the name \&\fBasn1\fR. The encoded data is passed through the \s-1ASN1\s0 parser and printed out as though it came from a file, the contents can thus be examined and written to a @@ -324,7 +328,7 @@ There should be options to change the format of output lines. The output of some \&\s-1ASN.1\s0 types is not well handled (if at all). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIASN1_generate_nconf\fR\|(3) +\&\fBASN1_generate_nconf\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/usr.bin/openssl/man/ca.1 b/secure/usr.bin/openssl/man/ca.1 index c155e2415098..c235cc738963 100644 --- a/secure/usr.bin/openssl/man/ca.1 +++ b/secure/usr.bin/openssl/man/ca.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CA 1" -.TH CA 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH CA 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -207,7 +211,7 @@ This prints extra details about the operations being performed. .IX Item "-config filename" Specifies the configuration file to use. Optional; for a description of the default value, -see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fIopenssl\fR\|(1). +see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fBopenssl\fR\|(1). .IP "\fB\-name section\fR" 4 .IX Item "-name section" Specifies the configuration file section to use (overrides @@ -269,7 +273,7 @@ self-signed certificate. .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" The key password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-notext\fR" 4 .IX Item "-notext" Don't output the text form of a certificate to the output file. @@ -331,8 +335,8 @@ The section of the configuration file containing certificate extensions to be added when a certificate is issued (defaults to \fBx509_extensions\fR unless the \fB\-extfile\fR option is used). If no extension section is present then, a V1 certificate is created. If the extension section -is present (even if it is empty), then a V3 certificate is created. See the:w -\&\fIx509v3_config\fR\|(5) manual page for details of the +is present (even if it is empty), then a V3 certificate is created. See the +\&\fBx509v3_config\fR\|(5) manual page for details of the extension section format. .IP "\fB\-extfile file\fR" 4 .IX Item "-extfile file" @@ -444,7 +448,7 @@ created, if the \s-1CRL\s0 extension section is present (even if it is empty) then a V2 \s-1CRL\s0 is created. The \s-1CRL\s0 extensions specified are \&\s-1CRL\s0 extensions and \fBnot\fR \s-1CRL\s0 entry extensions. It should be noted that some software (for example Netscape) can't handle V2 CRLs. See -\&\fIx509v3_config\fR\|(5) manual page for details of the +\&\fBx509v3_config\fR\|(5) manual page for details of the extension section format. .SH "CONFIGURATION FILE OPTIONS" .IX Header "CONFIGURATION FILE OPTIONS" @@ -802,11 +806,11 @@ earlier than year 2049 (included), and as GeneralizedTime if the dates are in year 2050 or later. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIreq\fR\|(1), \fIspkac\fR\|(1), \fIx509\fR\|(1), \s-1\fICA\s0.pl\fR\|(1), -\&\fIconfig\fR\|(5), \fIx509v3_config\fR\|(5) +\&\fBreq\fR\|(1), \fBspkac\fR\|(1), \fBx509\fR\|(1), \s-1\fBCA\s0.pl\fR\|(1), +\&\fBconfig\fR\|(5), \fBx509v3_config\fR\|(5) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/usr.bin/openssl/man/ciphers.1 b/secure/usr.bin/openssl/man/ciphers.1 index 82d7870c8e31..98a408437bcb 100644 --- a/secure/usr.bin/openssl/man/ciphers.1 +++ b/secure/usr.bin/openssl/man/ciphers.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CIPHERS 1" -.TH CIPHERS 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH CIPHERS 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -190,7 +194,7 @@ When combined with \fB\-s\fR includes cipher suites which require \s-1SRP.\s0 .IP "\fB\-v\fR" 4 .IX Item "-v" Verbose output: For each cipher suite, list details as provided by -\&\fISSL_CIPHER_description\fR\|(3). +\&\fBSSL_CIPHER_description\fR\|(3). .IP "\fB\-V\fR" 4 .IX Item "-V" Like \fB\-v\fR, but include the official cipher suite values in hex. @@ -845,7 +849,7 @@ Set security level to 2 and display all ciphers consistent with level 2: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIs_client\fR\|(1), \fIs_server\fR\|(1), \fIssl\fR\|(7) +\&\fBs_client\fR\|(1), \fBs_server\fR\|(1), \fBssl\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" The \fB\-V\fR option for the \fBciphers\fR command was added in OpenSSL 1.0.0. @@ -853,7 +857,7 @@ The \fB\-V\fR option for the \fBciphers\fR command was added in OpenSSL 1.0.0. The \fB\-stdname\fR is only available if OpenSSL is built with tracing enabled (\fBenable-ssl-trace\fR argument to Configure) before OpenSSL 1.1.1. .PP -The \fB\-convert\fR was added in OpenSSL 1.1.1. +The \fB\-convert\fR option was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/usr.bin/openssl/man/cms.1 b/secure/usr.bin/openssl/man/cms.1 index 152fc013ecc2..07e20e17f4f9 100644 --- a/secure/usr.bin/openssl/man/cms.1 +++ b/secure/usr.bin/openssl/man/cms.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS 1" -.TH CMS 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH CMS 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -397,8 +401,8 @@ default digest algorithm for the signing key will be used (usually \s-1SHA1\s0). .IX Item "-cipher" The encryption algorithm to use. For example triple \s-1DES\s0 (168 bits) \- \fB\-des3\fR or 256 bit \s-1AES\s0 \- \fB\-aes256\fR. Any standard algorithm name (as used by the -\&\fIEVP_get_cipherbyname()\fR function) can also be used preceded by a dash, for -example \fB\-aes\-128\-cbc\fR. See \fIenc\fR\|(1) for a list of ciphers +\&\fBEVP_get_cipherbyname()\fR function) can also be used preceded by a dash, for +example \fB\-aes\-128\-cbc\fR. See \fBenc\fR\|(1) for a list of ciphers supported by your version of OpenSSL. .Sp If not specified triple \s-1DES\s0 is used. Only used with \fB\-encrypt\fR and @@ -534,7 +538,7 @@ or to modify default parameters for \s-1ECDH.\s0 .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" The private key password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-rand file...\fR" 4 .IX Item "-rand file..." A file or files containing random data used to seed the random number @@ -559,7 +563,7 @@ address matches that specified in the From: address. .IP "\fB\-attime\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-no_check_time\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR" 4 .IX Item "-attime, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -no_check_time, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict" Set various certificate chain validation options. See the -\&\fIverify\fR\|(1) manual page for details. +\&\fBverify\fR\|(1) manual page for details. .SH "NOTES" .IX Header "NOTES" The \s-1MIME\s0 message must be sent without any blank lines between the @@ -606,7 +610,7 @@ tried whether they succeed or not and if no recipients match the message is \*(L"decrypted\*(R" using a random key which will typically output garbage. The \fB\-debug_decrypt\fR option can be used to disable the \s-1MMA\s0 attack protection and return an error if no recipient can be found: this option should be used -with caution. For a fuller description see \fICMS_decrypt\fR\|(3)). +with caution. For a fuller description see \fBCMS_decrypt\fR\|(3)). .SH "EXIT CODES" .IX Header "EXIT CODES" .IP "0" 4 @@ -798,14 +802,14 @@ No revocation checking is done on the signer's certificate. The use of multiple \fB\-signer\fR options and the \fB\-resign\fR command were first added in OpenSSL 1.0.0. .PP -The \fBkeyopt\fR option was first added in OpenSSL 1.0.2. +The \fBkeyopt\fR option was added in OpenSSL 1.0.2. .PP -Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.0.2. +Support for RSA-OAEP and RSA-PSS was added in OpenSSL 1.0.2. .PP -The use of non-RSA keys with \fB\-encrypt\fR and \fB\-decrypt\fR was first added -to OpenSSL 1.0.2. +The use of non-RSA keys with \fB\-encrypt\fR and \fB\-decrypt\fR +was added in OpenSSL 1.0.2. .PP -The \-no_alt_chains options was first added to OpenSSL 1.0.2b. +The \-no_alt_chains option was added in OpenSSL 1.0.2b. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/usr.bin/openssl/man/crl.1 b/secure/usr.bin/openssl/man/crl.1 index 628cb3213b1b..31c680c498b2 100644 --- a/secure/usr.bin/openssl/man/crl.1 +++ b/secure/usr.bin/openssl/man/crl.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CRL 1" -.TH CRL 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH CRL 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -184,7 +188,7 @@ Print out the \s-1CRL\s0 in text form. .IP "\fB\-nameopt option\fR" 4 .IX Item "-nameopt option" Option which determines how the subject or issuer names are displayed. See -the description of \fB\-nameopt\fR in \fIx509\fR\|(1). +the description of \fB\-nameopt\fR in \fBx509\fR\|(1). .IP "\fB\-noout\fR" 4 .IX Item "-noout" Don't output the encoded version of the \s-1CRL.\s0 @@ -242,7 +246,7 @@ Ideally it should be possible to create a \s-1CRL\s0 using appropriate options and files too. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrl2pkcs7\fR\|(1), \fIca\fR\|(1), \fIx509\fR\|(1) +\&\fBcrl2pkcs7\fR\|(1), \fBca\fR\|(1), \fBx509\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/usr.bin/openssl/man/crl2pkcs7.1 b/secure/usr.bin/openssl/man/crl2pkcs7.1 index 20a5269e33f6..abb3876dcd3c 100644 --- a/secure/usr.bin/openssl/man/crl2pkcs7.1 +++ b/secure/usr.bin/openssl/man/crl2pkcs7.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CRL2PKCS7 1" -.TH CRL2PKCS7 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH CRL2PKCS7 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -212,7 +216,7 @@ The \fB\s-1PEM\s0\fR encoded form with the header and footer lines removed can b install user certificates and CAs in \s-1MSIE\s0 using the Xenroll control. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIpkcs7\fR\|(1) +\&\fBpkcs7\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/usr.bin/openssl/man/dgst.1 b/secure/usr.bin/openssl/man/dgst.1 index db0c6100ae4e..d959cf3572b5 100644 --- a/secure/usr.bin/openssl/man/dgst.1 +++ b/secure/usr.bin/openssl/man/dgst.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DGST 1" -.TH DGST 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH DGST 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -219,7 +223,7 @@ Names and values of these options are algorithm-specific. .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" The private key password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-verify filename\fR" 4 .IX Item "-verify filename" Verify the signature using the public key in \*(L"filename\*(R". @@ -325,11 +329,11 @@ or similar program to transform the hex signature into a binary signature prior to verification. .SH "HISTORY" .IX Header "HISTORY" -The default digest was changed from \s-1MD5\s0 to \s-1SHA256\s0 in OpenSSL 1.1.0 -The FIPS-related options were removed in OpenSSL 1.1.0 +The default digest was changed from \s-1MD5\s0 to \s-1SHA256\s0 in OpenSSL 1.1.0. +The FIPS-related options were removed in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/usr.bin/openssl/man/dhparam.1 b/secure/usr.bin/openssl/man/dhparam.1 index f0a753566e98..5670aba30964 100644 --- a/secure/usr.bin/openssl/man/dhparam.1 +++ b/secure/usr.bin/openssl/man/dhparam.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DHPARAM 1" -.TH DHPARAM 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH DHPARAM 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -230,7 +234,7 @@ This option prints out the \s-1DH\s0 parameters in human readable form. .IP "\fB\-C\fR" 4 .IX Item "-C" This option converts the parameters into C code. The parameters can then -be loaded by calling the \fIget_dhNNNN()\fR function. +be loaded by calling the \fBget_dhNNNN()\fR function. .IP "\fB\-engine id\fR" 4 .IX Item "-engine id" Specifying an engine (by its unique \fBid\fR string) will cause \fBdhparam\fR @@ -261,7 +265,7 @@ This program manipulates \s-1DH\s0 parameters not keys. There should be a way to generate and manipulate \s-1DH\s0 keys. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIdsaparam\fR\|(1) +\&\fBdsaparam\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/usr.bin/openssl/man/dsa.1 b/secure/usr.bin/openssl/man/dsa.1 index a799b42bfff5..f4ac6765f9c2 100644 --- a/secure/usr.bin/openssl/man/dsa.1 +++ b/secure/usr.bin/openssl/man/dsa.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA 1" -.TH DSA 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH DSA 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -198,7 +202,7 @@ prompted for. .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" The input file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-out filename\fR" 4 .IX Item "-out filename" This specifies the output filename to write a key to or standard output by @@ -208,7 +212,7 @@ filename. .IP "\fB\-passout arg\fR" 4 .IX Item "-passout arg" The output file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-aes128\fR, \fB\-aes192\fR, \fB\-aes256\fR, \fB\-aria128\fR, \fB\-aria192\fR, \fB\-aria256\fR, \fB\-camellia128\fR, \fB\-camellia192\fR, \fB\-camellia256\fR, \fB\-des\fR, \fB\-des3\fR, \fB\-idea\fR" 4 .IX Item "-aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea" These options encrypt the private key with the specified @@ -290,8 +294,8 @@ To just output the public part of a private key: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIdsaparam\fR\|(1), \fIgendsa\fR\|(1), \fIrsa\fR\|(1), -\&\fIgenrsa\fR\|(1) +\&\fBdsaparam\fR\|(1), \fBgendsa\fR\|(1), \fBrsa\fR\|(1), +\&\fBgenrsa\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/usr.bin/openssl/man/dsaparam.1 b/secure/usr.bin/openssl/man/dsaparam.1 index b9c6088097d1..06228699f9b3 100644 --- a/secure/usr.bin/openssl/man/dsaparam.1 +++ b/secure/usr.bin/openssl/man/dsaparam.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSAPARAM 1" -.TH DSAPARAM 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH DSAPARAM 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -189,7 +193,7 @@ This option prints out the \s-1DSA\s0 parameters in human readable form. .IP "\fB\-C\fR" 4 .IX Item "-C" This option converts the parameters into C code. The parameters can then -be loaded by calling the \fIget_dsaXXX()\fR function. +be loaded by calling the \fBget_dsaXXX()\fR function. .IP "\fB\-genkey\fR" 4 .IX Item "-genkey" This option will generate a \s-1DSA\s0 either using the specified or generated @@ -229,8 +233,8 @@ for all available algorithms. \&\s-1DSA\s0 parameters is often used to generate several distinct keys. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIgendsa\fR\|(1), \fIdsa\fR\|(1), \fIgenrsa\fR\|(1), -\&\fIrsa\fR\|(1) +\&\fBgendsa\fR\|(1), \fBdsa\fR\|(1), \fBgenrsa\fR\|(1), +\&\fBrsa\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/usr.bin/openssl/man/ec.1 b/secure/usr.bin/openssl/man/ec.1 index b2288579a600..d51ada449b94 100644 --- a/secure/usr.bin/openssl/man/ec.1 +++ b/secure/usr.bin/openssl/man/ec.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EC 1" -.TH EC 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH EC 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -191,7 +195,7 @@ prompted for. .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" The input file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-out filename\fR" 4 .IX Item "-out filename" This specifies the output filename to write a key to or standard output by @@ -201,7 +205,7 @@ filename. .IP "\fB\-passout arg\fR" 4 .IX Item "-passout arg" The output file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-des|\-des3|\-idea\fR" 4 .IX Item "-des|-des3|-idea" These options encrypt the private key with the \s-1DES,\s0 triple \s-1DES, IDEA\s0 or @@ -218,9 +222,6 @@ Prints out the public, private key components and parameters. .IP "\fB\-noout\fR" 4 .IX Item "-noout" This option prevents output of the encoded version of the key. -.IP "\fB\-modulus\fR" 4 -.IX Item "-modulus" -This option prints out the value of the public key component of the key. .IP "\fB\-pubin\fR" 4 .IX Item "-pubin" By default, a private key is read from the input file. With this option a @@ -314,10 +315,10 @@ To change the point conversion form to \fBcompressed\fR: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIecparam\fR\|(1), \fIdsa\fR\|(1), \fIrsa\fR\|(1) +\&\fBecparam\fR\|(1), \fBdsa\fR\|(1), \fBrsa\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2003\-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2003\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/usr.bin/openssl/man/ecparam.1 b/secure/usr.bin/openssl/man/ecparam.1 index a422cf92a865..93bdd9b186b1 100644 --- a/secure/usr.bin/openssl/man/ecparam.1 +++ b/secure/usr.bin/openssl/man/ecparam.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ECPARAM 1" -.TH ECPARAM 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH ECPARAM 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -193,7 +197,7 @@ This option prints out the \s-1EC\s0 parameters in human readable form. .IP "\fB\-C\fR" 4 .IX Item "-C" This option converts the \s-1EC\s0 parameters into C code. The parameters can then -be loaded by calling the \fIget_ec_group_XXX()\fR function. +be loaded by calling the \fBget_ec_group_XXX()\fR function. .IP "\fB\-check\fR" 4 .IX Item "-check" Validate the elliptic curve parameters. @@ -297,7 +301,7 @@ To print out the \s-1EC\s0 parameters to standard output: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIec\fR\|(1), \fIdsaparam\fR\|(1) +\&\fBec\fR\|(1), \fBdsaparam\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2003\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/usr.bin/openssl/man/enc.1 b/secure/usr.bin/openssl/man/enc.1 index c39476ff7383..927018cd2d0e 100644 --- a/secure/usr.bin/openssl/man/enc.1 +++ b/secure/usr.bin/openssl/man/enc.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ENC 1" -.TH ENC 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH ENC 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -194,7 +198,7 @@ The output filename, standard output by default. .IP "\fB\-pass arg\fR" 4 .IX Item "-pass arg" The password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-e\fR" 4 .IX Item "-e" Encrypt the input data: this is the default. @@ -364,7 +368,7 @@ management issues also affect other modes currently exposed in \fBenc\fR, but the failure modes are less extreme in these cases, and the functionality cannot be removed with a stable release branch. For bulk encryption of data, whether using authenticated encryption -modes or other modes, \fIcms\fR\|(1) is recommended, as it provides a +modes or other modes, \fBcms\fR\|(1) is recommended, as it provides a standard data format and performs the needed key/iv/nonce management. .PP .Vb 1 @@ -522,7 +526,7 @@ certain parameters. So if, for example, you want to use \s-1RC2\s0 with a 76 bit key or \s-1RC4\s0 with an 84 bit key you can't use this program. .SH "HISTORY" .IX Header "HISTORY" -The default digest was changed from \s-1MD5\s0 to \s-1SHA256\s0 in Openssl 1.1.0. +The default digest was changed from \s-1MD5\s0 to \s-1SHA256\s0 in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/usr.bin/openssl/man/engine.1 b/secure/usr.bin/openssl/man/engine.1 index 851f31e46ae3..ff7917274d3d 100644 --- a/secure/usr.bin/openssl/man/engine.1 +++ b/secure/usr.bin/openssl/man/engine.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ENGINE 1" -.TH ENGINE 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH ENGINE 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -225,7 +229,7 @@ To list the capabilities of the \fIrsax\fR engine: The path to the engines directory. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIconfig\fR\|(5) +\&\fBconfig\fR\|(5) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/usr.bin/openssl/man/errstr.1 b/secure/usr.bin/openssl/man/errstr.1 index 25f92828f289..3b6daca1a466 100644 --- a/secure/usr.bin/openssl/man/errstr.1 +++ b/secure/usr.bin/openssl/man/errstr.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERRSTR 1" -.TH ERRSTR 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH ERRSTR 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/gendsa.1 b/secure/usr.bin/openssl/man/gendsa.1 index cdcaaf281d71..b72bc23f994a 100644 --- a/secure/usr.bin/openssl/man/gendsa.1 +++ b/secure/usr.bin/openssl/man/gendsa.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "GENDSA 1" -.TH GENDSA 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH GENDSA 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -203,8 +207,8 @@ and examined using the \fBopenssl dsaparam\fR command. much quicker that \s-1RSA\s0 key generation for example. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIdsaparam\fR\|(1), \fIdsa\fR\|(1), \fIgenrsa\fR\|(1), -\&\fIrsa\fR\|(1) +\&\fBdsaparam\fR\|(1), \fBdsa\fR\|(1), \fBgenrsa\fR\|(1), +\&\fBrsa\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/usr.bin/openssl/man/genpkey.1 b/secure/usr.bin/openssl/man/genpkey.1 index 1fd374770d10..bbb5c72b33ad 100644 --- a/secure/usr.bin/openssl/man/genpkey.1 +++ b/secure/usr.bin/openssl/man/genpkey.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "GENPKEY 1" -.TH GENPKEY 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH GENPKEY 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -168,11 +172,11 @@ This specifies the output format \s-1DER\s0 or \s-1PEM.\s0 The default format is .IP "\fB\-pass arg\fR" 4 .IX Item "-pass arg" The output file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-\f(BIcipher\fB\fR" 4 .IX Item "-cipher" This option encrypts the private key with the supplied cipher. Any algorithm -name accepted by \fIEVP_get_cipherbyname()\fR is acceptable such as \fBdes3\fR. +name accepted by \fBEVP_get_cipherbyname()\fR is acceptable such as \fBdes3\fR. .IP "\fB\-engine id\fR" 4 .IX Item "-engine id" Specifying an engine (by its unique \fBid\fR string) will cause \fBgenpkey\fR @@ -417,9 +421,9 @@ Generate an \s-1ED448\s0 private key: .SH "HISTORY" .IX Header "HISTORY" The ability to use \s-1NIST\s0 curve names, and to generate an \s-1EC\s0 key directly, -were added in OpenSSL 1.0.2. The ability to generate X25519 keys was added in -OpenSSL 1.1.0. The ability to generate X448, \s-1ED25519\s0 and \s-1ED448\s0 keys was added in -OpenSSL 1.1.1. +were added in OpenSSL 1.0.2. +The ability to generate X25519 keys was added in OpenSSL 1.1.0. +The ability to generate X448, \s-1ED25519\s0 and \s-1ED448\s0 keys was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/usr.bin/openssl/man/genrsa.1 b/secure/usr.bin/openssl/man/genrsa.1 index f2221a082d6a..7845ce19fec7 100644 --- a/secure/usr.bin/openssl/man/genrsa.1 +++ b/secure/usr.bin/openssl/man/genrsa.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "GENRSA 1" -.TH GENRSA 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH GENRSA 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -176,7 +180,7 @@ standard output is used. .IP "\fB\-passout arg\fR" 4 .IX Item "-passout arg" The output file password source. For more information about the format -of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-aes128\fR, \fB\-aes192\fR, \fB\-aes256\fR, \fB\-aria128\fR, \fB\-aria192\fR, \fB\-aria256\fR, \fB\-camellia128\fR, \fB\-camellia192\fR, \fB\-camellia256\fR, \fB\-des\fR, \fB\-des3\fR, \fB\-idea\fR" 4 .IX Item "-aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea" These options encrypt the private key with specified @@ -228,7 +232,7 @@ may vary somewhat. But in general, more primes lead to less generation time of a key. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIgendsa\fR\|(1) +\&\fBgendsa\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/usr.bin/openssl/man/list.1 b/secure/usr.bin/openssl/man/list.1 index 8b0d6cf3486f..573027fbbb31 100644 --- a/secure/usr.bin/openssl/man/list.1 +++ b/secure/usr.bin/openssl/man/list.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "LIST 1" -.TH LIST 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH LIST 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -168,7 +172,7 @@ Display a list of standard commands. .IP "\fB\-digest\-commands\fR" 4 .IX Item "-digest-commands" Display a list of message digest commands, which are typically used -as input to the \fIdgst\fR\|(1) or \fIspeed\fR\|(1) commands. +as input to the \fBdgst\fR\|(1) or \fBspeed\fR\|(1) commands. .IP "\fB\-digest\-algorithms\fR" 4 .IX Item "-digest-algorithms" Display a list of message digest algorithms. @@ -178,7 +182,7 @@ then \fBfoo\fR is an alias for the official algorithm name, \fBbar\fR. .IP "\fB\-cipher\-commands\fR" 4 .IX Item "-cipher-commands" Display a list of cipher commands, which are typically used as input -to the \fIdgst\fR\|(1) or \fIspeed\fR\|(1) commands. +to the \fBdgst\fR\|(1) or \fBspeed\fR\|(1) commands. .IP "\fB\-cipher\-algorithms\fR" 4 .IX Item "-cipher-algorithms" Display a list of cipher algorithms. diff --git a/secure/usr.bin/openssl/man/nseq.1 b/secure/usr.bin/openssl/man/nseq.1 index c18182844792..6cf495394d75 100644 --- a/secure/usr.bin/openssl/man/nseq.1 +++ b/secure/usr.bin/openssl/man/nseq.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "NSEQ 1" -.TH NSEQ 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH NSEQ 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ocsp.1 b/secure/usr.bin/openssl/man/ocsp.1 index a8c9c564d3fe..b47b837a24de 100644 --- a/secure/usr.bin/openssl/man/ocsp.1 +++ b/secure/usr.bin/openssl/man/ocsp.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OCSP 1" -.TH OCSP 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH OCSP 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -313,7 +317,7 @@ Child processes will detect changes in the \s-1CA\s0 index file and automaticall reload it. When running as a responder \fB\-timeout\fR option is recommended to limit the time each child is willing to wait for the client's \s-1OCSP\s0 response. -This option is available on \s-1POSIX\s0 systems (that support the \fIfork()\fR and other +This option is available on \s-1POSIX\s0 systems (that support the \fBfork()\fR and other required unix system-calls). .IP "\fB\-CAfile file\fR, \fB\-CApath pathname\fR" 4 .IX Item "-CAfile file, -CApath pathname" @@ -328,7 +332,7 @@ Do not load the trusted \s-1CA\s0 certificates from the default directory locati .IP "\fB\-attime\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-no_check_time\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR" 4 .IX Item "-attime, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -no_check_time, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict" Set different certificate verification options. -See \fIverify\fR\|(1) manual page for details. +See \fBverify\fR\|(1) manual page for details. .IP "\fB\-verify_other file\fR" 4 .IX Item "-verify_other file" File containing additional certificates to search when attempting to locate @@ -569,7 +573,7 @@ to a second file. .Ve .SH "HISTORY" .IX Header "HISTORY" -The \-no_alt_chains options was first added to OpenSSL 1.1.0. +The \-no_alt_chains option was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/usr.bin/openssl/man/openssl.1 b/secure/usr.bin/openssl/man/openssl.1 index bd6dbf7a6976..cc688f485227 100644 --- a/secure/usr.bin/openssl/man/openssl.1 +++ b/secure/usr.bin/openssl/man/openssl.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL 1" -.TH OPENSSL 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH OPENSSL 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -173,7 +177,7 @@ The \fBopenssl\fR program provides a rich variety of commands (\fIcommand\fR in (\fIcommand_opts\fR and \fIcommand_args\fR in the \s-1SYNOPSIS\s0). .PP Detailed documentation and use cases for most standard subcommands are available -(e.g., \fIx509\fR\|(1) or \fIopenssl\-x509\fR\|(1)). +(e.g., \fBx509\fR\|(1) or \fBopenssl\-x509\fR\|(1)). .PP Many commands use an external configuration file for some or all of their arguments and have a \fB\-config\fR option to specify that file. @@ -235,18 +239,18 @@ Message Digest Calculation. .IP "\fBdh\fR" 4 .IX Item "dh" Diffie-Hellman Parameter Management. -Obsoleted by \fIdhparam\fR\|(1). +Obsoleted by \fBdhparam\fR\|(1). .IP "\fBdhparam\fR" 4 .IX Item "dhparam" Generation and Management of Diffie-Hellman Parameters. Superseded by -\&\fIgenpkey\fR\|(1) and \fIpkeyparam\fR\|(1). +\&\fBgenpkey\fR\|(1) and \fBpkeyparam\fR\|(1). .IP "\fBdsa\fR" 4 .IX Item "dsa" \&\s-1DSA\s0 Data Management. .IP "\fBdsaparam\fR" 4 .IX Item "dsaparam" \&\s-1DSA\s0 Parameter Generation and Management. Superseded by -\&\fIgenpkey\fR\|(1) and \fIpkeyparam\fR\|(1). +\&\fBgenpkey\fR\|(1) and \fBpkeyparam\fR\|(1). .IP "\fBec\fR" 4 .IX Item "ec" \&\s-1EC\s0 (Elliptic curve) key processing. @@ -265,17 +269,17 @@ Error Number to Error String Conversion. .IP "\fBgendh\fR" 4 .IX Item "gendh" Generation of Diffie-Hellman Parameters. -Obsoleted by \fIdhparam\fR\|(1). +Obsoleted by \fBdhparam\fR\|(1). .IP "\fBgendsa\fR" 4 .IX Item "gendsa" Generation of \s-1DSA\s0 Private Key from Parameters. Superseded by -\&\fIgenpkey\fR\|(1) and \fIpkey\fR\|(1). +\&\fBgenpkey\fR\|(1) and \fBpkey\fR\|(1). .IP "\fBgenpkey\fR" 4 .IX Item "genpkey" Generation of Private Key or Parameters. .IP "\fBgenrsa\fR" 4 .IX Item "genrsa" -Generation of \s-1RSA\s0 Private Key. Superseded by \fIgenpkey\fR\|(1). +Generation of \s-1RSA\s0 Private Key. Superseded by \fBgenpkey\fR\|(1). .IP "\fBnseq\fR" 4 .IX Item "nseq" Create or examine a Netscape certificate sequence. @@ -321,7 +325,7 @@ PKCS#10 X.509 Certificate Signing Request (\s-1CSR\s0) Management. .IP "\fBrsautl\fR" 4 .IX Item "rsautl" \&\s-1RSA\s0 utility for signing, verification, encryption, and decryption. Superseded -by \fIpkeyutl\fR\|(1). +by \fBpkeyutl\fR\|(1). .IP "\fBs_client\fR" 4 .IX Item "s_client" This implements a generic \s-1SSL/TLS\s0 client which can establish a transparent @@ -434,7 +438,7 @@ The following aliases provide convenient access to the most used encodings and ciphers. .PP Depending on how OpenSSL was configured and built, not all ciphers listed -here may be present. See \fIenc\fR\|(1) for more information and command usage. +here may be present. See \fBenc\fR\|(1) for more information and command usage. .IP "\fBaes128\fR, \fBaes\-128\-cbc\fR, \fBaes\-128\-cfb\fR, \fBaes\-128\-ctr\fR, \fBaes\-128\-ecb\fR, \fBaes\-128\-ofb\fR" 4 .IX Item "aes128, aes-128-cbc, aes-128-cfb, aes-128-ctr, aes-128-ecb, aes-128-ofb" \&\s-1AES\-128\s0 Cipher @@ -521,7 +525,7 @@ prompted to enter one: this will typically be read from the current terminal with echoing turned off. .PP Note that character encoding may be relevant, please see -\&\fIpassphrase\-encoding\fR\|(7). +\&\fBpassphrase\-encoding\fR\|(7). .IP "\fBpass:password\fR" 4 .IX Item "pass:password" The actual password is \fBpassword\fR. Since the password is visible @@ -548,22 +552,22 @@ send the data via a pipe for example. Read the password from standard input. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIasn1parse\fR\|(1), \fIca\fR\|(1), \fIciphers\fR\|(1), \fIcms\fR\|(1), \fIconfig\fR\|(5), -\&\fIcrl\fR\|(1), \fIcrl2pkcs7\fR\|(1), \fIdgst\fR\|(1), -\&\fIdhparam\fR\|(1), \fIdsa\fR\|(1), \fIdsaparam\fR\|(1), -\&\fIec\fR\|(1), \fIecparam\fR\|(1), -\&\fIenc\fR\|(1), \fIengine\fR\|(1), \fIerrstr\fR\|(1), \fIgendsa\fR\|(1), \fIgenpkey\fR\|(1), -\&\fIgenrsa\fR\|(1), \fInseq\fR\|(1), \fIocsp\fR\|(1), -\&\fIpasswd\fR\|(1), -\&\fIpkcs12\fR\|(1), \fIpkcs7\fR\|(1), \fIpkcs8\fR\|(1), -\&\fIpkey\fR\|(1), \fIpkeyparam\fR\|(1), \fIpkeyutl\fR\|(1), \fIprime\fR\|(1), -\&\fIrand\fR\|(1), \fIrehash\fR\|(1), \fIreq\fR\|(1), \fIrsa\fR\|(1), -\&\fIrsautl\fR\|(1), \fIs_client\fR\|(1), -\&\fIs_server\fR\|(1), \fIs_time\fR\|(1), \fIsess_id\fR\|(1), -\&\fIsmime\fR\|(1), \fIspeed\fR\|(1), \fIspkac\fR\|(1), \fIsrp\fR\|(1), \fIstoreutl\fR\|(1), -\&\fIts\fR\|(1), -\&\fIverify\fR\|(1), \fIversion\fR\|(1), \fIx509\fR\|(1), -\&\fIcrypto\fR\|(7), \fIssl\fR\|(7), \fIx509v3_config\fR\|(5) +\&\fBasn1parse\fR\|(1), \fBca\fR\|(1), \fBciphers\fR\|(1), \fBcms\fR\|(1), \fBconfig\fR\|(5), +\&\fBcrl\fR\|(1), \fBcrl2pkcs7\fR\|(1), \fBdgst\fR\|(1), +\&\fBdhparam\fR\|(1), \fBdsa\fR\|(1), \fBdsaparam\fR\|(1), +\&\fBec\fR\|(1), \fBecparam\fR\|(1), +\&\fBenc\fR\|(1), \fBengine\fR\|(1), \fBerrstr\fR\|(1), \fBgendsa\fR\|(1), \fBgenpkey\fR\|(1), +\&\fBgenrsa\fR\|(1), \fBnseq\fR\|(1), \fBocsp\fR\|(1), +\&\fBpasswd\fR\|(1), +\&\fBpkcs12\fR\|(1), \fBpkcs7\fR\|(1), \fBpkcs8\fR\|(1), +\&\fBpkey\fR\|(1), \fBpkeyparam\fR\|(1), \fBpkeyutl\fR\|(1), \fBprime\fR\|(1), +\&\fBrand\fR\|(1), \fBrehash\fR\|(1), \fBreq\fR\|(1), \fBrsa\fR\|(1), +\&\fBrsautl\fR\|(1), \fBs_client\fR\|(1), +\&\fBs_server\fR\|(1), \fBs_time\fR\|(1), \fBsess_id\fR\|(1), +\&\fBsmime\fR\|(1), \fBspeed\fR\|(1), \fBspkac\fR\|(1), \fBsrp\fR\|(1), \fBstoreutl\fR\|(1), +\&\fBts\fR\|(1), +\&\fBverify\fR\|(1), \fBversion\fR\|(1), \fBx509\fR\|(1), +\&\fBcrypto\fR\|(7), \fBssl\fR\|(7), \fBx509v3_config\fR\|(5) .SH "HISTORY" .IX Header "HISTORY" The \fBlist\-\fR\fI\s-1XXX\s0\fR\fB\-algorithms\fR pseudo-commands were added in OpenSSL 1.0.0; diff --git a/secure/usr.bin/openssl/man/passwd.1 b/secure/usr.bin/openssl/man/passwd.1 index b44ea2d0d68a..7842c1f0cd7f 100644 --- a/secure/usr.bin/openssl/man/passwd.1 +++ b/secure/usr.bin/openssl/man/passwd.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PASSWD 1" -.TH PASSWD 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH PASSWD 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkcs12.1 b/secure/usr.bin/openssl/man/pkcs12.1 index dca9461fefad..1de3d361e9da 100644 --- a/secure/usr.bin/openssl/man/pkcs12.1 +++ b/secure/usr.bin/openssl/man/pkcs12.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12 1" -.TH PKCS12 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH PKCS12 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -202,12 +206,12 @@ default. They are all written in \s-1PEM\s0 format. .IX Item "-passin arg" The PKCS#12 file (i.e. input file) password source. For more information about the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in -\&\fIopenssl\fR\|(1). +\&\fBopenssl\fR\|(1). .IP "\fB\-passout arg\fR" 4 .IX Item "-passout arg" Pass phrase source to encrypt any outputted private keys with. For more information about the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section -in \fIopenssl\fR\|(1). +in \fBopenssl\fR\|(1). .IP "\fB\-password arg\fR" 4 .IX Item "-password arg" With \-export, \-password is equivalent to \-passout. @@ -260,7 +264,8 @@ Don't attempt to verify the integrity \s-1MAC\s0 before reading the file. .IX Item "-twopass" Prompt for separate integrity and encryption passwords: most software always assumes these are the same so this option will render such -PKCS#12 files unreadable. +PKCS#12 files unreadable. Cannot be used in combination with the options +\&\-password, \-passin (if importing) or \-passout (if exporting). .SH "FILE CREATION OPTIONS" .IX Header "FILE CREATION OPTIONS" .IP "\fB\-export\fR" 4 @@ -300,12 +305,12 @@ displays them. .IX Item "-pass arg, -passout arg" The PKCS#12 file (i.e. output file) password source. For more information about the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in -\&\fIopenssl\fR\|(1). +\&\fBopenssl\fR\|(1). .IP "\fB\-passin password\fR" 4 .IX Item "-passin password" Pass phrase source to decrypt any input private keys with. For more information about the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in -\&\fIopenssl\fR\|(1). +\&\fBopenssl\fR\|(1). .IP "\fB\-chain\fR" 4 .IX Item "-chain" If this option is present then an attempt is made to include the entire @@ -462,10 +467,10 @@ Include some extra certificates: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIpkcs8\fR\|(1) +\&\fBpkcs8\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/usr.bin/openssl/man/pkcs7.1 b/secure/usr.bin/openssl/man/pkcs7.1 index 9154b12bf9c3..a25577c2333d 100644 --- a/secure/usr.bin/openssl/man/pkcs7.1 +++ b/secure/usr.bin/openssl/man/pkcs7.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7 1" -.TH PKCS7 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH PKCS7 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -227,7 +231,7 @@ This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in \s-1RFC2315\s0 cannot currently parse, for example, the new \s-1CMS\s0 as described in \s-1RFC2630.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrl2pkcs7\fR\|(1) +\&\fBcrl2pkcs7\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/usr.bin/openssl/man/pkcs8.1 b/secure/usr.bin/openssl/man/pkcs8.1 index ad6119457bea..711e150d1dc8 100644 --- a/secure/usr.bin/openssl/man/pkcs8.1 +++ b/secure/usr.bin/openssl/man/pkcs8.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS8 1" -.TH PKCS8 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH PKCS8 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -196,7 +200,7 @@ prompted for. .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" The input file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-out filename\fR" 4 .IX Item "-out filename" This specifies the output filename to write a key to or standard output by @@ -206,7 +210,7 @@ filename. .IP "\fB\-passout arg\fR" 4 .IX Item "-passout arg" The output file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-iter count\fR" 4 .IX Item "-iter count" When creating new PKCS#8 containers, use a given number of iterations on @@ -415,11 +419,11 @@ There should be an option that prints out the encryption algorithm in use and other details such as the iteration count. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIdsa\fR\|(1), \fIrsa\fR\|(1), \fIgenrsa\fR\|(1), -\&\fIgendsa\fR\|(1) +\&\fBdsa\fR\|(1), \fBrsa\fR\|(1), \fBgenrsa\fR\|(1), +\&\fBgendsa\fR\|(1) .SH "HISTORY" .IX Header "HISTORY" -The \fB\-iter\fR option was added to OpenSSL 1.1.0. +The \fB\-iter\fR option was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/usr.bin/openssl/man/pkey.1 b/secure/usr.bin/openssl/man/pkey.1 index 6a9196412fe8..c77fc34788c5 100644 --- a/secure/usr.bin/openssl/man/pkey.1 +++ b/secure/usr.bin/openssl/man/pkey.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKEY 1" -.TH PKEY 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH PKEY 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -180,7 +184,7 @@ prompted for. .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" The input file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-out filename\fR" 4 .IX Item "-out filename" This specifies the output filename to write a key to or standard output if this @@ -190,7 +194,7 @@ filename. .IP "\fB\-passout password\fR" 4 .IX Item "-passout password" The output file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-traditional\fR" 4 .IX Item "-traditional" Normally a private key is written using standard format: this is PKCS#8 form @@ -199,7 +203,7 @@ option is specified then the older \*(L"traditional\*(R" format is used instead. .IP "\fB\-\f(BIcipher\fB\fR" 4 .IX Item "-cipher" These options encrypt the private key with the supplied cipher. Any algorithm -name accepted by \fIEVP_get_cipherbyname()\fR is acceptable such as \fBdes3\fR. +name accepted by \fBEVP_get_cipherbyname()\fR is acceptable such as \fBdes3\fR. .IP "\fB\-text\fR" 4 .IX Item "-text" Prints out the various public or private key components in @@ -272,8 +276,8 @@ To just output the public part of a private key: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIgenpkey\fR\|(1), \fIrsa\fR\|(1), \fIpkcs8\fR\|(1), -\&\fIdsa\fR\|(1), \fIgenrsa\fR\|(1), \fIgendsa\fR\|(1) +\&\fBgenpkey\fR\|(1), \fBrsa\fR\|(1), \fBpkcs8\fR\|(1), +\&\fBdsa\fR\|(1), \fBgenrsa\fR\|(1), \fBgendsa\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2006\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/usr.bin/openssl/man/pkeyparam.1 b/secure/usr.bin/openssl/man/pkeyparam.1 index 0f84ec6ff4da..19b9d7623326 100644 --- a/secure/usr.bin/openssl/man/pkeyparam.1 +++ b/secure/usr.bin/openssl/man/pkeyparam.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKEYPARAM 1" -.TH PKEYPARAM 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH PKEYPARAM 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -191,8 +195,8 @@ There are no \fB\-inform\fR or \fB\-outform\fR options for this command because \&\s-1PEM\s0 format is supported because the key type is determined by the \s-1PEM\s0 headers. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIgenpkey\fR\|(1), \fIrsa\fR\|(1), \fIpkcs8\fR\|(1), -\&\fIdsa\fR\|(1), \fIgenrsa\fR\|(1), \fIgendsa\fR\|(1) +\&\fBgenpkey\fR\|(1), \fBrsa\fR\|(1), \fBpkcs8\fR\|(1), +\&\fBdsa\fR\|(1), \fBgenrsa\fR\|(1), \fBgendsa\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/usr.bin/openssl/man/pkeyutl.1 b/secure/usr.bin/openssl/man/pkeyutl.1 index 1c413421a3a7..e1ff78e7a7fc 100644 --- a/secure/usr.bin/openssl/man/pkeyutl.1 +++ b/secure/usr.bin/openssl/man/pkeyutl.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKEYUTL 1" -.TH PKEYUTL 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH PKEYUTL 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -195,7 +199,7 @@ The key format \s-1PEM, DER\s0 or \s-1ENGINE.\s0 Default is \s-1PEM.\s0 .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" The input key password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-peerkey file\fR" 4 .IX Item "-peerkey file" The peer key file, used by key derivation (agreement) operations. @@ -238,7 +242,7 @@ Use key derivation function \fBalgorithm\fR. The supported algorithms are at present \fB\s-1TLS1\-PRF\s0\fR and \fB\s-1HKDF\s0\fR. Note: additional parameters and the \s-1KDF\s0 output length will normally have to be set for this to work. -See \fIEVP_PKEY_CTX_set_hkdf_md\fR\|(3) and \fIEVP_PKEY_CTX_set_tls1_prf_md\fR\|(3) +See \fBEVP_PKEY_CTX_set_hkdf_md\fR\|(3) and \fBEVP_PKEY_CTX_set_tls1_prf_md\fR\|(3) for the supported string parameters of each algorithm. .IP "\fB\-kdflen length\fR" 4 .IX Item "-kdflen length" @@ -282,7 +286,7 @@ and its implementation. The OpenSSL operations and options are indicated below. Unless otherwise mentioned all algorithms support the \fBdigest:alg\fR option which specifies the digest in use for sign, verify and verifyrecover operations. The value \fBalg\fR should represent a digest name as used in the -\&\fIEVP_get_digestbyname()\fR function for example \fBsha1\fR. This value is not used to +\&\fBEVP_get_digestbyname()\fR function for example \fBsha1\fR. This value is not used to hash the input data. It is used (by some algorithms) for sanity-checking the lengths of data passed in to the \fBpkeyutl\fR and for creating the structures that make up the signature (e.g. \fBDigestInfo\fR in \s-1RSASSA\s0 PKCS#1 v1.5 signatures). @@ -412,9 +416,9 @@ seed consisting of the single byte 0xFF: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIgenpkey\fR\|(1), \fIpkey\fR\|(1), \fIrsautl\fR\|(1) -\&\fIdgst\fR\|(1), \fIrsa\fR\|(1), \fIgenrsa\fR\|(1), -\&\fIEVP_PKEY_CTX_set_hkdf_md\fR\|(3), \fIEVP_PKEY_CTX_set_tls1_prf_md\fR\|(3) +\&\fBgenpkey\fR\|(1), \fBpkey\fR\|(1), \fBrsautl\fR\|(1) +\&\fBdgst\fR\|(1), \fBrsa\fR\|(1), \fBgenrsa\fR\|(1), +\&\fBEVP_PKEY_CTX_set_hkdf_md\fR\|(3), \fBEVP_PKEY_CTX_set_tls1_prf_md\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/usr.bin/openssl/man/prime.1 b/secure/usr.bin/openssl/man/prime.1 index ded2a5e5ac52..a697aab69ccc 100644 --- a/secure/usr.bin/openssl/man/prime.1 +++ b/secure/usr.bin/openssl/man/prime.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PRIME 1" -.TH PRIME 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH PRIME 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/rand.1 b/secure/usr.bin/openssl/man/rand.1 index ae88ed6a3b9b..23db172545be 100644 --- a/secure/usr.bin/openssl/man/rand.1 +++ b/secure/usr.bin/openssl/man/rand.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND 1" -.TH RAND 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH RAND 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -181,7 +185,7 @@ Perform base64 encoding on the output. Show the output as a hex string. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIRAND_bytes\fR\|(3) +\&\fBRAND_bytes\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/usr.bin/openssl/man/req.1 b/secure/usr.bin/openssl/man/req.1 index 20cf8fe68768..f44a0ee08401 100644 --- a/secure/usr.bin/openssl/man/req.1 +++ b/secure/usr.bin/openssl/man/req.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "REQ 1" -.TH REQ 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH REQ 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -208,7 +212,7 @@ options (\fB\-new\fR and \fB\-newkey\fR) are not specified. .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" The input file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-out filename\fR" 4 .IX Item "-out filename" This specifies the output filename to write to or standard output by @@ -216,7 +220,7 @@ default. .IP "\fB\-passout arg\fR" 4 .IX Item "-passout arg" The output file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-text\fR" 4 .IX Item "-text" Prints out the certificate request in text form. @@ -318,7 +322,7 @@ signatures always use \s-1SHA1, GOST R 34.10\s0 signatures always use .IX Item "-config filename" This allows an alternative configuration file to be specified. Optional; for a description of the default value, -see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fIopenssl\fR\|(1). +see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fBopenssl\fR\|(1). .IP "\fB\-subj arg\fR" 4 .IX Item "-subj arg" Sets subject name for new request or supersedes the subject name @@ -393,13 +397,13 @@ configuration file, must be valid \s-1UTF8\s0 strings. Option which determines how the subject or issuer names are displayed. The \&\fBoption\fR argument can be a single option or multiple options separated by commas. Alternatively the \fB\-nameopt\fR switch may be used more than once to -set multiple options. See the \fIx509\fR\|(1) manual page for details. +set multiple options. See the \fBx509\fR\|(1) manual page for details. .IP "\fB\-reqopt\fR" 4 .IX Item "-reqopt" Customise the output format used with \fB\-text\fR. The \fBoption\fR argument can be a single option or multiple options separated by commas. .Sp -See discussion of the \fB\-certopt\fR parameter in the \fIx509\fR\|(1) +See discussion of the \fB\-certopt\fR parameter in the \fBx509\fR\|(1) command. .IP "\fB\-newhdr\fR" 4 .IX Item "-newhdr" @@ -494,7 +498,7 @@ problems with BMPStrings and UTF8Strings: in particular Netscape. This specifies the configuration file section containing a list of extensions to add to the certificate request. It can be overridden by the \fB\-reqexts\fR command line switch. See the -\&\fIx509v3_config\fR\|(5) manual page for details of the +\&\fBx509v3_config\fR\|(5) manual page for details of the extension section format. .IP "\fBx509_extensions\fR" 4 .IX Item "x509_extensions" @@ -572,7 +576,7 @@ The actual permitted field names are any object identifier short or long names. These are compiled into OpenSSL and include the usual values such as commonName, countryName, localityName, organizationName, organizationalUnitName, stateOrProvinceName. Additionally emailAddress -is include as well as name, surname, givenName initials and dnQualifier. +is included as well as name, surname, givenName, initials, and dnQualifier. .PP Additional object identifiers can be defined with the \fBoid_file\fR or \&\fBoid_section\fR options in the configuration file. Any additional fields @@ -775,9 +779,9 @@ statically defined in the configuration file. Some of these: like an email address in subjectAltName should be input by the user. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIx509\fR\|(1), \fIca\fR\|(1), \fIgenrsa\fR\|(1), -\&\fIgendsa\fR\|(1), \fIconfig\fR\|(5), -\&\fIx509v3_config\fR\|(5) +\&\fBx509\fR\|(1), \fBca\fR\|(1), \fBgenrsa\fR\|(1), +\&\fBgendsa\fR\|(1), \fBconfig\fR\|(5), +\&\fBx509v3_config\fR\|(5) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/usr.bin/openssl/man/rsa.1 b/secure/usr.bin/openssl/man/rsa.1 index 53e2d89a7f74..e658eee3b21d 100644 --- a/secure/usr.bin/openssl/man/rsa.1 +++ b/secure/usr.bin/openssl/man/rsa.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA 1" -.TH RSA 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH RSA 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -198,7 +202,7 @@ prompted for. .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" The input file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-out filename\fR" 4 .IX Item "-out filename" This specifies the output filename to write a key to or standard output if this @@ -208,7 +212,7 @@ filename. .IP "\fB\-passout password\fR" 4 .IX Item "-passout password" The output file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-aes128\fR, \fB\-aes192\fR, \fB\-aes256\fR, \fB\-aria128\fR, \fB\-aria192\fR, \fB\-aria256\fR, \fB\-camellia128\fR, \fB\-camellia192\fR, \fB\-camellia256\fR, \fB\-des\fR, \fB\-des3\fR, \fB\-idea\fR" 4 .IX Item "-aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea" These options encrypt the private key with the specified @@ -314,8 +318,8 @@ There should be an option that automatically handles .key files, without having to manually edit them. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIpkcs8\fR\|(1), \fIdsa\fR\|(1), \fIgenrsa\fR\|(1), -\&\fIgendsa\fR\|(1) +\&\fBpkcs8\fR\|(1), \fBdsa\fR\|(1), \fBgenrsa\fR\|(1), +\&\fBgendsa\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/usr.bin/openssl/man/rsautl.1 b/secure/usr.bin/openssl/man/rsautl.1 index 089d1ac60789..6b1486957ebd 100644 --- a/secure/usr.bin/openssl/man/rsautl.1 +++ b/secure/usr.bin/openssl/man/rsautl.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSAUTL 1" -.TH RSAUTL 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH RSAUTL 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -330,7 +334,7 @@ and its digest computed with: which it can be seen agrees with the recovered value above. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIdgst\fR\|(1), \fIrsa\fR\|(1), \fIgenrsa\fR\|(1) +\&\fBdgst\fR\|(1), \fBrsa\fR\|(1), \fBgenrsa\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/usr.bin/openssl/man/s_client.1 b/secure/usr.bin/openssl/man/s_client.1 index 3601cd511b79..395b3f56bee4 100644 --- a/secure/usr.bin/openssl/man/s_client.1 +++ b/secure/usr.bin/openssl/man/s_client.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "S_CLIENT 1" -.TH S_CLIENT 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH S_CLIENT 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -231,6 +235,7 @@ openssl\-s_client, s_client \- SSL/TLS client program [\fB\-dtls1\fR] [\fB\-dtls1_2\fR] [\fB\-sctp\fR] +[\fB\-sctp_label_bug\fR] [\fB\-fallback_scsv\fR] [\fB\-async\fR] [\fB\-max_send_frag\fR] @@ -276,7 +281,7 @@ to a remote host using \s-1SSL/TLS.\s0 It is a \fIvery\fR useful diagnostic tool .IX Header "OPTIONS" In addition to the options below the \fBs_client\fR utility also supports the common and client only options documented in the -in the \*(L"Supported Command Line Commands\*(R" section of the \fISSL_CONF_cmd\fR\|(3) +in the \*(L"Supported Command Line Commands\*(R" section of the \fBSSL_CONF_cmd\fR\|(3) manual page. .IP "\fB\-help\fR" 4 .IX Item "-help" @@ -309,14 +314,17 @@ Use IPv6 only. .IP "\fB\-servername name\fR" 4 .IX Item "-servername name" Set the \s-1TLS SNI\s0 (Server Name Indication) extension in the ClientHello message to -the given value. If both this option and the \fB\-noservername\fR are not given, the -\&\s-1TLS SNI\s0 extension is still set to the hostname provided to the \fB\-connect\fR option, -or \*(L"localhost\*(R" if \fB\-connect\fR has not been supplied. This is default since OpenSSL -1.1.1. +the given value. +If \fB\-servername\fR is not provided, the \s-1TLS SNI\s0 extension will be populated with +the name given to \fB\-connect\fR if it follows a \s-1DNS\s0 name format. If \fB\-connect\fR is +not provided either, the \s-1SNI\s0 is set to \*(L"localhost\*(R". +This is the default since OpenSSL 1.1.1. .Sp -Even though \s-1SNI\s0 name should normally be a \s-1DNS\s0 name and not an \s-1IP\s0 address, this -option will not make the distinction when parsing \fB\-connect\fR and will send -\&\s-1IP\s0 address if one passed. +Even though \s-1SNI\s0 should normally be a \s-1DNS\s0 name and not an \s-1IP\s0 address, if +\&\fB\-servername\fR is provided then that name will be sent, regardless of whether +it is a \s-1DNS\s0 name or not. +.Sp +This option cannot be used in conjuction with \fB\-noservername\fR. .IP "\fB\-noservername\fR" 4 .IX Item "-noservername" Suppresses sending of the \s-1SNI\s0 (Server Name Indication) extension in the @@ -362,7 +370,7 @@ Extra certificate and private key format respectively. .IP "\fB\-pass arg\fR" 4 .IX Item "-pass arg" the private key password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-verify depth\fR" 4 .IX Item "-verify depth" The verify depth to use. This specifies the maximum length of the @@ -379,11 +387,11 @@ abort the handshake with a fatal error. Option which determines how the subject or issuer names are displayed. The \&\fBoption\fR argument can be a single option or multiple options separated by commas. Alternatively the \fB\-nameopt\fR switch may be used more than once to -set multiple options. See the \fIx509\fR\|(1) manual page for details. +set multiple options. See the \fBx509\fR\|(1) manual page for details. .IP "\fB\-CApath directory\fR" 4 .IX Item "-CApath directory" The directory to use for server certificate verification. This directory -must be in \*(L"hash format\*(R", see \fIverify\fR\|(1) for more information. These are +must be in \*(L"hash format\*(R", see \fBverify\fR\|(1) for more information. These are also used when building the client certificate chain. .IP "\fB\-CAfile file\fR" 4 .IX Item "-CAfile file" @@ -392,7 +400,7 @@ and to use when attempting to build the client certificate chain. .IP "\fB\-chainCApath directory\fR" 4 .IX Item "-chainCApath directory" The directory to use for building the chain provided to the server. This -directory must be in \*(L"hash format\*(R", see \fIverify\fR\|(1) for more information. +directory must be in \*(L"hash format\*(R", see \fBverify\fR\|(1) for more information. .IP "\fB\-chainCAfile file\fR" 4 .IX Item "-chainCAfile file" A file containing trusted certificates to use when attempting to build the @@ -448,7 +456,7 @@ whitespace is ignored in the associated data field. For example: .Ve .IP "\fB\-dane_ee_no_namechecks\fR" 4 .IX Item "-dane_ee_no_namechecks" -This disables server name checks when authenticating via \s-1\fIDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 +This disables server name checks when authenticating via \s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records. For some applications, primarily web browsers, it is not safe to disable name checks due to \*(L"unknown key share\*(R" attacks, in which a malicious server can @@ -457,7 +465,7 @@ connection to the malicious server. The malicious server may then be able to violate cross-origin scripting restrictions. Thus, despite the text of \s-1RFC7671,\s0 name checks are by default enabled for -\&\s-1\fIDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records, and can be disabled in applications where it is safe +\&\s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records, and can be disabled in applications where it is safe to do so. In particular, \s-1SMTP\s0 and \s-1XMPP\s0 clients should set this option as \s-1SRV\s0 and \s-1MX\s0 records already make it possible for a remote domain to redirect client @@ -466,7 +474,7 @@ do not execute scripts downloaded from remote servers. .IP "\fB\-attime\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-no_check_time\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR" 4 .IX Item "-attime, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -no_check_time, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict" Set various certificate chain validation options. See the -\&\fIverify\fR\|(1) manual page for details. +\&\fBverify\fR\|(1) manual page for details. .IP "\fB\-reconnect\fR" 4 .IX Item "-reconnect" Reconnects to the same server 5 times using the same session \s-1ID,\s0 this can @@ -558,6 +566,13 @@ respectively. Use \s-1SCTP\s0 for the transport protocol instead of \s-1UDP\s0 in \s-1DTLS.\s0 Must be used in conjunction with \fB\-dtls\fR, \fB\-dtls1\fR or \fB\-dtls1_2\fR. This option is only available where OpenSSL has support for \s-1SCTP\s0 enabled. +.IP "\fB\-sctp_label_bug\fR" 4 +.IX Item "-sctp_label_bug" +Use the incorrect behaviour of older OpenSSL implementations when computing +endpoint-pair shared secrets for \s-1DTLS/SCTP.\s0 This allows communication with +older broken implementations but breaks interoperability with correct +implementations. Must be used in conjunction with \fB\-sctp\fR. This option is only +available where OpenSSL has support for \s-1SCTP\s0 enabled. .IP "\fB\-fallback_scsv\fR" 4 .IX Item "-fallback_scsv" Send \s-1TLS_FALLBACK_SCSV\s0 in the ClientHello. @@ -570,7 +585,7 @@ is also used via the \fB\-engine\fR option. For test purposes the dummy async en .IP "\fB\-max_send_frag int\fR" 4 .IX Item "-max_send_frag int" The maximum size of data fragment to send. -See \fISSL_CTX_set_max_send_fragment\fR\|(3) for further information. +See \fBSSL_CTX_set_max_send_fragment\fR\|(3) for further information. .IP "\fB\-split_send_frag int\fR" 4 .IX Item "-split_send_frag int" The size used to split data for encrypt pipelines. If more data is written in @@ -578,18 +593,18 @@ one go than this value then it will be split into multiple pipelines, up to the maximum number of pipelines defined by max_pipelines. This only has an effect if a suitable cipher suite has been negotiated, an engine that supports pipelining has been loaded, and max_pipelines is greater than 1. See -\&\fISSL_CTX_set_split_send_fragment\fR\|(3) for further information. +\&\fBSSL_CTX_set_split_send_fragment\fR\|(3) for further information. .IP "\fB\-max_pipelines int\fR" 4 .IX Item "-max_pipelines int" The maximum number of encrypt/decrypt pipelines to be used. This will only have an effect if an engine has been loaded that supports pipelining (e.g. the dasync engine) and a suitable cipher suite has been negotiated. The default value is 1. -See \fISSL_CTX_set_max_pipelines\fR\|(3) for further information. +See \fBSSL_CTX_set_max_pipelines\fR\|(3) for further information. .IP "\fB\-read_buf int\fR" 4 .IX Item "-read_buf int" The default read buffer size to be used for connections. This will only have an effect if the buffer size is larger than the size that would otherwise be used -and pipelining is in use (see \fISSL_CTX_set_default_read_buffer_len\fR\|(3) for +and pipelining is in use (see \fBSSL_CTX_set_default_read_buffer_len\fR\|(3) for further information). .IP "\fB\-bugs\fR" 4 .IX Item "-bugs" @@ -614,7 +629,7 @@ normal verbose output. .IX Item "-sigalgs sigalglist" Specifies the list of signature algorithms that are sent by the client. The server selects one entry in the list based on its preferences. -For example strings, see \fISSL_CTX_set1_sigalgs\fR\|(3) +For example strings, see \fBSSL_CTX_set1_sigalgs\fR\|(3) .IP "\fB\-curves curvelist\fR" 4 .IX Item "-curves curvelist" Specifies the list of supported curves to be sent by the client. The curve is @@ -730,7 +745,7 @@ for SCTs. .IP "\fB\-ctlogfile\fR" 4 .IX Item "-ctlogfile" A file containing a list of known Certificate Transparency logs. See -\&\fISSL_CTX_set_ctlog_list_file\fR\|(3) for the expected file format. +\&\fBSSL_CTX_set_ctlog_list_file\fR\|(3) for the expected file format. .IP "\fB\-keylogfile file\fR" 4 .IX Item "-keylogfile file" Appends \s-1TLS\s0 secrets to the specified keylog file such that external programs @@ -831,16 +846,16 @@ The \fB\-prexit\fR option is a bit of a hack. We should really report information whenever a session is renegotiated. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_CONF_cmd\fR\|(3), \fIsess_id\fR\|(1), \fIs_server\fR\|(1), \fIciphers\fR\|(1), -\&\fISSL_CTX_set_max_send_fragment\fR\|(3), \fISSL_CTX_set_split_send_fragment\fR\|(3), -\&\fISSL_CTX_set_max_pipelines\fR\|(3) +\&\fBSSL_CONF_cmd\fR\|(3), \fBsess_id\fR\|(1), \fBs_server\fR\|(1), \fBciphers\fR\|(1), +\&\fBSSL_CTX_set_max_send_fragment\fR\|(3), \fBSSL_CTX_set_split_send_fragment\fR\|(3), +\&\fBSSL_CTX_set_max_pipelines\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -The \fB\-no_alt_chains\fR option was first added to OpenSSL 1.1.0. +The \fB\-no_alt_chains\fR option was added in OpenSSL 1.1.0. The \fB\-name\fR option was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/usr.bin/openssl/man/s_server.1 b/secure/usr.bin/openssl/man/s_server.1 index f3fa8ae0e466..c6c1fe82e1a0 100644 --- a/secure/usr.bin/openssl/man/s_server.1 +++ b/secure/usr.bin/openssl/man/s_server.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "S_SERVER 1" -.TH S_SERVER 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH S_SERVER 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -229,6 +233,7 @@ openssl\-s_server, s_server \- SSL/TLS server program [\fB\-no_comp\fR] [\fB\-comp\fR] [\fB\-no_ticket\fR] +[\fB\-num_tickets\fR] [\fB\-serverpref\fR] [\fB\-legacy_renegotiation\fR] [\fB\-no_renegotiation\fR] @@ -303,6 +308,7 @@ openssl\-s_server, s_server \- SSL/TLS server program [\fB\-dtls1\fR] [\fB\-dtls1_2\fR] [\fB\-sctp\fR] +[\fB\-sctp_label_bug\fR] [\fB\-no_dhe\fR] [\fB\-nextprotoneg val\fR] [\fB\-use_srtp val\fR] @@ -321,7 +327,7 @@ for connections on a given port using \s-1SSL/TLS.\s0 .IX Header "OPTIONS" In addition to the options below the \fBs_server\fR utility also supports the common and server only options documented in the -in the \*(L"Supported Command Line Commands\*(R" section of the \fISSL_CONF_cmd\fR\|(3) +in the \*(L"Supported Command Line Commands\*(R" section of the \fBSSL_CONF_cmd\fR\|(3) manual page. .IP "\fB\-help\fR" 4 .IX Item "-help" @@ -378,7 +384,7 @@ provided to the client. Option which determines how the subject or issuer names are displayed. The \&\fBval\fR argument can be a single option or multiple options separated by commas. Alternatively the \fB\-nameopt\fR switch may be used more than once to -set multiple options. See the \fIx509\fR\|(1) manual page for details. +set multiple options. See the \fBx509\fR\|(1) manual page for details. .IP "\fB\-naccept +int\fR" 4 .IX Item "-naccept +int" The server will exit after receiving the specified number of connections, @@ -403,7 +409,7 @@ The private format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default. .IP "\fB\-pass val\fR" 4 .IX Item "-pass val" The private key password source. For more information about the format of \fBval\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-dcert infile\fR, \fB\-dkey infile\fR" 4 .IX Item "-dcert infile, -dkey infile" Specify an additional certificate and private key, these behave in the @@ -463,12 +469,12 @@ a certificate is requested. .IP "\fB\-CApath dir\fR" 4 .IX Item "-CApath dir" The directory to use for client certificate verification. This directory -must be in \*(L"hash format\*(R", see \fIverify\fR\|(1) for more information. These are +must be in \*(L"hash format\*(R", see \fBverify\fR\|(1) for more information. These are also used when building the server certificate chain. .IP "\fB\-chainCApath dir\fR" 4 .IX Item "-chainCApath dir" The directory to use for building the chain provided to the client. This -directory must be in \*(L"hash format\*(R", see \fIverify\fR\|(1) for more information. +directory must be in \*(L"hash format\*(R", see \fBverify\fR\|(1) for more information. .IP "\fB\-chainCAfile file\fR" 4 .IX Item "-chainCAfile file" A file containing trusted certificates to use when attempting to build the @@ -573,7 +579,7 @@ is also used via the \fB\-engine\fR option. For test purposes the dummy async en .IP "\fB\-max_send_frag +int\fR" 4 .IX Item "-max_send_frag +int" The maximum size of data fragment to send. -See \fISSL_CTX_set_max_send_fragment\fR\|(3) for further information. +See \fBSSL_CTX_set_max_send_fragment\fR\|(3) for further information. .IP "\fB\-split_send_frag +int\fR" 4 .IX Item "-split_send_frag +int" The size used to split data for encrypt pipelines. If more data is written in @@ -581,18 +587,18 @@ one go than this value then it will be split into multiple pipelines, up to the maximum number of pipelines defined by max_pipelines. This only has an effect if a suitable cipher suite has been negotiated, an engine that supports pipelining has been loaded, and max_pipelines is greater than 1. See -\&\fISSL_CTX_set_split_send_fragment\fR\|(3) for further information. +\&\fBSSL_CTX_set_split_send_fragment\fR\|(3) for further information. .IP "\fB\-max_pipelines +int\fR" 4 .IX Item "-max_pipelines +int" The maximum number of encrypt/decrypt pipelines to be used. This will only have an effect if an engine has been loaded that supports pipelining (e.g. the dasync engine) and a suitable cipher suite has been negotiated. The default value is 1. -See \fISSL_CTX_set_max_pipelines\fR\|(3) for further information. +See \fBSSL_CTX_set_max_pipelines\fR\|(3) for further information. .IP "\fB\-read_buf +int\fR" 4 .IX Item "-read_buf +int" The default read buffer size to be used for connections. This will only have an effect if the buffer size is larger than the size that would otherwise be used -and pipelining is in use (see \fISSL_CTX_set_default_read_buffer_len\fR\|(3) for +and pipelining is in use (see \fBSSL_CTX_set_default_read_buffer_len\fR\|(3) for further information). .IP "\fB\-ssl2\fR, \fB\-ssl3\fR, \fB\-tls1\fR, \fB\-tls1_1\fR, \fB\-tls1_2\fR, \fB\-tls1_3\fR, \fB\-no_ssl2\fR, \fB\-no_ssl3\fR, \fB\-no_tls1\fR, \fB\-no_tls1_1\fR, \fB\-no_tls1_2\fR, \fB\-no_tls1_3\fR" 4 .IX Item "-ssl2, -ssl3, -tls1, -tls1_1, -tls1_2, -tls1_3, -no_ssl2, -no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3" @@ -620,7 +626,13 @@ This option was introduced in OpenSSL 1.1.0. OpenSSL 1.1.0. .IP "\fB\-no_ticket\fR" 4 .IX Item "-no_ticket" -Disable RFC4507bis session ticket support. +Disable RFC4507bis session ticket support. This option has no effect if TLSv1.3 +is negotiated. See \fB\-num_tickets\fR. +.IP "\fB\-num_tickets\fR" 4 +.IX Item "-num_tickets" +Control the number of tickets that will be sent to the client after a full +handshake in TLSv1.3. The default number of tickets is 2. This option does not +affect the number of tickets sent after a resumption handshake. .IP "\fB\-serverpref\fR" 4 .IX Item "-serverpref" Use the server's cipher preferences, rather than the client's preferences. @@ -669,7 +681,7 @@ program will be used. .IP "\fB\-attime\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-no_check_time\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR" 4 .IX Item "-attime, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -no_check_time, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict" Set different peer certificate verification options. -See the \fIverify\fR\|(1) manual page for details. +See the \fBverify\fR\|(1) manual page for details. .IP "\fB\-crl_check\fR, \fB\-crl_check_all\fR" 4 .IX Item "-crl_check, -crl_check_all" Check the peer certificate has not been revoked by its \s-1CA.\s0 @@ -716,6 +728,13 @@ respectively. Use \s-1SCTP\s0 for the transport protocol instead of \s-1UDP\s0 in \s-1DTLS.\s0 Must be used in conjunction with \fB\-dtls\fR, \fB\-dtls1\fR or \fB\-dtls1_2\fR. This option is only available where OpenSSL has support for \s-1SCTP\s0 enabled. +.IP "\fB\-sctp_label_bug\fR" 4 +.IX Item "-sctp_label_bug" +Use the incorrect behaviour of older OpenSSL implementations when computing +endpoint-pair shared secrets for \s-1DTLS/SCTP.\s0 This allows communication with +older broken implementations but breaks interoperability with correct +implementations. Must be used in conjunction with \fB\-sctp\fR. This option is only +available where OpenSSL has support for \s-1SCTP\s0 enabled. .IP "\fB\-no_dhe\fR" 4 .IX Item "-no_dhe" If this option is set then no \s-1DH\s0 parameters will be loaded effectively @@ -829,19 +848,19 @@ There should be a way for the \fBs_server\fR program to print out details of any unknown cipher suites a client says it supports. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_CONF_cmd\fR\|(3), \fIsess_id\fR\|(1), \fIs_client\fR\|(1), \fIciphers\fR\|(1) -\&\fISSL_CTX_set_max_send_fragment\fR\|(3), -\&\fISSL_CTX_set_split_send_fragment\fR\|(3), -\&\fISSL_CTX_set_max_pipelines\fR\|(3) +\&\fBSSL_CONF_cmd\fR\|(3), \fBsess_id\fR\|(1), \fBs_client\fR\|(1), \fBciphers\fR\|(1) +\&\fBSSL_CTX_set_max_send_fragment\fR\|(3), +\&\fBSSL_CTX_set_split_send_fragment\fR\|(3), +\&\fBSSL_CTX_set_max_pipelines\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -The \-no_alt_chains option was first added to OpenSSL 1.1.0. +The \-no_alt_chains option was added in OpenSSL 1.1.0. .PP -The \-allow\-no\-dhe\-kex and \-prioritize_chacha options were first added to -OpenSSL 1.1.1. +The +\&\-allow\-no\-dhe\-kex and \-prioritize_chacha options were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/usr.bin/openssl/man/s_time.1 b/secure/usr.bin/openssl/man/s_time.1 index 0439fe218f68..d833e4435b8b 100644 --- a/secure/usr.bin/openssl/man/s_time.1 +++ b/secure/usr.bin/openssl/man/s_time.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "S_TIME 1" -.TH S_TIME 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH S_TIME 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -198,7 +202,7 @@ will never fail due to a server certificate verify failure. Option which determines how the subject or issuer names are displayed. The \&\fBoption\fR argument can be a single option or multiple options separated by commas. Alternatively the \fB\-nameopt\fR switch may be used more than once to -set multiple options. See the \fIx509\fR\|(1) manual page for details. +set multiple options. See the \fBx509\fR\|(1) manual page for details. .IP "\fB\-CApath directory\fR" 4 .IX Item "-CApath directory" The directory to use for server certificate verification. This directory @@ -231,7 +235,7 @@ the initial handshake uses a method which should be compatible with all servers and permit them to use \s-1SSL\s0 v3 or \s-1TLS\s0 as appropriate. .Sp The timing program is not as rich in options to turn protocols on and off as -the \fIs_client\fR\|(1) program and may not connect to all servers. +the \fBs_client\fR\|(1) program and may not connect to all servers. Unfortunately there are a lot of ancient and broken servers in use which cannot handle this technique and will fail to connect. Some servers only work if \s-1TLS\s0 is turned off with the \fB\-ssl3\fR option. @@ -248,14 +252,14 @@ This allows the TLSv1.2 and below cipher list sent by the client to be modified. This list will be combined with any TLSv1.3 ciphersuites that have been configured. Although the server determines which cipher suite is used it should take the first supported cipher in the list sent by the client. See -\&\fIciphers\fR\|(1) for more information. +\&\fBciphers\fR\|(1) for more information. .IP "\fB\-ciphersuites val\fR" 4 .IX Item "-ciphersuites val" This allows the TLSv1.3 ciphersuites sent by the client to be modified. This list will be combined with any TLSv1.2 and below ciphersuites that have been configured. Although the server determines which cipher suite is used it should take the first supported cipher in the list sent by the client. See -\&\fIciphers\fR\|(1) for more information. The format for this list is a simple +\&\fBciphers\fR\|(1) for more information. The format for this list is a simple colon (\*(L":\*(R") separated list of TLSv1.3 ciphersuite names. .IP "\fB\-time length\fR" 4 .IX Item "-time length" @@ -272,7 +276,7 @@ To connect to an \s-1SSL HTTP\s0 server and get the default page the command .Ve .PP would typically be used (https uses port 443). 'commoncipher' is a cipher to -which both client and server can agree, see the \fIciphers\fR\|(1) command +which both client and server can agree, see the \fBciphers\fR\|(1) command for details. .PP If the handshake fails then there are several possible causes, if it is @@ -285,10 +289,10 @@ A frequent problem when attempting to get client certificates working is that a web client complains it has no certificates or gives an empty list to choose from. This is normally because the server is not sending the clients certificate authority in its \*(L"acceptable \s-1CA\s0 list\*(R" when it -requests a certificate. By using \fIs_client\fR\|(1) the \s-1CA\s0 list can be +requests a certificate. By using \fBs_client\fR\|(1) the \s-1CA\s0 list can be viewed and checked. However some servers only request client authentication after a specific \s-1URL\s0 is requested. To obtain the list in this case it -is necessary to use the \fB\-prexit\fR option of \fIs_client\fR\|(1) and +is necessary to use the \fB\-prexit\fR option of \fBs_client\fR\|(1) and send an \s-1HTTP\s0 request for an appropriate page. .PP If a certificate is specified on the command line using the \fB\-cert\fR @@ -298,14 +302,14 @@ on the command line is no guarantee that the certificate works. .SH "BUGS" .IX Header "BUGS" Because this program does not have all the options of the -\&\fIs_client\fR\|(1) program to turn protocols on and off, you may not be +\&\fBs_client\fR\|(1) program to turn protocols on and off, you may not be able to measure the performance of all protocols with all servers. .PP The \fB\-verify\fR option should really exit if the server verification fails. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIs_client\fR\|(1), \fIs_server\fR\|(1), \fIciphers\fR\|(1) +\&\fBs_client\fR\|(1), \fBs_server\fR\|(1), \fBciphers\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/usr.bin/openssl/man/sess_id.1 b/secure/usr.bin/openssl/man/sess_id.1 index dac71229957c..22dc0382b521 100644 --- a/secure/usr.bin/openssl/man/sess_id.1 +++ b/secure/usr.bin/openssl/man/sess_id.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SESS_ID 1" -.TH SESS_ID 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SESS_ID 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -257,7 +261,7 @@ strongly discouraged and should only be used for debugging purposes. The cipher and start time should be printed out in human readable form. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIciphers\fR\|(1), \fIs_server\fR\|(1) +\&\fBciphers\fR\|(1), \fBs_server\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/usr.bin/openssl/man/smime.1 b/secure/usr.bin/openssl/man/smime.1 index d200e89e52a9..c87a67a414f4 100644 --- a/secure/usr.bin/openssl/man/smime.1 +++ b/secure/usr.bin/openssl/man/smime.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SMIME 1" -.TH SMIME 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SMIME 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -312,7 +316,7 @@ default digest algorithm for the signing key will be used (usually \s-1SHA1\s0). .IX Item "-cipher" The encryption algorithm to use. For example \s-1DES\s0 (56 bits) \- \fB\-des\fR, triple \s-1DES\s0 (168 bits) \- \fB\-des3\fR, -\&\fIEVP_get_cipherbyname()\fR function) can also be used preceded by a dash, for +\&\fBEVP_get_cipherbyname()\fR function) can also be used preceded by a dash, for example \fB\-aes\-128\-cbc\fR. See \fBenc\fR for list of ciphers supported by your version of OpenSSL. .Sp @@ -387,7 +391,7 @@ specified, the argument is given to the engine as a key identifier. .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" The private key password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-rand file...\fR" 4 .IX Item "-rand file..." A file or files containing random data used to seed the random number @@ -412,7 +416,7 @@ address matches that specified in the From: address. .IP "\fB\-attime\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR" 4 .IX Item "-attime, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict" Set various options of certificate chain verification. See -\&\fIverify\fR\|(1) manual page for details. +\&\fBverify\fR\|(1) manual page for details. .SH "NOTES" .IX Header "NOTES" The \s-1MIME\s0 message must be sent without any blank lines between the @@ -602,7 +606,7 @@ structures may cause parsing errors. The use of multiple \fB\-signer\fR options and the \fB\-resign\fR command were first added in OpenSSL 1.0.0 .PP -The \-no_alt_chains options was first added to OpenSSL 1.1.0. +The \-no_alt_chains option was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/usr.bin/openssl/man/speed.1 b/secure/usr.bin/openssl/man/speed.1 index 1b556805bd00..6497cb985c86 100644 --- a/secure/usr.bin/openssl/man/speed.1 +++ b/secure/usr.bin/openssl/man/speed.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SPEED 1" -.TH SPEED 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SPEED 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/spkac.1 b/secure/usr.bin/openssl/man/spkac.1 index 99cb3e60b390..a3fdc0896b48 100644 --- a/secure/usr.bin/openssl/man/spkac.1 +++ b/secure/usr.bin/openssl/man/spkac.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SPKAC 1" -.TH SPKAC 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SPKAC 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -182,7 +186,7 @@ The default is \s-1PEM.\s0 .IP "\fB\-passin password\fR" 4 .IX Item "-passin password" The input file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-challenge string\fR" 4 .IX Item "-challenge string" Specifies the challenge string if an \s-1SPKAC\s0 is being created. @@ -259,7 +263,7 @@ some applications. Without this it is possible for a previous \s-1SPKAC\s0 to be used in a \*(L"replay attack\*(R". .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIca\fR\|(1) +\&\fBca\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/usr.bin/openssl/man/srp.1 b/secure/usr.bin/openssl/man/srp.1 index 109ca21f1015..666e7aab0a02 100644 --- a/secure/usr.bin/openssl/man/srp.1 +++ b/secure/usr.bin/openssl/man/srp.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SRP 1" -.TH SRP 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SRP 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -175,7 +179,7 @@ The \fB\-gn\fR flag specifies the \fBg\fR and \fBN\fR values, using one of the strengths defined in \s-1IETF RFC 5054.\s0 .PP The \fB\-passin\fR and \fB\-passout\fR arguments are parsed as described in -the \fIopenssl\fR\|(1) command. +the \fBopenssl\fR\|(1) command. .SH "OPTIONS" .IX Header "OPTIONS" .IP "[\fB\-help\fR]" 4 diff --git a/secure/usr.bin/openssl/man/storeutl.1 b/secure/usr.bin/openssl/man/storeutl.1 index b09f3f473297..742dd9c9ee0c 100644 --- a/secure/usr.bin/openssl/man/storeutl.1 +++ b/secure/usr.bin/openssl/man/storeutl.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "STOREUTL 1" -.TH STOREUTL 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH STOREUTL 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -175,7 +179,7 @@ this option prevents output of the \s-1PEM\s0 data. .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" the key password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-text\fR" 4 .IX Item "-text" Prints out the objects in text form, similarly to the \fB\-text\fR output from @@ -231,10 +235,10 @@ Search for an object having the given fingerprint. The digest that was used to compute the fingerprint given with \fB\-fingerprint\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIopenssl\fR\|(1) +\&\fBopenssl\fR\|(1) .SH "HISTORY" .IX Header "HISTORY" -\&\fBopenssl\fR \fBstoreutl\fR was added to OpenSSL 1.1.1. +The \fBopenssl\fR \fBstoreutl\fR app was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/usr.bin/openssl/man/ts.1 b/secure/usr.bin/openssl/man/ts.1 index 43ad019c7290..52c3242e1e75 100644 --- a/secure/usr.bin/openssl/man/ts.1 +++ b/secure/usr.bin/openssl/man/ts.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "TS 1" -.TH TS 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH TS 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -264,7 +268,7 @@ This can be used with a subsequent \fB\-rand\fR flag. .IX Item "-config configfile" The configuration file to use. Optional; for a description of the default value, -see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fIopenssl\fR\|(1). +see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fBopenssl\fR\|(1). .IP "\fB\-data\fR file_to_hash" 4 .IX Item "-data file_to_hash" The data file for which the time stamp request needs to be @@ -325,7 +329,7 @@ otherwise it is a time stamp token (ContentInfo). .IX Item "-config configfile" The configuration file to use. Optional; for a description of the default value, -see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fIopenssl\fR\|(1). +see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fBopenssl\fR\|(1). See \fB\s-1CONFIGURATION FILE OPTIONS\s0\fR for configurable variables. .IP "\fB\-section\fR tsa_section" 4 .IX Item "-section tsa_section" @@ -338,7 +342,7 @@ The name of the file containing a \s-1DER\s0 encoded time stamp request. (Option .IP "\fB\-passin\fR password_src" 4 .IX Item "-passin password_src" Specifies the password source for the private key of the \s-1TSA.\s0 See -\&\fB\s-1PASS PHRASE ARGUMENTS\s0\fR in \fIopenssl\fR\|(1). (Optional) +\&\fB\s-1PASS PHRASE ARGUMENTS\s0\fR in \fBopenssl\fR\|(1). (Optional) .IP "\fB\-signer\fR tsa_cert.pem" 4 .IX Item "-signer tsa_cert.pem" The signer certificate of the \s-1TSA\s0 in \s-1PEM\s0 format. The \s-1TSA\s0 signing @@ -435,13 +439,13 @@ of a time stamp response (TimeStampResp). (Optional) .IP "\fB\-CApath\fR trusted_cert_path" 4 .IX Item "-CApath trusted_cert_path" The name of the directory containing the trusted \s-1CA\s0 certificates of the -client. See the similar option of \fIverify\fR\|(1) for additional +client. See the similar option of \fBverify\fR\|(1) for additional details. Either this option or \fB\-CAfile\fR must be specified. (Optional) .IP "\fB\-CAfile\fR trusted_certs.pem" 4 .IX Item "-CAfile trusted_certs.pem" The name of the file containing a set of trusted self-signed \s-1CA\s0 certificates in \s-1PEM\s0 format. See the similar option of -\&\fIverify\fR\|(1) for additional details. Either this option +\&\fBverify\fR\|(1) for additional details. Either this option or \fB\-CApath\fR must be specified. (Optional) .IP "\fB\-untrusted\fR cert_file.pem" 4 @@ -461,11 +465,11 @@ The options \fB\-attime timestamp\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \&\fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \&\fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \&\fB\-verify_name\fR, and \fB\-x509_strict\fR can be used to control timestamp -verification. See \fIverify\fR\|(1). +verification. See \fBverify\fR\|(1). .SH "CONFIGURATION FILE OPTIONS" .IX Header "CONFIGURATION FILE OPTIONS" The \fB\-query\fR and \fB\-reply\fR commands make use of a configuration file. -See \fIconfig\fR\|(5) +See \fBconfig\fR\|(5) for a general description of the syntax of the config file. The \&\fB\-query\fR command uses only the symbolic \s-1OID\s0 names section and it can work without it. However, the \fB\-reply\fR command needs the @@ -480,13 +484,13 @@ that contains all the options for the \fB\-reply\fR command. This default section can be overridden with the \fB\-section\fR command line switch. (Optional) .IP "\fBoid_file\fR" 4 .IX Item "oid_file" -See \fIca\fR\|(1) for description. (Optional) +See \fBca\fR\|(1) for description. (Optional) .IP "\fBoid_section\fR" 4 .IX Item "oid_section" -See \fIca\fR\|(1) for description. (Optional) +See \fBca\fR\|(1) for description. (Optional) .IP "\fB\s-1RANDFILE\s0\fR" 4 .IX Item "RANDFILE" -See \fIca\fR\|(1) for description. (Optional) +See \fBca\fR\|(1) for description. (Optional) .IP "\fBserial\fR" 4 .IX Item "serial" The name of the file containing the hexadecimal serial number of the @@ -613,7 +617,7 @@ user certificate section of the config file to generate a proper certificate; \& extendedKeyUsage = critical,timeStamping .Ve .PP -See \fIreq\fR\|(1), \fIca\fR\|(1), and \fIx509\fR\|(1) for instructions. The examples +See \fBreq\fR\|(1), \fBca\fR\|(1), and \fBx509\fR\|(1) for instructions. The examples below assume that cacert.pem contains the certificate of the \s-1CA,\s0 tsacert.pem is the signing certificate issued by cacert.pem and tsakey.pem is the private key of the \s-1TSA.\s0 @@ -690,14 +694,14 @@ You could also look at the 'test' directory for more examples. .IX Header "BUGS" .IP "\(bu" 2 No support for time stamps over \s-1SMTP,\s0 though it is quite easy -to implement an automatic e\-mail based \s-1TSA\s0 with \fIprocmail\fR\|(1) -and \fIperl\fR\|(1). \s-1HTTP\s0 server support is provided in the form of +to implement an automatic e\-mail based \s-1TSA\s0 with \fBprocmail\fR\|(1) +and \fBperl\fR\|(1). \s-1HTTP\s0 server support is provided in the form of a separate apache module. \s-1HTTP\s0 client support is provided by -\&\fItsget\fR\|(1). Pure \s-1TCP/IP\s0 protocol is not supported. +\&\fBtsget\fR\|(1). Pure \s-1TCP/IP\s0 protocol is not supported. .IP "\(bu" 2 The file containing the last serial number of the \s-1TSA\s0 is not locked when being read or written. This is a problem if more than one -instance of \fIopenssl\fR\|(1) is trying to create a time stamp +instance of \fBopenssl\fR\|(1) is trying to create a time stamp response at the same time. This is not an issue when using the apache server module, it does proper locking. .IP "\(bu" 2 @@ -709,9 +713,9 @@ More testing is needed, I have done only some basic tests (see test/testtsa). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fItsget\fR\|(1), \fIopenssl\fR\|(1), \fIreq\fR\|(1), -\&\fIx509\fR\|(1), \fIca\fR\|(1), \fIgenrsa\fR\|(1), -\&\fIconfig\fR\|(5) +\&\fBtsget\fR\|(1), \fBopenssl\fR\|(1), \fBreq\fR\|(1), +\&\fBx509\fR\|(1), \fBca\fR\|(1), \fBgenrsa\fR\|(1), +\&\fBconfig\fR\|(5) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/usr.bin/openssl/man/tsget.1 b/secure/usr.bin/openssl/man/tsget.1 index 9dc722411cb0..b52398b6521e 100644 --- a/secure/usr.bin/openssl/man/tsget.1 +++ b/secure/usr.bin/openssl/man/tsget.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "TSGET 1" -.TH TSGET 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH TSGET 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -157,7 +161,7 @@ openssl\-tsget, tsget \- Time Stamping HTTP/HTTPS client The \fBtsget\fR command can be used for sending a time stamp request, as specified in \fB\s-1RFC 3161\s0\fR, to a time stamp server over \s-1HTTP\s0 or \s-1HTTPS\s0 and storing the time stamp response in a file. This tool cannot be used for creating the -requests and verifying responses, you can use the OpenSSL \fB\f(BIts\fB\|(1)\fR command to +requests and verifying responses, you can use the OpenSSL \fB\fBts\fB\|(1)\fR command to do that. \fBtsget\fR can send several requests to the server without closing the \s-1TCP\s0 connection if more than one requests are specified on the command line. @@ -309,7 +313,7 @@ example: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIopenssl\fR\|(1), \fIts\fR\|(1), \fIcurl\fR\|(1), +\&\fBopenssl\fR\|(1), \fBts\fR\|(1), \fBcurl\fR\|(1), \&\fB\s-1RFC 3161\s0\fR .SH "COPYRIGHT" .IX Header "COPYRIGHT" diff --git a/secure/usr.bin/openssl/man/verify.1 b/secure/usr.bin/openssl/man/verify.1 index 92d18ae51430..57e1c6f3c8cb 100644 --- a/secure/usr.bin/openssl/man/verify.1 +++ b/secure/usr.bin/openssl/man/verify.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "VERIFY 1" -.TH VERIFY 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH VERIFY 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -238,7 +242,7 @@ Checks the validity of \fBall\fR certificates in the chain by attempting to look up valid CRLs. .IP "\fB\-engine id\fR" 4 .IX Item "-engine id" -Specifying an engine \fBid\fR will cause \fIverify\fR\|(1) to attempt to load the +Specifying an engine \fBid\fR will cause \fBverify\fR\|(1) to attempt to load the specified engine. The engine will then be set as the default for all its supported algorithms. If you want to load certificates or CRLs that require engine support via any of @@ -267,7 +271,7 @@ Set policy variable inhibit-policy-mapping (see \s-1RFC5280\s0). Option which determines how the subject or issuer names are displayed. The \&\fBoption\fR argument can be a single option or multiple options separated by commas. Alternatively the \fB\-nameopt\fR switch may be used more than once to -set multiple options. See the \fIx509\fR\|(1) manual page for details. +set multiple options. See the \fBx509\fR\|(1) manual page for details. .IP "\fB\-no_check_time\fR" 4 .IX Item "-no_check_time" This option suppresses checking the validity period of certificates and CRLs @@ -354,7 +358,7 @@ must meet the specified security \fBlevel\fR. The signature algorithm security level is enforced for all the certificates in the chain except for the chain's \fItrust anchor\fR, which is either directly trusted or validated by means other than its signature. -See \fISSL_CTX_set_security_level\fR\|(3) for the definitions of the available +See \fBSSL_CTX_set_security_level\fR\|(3) for the definitions of the available levels. The default security level is \-1, or \*(L"not set\*(R". At security level 0 or lower all algorithms are acceptable. @@ -385,7 +389,7 @@ Use default verification policies like trust model and required certificate policies identified by \fBname\fR. The trust model determines which auxiliary trust or reject OIDs are applicable to verifying the given certificate chain. -See the \fB\-addtrust\fR and \fB\-addreject\fR options of the \fIx509\fR\|(1) command-line +See the \fB\-addtrust\fR and \fB\-addreject\fR options of the \fBx509\fR\|(1) command-line utility. Supported policy names include: \fBdefault\fR, \fBpkcs7\fR, \fBsmime_sign\fR, \&\fBssl_client\fR, \fBssl_server\fR. @@ -710,7 +714,7 @@ Email address mismatch. .IX Item "X509_V_ERR_DANE_NO_MATCH" \&\s-1DANE TLSA\s0 authentication is enabled, but no \s-1TLSA\s0 records matched the certificate chain. -This error is only possible in \fIs_client\fR\|(1). +This error is only possible in \fBs_client\fR\|(1). .IP "\fBX509_V_ERR_EE_KEY_TOO_SMALL\fR" 4 .IX Item "X509_V_ERR_EE_KEY_TOO_SMALL" \&\s-1EE\s0 certificate key too weak. @@ -759,10 +763,10 @@ Previous versions of this documentation swapped the meaning of the \&\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY\fR error codes. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIx509\fR\|(1) +\&\fBx509\fR\|(1) .SH "HISTORY" .IX Header "HISTORY" -The \fB\-show_chain\fR option was first added to OpenSSL 1.1.0. +The \fB\-show_chain\fR option was added in OpenSSL 1.1.0. .PP The \fB\-issuer_checks\fR option is deprecated as of OpenSSL 1.1.0 and is silently ignored. diff --git a/secure/usr.bin/openssl/man/version.1 b/secure/usr.bin/openssl/man/version.1 index 7b4cb41e3701..9b7e37d092a8 100644 --- a/secure/usr.bin/openssl/man/version.1 +++ b/secure/usr.bin/openssl/man/version.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "VERSION 1" -.TH VERSION 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH VERSION 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/x509.1 b/secure/usr.bin/openssl/man/x509.1 index c7a8c229929f..dec95bccb1cf 100644 --- a/secure/usr.bin/openssl/man/x509.1 +++ b/secure/usr.bin/openssl/man/x509.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509 1" -.TH X509 1 "2018-11-20" "1.1.1a" "OpenSSL" +.TH X509 1 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -273,7 +277,7 @@ any extensions present and any trust settings. .IX Item "-ext extensions" Prints out the certificate extensions in text form. Extensions are specified with a comma separated string, e.g., \*(L"subjectAltName,subjectKeyIdentifier\*(R". -See the \fIx509v3_config\fR\|(5) manual page for the extension names. +See the \fBx509v3_config\fR\|(5) manual page for the extension names. .IP "\fB\-certopt option\fR" 4 .IX Item "-certopt option" Customise the output format used with \fB\-text\fR. The \fBoption\fR argument @@ -282,7 +286,7 @@ can be a single option or multiple options separated by commas. The options. See the \fB\s-1TEXT OPTIONS\s0\fR section for more information. .IP "\fB\-noout\fR" 4 .IX Item "-noout" -This option prevents output of the encoded version of the request. +This option prevents output of the encoded version of the certificate. .IP "\fB\-pubkey\fR" 4 .IX Item "-pubkey" Outputs the certificate's SubjectPublicKeyInfo block in \s-1PEM\s0 format. @@ -437,7 +441,7 @@ the request. .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" The key password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-clrext\fR" 4 .IX Item "-clrext" Delete any extensions from a certificate. This option is used when a @@ -511,7 +515,7 @@ The section to add certificate extensions from. If this option is not specified then the extensions should either be contained in the unnamed (default) section or the default section should contain a variable called \&\*(L"extensions\*(R" which contains the section to use. See the -\&\fIx509v3_config\fR\|(5) manual page for details of the +\&\fBx509v3_config\fR\|(5) manual page for details of the extension section format. .IP "\fB\-force_pubkey key\fR" 4 .IX Item "-force_pubkey key" @@ -925,9 +929,9 @@ There should be options to explicitly set such things as start and end dates rather than an offset from the current time. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIreq\fR\|(1), \fIca\fR\|(1), \fIgenrsa\fR\|(1), -\&\fIgendsa\fR\|(1), \fIverify\fR\|(1), -\&\fIx509v3_config\fR\|(5) +\&\fBreq\fR\|(1), \fBca\fR\|(1), \fBgenrsa\fR\|(1), +\&\fBgendsa\fR\|(1), \fBverify\fR\|(1), +\&\fBx509v3_config\fR\|(5) .SH "HISTORY" .IX Header "HISTORY" The hash algorithm used in the \fB\-subject_hash\fR and \fB\-issuer_hash\fR options @@ -937,7 +941,7 @@ canonical version of the \s-1DN\s0 using \s-1SHA1.\s0 This means that any direct the old form must have their links rebuilt using \fBc_rehash\fR or similar. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy |